State-of-the-art of Business Process Compliance Approaches: A Survey (Extended Abstract)

Compliance means to ensure that business practice and processes are aligned at commonly accepted norms. Companies are expected to comply with an increasing number of regulations of different origin and complexity. Regulations that are required by law are given the highest priority. Other regulations can be derived from best practice frameworks, company internal standards and inter-company business contracts. Both are necessary to form a company’s compliance policy which meets particular business requirements. Business Process Compliance (BPC) approaches seek to discover methods and techniques to ease the implementation of these compliance regulations. The approaches reveal different process modelling languages and scenarios for mapping relevant compliance rules and the detection of compliance violations. This contribution provides an overview on the state-ofthe-art of business process compliance approaches by conducting a literature review. The literature will be analysed and divided into four dimensions. The first dimension includes variables of general business process modelling, such as order, information, location and resource. The second dimension deals with temporal aspects of process modelling. The third dimension differentiates between BPC and verification/validation approaches. The last dimension specifies whether a method or a technical artefact was developed. The findings will be used to visualize the state-of-the-art of BPC.

[1]  Shazia Wasim Sadiq,et al.  Managing Regulatory Compliance in Business Processes , 2015, Handbook on Business Process Management.

[2]  Martin Schultz,et al.  Towards an Empirically Grounded Conceptual Model for Business Process Compliance , 2013, ER.

[3]  Lokman I. Meho,et al.  Modeling the information-seeking behavior of social scientists: Ellis's study revisited , 2003, J. Assoc. Inf. Sci. Technol..

[4]  Stefanie Rinderle-Ma,et al.  Integration of Process Constraints from Heterogeneous Sources in Process-Aware Information Systems , 2011, EMISA.

[5]  Schahram Dustdar,et al.  Domain-specific language for event-based compliance monitoring in process-driven SOAs , 2013, Service Oriented Computing and Applications.

[6]  Guido Governatori,et al.  On compliance checking for clausal constraints in annotated process models , 2012, Inf. Syst. Frontiers.

[7]  Farhad Arbab,et al.  Formal Behavioral Modeling and Compliance Analysis for Service-Oriented Systems , 2009, FMCO.

[8]  Manfred Reichert,et al.  Enabling Flexibility in Process-Aware Information Systems , 2012, Springer Berlin Heidelberg.

[9]  Peter Dadam,et al.  Monitoring Business Process Compliance Using Compliance Rule Graphs , 2011, OTM Conferences.

[10]  Manfred Reichert,et al.  Business Process Compliance , 2012 .

[11]  Guy H. Gessner,et al.  Holistic Compliance with Sarbanes-Oxley , 2004, Commun. Assoc. Inf. Syst..

[12]  Akhil Kumar,et al.  A Rule-Based Framework Using Role Patterns for Business Process Compliance , 2008, RuleML.

[13]  Colin McIntosh,et al.  Cambridge advanced learner's dictionary , 2013 .

[14]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[15]  Mathias Weske,et al.  Resolution of Compliance Violation in Business Process Models: A Planning-Based Approach , 2009, OTM Conferences.

[16]  Dirk Fahland,et al.  Where Did I Misbehave? Diagnostic Information in Compliance Checking , 2012, BPM.

[17]  Mike P. Papazoglou,et al.  On the Formal Specification of Regulatory Compliance: A Comparative Analysis , 2010, ICSOC Workshops.

[18]  Paola Mello,et al.  Checking Compliance of Execution Traces to Business Rules , 2008, Business Process Management Workshops.

[19]  Alireza Pourshahid,et al.  Business Process Compliance Tracking Using Key Performance Indicators , 2010, Business Process Management Workshops.

[20]  William N. Robinson,et al.  Requirements interaction management , 2003, CSUR.

[21]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[22]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[23]  Stefan Sackmann,et al.  ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance , 2008, Wirtsch..

[24]  Peter Dadam,et al.  Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems , 2010, CAiSE.

[25]  Gabor Karsai,et al.  Towards Practical Runtime Verification and Validation of Self-Adaptive Software Systems , 2013, Software Engineering for Self-Adaptive Systems.

[26]  Daniel L. Sherrell,et al.  Communications of the Association for Information Systems , 1999 .

