Compliance Checking Research Articles

Hacker-GPT

HackerGPT is a specialized version of the LLaMA 2 model, designed to assist cybersecurity professionals in identifying vulnerabilities, improving defenses, and raising cybersecurity awareness while adhering to ethical guidelines for responsible use. It offers advanced features, including automated vulnerability detection, customized mitigation strategies, and simulated penetration testing to uncover weak points in networks and applications. HackerGPT continuously updates with the latest threat intelligence to counter emerging cyber-attacks. It provides detailed code and network security auditing, identifying risks such as SQL injections, cross-site scripting (XSS), misconfigurations, and weak encryption settings. During security incidents, HackerGPT offers real-time guidance, such as log analysis, forensic support, and incident response strategies to help professionals mitigate threats effectively. Additionally, HackerGPT serves as a powerful educational tool, offering cybersecurity training, best practices, and real-world scenarios to enhance knowledge. It can assist ethical hackers, security analysts, and developers in understanding and applying security measures efficiently. Organizations can leverage HackerGPT to conduct security assessments, compliance checks, and policy improvements. By promoting cybersecurity awareness and proactive defense strategies, HackerGPT aims to strengthen digital security for individuals, businesses, and institutions, ensuring a safer and more resilient cyber environment. Key Words: Cybersecurity, vulnerabilities, threat intelligence, penetration testing, security auditing, incident response, ethical hacking

CODE-ACCORD: A Corpus of building regulatory data for rule generation towards automatic compliance checking

Automatic Compliance Checking (ACC) within the Architecture, Engineering, and Construction (AEC) sector necessitates automating the interpretation of building regulations to achieve its full potential. Converting textual rules into machine-readable formats is challenging due to the complexities of natural language and the scarcity of resources for advanced Machine Learning (ML). Addressing these challenges, we introduce CODE-ACCORD, a dataset of 862 sentences from the building regulations of England and Finland. Only the self-contained sentences, which express complete rules without needing additional context, were considered as they are essential for ACC. Each sentence was manually annotated with entities and relations by a team of 12 annotators to facilitate machine-readable rule generation, followed by careful curation to ensure accuracy. The final dataset comprises 4,297 entities and 4,329 relations across various categories, serving as a robust ground truth. CODE-ACCORD supports a range of ML and Natural Language Processing (NLP) tasks, including text classification, entity recognition, and relation extraction. It enables applying recent trends, such as deep neural networks and large language models, to ACC.

Application of AI technology in audit risk assessment and control: Taking internal audit of higher education institutions as an example

With the rapid development of artificial intelligence (AI) technology, its application in the field of auditing has gained increasing attention. This paper explores the application of AI technology in audit risk assessment and control (ARAC), aiming to improve audit efficiency and effectiveness. First, the paper introduces the basic concepts of AI technology and its application background in the auditing field. Then, it provides a detailed analysis of the specific applications of AI technology in audit risk assessment and control, including data analysis, risk prediction, automated auditing, continuous monitoring, intelligent decision support, and compliance checks. Finally, the paper discusses the challenges and opportunities of AI technology in audit risk assessment and control, as well as future research directions.

Evaluation of infrastructure Construction Safety Standards and Compliance in Kuwait

This study evaluates the awareness, compliance, and training effectiveness related to safety standards in Kuwait’s construction industry. A quantitative cross-sectional design was employed, utilizing a structured questionnaire distributed to 132 participants, including engineers, contractors, and project managers selected using stratified random sampling to ensure representation across key demographics, including gender, age, educational level, years of experience, and city of work. The study was conducted over three months, from July to September 2024. Participants’ perceptions were assessed on key aspects of safety compliance, training adequacy, and systemic challenges. Findings reveal a high level of awareness, particularly among younger professionals and those with advanced educational qualifications. However, significant gaps exist in training program accessibility and practical implementation. Compliance levels varied by demographic factors, with project managers exhibiting the highest adherence to safety standards. Challenges such as inadequate enforcement, cultural attitudes toward risk, and limited governmental support were identified as critical barriers to compliance. The findings provide actionable insights for policymakers and stakeholders to foster a culture of safety in Kuwait’s construction sector, The study also recommends developing comprehensive training programs that combine theoretical knowledge with practical applications, ensuring accessibility for all industry stakeholders. and integrating advanced technologies, such as Automatic Code Compliance Checking (ACCC), to adherence safety standards and improve project monitoring.

