Separating Compliance Management and Business Process Management

  • Elham Ramezani
  • Dirk Fahland
  • Jan Martijn van der Werf
  • Peter Mattheis
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 100)

Abstract

The ever growing set of regulations and laws organizations have to comply to, introduces many new challenges. Current approaches that check for compliance by implementing controls in an existing information system (IS) decrease the maintainability of both the set of compliance rules and the IS. In this position paper, we advocate the separation of the compliance process from the organization’s business processes. We introduce a life cycle for the management of compliance rules. A separate compliance engine is used to define and check compliance rules independent from the existing IS within an organization.

Keywords

compliance management life cycle compliance requirements compliance rule compliance checking 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    A Methodological Framework for Aligning Business Processes and Regulatory ComplianceGoogle Scholar
  2. 2.
    van der Aalst, W.M.P., de Beer, H.T., van Dongen, B.F.: Process Mining and Verification of Properties: An Approach Based on Temporal Logic. In: Meersman, R. (ed.) OTM 2005. LNCS, vol. 3760, pp. 130–147. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M.E.M., Kumar, A., Verdonk, M.: Conceptual Model for Online Auditing. Decision Support Systems 50(3), 636–647 (2011)CrossRefGoogle Scholar
  4. 4.
    Adriansyah, A., Sidorova, N., van Dongen, B.F.: Cost-based Fitness in Conformance Checking. In: ACSD 2011. IEEE (2011)Google Scholar
  5. 5.
    El Kharbili, M., de Medeiros, A.K.A., Stein, S., van der Aalst, W.M.P.: Business Process Compliance Checking: Current State and Future Challenges. In: Modellierung betrieblicher Informationssysteme (MobIS). LNI, pp. 107–113 (2008)Google Scholar
  6. 6.
    Fötsch, D., Pulvermüller, E., Rossak, W.: Modeling and Verifying Workflow-based Regulations. In: Regulations Modelling and their Validation/ Verification, pp. 825–830 (2006)Google Scholar
  7. 7.
    Ghose, A., Koliadis, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Giblin, C., Liu, A.Y., Müller, S., Pfitzmann, B., Zhou, X.: Regulations Expressed As Logical Models (REALM). JURIX, 37–48 (2005)Google Scholar
  9. 9.
    Kharbili, M., Stein, S., Markovic, I., Pulvermüller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: GRCIS. CEUR Workshop Proceedings, vol. 339, pp. 1–15 (2008)Google Scholar
  10. 10.
    Lu, R., Sadiq, S., Governatori, G.: Compliance Aware Business Process Design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Menzies, C.: Sarbanes-Oxley und Corporate Compliance: Nachhaltigkeit, Optimierung, Integration. Schäffer Poeschel, Stuttgart (2006)Google Scholar
  13. 13.
    Waidner, M., Pfitzmann, B., Powers, C.: IBM’s Unified Governance Framework (UGF). Technical report, IBM Research Division, Zurich, IBM Research Report RZ 3699 (99709) (December 10, 2007)Google Scholar
  14. 14.
    Rozinat, A., Wynn, M.T., van der Aalst, W.M.P., ter Hofstede, A.H.M., Fridge, C.J.: Workflow Simulation for Operational Decision Support. Data & Knowledge Engineering 68, 834–850 (2009)CrossRefGoogle Scholar
  15. 15.
    Sadiq, S., Governatori, G., Namiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Elham Ramezani
    • 1
  • Dirk Fahland
    • 2
  • Jan Martijn van der Werf
    • 2
  • Peter Mattheis
    • 1
  1. 1.Hochschule FurtwangenGermany
  2. 2.Eindhoven University of TechnologyThe Netherlands

Personalised recommendations