A Comprehensive Framework for the Application of Process Mining in Risk Management and Compliance Checking

Abstract

As process-aware information systems are becoming omnipresent in contemporary organizations, the requirements for risk management and compliance checking have evolved and demand a more process-centered approach. The business events recorded by these information systems are systematically and securely logged, which results in a wide variety of opportunities to evaluate dynamic or multi-state process properties. Process mining research has proposed a spectrum of techniques for analyzing the functional, control-flow, organizational and data perspective of the business processes. The framework presented in this paper structures the relationship between the process mining techniques, the organization's stakeholders with a control function and their activities. Focus will be placed on proposing a process-oriented approach that enables a timely analysis of large amount of event data and provides a high process deviation detection effectiveness. Additionally, in this contribution we analyze the optimal settings for the process mining techniques and provide suggestions for further adapting the techniques to the specific needs of risk management and compliance checking. The applicability of the framework is tested and evaluated.