Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Process Management

BPM 2012: Business Process Management pp 98–113Cite as

Context-Aware Compliance Checking

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7481))

Abstract

Organizations face more and more the burden to show that their business is compliant with respect to many different boundaries. The activity of compliance checking is commonly referred to as auditing. As information systems supporting the organization’s business record their usage, process mining techniques such as conformance checking offer the auditor novel tools to automate the auditing activity. However, these techniques tend to look at process instances (i.e., cases) in isolation, whereas many compliance rules can only be evaluated when considering interactions between cases and contextual information. For example, a rule like “a paper should not be reviewed by a reviewer that has been a co-author” cannot be checked without considering the corresponding context (i.e., other papers, other issues, other journals, etc.). To check such compliance rules, we link event logs to the context. Events modify a pre-existing context and constraints can be checked on the resulting context. The approach has been implemented in ProM. The resulting context is represented as an ontology, and the semantic web rule language is used to formalize constraints.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. van der Aalst, W.M.P.: Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer, Berlin (2011)

    MATH  Google Scholar 

  2. van der Aalst, W.M.P., Adriansyah, A., van Dongen, B.F.: Replaying History on Process Models for Conformance Checking and Performance Analysis. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 2(2), 182–192 (2012)

    Article  Google Scholar 

  3. van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Kumar, A., Verdonk, M.: Conceptual Model for Online Auditing. Decision Support Systems 50(3), 636–647 (2011)

    Article  Google Scholar 

  4. van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Verdonk, M.: Auditing 2.0: Using Process Mining to Support Tomorrow’s Auditor. IEEE Computer 43(3), 102–105 (2010)

    Article  Google Scholar 

  5. Accorsi, R., Stocker, T.: On the Exploitation of Process Mining for Security Audits: The Conformance Checking Case. In: ACM Symposium on Applied Computing. ACM (2012)

    Google Scholar 

  6. Alles, M.G., Kogan, A., Vasarhelyi, M.A.: Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations. Journal of Information Systems 22(2), 195–214 (2008)

    Article  Google Scholar 

  7. Chan, D.Y., Vasarhelyi, M.A.: Innovation and Practice of Continuous Auditing. International Journal of Accounting Information Systems 12(2), 152–160 (2011)

    Article  Google Scholar 

  8. World Wide Web Consortium. SWRL: A Semantic Web Rule Language Combining OWL and RuleML (2011), http://www.w3.org/Submission/SWRL/

  9. Haworth, D.A., Pietron, L.R.: Sarbanes-Oxley: Achieving compliance by starting with ISO 17799. Information Systems Management 23(1), 73–87 (2006)

    Article  Google Scholar 

  10. Dumas, M., van der Aalst, W.M.P., ter Hofstede, A.H.M.: Process-Aware Information Systems: Bridging People and Software through Process Technology. John Wiley & Sons, Inc. (2005)

    Google Scholar 

  11. Elliot, R.K.: Assurance Service Opportunities: Implications for Academia. Accounting Horizons 11(4), 61–74 (1997)

    Google Scholar 

  12. Filipowska, A., Kaczmarek, M., Kowalkiewicz, M., Markovic, I., Zhou, X.: Organizational Ontologies to Support Semantic Business Process Management. In: International Workshop on Semantic Business Process Management, pp. 35–42. ACM (2009)

    Google Scholar 

  13. Fox, M.S., Barbuceanu, M., Gruninger, M.: An Organisation Ontology for Enterprise Modelling: Preliminary Concepts for Linking Structure and Behaviour. Computers in Industry 29(1-2), 123–134 (1996); WET ICE 1995

    Google Scholar 

  14. Ghose, A., Koliadis, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Goedertier, S., Mues, C., Vanthienen, J.: Specifying Process-Aware Access Control Rules in SBVR. In: Paschke, A., Biletskiy, Y. (eds.) RuleML 2007. LNCS, vol. 4824, pp. 39–52. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Jans, M., van der Werf, J.M.E.M., Lybaert, N., Vanhoof, K.: A Business Process Mining Application for Internal Transaction Fraud Mitigation. Expert Systems with Applications 38(10), 13351–13359 (2011)

    Article  Google Scholar 

  17. Ramezani, E., Fahland, D., van der Werf, J.M., Mattheis, P.: Separating Compliance Management and Business Process Management. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM Workshops 2011, Part II. LNBIP, vol. 100, pp. 459–464. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Rosemann, M., Recker, J.C., Flender, C.: Contextualisation of Business Processes. Int. Journal of Business Process Integration and Management 3(1), 47–60 (2008)

    Article  Google Scholar 

  19. Green, S.: Manager’s Guide to the Sarbanes-Oxley Act: Improving Internal Controls to Prevent Fraud. Wiley (2004)

    Google Scholar 

  20. Sadiq, S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Vasarhelyi, M.A., Halper, F.: The Continuous Audit of Online Systems. Auditing: A Journal of Practice & Theory 10(1), 110–125 (1991)

    Google Scholar 

  22. Verbeek, H.M.W., Buijs, J.C.A.M., van Dongen, B.F., van der Aalst, W.M.P.: XES, XESame, and ProM 6. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 60–75. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. W3C. OWL 2 Web Ontology Language (2009)

    Google Scholar 

  24. Wielemaker, J., Schreiber, G., Wielinga, B.: Prolog-Based Infrastructure for RDF: Scalability and Performance. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 644–658. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Williams, B.C.: Auditing and recent Developments in IT. Managerial Auditing Journal 7(5), 18–25 (1992)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, Technische Universiteit Eindhoven, P.O. Box 513, 5600 MB, Eindhoven, The Netherlands

    Jan Martijn E. M. van der Werf, H. M. W. Verbeek & Wil M. P. van der Aalst

Authors
  1. Jan Martijn E. M. van der Werf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. H. M. W. Verbeek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wil M. P. van der Aalst
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Science and Technology, Information Systems Discipline, Business Process Management Group, Queensland University of Technology, Level 5, 126 Margaret Street, 4000, Brisbane, QLD, Australia

    Alistair Barros

  2. Faculty of Industrial Engineering and Management, Technion - Israel Institute of Technology, 32000, Technion City, Haifa, Israel

    Avigdor Gal

  3. Informatics and Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, 2800, Kgs. Lynbgy, Denmark

    Ekkart Kindler

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van der Werf, J.M.E.M., Verbeek, H.M.W., van der Aalst, W.M.P. (2012). Context-Aware Compliance Checking. In: Barros, A., Gal, A., Kindler, E. (eds) Business Process Management. BPM 2012. Lecture Notes in Computer Science, vol 7481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32885-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32885-5_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32884-8

  • Online ISBN: 978-3-642-32885-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation