Skip to main content
SpringerLink
Log in

Enriching Process Models for Business Process Compliance Checking in ERP Environments

  • Conference paper
Design Science at the Intersection of Physical and Virtual Design (DESRIST 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7939))

Abstract

In enterprise resource planning (ERP) environments the audit of business process compliance is a complex task as audit relevant context information about the ERP system like application controls (ACs) need to be considered to derive comprehensive audit results. Current compliance checking approaches neglect such information as it is not readily available in process models. Even if ACs are automatically analysed with audit software, the results still need to be linked to related processes. By now, this linking is not methodically supported. To address this gap this paper presents a method to automatically enrich process models with audit relevant information about ACs. The method consists of three phases: process model construction, automated analysis of ACs, and model enrichment. It utilizes two existing artefacts and combines them to provide a comprehensive basis for compliance checking. Moreover, the enriched process models can support auditors in conducting process audits in ERP environments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lickel, C.W.: Introduction. IBM Systems Journal 46, 1 (2007)

    Article  Google Scholar 

  2. Liu, Y., Muller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Systems Journal 46, 335–361 (2007)

    Article  Google Scholar 

  3. van der Werf, J.M.E.M., Verbeek, H.M.W., van der Aalst, W.M.P.: Context-Aware Compliance Checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 98–113. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Ramezani, E., Fahland, D., van der Werf, J.M., Mattheis, P.: Separating Compliance Management and Business Process Management. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM Workshops 2011, Part II. LNBIP, vol. 100, pp. 459–464. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Gehrke, N.: The ERP Auditlab - A Prototypical Framework for Evaluating Enterprise Resource Planning System Assurance. In: 43rd Hawaii International Conference on System Sciences (HICSS), pp. 1–9 (2010)

    Google Scholar 

  6. Van der Aalst, W., van Hee, K., van der Werf, J.M., Kumar, A., Verdonk, M.: Conceptual model for online auditing. Decision Support Systems 50, 636–647 (2011)

    Article  Google Scholar 

  7. Asprion, P., Knolmayer, G.: Compliance und ERP-Systeme: Eine bivalente Beziehung. Controlling & Management 53, 40–47 (2009)

    Google Scholar 

  8. IT Governance Institute (ITGI): IT control objectives for Sarbanes-Oxley: the role of IT in the design and implementation of internal control over financial reporting. IT Governance Institute, Rolling Meadows, IL (2006)

    Google Scholar 

  9. Bellino, C., Wells, J., Hunt, S.: Global Technology Audit Guide (GTAG) 8: Auditing Application Controls (2007)

    Google Scholar 

  10. Jans, M., Alles, M., Vasarhelyi, M.: Process mining of event logs in auditing: Opportunities and challenges. In: International Symposium on Accounting Information Systems, Orlando (2010)

    Google Scholar 

  11. Caron, F., Vanthienen, J.: Applications of Business Process Analytics and Mining for Internal Control. ISACA Journal 4 (2012)

    Google Scholar 

  12. Kerr, D., Houghton, L., Burgess, K.: Power Relationships that lead to the Development of Feral Systems. Australasian Journal of Information Systems 14, 141–152 (2007)

    Google Scholar 

  13. Rosemann, M., Recker, J., Flender, C.: Contextualisation of business processes. International Journal of Business Process Integration and Management 3, 47–60 (2008)

    Article  Google Scholar 

  14. Kuhn Jr., J.R., Sutton, S.G.: Continuous auditing in ERP system environments: The current state and future directions. Journal of Information Systems 24, 91–112 (2010)

    Article  Google Scholar 

  15. Gehrke, N., Mueller-Wickop, N.: Basic Principles of Financial Process Mining A Journey through Financial Data in Accounting Information Systems. In: AMCIS 2010 Proceedings (2010)

    Google Scholar 

  16. Becker, J., Delfmann, P., Eggert, M., Schwittay, S.: Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches – A State-of-the-Art Analysis and Research Roadmap. BuR - Business Research 5, 221–247 (2012)

    Google Scholar 

  17. Committee of Sponsoring Organizations of the Treadway Commission, C.: Internal Control - Integrated Framework (1992), http://www.coso.org