Bridging Safety and Innovation: Integrating Building Information Modelling (BIM) with Fire Safety Evacuation Compliance Checking Process

Fire safety evacuation is an essential aspect in building design, directly impacting the safety of occupants during fire incidents. However, the conventional approach in checking the fire safety compliance is prone to errors and could not accommodate complex buildings. With the growing emphasis on proactive measures to mitigate fire risks and ensure swift evacuations, leveraging the compliance checking process through Building Information Modelling (BIM) demonstrates significant potential in this field. In Malaysia, the current compliance checking process grapples with challenges related to manual processes, fragmentation, and lack of automation. Hence, this paper aims to identify the potential of integrating BIM in the fire safety evacuation compliance checking process in Malaysia. Interview sessions were conducted with fire authority, architects, and engineers who are experienced in fire safety design and compliance checking. The study highlights the need for an integrated BIM platform for fire safety compliance checking with user-friendly interfaces, real-time collaboration tools, advanced simulation features, and smooth integration with existing fire safety systems. Collaboration through continuous feedback and cloud-based platforms for information sharing is also paramount in this integration. Tailored training programmes, strong leadership, and gradual implementation are the key elements in ensuring a successful BIM integration in this field. Future works involve identifying the key features needed for local authorities to check fire safety evacuation compliance using BIM, followed by creating a framework for the system.

Ground scaffolding abstract construction concepts for automatic compliance checking based on reasoning segmentation

Ground scaffolding abstract construction concepts for automatic compliance checking based on reasoning segmentation

A BLOCKCHAIN-DRIVEN VAT COMPLIANCE MODEL USING HYPERLEDGER FABRIC AND MONTE CARLO SIMULATIONS

This paper presents the development and evaluation of a VAT compliance model utilizing Hyperledger Fabric blockchain technology integrated with Monte Carlo simulations. The model aims to address the pervasive issue of VAT non-compliance by providing real-time monitoring and automated compliance checks. By simulating 10,000 VAT-related transactions under various compliance scenarios, the study assesses the model's performance in detecting both compliant and non-compliant transactions based on product registration and VAT rate application. The Monte Carlo simulations generate diverse transaction scenarios, while the blockchain provides a secure, immutable ledger for tracking each transaction's compliance status. The model is tested on a system simulating real-world conditions, focusing on key metrics such as transaction throughput, latency, accuracy, sensitivity, precision, and specificity. The results demonstrate that the model achieves 100% accuracy in identifying non-compliant transactions, with a transaction throughput of 1,200 transactions per second and an average latency of 0.83 milliseconds. This study highlights the potential of blockchain technology to revolutionize VAT administration by reducing non-compliance, enhancing transparency, and streamlining tax enforcement processes.

Large scale reuse of microservices using CI/CD and InnerSource practices - a case study

Contemporary practices such as InnerSource (adopting open source practices within an organization), continuous integration and delivery (CI/CD), and the use of microservices promote software reuse. Although the benefits of individual contemporary practices on reuse may be known, the implications of collective contemporary practices, mainly challenges and improvements to mitigate the challenges, are to a large extent unknown. In this study, we investigate the additional effort (cost factors), benefits, challenges, and potential improvements in contemporary reuse at Ericsson. We performed the study in two phases: a) the initial data collection based on a combination of data collection methods (e.g., interviews, discussions, company portals), and b) a follow-up group discussion after a year to understand the status of the challenges and improvements identified in the first phase. Our results indicate that developing reusable assets resulted in upfront cost factors, such as additional effort in ensuring compliance. Furthermore, development with reuse also resulted in cost factors, for example, additional effort in integrating and understanding reusable assets. Ericsson perceived the cost factors as an investment resulting in long-term benefits such as improved quality, productivity, customer experience, and way of working. The main challenge faced by Ericsson was the pressure on the producers of reusable assets. Our study shows how InnerSource can lead to an increase in contributions to reusable assets. Furthermore, Ericsson implemented measures like automating compliance checks that improved the maturity of reusable assets, resulting in an increase in their reuse. In summary, effective use of contemporary practices such as InnerSource and CI/CD, along with the use of microservices, can facilitate large scale reuse.

