Business Process Compliance Checking Research Articles

A Mashup-Based Framework for Business Process Compliance Checking

Business process compliance ensures that the processes of an organisation are designed and executed according to the rules that govern it. We faced the challenge of building a compliance management system for a process-aware organisation and identified several needs that, despite having been identified in the literature, were only partially satisfied by existing approaches. The variability in the types of rules generally restricts the existing support for compliance checking to specific types of rules, a concrete phase of the business process management lifecycle, or certain information systems (ISs) for data retrieval. Motivated by this, we designed a conceptual framework for compliance checking that relies on the use of mashups for rule specification and checking, with the following advantages: (i) an open-ended set of rules can be specified by designing and connecting mashup components; (ii) (parts of) the definitions of the rules can be reused as needed; and (iii) the mashup-based compliance checking system can be integrated with ISs of the organisation, enabling the verification of actual facts on actions performed during the execution of a process (e.g., the existence of a document in a location). Design-time and run-time implementations of the framework were conducted and tested in a real setting.

Static compliance checking beyond separation of duty constraints

In many application domains, processes often have to comply with business level rules and policies, called compliance constraint. Separation of duty requirement is one of such constraint, and enhancement measures are taken to make sure the business process is compliance with the constraints. Separation of duty Algebra is a high level policy designed to specify Separation of duty constraints, which can describe both quantification requirements and qualification requirements. In this article, we improve the high level description SoDA by involving task information. The improved specification expresses relations between user and task, describes bind of duty constraint beyond separation of duty. In order to make the high level policy act on concrete process, we proceed by constructing mapping rules to translate high level policies to low level constraints, which is representing by Description Logic. Then, we propose a framework for business process compliance checking. At last we give a case study to show the suitably of the method.

Normative requirements for regulatory compliance: An abstract formal framework

By definition, regulatory rules (in legal context called norms) intend to achieve specific behaviour from business processes, and might be relevant to the whole or part of a business process. They can impose conditions on different aspects of process models, e.g., control-flow, data and resources etc. Based on the rules sets, norms can be classified into various classes and sub-classes according to their effects. This paper presents an abstract framework consisting of a list of norms and a generic compliance checking approach on the idea of (possible) execution of processes. The proposed framework is independent of any existing formalism, and provides a conceptually rich and exhaustive ontology and semantics of norms needed for business process compliance checking. Apart from the other uses, the proposed framework can be used to compare different compliance management frameworks (CMFs).

Business process compliance checking – applying and evaluating a generic pattern matching approach for conceptual models in the financial sector

Given the strong increase in regulatory requirements for business processes the management of business process compliance becomes a more and more regarded field in IS research. Several methods have been developed to support compliance checking of conceptual models. However, their focus on distinct modeling languages and mostly linear (i.e., predecessor-successor related) compliance rules may hinder widespread adoption and application in practice. Furthermore, hardly any of them has been evaluated in a real-world setting. We address this issue by applying a generic pattern matching approach for conceptual models to business process compliance checking in the financial sector. It consists of a model query language, a search algorithm and a corresponding modelling tool prototype. It is (1) applicable for all graph-based conceptual modeling languages and (2) for different kinds of compliance rules. Furthermore, based on an applicability check, we (3) evaluate the approach in a financial industry project setting against its relevance for decision support of audit and compliance management tasks.

Efficient Semantics-Based Compliance Checking Using LTL Formulae and Unfolding

Business process models are required to be in line with frequently changing regulations, policies, and environments. In the field of intelligent modeling, organisations concern automated business process compliance checking as the manual verification is a time-consuming and inefficient work. There exist two key issues for business process compliance checking. One is the definition of a business process retrieval language that can be employed to capture the compliance rules, the other concerns efficient evaluation of these rules. Traditional syntax-based retrieval approaches cannot deal with various important requirements of compliance checking in practice. Although a retrieval language that is based on semantics can overcome the drawback of syntax-based ones, it suffers from the well-known state space explosion. In this paper, we define a semantics-based process model query language through simplifying a property specification pattern system without affecting its expressiveness. We use this language to capture semantics-based compliance rules and constraints. We also propose a feasible approach in such a way that the compliance checking will not suffer from the state space explosion as much as possible. A tool is implemented to evaluate the efficiency. An experiment conducted on three model collections illustrates that our technology is very efficient.

Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap

AbstractWith a steady increase of regulatory requirements for business processes, automation support of compliance management is a field garnering increasing attention in Information Systems research. Several approaches have been developed to support compliance checking of process models. One major challenge for such approaches is their ability to handle different modeling techniques and compliance rules in order to enable widespread adoption and application. Applying a structured literature search strategy, we reflect and discuss compliance-checking approaches in order to provide an insight into their generalizability and evaluation. The results imply that current approaches mainly focus on special modeling techniques and/or a restricted set of types of compliance rules. Most approaches abstain from real-world evaluation which raises the question of their practical applicability. Referring to the search results, we propose a roadmap for further research in model-based business process compliance checking.