  18. Gelinas, U.: Business processes and information technology. Thomson/South-Western, Mason Ohio (2004)

    Google Scholar 

  19. Strecker, S., Heise, D., Frank, U.: Prolegomena of a modelling method in support of audit risk assessment - Outline of a domain-specific modelling language for internal controls and internal control systems. Enterprise Modelling and Information Systems Architectures 6, 5–24 (2011)

    Google Scholar 

  20. Institut der Wirtschaftsprüfer in Deutschland e.V (IDW): PS 261 Feststellung und Beurteilung von Fehlerrisiken und Reaktionen des Abschlussprüfers auf die beurteilten Fehlerrisiken (2009)

    Google Scholar 

  21. Elder, R.J., Beasley, M.S., Arens, A.A.: Auditing and assurance services: an integrated approach. Pearson, Boston (2010)

    Google Scholar 

  22. Information Systems Audit and Control Association (ISACA): COBIT and Application Controls: A Management Guide (2009), http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/COBIT-and-Application-Controls-A-Management-Guide.aspx

  23. Bodnar, G.H., Hopwood, W.S.: Accounting information systems. Pearson, Upper Saddle River (2012)

    Google Scholar 

  24. International Auditing and Assurance Standards Board (IAASB): ISA 315 - Identifying and Assessing the risks of Material Misstatement through Understanding the Entity and its Environment (2009)

    Google Scholar 

  25. Bell, T.: Auditing Organizations Through a Strategic-Systems Lens: The KPMG Business Measurement Process. University of Illinois Press, Urbana Ill (1997)

    Google Scholar 

  26. Ruhnke, K.: Business Risk Audits: State of the Art und Entwicklungsperspektiven. Journal für Betriebswirtschaft 56, 189–218 (2006)

    Article  Google Scholar 

  27. Stuart, I.C.: Auditing and assurance services: an applied approach. McGraw-Hill Irwin, New York (2012)

    Google Scholar 

  28. El Kharbili, M., De Medeiros, A.A., Stein, S., van Der Aalst, W.M.P.: Business process compliance checking: Current state and future challenges. In: Loos, P. (ed.) Modelling Business Information Systems (MoBIS 2008), pp. 107–113 (2008)

    Google Scholar 

  29. Ly, L.T., Rinderle-Ma, S., Göser, K., Dadam, P.: On enabling integrated process compliance with semantic constraints in process management systems. Inf. Syst. Front. 14, 195–219 (2012)

    Article  Google Scholar 

  30. Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where Did I Misbehave? Diagnostic Information in Compliance Checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 262–278. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  31. Rosemann, M., Recker, J.C.: Context-aware process design: Exploring the extrinsic drivers for process flexibility. In: The 18th International Conference on Advanced Information Systems Engineering. Proceedings of Workshops and Doctoral Consortium, pp. 149–158 (2006)

    Google Scholar 

  32. Monakova, G., Kopp, O., Leymann, F., Moser, S., Schäfers, K.: Verifying Business Rules Using an SMT Solver for BPEL Processes. In: Business Process and Services Computing Conference, BPSC 2009 (2009)

    Google Scholar 

  33. Knuplesch, D., Ly, L.T., Rinderle-Ma, S., Pfeifer, H., Dadam, P.: On Enabling Data-Aware Compliance Checking of Business Process Models. In: Parsons, J., Saeki, M., Shoval, P., Woo, C., Wand, Y. (eds.) ER 2010. LNCS, vol. 6412, pp. 332–346. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  34. Wolter, C., Miseldine, P., Meinel, C.: Verification of Business Process Entailment Constraints Using SPIN. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 1–15. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  35. Alles, M., Brennan, G., Kogan, A., Vasarhelyi, M.A.: Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens. International Journal of Accounting Information Systems 7, 137–161 (2006)

    Article  Google Scholar 

  36. van der Aalst, W.M.P., et al.: Process Mining Manifesto. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM Workshops 2011, Part I. Lecture Notes in Business Information Processing, vol. 99, pp. 169–194. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  37. Van der Aalst, W.M.P., van Hee, K.M., van Werf, J.M., Verdonk, M.: Auditing 2.0: Using Process Mining to Support Tomorrow’s Auditor. Computer 43, 90–93 (2010)

    Article  Google Scholar 

  38. Tiwari, A., Turner, C.J., Majeed, B.: A review of business process mining: state-of-the-art and future trends. Business Process Management Journal 14, 5–22 (2008)