Towards effective implementation of building energy efficiency codes in Tripoli, Lebanon: Key actions for enforcement

Energy is vital for human life. However, the increasing global demand for and reliance on fossil fuels are significantly contributing to rising CO2 emissions. The Building Energy Efficiency Codes (BEECs) are a government initiative aimed at regulating CO2 emissions. BEECs support both national environmental goals and global climate change initiatives in Lebanon. The study aims to close the gap between the effectiveness of Lebanon's building energy codes and the country's environmental goals. It seeks to identify the key enforcement actions taken by the Trpl-M towards the successful implementation of the Building Energy Efficiency Code (BEEC). Tripoli was selected for its administrative independence and unique authority in enforcing building energy codes, including a dedicated technical department. This autonomy provides a valuable setting to explore compliance strategies and address regional challenges. This is achieved through an approach involving a literature review, case studies, and semi-structured interviews with employees from the Trpl-M Permit Office. The data is analyzed using a thematic analysis approach, providing a nuanced understanding of the implementation challenges within the employees' working environment. Findings suggest considering proactive design integration, third-party inspections, random compliance checks, penalties, and incentives to achieve high standards of energy efficiency and contribute to sustainable urban development and energy conservation in the region.

Proof Theory and Decision Procedures for Deontic STIT Logics

This paper provides a set of cut-free complete sequent-style calculi for deontic STIT (‘See To It That’) logics used to formally reason about choice-making, obligations, and norms in a multi-agent setting. We leverage these calculi to write a proof-search algorithm deciding deontic, multi-agent STIT logics with (un)limited choice and introduce a loop-checking mechanism to ensure the termination of the algorithm. Despite the acknowledged potential for deontic reasoning in the context of autonomous, multi-agent scenarios, this work is the first to provide a syntactic decision procedure for this class of logics. Our proofsearch procedure is designed to provide verifiable witnesses/certificates of the (in)validity of formulae, which permits an analysis of the (non)theoremhood of formulae and act as explanations thereof. We show how the proof system and decision algorithm can be used to automate normative reasoning tasks such as duty checking (viz. determining an agent’s obligations relative to a given knowledge base), compliance checking (viz. determining if a choice, considered by an agent as potential conduct, complies with the given knowledge base), and joint fulfillment checking (viz. determining whether under a specified factual context an agent can jointly fulfill all their duties).

BIMReason: Validating BIM model correctness

AbstractCompliance inspections and building analysis are critical to the success of any construction project. At present, such assessments are primarily conducted manually by experts in the architecture, engineering and construction (AEC) sector resulting in a tedious, labor‐intensive, and generally inefficient undertaking. Yet, with the gradual adoption of Building Information Modeling (BIM), automated building analysis and compliance checking become feasible. The Industry Foundation Classes (IFC) has received a lot of traction in the AEC industry as a vendor‐neutral data model. Its well‐defined semantics can be exploited by reasoning engines that allow for semantic reasoning on building models, the core mechanism required for automated compliance checking and building analysis. In this paper, a general‐purpose model checking framework for IFC building models, as well as an appropriate specification layout are introduced. Model checking via semantic reasoning is realized using various technologies from the Semantic Web. To present and evaluate our implementation, a sample specification is developed and tested on two IFC building models.

Strategic approaches to enhancing credit risk management in microfinance institutions

Microfinance institutions (MFIs) play a critical role in providing financial services to underserved, low-income populations, yet face significant challenges in managing credit risk due to the nature of their clientele and loan structures. Enhancing credit risk management in MFIs is essential for ensuring financial stability, reducing default rates, and fostering sustainable growth. This review examines strategic approaches to credit risk management tailored to the microfinance context, where traditional credit assessment methods may be less effective. It explores innovative client profiling techniques, such as segmented risk analysis and customized credit scoring models, which leverage demographic and behavioral data to more accurately assess borrower reliability. The use of data-driven decision-making, particularly through predictive analytics and machine learning, is highlighted as a means to anticipate client repayment behaviors and improve risk forecasting. Further, real-time loan monitoring systems with early warning indicators offer MFIs proactive risk mitigation strategies, enabling prompt interventions to prevent defaults. Institutional improvements, including standardized risk frameworks, enhanced training for loan officers, and regular compliance checks, strengthen organizational resilience against credit risks. Portfolio diversification strategies, such as sectoral and geographic diversification, and the integration of group lending models, are also discussed as effective means of reducing risk concentration. By implementing these multifaceted, strategic approaches, MFIs can improve their credit risk management frameworks, better serve their clients, and achieve greater financial sustainability. The review emphasizes the importance of adapting to rapidly evolving risk factors and adopting innovative tools and practices to meet the unique challenges of microfinance. The findings advocate for continuous research and investment in advanced credit risk methodologies, ultimately contributing to the broader goal of financial inclusion.

