论文信息 - Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act

Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act

Balance Sheets and Annual Financial Reports play a major role in determining the public worth of any company. In the wake of corporate scandals such as Enron and WorldCom, the US and other countries passed legislation governing reporting processes. The Sarbanes Oxley Act of 2002 (hereafter SOX) requires US national securities exchange and US national security associations not to list any securities of any issuer that is not in compliance with the act. In this paper, we present a business process-based solution to the SOX compliance problem and offer evidence that such a solution is feasible through an industrial case study. The proposed solution aims to support SOX reporting requirements based on core business processes and a continuous improvement of the company's adopted business processes. This means that the solution integrates SOX-related tasks into the "daily work" of a company, rather than achieve compliance on a project basis.

[1] Walter Brenner,et al. SOX-IT-Compliance bei Novartis , 2006, HMD Prax. Wirtsch..

[2] Annie I. Antón,et al. Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[3] James A. Hall,et al. The Sarbanes-Oxley Act: Implications for large-scale IT outsourcing , 2007, Commun. ACM.

[4] Ramakrishnan Srikant,et al. Hippocratic Databases , 2002, VLDB.

[5] Dimitris Karagiannis,et al. Ein Geschäftsprozessmanagement-Werkzeug der nächsten Generation — ADONIS: Konzeption und Anwendungen , 2000, Wirtschaftsinf..