A Compliance Management Ontology: Developing Shared Understanding through Models

Managing regulatory compliance is increasingly challenging and costly for organizations world-wide. Due to the diversity of stakeholders in compliance management initiatives, any effort towards providing compliance management solutions demands a common understanding of compliance management concepts and practice. This paper reports on research undertaken to develop an ontology to create a shared conceptualization of the compliance management domain, namely CoMOn (Compliance Management Ontology). The ontology concepts are extracted from interviews and surveys of compliance management experts and practitioners, and refined through synthesis with leading academic literature related to compliance management. A semiotic framework was utilized to conduct a rigorous evaluation of CoMOn through a series of eight case studies spanning a number of industry sectors. The consensus achieved through the evaluation has positioned CoMOn as a comprehensive domain ontology for Compliance Management.

[1]  Martin L. King,et al.  Towards a Methodology for Building Ontologies , 1995 .

[2]  W. B. Lee,et al.  A methodology for building a semantically annotated multi-faceted ontology for product family modelling , 2011, Adv. Eng. Informatics.

[3]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[4]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[5]  Luciana Andréia Fondazzi Martimiano,et al.  Ontologies for information security management and governance , 2008, Inf. Manag. Comput. Secur..

[6]  David G. Schwartz,et al.  A methodology for the semi-automatic creation of data-driven detailed business ontologies , 2010, Inf. Syst..

[7]  Marta Indulska,et al.  A Study of Ontology Construction: The Case of a Compliance Management Ontology , 2013 .

[8]  Heinz Roland Weistroffer,et al.  A Framework for Integrating Sarbanes-Oxley Compliance into the Systems Development Process , 2007, Commun. Assoc. Inf. Syst..

[9]  Michael Gruninger,et al.  ONTOLOGY Applications and Design , 2002 .

[10]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[11]  Juan Manuel Fernández Peña,et al.  Unified Modeling Language Unified Modeling Language , 2006 .

[12]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[13]  Mark S. Fox,et al.  How To Build Enterprise Data Models To Achieve Compliance To Standards Or Regulatory Requirements (and share data) , 2007, J. Assoc. Inf. Syst..

[14]  Marta Indulska,et al.  Emerging Challenges in Information Systems Research for Regulatory Compliance Management , 2010, CAiSE.

[15]  Vijayan Sugumaran,et al.  A semiotic metrics suite for assessing the quality of ontologies , 2005, Data Knowl. Eng..

[16]  Raymond A. Patterson,et al.  Research Note - Information Technology, Contract Completeness, and Buyer-Supplier Relationships , 2006, Inf. Syst. Res..

[17]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[18]  Norris Syed Abdullah,et al.  Information Systems Research: Aligning to Industry Challenges in Management of Regulatory Compliance , 2010, PACIS.

[19]  J. Anon,et al.  Integrating Sarbanes‐Oxley controls into an investment firm governance framework , 2007 .

[20]  Asunción Gómez-Pérez,et al.  METHONTOLOGY: From Ontological Art Towards Ontological Engineering , 1997, AAAI 1997.

[21]  H. Sofia Pinto,et al.  A methodology for ontology integration , 2001, K-CAP '01.

[22]  H. Sofia Pinto,et al.  Ontologies: How can They be Built? , 2004, Knowledge and Information Systems.

[23]  Marta Indulska,et al.  A Framework for Industry-Relevant Ontology Development , 2011 .

[24]  Robert Meersman,et al.  An ontology engineering methodology for DOGMA , 2008 .

[25]  Christopher J. Davis,et al.  Training as regulation and development: An exploration of the needs of enterprise systems users , 2008, Inf. Manag..

[26]  Eva Blomqvist,et al.  Constructing an enterprise ontology for an automotive supplier , 2008, Eng. Appl. Artif. Intell..

[27]  Catherine Dolbear,et al.  Supporting domain experts to construct conceptual ontologies: A holistic approach , 2011, J. Web Semant..

[28]  Dave Elliman,et al.  Ontology languages for the semantic web: A never completely updated review , 2006, Knowl. Based Syst..

[29]  H. Sofia Pinto,et al.  Some Issues on Ontology Integration , 1999, IJCAI 1999.

[30]  Asunción Gómez-Pérez,et al.  Overview and analysis of methodologies for building ontologies , 2002, The Knowledge Engineering Review.

[31]  Marta Indulska,et al.  A study of compliance management in information systems research , 2009, ECIS.

[32]  Mike Uschold,et al.  Building Ontologies: Towards a Unified Methodology , 1996 .

[33]  Raymond A. Patterson,et al.  Information technology, contract completeness, and buyer-supplier relationships , 2000 .