    Article  Google Scholar 

  39. Jans, M., Alles, M., Vasarhelyi, M.: The case for process mining in auditing: Sources of value added and areas of application. International Journal of Accounting Information Systems 14, 1–20 (2013)

    Article  Google Scholar 

  40. Jans, M., Alles, M., Vasarhelyi, M.: Process Mining of Event Logs in Internal Auditing: A Case Study. In: 2nd International Symposium on Accounting Information Systems, Rome (2011)

    Google Scholar 

  41. March, S.T., Smith, G.F.: Design and natural science research on information technology. Decis. Support Syst. 15, 251–266 (1995)

    Article  Google Scholar 

  42. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quarterly 28, 75–105 (2004)

    Google Scholar 

  43. Österle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., Loos, P., Mertens, P., Oberweis, A., Sinz, E.J.: Memorandum zur gestaltungsorientierten Wirtschaftsinformatik. Schmalenbachs Zeitschrift für Betriebswirtschaftliche Forschung 62, 662–672 (2010)

    Google Scholar 

  44. Peffers, K., Rothenberger, M., Tuunanen, T., Vaezi, R.: Design science research evaluation. In: Peffers, K., Rothenberger, M., Kuechler, B. (eds.) DESRIST 2012. LNCS, vol. 7286, pp. 398–410. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  45. Venable, J., Pries-Heje, J., Baskerville, R.: A Comprehensive Framework for Evaluation in Design Science Research. In: Peffers, K., Rothenberger, M., Kuechler, B. (eds.) DESRIST 2012. LNCS, vol. 7286, pp. 423–438. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  46. Yin, R.K.: Case study research: design and methods. Sage Publications, Los Angeles (2009)

    Google Scholar 

  47. Romney, M.B., Steinbart, P.J.: Accounting Information Systems. Prentice Hall (2008)

    Google Scholar 

  48. Van Dongen, B., van der Aalst, W.M.P.: A Meta Model for Process Mining Data. In: Conference on Advanced Information Systems Engineering (2005)

    Google Scholar 

  49. Günther, C.W., van der Aalst, W.M.P.: Fuzzy Mining – Adaptive Process Simplification Based on Multi-perspective Metrics. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 328–343. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  50. Schultz, M., Müller-Wickop, N., Nüttgens, M.: Key Information Requirements for Process Audits - an Expert Perspective. In: EMISA, pp. 137–150 (2012)

    Google Scholar 

  51. Namiri, K., Stojanovic, N.: Pattern-Based Design and Validation of Business Process Compliance. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part I. LNCS, vol. 4803, pp. 59–76. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  52. Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., van den Heuvel, W.-J.: Business Process Compliance through Reusable Units of Compliant Processes. In: Daniel, F., Facca, F.M. (eds.) ICWE 2010. LNCS, vol. 6385, pp. 325–337. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  53. Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems 24, 45–77 (2007)

    Article  Google Scholar 

  54. Leist, S., Lichtenegger, W.: Integration automatisch generierter und manuell konstruierter Prozessmodelle. In: Engels, G., Karagiannis, D., Mayer, H.C. (eds.) Modellierung 2010, Klagenfurt, March 24-26. LNI, vol. 161, pp. 99–116. Ges. für Informatik, Bonn (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chair for Information Systems, University of Hamburg, Hamburg, Germany

    Martin Schultz

Authors
  1. Martin Schultz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Information Systems, University of Liechtenstein, Fürst-Franz-Josef-Strasse 21, 9490, Vaduz, Liechtenstein

    Jan vom Brocke

  2. Department of Information and Service Economy, Aalto University, Chydenia (Runeberginkatu 22-24), P.O. Box 21220, 00076, Aalto, Finland

    Riitta Hekkala  & Matti Rossi  & 

  3. Department of Management Information Systems, Eller College of Management, University of Arizona, 430J McClelland Hall, 85721, Tucson, AZ, USA

    Sudha Ram

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schultz, M. (2013). Enriching Process Models for Business Process Compliance Checking in ERP Environments. In: vom Brocke, J., Hekkala, R., Ram, S., Rossi, M. (eds) Design Science at the Intersection of Physical and Virtual Design. DESRIST 2013. Lecture Notes in Computer Science, vol 7939. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38827-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38827-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38826-2

  • Online ISBN: 978-3-642-38827-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation