On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management

  • Patrícia Silveira
  • Carlos Rodríguez
  • Fabio Casati
  • Florian Daniel
  • Vincenzo D’Andrea
  • Claire Worledge
  • Zouhair Taheri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6275)


Assessing whether a company’s business practices conform to laws and regulations and follow standards, i.e., compliance governance, is a complex and costly task. Few software tools aiding compliance governance exist; however, they typically do not address the needs of who is in charge of assessing and controlling compliance, that is, compliance experts and auditors. We advocate the use of compliance governance dashboards, whose design and implementation is however challenging for these reasons: (i) it is fundamental to identify the right level of abstraction for the information to be shown; (ii) it is not trivial to visualize distinct analysis perspectives; and (iii) it is difficult to manage the large amount of involved concepts, instruments, and data. This paper shows how to address these issues, which concepts and models underlie the problem, and, how IT can effectively support compliance analysis in SOAs.


Business Process Business Unit Compliance Rule Compliance Requirement Compliance Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellamy, R., Erickson, T., Fuller, B., Kellogg, W., Rosenbaum, R., Thomas, J., Vetting Wolf, T.: Seeing is believing: Designing visualizations for managing risk and compliance. IBM Systems Journal 46(2), 205–218 (2007)CrossRefGoogle Scholar
  2. 2.
    Ceri, S., Fraternali, P., Bongio, A., Brambilla, M., Comai, S., Matera, M.: Designing Data-Intensive Web Applications. Morgan Kaufmann Publishers Inc., USA (2002)Google Scholar
  3. 3.
    Chowdhary, P., Palpanas, T., Pinel, F., Chen, S.-K., Wu, F.Y.: Model-driven Dashboards for Business Performance Reporting. In: Proceedings of the 10th IEEE EDOC, pp. 374–386 (2006)Google Scholar
  4. 4.
    Few, S.: Information Dashboard Design: The Effective Visual Communication of Data, p. 223. O’Reilly Media, Inc., Sebastopol (2006)Google Scholar
  5. 5.
    Hagerty, J., Hackbush, J., Gaughan, D., Jacobson, S.: The Governance, Risk Management, and Compliance Spending Report, 2008-2009: Inside the $32B GRC Market. AMR Research (2008)Google Scholar
  6. 6.
    Saqid, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Giblin, C., Müller, S., Pfitzmann, B.: From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation. IBM Research Report (October 2006)Google Scholar
  8. 8.
    Namiri, K., Stojanovic, N.: A Semantic-based Approach for Compliance Management of Internal Controls in Business Processes. In: CAiSE 2007, pp. 61–64 (2007)Google Scholar
  9. 9.
    Trent, H.: Products for Managing Governance, Risk, and Compliance: Market Fluff or Relevant Stuff? In-Depth Research Report, Burton Group (2008)Google Scholar
  10. 10.
    Lam, J.: Operational Risk Management – Beyond Compliance to Value Creation. White Paper, Open Pages (2007)Google Scholar
  11. 11.
    Imrey, L.: CIO Dashboards: Flying by Instrumentation. Journal of Information Technology Management 19(4), 31–35 (2006)Google Scholar
  12. 12.
    Evans, G., Benton, S.: The BT Risk Cockpit – a visual approach to ORM. BT Technology Journal 25(1) (2007)Google Scholar
  13. 13.
    Papazoglou, M.P.: Compliance Requirements for Business-process-driven SOAs. E-Gov. Ict Professionalism and Competences Service Science 280, 183–194 (2008)CrossRefGoogle Scholar
  14. 14.
    Read, A., Tarrel, A., Fruhling, A.: Exploring User Preference for the Dashboard Menu Design. In: Proceedings of the 42nd Hawaii Intern. Conf. on System Sciences, pp. 1–10 (2009)Google Scholar
  15. 15.
    Allman, E.: Complying with Compliance. ACM Queue 4(7), 18–21 (2006)CrossRefGoogle Scholar
  16. 16.
    Cannon, J., Byers, M.: Compliance deconstructed. ACM Queue 4(7), 30–37 (2006)CrossRefGoogle Scholar
  17. 17.
    Oberortner, E., Zdun, U., Dustdar, S.: Tailoring a Model-Driven Quality-of-Service DSL for Various Stakeholders. In: Workshop on Modeling in Software Engineering, MiSE (2009)Google Scholar
  18. 18.
    Daniel, F., Casati, F., D’Andrea, V., Strauch, S., Schumm, D., Leymann, F., Mulo, E., Zdun, U., Dustdar, S., Sebahi, S., de Marchi, F., Hacid, M.: Business Compliance Governance in Service-Oriented Architectures. In: Proceedings of AINA 2009. IEEE Press, Los Alamitos (May 2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Patrícia Silveira
    • 1
  • Carlos Rodríguez
    • 1
  • Fabio Casati
    • 1
  • Florian Daniel
    • 1
  • Vincenzo D’Andrea
    • 1
  • Claire Worledge
    • 2
  • Zouhair Taheri
    • 3
  1. 1.University of TrentoItaly
  2. 2.Deloitte ConseilParisFrance
  3. 3.PricewaterhouseCoopers AccountantsRotterdamNetherlands

Personalised recommendations