ICT Support for Regulatory Compliance of Business Processes

2011

The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided.

Business Process Management …, 2008

Historically, business process design has been driven by business objectives, specifically process improvement. However this cannot come at the price of control objectives which stem from various legislative, standard and business partnership sources. Ensuring the compliance to regulations and industrial standards is an increasingly important issue in the design of business processes. This warrants a systematic approach to assist in the design of compliant business processes. In this paper, we advocate the importance of compliance in business process management and argue that control objectives should be addressed at an early stage, i.e., design time, so as to minimize the problems of runtime compliance checking and consequent violations and penalties. This paper specifically presents a quantitative measure of compliance for a given process model against a set of control objectives. The associated methods will allow process designers to comparatively assess the compliance degree of their design as well as be better informed on the cost of noncompliance.

2010

Companies increasingly have to pay attention to compliance concerns addressing business processes. Flexibly reacting to changing requirements coming from laws, regulations, and internal guidelines becomes a necessary part of business process management. Compliance refers therein to the entirety of all measures that need to be taken in order to adhere to laws, regulations and guidelines within the company, subsumed as compliance sources (Daniel et al., 2009, p. 1). In order to comply, companies need to perform profound changes in their organizational structure, business processes, IT systems and applications that drive their business. At this, process-awareness is basic prerequisite for ascertaining whether existing business processes are set up to operate in a compliant manner (Caprasse et al., 2008, p. 14). Among other steps, a compliance office can be installed, role-management is being established, and controls are integrated into particular processes. Consequently, compliance also has an impact on IT systems, applications and supporting infrastructure, as they have to support the execution, monitoring and checking of compliance issues. Yet, in the field of Business Process Management (BPM) there is currently no agreed upon solution for enabling a flexible management of compliance requirements resulting from the interpretation of various compliance sources. There is no ultimate solution that allows to integrate compliance into processes or IT systems, and which specifies, how the execution of processes can be monitored to validate a compliant execution. The integration of compliance thus often results in hardwired changes and tangled code. Another shortcoming of current solutions is that they do not address the whole compliance management life cycle (Daniel et al.,

2011

Today's business environment demands a high rate of compliance of service-enabled business processes with which enterprises are required to cope. Thus, a comprehensive compliance management framework is required such that compliance management must crosscut all the stages of the complete business process lifecycle, starting from the very early stages of business process design.

Information Systems, 2015

In recent years, monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as major concern in literature and practice. Monitoring not only refers to continuously observing possible compliance violations, but also includes the ability to provide fine-grained feedback and to predict possible compliance violations in the future. The body of literature on business process compliance is large and approaches specifically addressing process monitoring are hard to identify. Moreover, proper means for the systematic comparison of these approaches are missing. Hence, it is unclear which approaches are suitable for particular scenarios. The goal of this paper is to define a framework for Compliance Monitoring Functionalities (CMF) that enables the systematic comparison of existing and new approaches for monitoring compliance rules over business processes during runtime. To define the scope of the framework, at first, related areas are identified and discussed. The CMFs are harvested based on a systematic literature review and five selected case studies. The appropriateness of the selection of CMFs is demonstrated in two ways: (a) a systematic comparison with pattern-based compliance approaches and (b) a classification of existing compliance monitoring approaches using the CMFs. Moreover, the application of the CMFs is showcased using three existing tools that are applied to two realistic data sets. Overall, the CMF framework provides a powerful means to position existing and future compliance monitoring approaches.

2011

Abstract Compliance regulations require enterprises to review their SOA applications to ensure that they satisfy the set of relevant compliance requirements. Despite an increasing number of methods and tools, organizations have a pressing need for a comprehensive compliance framework to help them ensure that their business processes comply with requirements set forth by regulations, laws, and standards.

2009

It is a typical scenario that many organisations have their business processes specified independently of their business obligations (which includes contractual obligations to business partners, as well as obligations a business has to fulfil against regulations and industry standards). This is because of the lack of guidelines and tools that facilitate derivation of processes from contracts but also because of the traditional mindset of treating contracts separately from business processes. This chapter will provide a solution to one specific problem that arises from this situation, namely the lack of mechanisms to check whether business processes are compliant with business contracts. The chapter begins by defining the space for business process compliance and the ecosystem for ensuring that process are compliant. The key point is that compliance is a relationship between two sets of specifications: the specifications for executing a business process and the specifications regulating a business. The central part of the chapter focuses on a logic based formalism for describing both the semantics of normative specifications and the semantics of compliance checking procedures.

2017

We provide a short outline of the compliance by design methodology proposed by Sadiq and Governatori to ensure compliance of business processes and its implementation in Regorous.

2009

The ever increasing obligations of regulatory compliance are presenting a new breed of challenges for organizations across several industry sectors. Aligning control objectives that stem from regulations and legislation, with business objectives devised for improved business performance, is a foremost challenge. The organizational as well as IT structures for the two classes of objectives are often distinct and potentially in conflict. In this chapter, we present an overarching methodology for aligning business and control objectives. The various phases of the methodology are then used as a basis for discussing state of the art in compliance management. Contributions from research and academia as well as industry solutions are discussed. The chapter concludes with a discussion on the role of BPM as a driver for regulatory compliance and a presentation of open questions and challenges.

2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, 2010

It is significant for companies to ensure their businesses conforming to relevant policies, laws, and regulations as the consequences of infringement can be serious. Unfortunately, the divergence and frequent changes of different compliance sources make it hard to systematically and quickly accommodate new compliance requirements due to the lack of an adequate methodology for system and compliance engineering. In addition, the difference of perception and expertise of multiple stakeholders involving in system and compliance engineering further complicates the analyzing, implementing, and assessing of compliance. For these reasons, in many cases, business compliance today is reached on a per-case basis by using ad hoc, hand-crafted solutions for specific rules to which they must comply. This leads in the long run to problems regarding complexity, understandability, and maintainability of compliance concerns in a SOA. To address the aforementioned challenges, we present in this invited paper a comprehensive SOA business compliance software framework that enables a business to express, implement, monitor, and govern compliance concerns.