A governance framework model for cloud computing: role of AI, security, compliance, and management

The rapid adoption of cloud computing has transformed how organizations manage their IT resources, necessitating robust governance frameworks to address the complexities and risks inherent in cloud environments. This review proposes a comprehensive governance framework model that integrates the roles of artificial intelligence (AI), security, compliance, and management to enhance the effectiveness of cloud operations. AI plays a critical role in optimizing resource allocation and improving decision-making processes within cloud governance. By leveraging machine learning algorithms, organizations can achieve dynamic resource management, predictive analytics, and automated compliance monitoring, which enhance operational efficiency and reduce human error. Furthermore, the integration of AI in security management facilitates real-time threat detection and response, allowing organizations to proactively mitigate risks associated with data breaches and cyberattacks. Security is a paramount concern in cloud governance, given the shared responsibility model between cloud providers and clients. This framework emphasizes the implementation of comprehensive security measures, including data encryption, identity management, and incident response protocols, to safeguard sensitive information and maintain customer trust. Compliance with regulatory requirements is essential in ensuring organizational accountability and minimizing legal risks. The proposed governance model incorporates automated compliance checks and reporting mechanisms, ensuring adherence to industry-specific regulations such as GDPR and HIPAA. Moreover, effective management of cloud resources is crucial for optimizing performance and controlling costs. The governance framework outlines best practices for lifecycle management, cost optimization, and resource allocation, enabling organizations to achieve their strategic objectives. This governance framework model underscores the importance of integrating AI, security, compliance, and management for a holistic approach to cloud governance, providing organizations with the necessary tools to navigate the complexities of cloud computing while maximizing its benefits.

Safe Rider: Helmet Detection Using Machine Learning and Open CV

In India, many motorcyclists frequently violate traffic rules by not wearing helmets, and enforcement by traffic police is often limited due to the demanding nature of manual monitoring. Helmet detection is a crucial aspect of ensuring road safety, particularly for motorcyclists. Non-compliance with helmet regulations can lead to severe injuries and fatalities in the event of accidents. This paper presents an intelligent system for automatic helmet detection using a combination of OpenCV for image processing and machine learning algorithms for classification. The proposed system utilizes real-time video feed or static images to detect and identify whether a person is wearing a helmet, aiming to automate helmet compliance checks in traffic surveillance environments. This automated helmet detection system has the potential to enhance traffic law enforcement and reduce human intervention, leading to safer road environments.

API C4E Augmentation: AI-Powered Agent(AIPA) Framework

Abstract: In today’s rapidly evolving digital landscape, organizations increasingly rely on Application Programming Interface known as API for seamless integration and data exchange. API providers comprising consumers, developers, and project teams face several challenges in discovering, developing and mapping APIs in compliance with organizational enterprise architecture principles. This paper aims to address these challenges by proposing an AI-Powered Agent (AIPA) Framework that leverages Generative AI and AI Code Assistant tools to enhance API governance and streamline the API development cycle (API Management, develop API, testing, security, deployment and monitoring). The proposed framework facilitates API discovery through an interactive chat interface that summarizes available APIs based on the use case. Additionally, it aims to automate key aspects of API development, including compliance checks, security protocols, and document generation thereby significantly reducing effort(s), human error(s), and improving productivity and efficiency. Establishing an API Center for Enablement (C4E) ensures consistent adoption of best practices across the organization. By integrating AI-driven solution with API governance, this paper outlines a pathway for organizations to improve API quality, security, and usability while empowering to adapt to digital disruptions. The findings suggest that a comprehensive, AI-enhanced governance framework enhances operational and development efficiency and fosters innovation.

A SHACL-Based Approach for Enhancing Automated Compliance Checking with RDF Data

Automated Compliance Checking (ACC) has emerged as a critical tool for enforcing legal regulations across various domains. This paper contributes to ongoing research in Semantic Web technologies, particularly focusing on the execution of SHACL-SPARQL rules on RDF data. The RDF, being one of the most widely used knowledge representation (KR) formats, serves as the foundation of our approach, ensuring compatibility with existing standards and enhancing interoperability. Our research enhances the aggregate and temporal aspects of ACC by addressing the limitations of traditional ACC methodologies, which often fall short in managing the nuanced temporal and aggregate requirements essential for legal reasoning. Through a case study analysis of selected regulations with aggregate and temporal facets in LI 2204, which regulates local content and participation in Ghana’s upstream petroleum industry, this paper demonstrates the effectiveness of the proposed solution in achieving these dimensions of ACC. The findings underscore the potential of Semantic Web technologies to transform ACC practices by moving towards standardized, interoperable solutions. All source codes are freely available online together with instructions to locally reproduce the simulations.