[27]  Farhad Arbab,et al.  Towards Using Reo for Compliance-Aware Business Process Modeling , 2008, ISoLA.

[28]  H. Watson,et al.  Communications of the Association for Information Systems , 2000 .

[29]  Bojan Cukic,et al.  A Component-Based Approach to Verification and Validation of Formal Software Models , 2006, WADS.

[30]  Frank Leymann,et al.  Process Views to Support Compliance Management in Business Processes , 2010, EC-Web.

[31]  Björn Niehaves,et al.  Reconstructing the giant: On the importance of rigour in documenting the literature search process , 2009, ECIS.

[32]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[33]  Jörg Becker,et al.  Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap , 2012 .

[34]  Jorge S. Cardoso,et al.  Measuring the Compliance of Processes with Reference Models , 2009, OTM Conferences.

[35]  Mathias Weske,et al.  Visually specifying compliance rules and explaining their violations for business processes , 2011, J. Vis. Lang. Comput..

[36]  Laura Giordano,et al.  Verifying Business Process Compliance by Reasoning about Actions , 2010, CLIMA.

[37]  Rodrigo Costas,et al.  Users, narcissism and control – tracking the impact of scholarly publications in the 21st century , 2012 .

[38]  Andrew J. Leone,et al.  Factors related to internal control disclosure: A discussion of Ashbaugh, Collins, and Kinney (2007) and Doyle, Ge, and McVay (2007) , 2007 .

[39]  Marten Schönherr,et al.  Artifact Types in Information Systems Design Science - A Literature Review , 2010, DESRIST.

[40]  Nenad Stojanovic,et al.  Using Control Patterns in Business Processes Compliance , 2007, WISE Workshops.

[41]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[42]  Peter Dadam,et al.  SeaFlows Toolset - Compliance Verification Made Easy for Process-Aware Information Systems , 2010, CAiSE Forum.

[43]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[44]  Tom M. van Engers POWER: using UML/OCL for modeling legislation - an application report , 2001, ICAIL '01.

[45]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[46]  Martijn Zoet,et al.  Aligning Risk Management and Compliance Considerations with Business Process Development , 2009, EC-Web.

[47]  Niels Lohmann Compliance by design for artifact-centric business processes , 2013, Inf. Syst..

[48]  Jan Mendling,et al.  Process Compliance Measurement Based on Behavioural Profiles , 2010, CAiSE.

[49]  Mike P. Papazoglou,et al.  Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns , 2010, ICSOC.

[50]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.

[51]  Fabio Casati,et al.  On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management , 2009, ICSOC/ServiceWave Workshops.

[52]  Yurdaer N. Doganata,et al.  Effect of Using Automated Auditing Tools on Detecting Compliance Failures in Unmanaged Processes , 2009, BPM.

[53]  Kevin Crowston,et al.  A framework for creating a facetted classification for genres: addressing issues of multidimensionality , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[54]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[55]  Dirk Fahland,et al.  Separating Compliance Management and Business Process Management , 2011, Business Process Management Workshops.

[56]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[57]  Antonio Ruiz Cortés,et al.  Hints on How to Face Business Process Compliance , 2010 .

[58]  Pearl Brereton,et al.  Systematic literature reviews in software engineering - A systematic literature review , 2009, Inf. Softw. Technol..

[59]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[60]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[61]  Frank Leymann,et al.  Business Process Compliance through Reusable Units of Compliant Processes , 2010, ICWE Workshops.

[62]  Frank Leymann,et al.  An Integrated Solution for Runtime Compliance Governance in SOA , 2010, ICSOC.

[63]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[64]  Peter Shears Food fraud - a current issue but an old problem , 2010 .

[65]  Luca Compagna,et al.  Security Validation of Business Processes via Model-Checking , 2011, ESSoS.

[66]  Frank Leymann,et al.  Maintaining Compliance in Customizable Process Models , 2009, OTM Conferences.

[67]  Bikram Sengupta,et al.  An extensible framework for tracing model evolution in SOA solution design , 2009, OOPSLA Companion.

[68]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[69]  Ahmed Awad,et al.  An Iterative Approach for Business Process Template Synthesis from Compliance Rules , 2011, CAiSE.

[70]  Mathias Weske,et al.  Visualization of Compliance Violation in Business Process Models , 2009, Business Process Management Workshops.