Abstract
The success of today’s business operations depends largely on the ability to react to changing factors of influence. With the increasing distribution and heterogeneity of enterprise applications, the challenge is to gain and sustain oversight and to manage the different aspects of business operations systematically. Many disciplines and best practices have been established: On the infrastructure level, Service oriented architectures provide a common base to compose distributed applications. On the operational level, business process management provides high level visibility of end-to-end transactions. On the information level, master data management aggregates and consolidates data throughout the organization. There is, however, an aspect that is becoming more and more relevant but still lacks a proper discipline: Regulatory compliance of business operations. The pressure to prove compliance with legal obligations and industry wide requirements has risen tremendously in recent years – and in light of the ongoing economic crises it is likely to rise further. To address this gap, this paper presents a systematic development method to define, deploy and monitor business controls across a distributed enterprise application. First, we establish a repository of obligations that keeps track of the dependencies between processes, data, applications, and regulations. Second, we define and deploy operational controls as a set of services to gather, classify and correlate information. Finally, we provide end-to-end visibility of the business transactions for monitoring and reporting.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Curbera, F., Doganata, Y., Martens, A., Mukhi, N., Slominski, A.: Business Provenance - A Technology to Increase Traceability of End-to-End Operations. In: Proceedings of Coopis 2008. LNCS, vol. 5331. Springer, Heidelberg (2008)
Committee of Sponsoring Organizations of the Treadway Commission:Enterprise Risk Management – Integrated Framework (2004), www.coso.org
Agrawal, R., Johnson, C., Kiernan, J., Leymann, F.: Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. In: Proceedings of the 22nd Conference on Data Engineering, ICDE. IEEE Computer Society, Washington, DC (2006)
Christopher, G., Müller, S., Pfitzmann, B.: From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation. IBM Research Report RZ 3662, IBM Zurich Research Laboratory (2006)
Lu, R., Sadiq, S., Governatori, G.: Compliance Aware Business Process Design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)
Goedertier, S., Vanthienen, J.: Designing Compliant Business Processes with Obligations and Permissions. In: Eder, J., Dustdar, S. (eds.) BPM Workshops 2006. LNCS, vol. 4103, pp. 5–14. Springer, Heidelberg (2006)
Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: Proceedings of the 10th IEEE Conference on Enterprise Distributed Object Computing, EDOC. IEEE Computer Society, Washington, DC (2006)
Namiri, K., Stojanovic, N.: A Formal Approach for Internal Controls Compliance in Business Processes. In: Proceedings of 8th Workshop on Business Process Modeling, Development, and Support (BPMDS 2007), Trondheim, Norway (2007)
Verver, J.: Building and Implementing a Continuous Controls Monitoring and Auditing Framework, ACL Services Ltd. (2005)
Brown, R.L.: The SOA road to sustainable risk and control management. IBM White Paper (January 2007), ftp://ftp.software.ibm.com/software/lotus/lotusweb/sox/TheSOARoadtoSustainableRiskandControlManagementJan2007.pdf
Ferrucci, D., Lally, A.: Building an example application with the Unstructured Information Management Architecture. IBM Systems Journal 43(3), 455–475 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martens, A., Curbera, F., Mukhi, N.K., Slominski, A. (2011). Business Control Management – A Discipline to Ensure Regulatory Compliance of SOA Applications. In: zur Muehlen, M., Su, J. (eds) Business Process Management Workshops. BPM 2010. Lecture Notes in Business Information Processing, vol 66. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20511-8_60
Download citation
DOI: https://doi.org/10.1007/978-3-642-20511-8_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20510-1
Online ISBN: 978-3-642-20511-8
eBook Packages: Computer ScienceComputer Science (R0)