Comparative Analysis of IT Management Tools in Healthcare

Healthcare systems today rely heavily on IT management tools for automation of patient care, increased operational efficiency, and simplification of the decision-making processes. This paper focuses closely on some of the major IT tools such as Electronic Health Records, Health Information Exchanges, CRM systems, ERP systems, and IT security frameworks. This research identifies some of the key trends, challenges, and opportunities surrounding healthcare IT through a feature and scalability analysis, checking for standard compliance, and assessing the general effects associated with such tools. The conclusion for the study brings actionable recommendations about ways to enhance IT tool adoption and optimize integration.

Optimizing automated compliance checking with ontology-enhanced natural language processing: Case in the fire safety domain

The fire safety compliance checking (FSCC) plays a crucial role in ensuring the quality of fire engineering design and eliminating inherent fire hazards. It requires an objective and rational interpretation of fire regulations. However, the texts of fire regulations are filled with numerous rules related to spatial limitations, which pose a significant challenge in interpreting them. The current method of interpreting these rules mostly relies on manual translation, which is not efficient. To address this issue, this study proposes an innovative automated framework for interpreting rules by combining ontology technology with natural language processing (NLP). Through the utilization of pre-trained language models (PLMs), concepts and relationships are extracted from sentences, a domain-specific ontology is established, spatial knowledge is transformed into language-agnostic tree structures based on the ontology, and the semantic components of spatial relationships are extracted. The tree structure is then mapped to logical clauses based on semantic consistency, thereby improving the efficiency of interpretation. Experimental results demonstrate that the architecture achieves an F1 score of 86.27 for entity extraction and 81.81 for spatial relationship joint extraction tasks, with an accuracy of 96.26% in the formalization of logical rules, highlighting its proficiency in automatically interpreting fire spatial rules. This study offers technical support to enhance public understanding of fire safety management and fire prevention predictions, thereby promoting the intelligent management of the building safety environment.

BIM capability assessment for improving the efficiency of design in railway projects

The construction industry is increasingly adopting Building Information Modelling (BIM) due to its benefits, including early collaboration, error reduction, and improved quality. This study systematically assesses BIM capabilities in the design processes of railway projects managed by Network Rail (NR), a national authority in the UK, and Gaziantep Metropolitan Municipality (GMM), a local authority in Turkey. Using a tailored BIM capability assessment tool, the study evaluates the performance of BIM attributes across architectural, structural, and building services design. The findings indicate that NR achieved Integrated BIM (Level 2) across all design disciplines driven by enhanced BIM uses such as code and compliance checking and phase and 4D planning. In contrast, GMM achieved Performed BIM (Level 1), particularly in structural design where BIM is applied selectively for tasks like design authoring and 3D coordination. The difference in scale leads to varying BIM implementations, with NR benefiting from a standardised approach supported by national-level mandates and resources. The study highlights that smaller authorities like GMM can improve BIM practices by adopting national-level strategies. Furthermore, organisations in countries with mandatory BIM requirements show more advanced BIM applications, such as integrating BIM with GIS for clash detection and improved coordination.

What Lies Beneath: A Development-Oriented Auditing Approach to Understand Organizations Beyond the Surface of Hard-Control.

Auditing procedures aim to improve educational quality in vocational education and training. Auditing approaches often focus on checking for compliance to rules and standards. Through dialogue, development-oriented audits are thought to inspire soft-control, a form of control that aims to address what is beneath the surface of mere compliance. These kinds of audits offer opportunities to demonstrate ethical leadership as part of an ethical culture. It is expected that an ethical culture variables positively influence working climate variables and ultimately intrinsic motivation. In this study, conducted as part of the (Hermanussen et al., 2022) study, we employed structural equation modeling to test if model behavior and sanctionability positively influenced perceived autonomy, perceived relatedness, trust, and self-efficacy, and ultimately intrinsic motivation. The study was conducted at eight different Dutch secondary vocational education and training organizations including 1223 participants. Results demonstrate a good model fit, χ2 = .12, df = 3, p = .989, GFI = 1.00, AFGI = 1.00, and RMSEA <.001. All presumed effects were significant. The strongest effects include model behavior on autonomy (.49) and autonomy on intrinsic motivation (.45). Future research should employ designs and analyses that are able to account for a multilevel structure in educational organizations.