Abstract
Managing workflows is increasingly becoming flexible on both the conceptual and technical level. Reacting directly to new context situations and adapting workflows to changing requests both rapidly and flexibly are seen as key characteristic for future agile companies. Providing flexibility in process execution for single workflow instances is also a promising basis for expanding the scope of Business Process Management to other application fields and for integrating so-called dark processes into the system. However, workflows are not only subject to “pure” business needs but also increasingly to compliance requirements. To validate that a workflow is compliant with relevant laws and regulations, in principal, each change of a workflow has also to be checked according to its consequences for compliance. Not surprisingly, validating compliance is currently a well-known challenge for many companies, specifically their IT governance, and is, usually, a time-consuming manual task dealing with the challenge of fast adaptations and changes. Management has to balance the trade-off between flexible but (possibly) non-compliant workflows and compliant but (mostly) inflexible workflows. Addressing this trade-off, we present a novel approach called FlexCom and its prototypical implementation in this contribution. It aims at solving the trade-off by allowing a person in charge to change a workflow, even during execution, according to business needs, and by automatically integrating required control processes for achieving the correspondent compliance requirements. It is demonstrated that with such “sticky” controls at hand, the balance between flexibility of processes and compliance can be managed in a novel and promising way.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
van der Aalst, W. M. P., & van Hee, K. M. (2004). Workflow management: Models, methods, and systems. Cambridge, MA: The MIT.
van der Aalst, W. M. P., Weske, M., & Grünbauer, D. (2005). Case handling: A new paradigm for business process support. Data Knowledge Engineering, 53, 129–162.
Betke, H., Kittel, K., & Sackmann, S. (2013). Modeling controls for compliance – An analysis of business process modeling languages. In Proceedings of the 27th IEEE international conference on advanced information networking and applications workshops (WAINA-2013) (pp. 866–871). Barcelona, Spain.
Cabanillas, C., Resinas, M., & Ruiz-Cortes, A. (2011). Exploring features of a full-coverage integrated solution for business process compliance. In C. Salinesi & O. Pastor (Eds.), CAiSE 2011 workshops (GRCIS’11) (LNBIP, Vol. 83, pp. 218–227). Berlin: Springer.
Cannon, J., & Byers, M. (2006). Compliance deconstructed. ACM Queue, 4, 30–37.
Compas. (2008). State-of-the-art in the field of compliance languages. Tilburg University. Retrieved from http://ec.europa.eu/information_society/apps/projects/logos/5/215175/080/deliverables/D2.1_State-of-the-art-for-compliance-languages.pdf
Dadam, P., Reichert, M., Rinderle-Ma, S., Lanz, A., Pryss, R., Predeschly, M., et al. (2009). From ADEPT to AristaFlow BPM suite: A research vision has become reality. In Proceedings of the 1st international workshop on empirical research in business process management (ER-BPM’09) (pp. 529–531).
Goedertier, S., & Vanthienen, J. (2006). Designing compliant business processes with obligations and permissions. Business Process Management Workshops, 4103, 5–14.
Kittel, K. (2013). Agilität von Geschäftsprozessen trotz Compliance. In R. Alt & B. Franczyk (Eds.), Tagungsband der 11. Internationale Tagung Wirtschaftsinformatik (pp. 967–981).
Kittel, K., & Sackmann, S. (2011). Gaining flexibility and compliance in rescue processes with BPM. In Proceedings of the ARES conference – Workshop on “Resilience and IT-Risk in Social Infrastructures” (RISI 2011). Vienna, Austria.
Kittel, K., & Sackmann, S. (2012). Flexible controls for compliance in catastrophe management processes. In Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI’12) (pp. 1675–1687). Berlin: GITO.
Kittel, K., Sackmann, S., Betke, H., & Hofmann, M. (2013a). Achieving flexible and compliant processes in disaster management. In Proceedings of the HICSS 2013 (pp. 4687–4696).
Kittel, K., Sackmann, S., & Göser, K. (2013b). Flexibility and compliance in workflow systems – The KitCom prototype. In Proceedings of the 25th international conference on advanced information systems engineering (CAISE’13) (pp. 154–160). Valencia, Spain.
Krafzig, D., Banke, K., & Slama, D. (2005). Enterprise SOA: Service-oriented architecture best practices. Upper Saddle River, NJ: Prentice Hall.
Ly, L., Rinderle-Ma, S., Knuplesch, D., & Dadam, P. (2011). Monitoring business process compliance using compliance rule graphs. In On the move to meaningful internet systems: OTM 2011 (pp. 82–99). Berlin: Springer.
Pitthan, D. K. J., & Philipp, D. W. I. M. (1997). Einsatz von Petri-Netzen für die Aufnahme, Dokumentation und Analyse Interner Kontrollsysteme im Rahmen der Jahresabschlußprüfung. In W. Stucky & U. Winand (Eds.), Petri-Netze zur Modellierung verteilter DV-Systeme (pp. 87–104). Karlsruhe: University of Karlsruhe.
Reichert, M., Rinderle, S., Kreher, U., & Dadam, P. (2005). Adaptive process management with ADEPT2. In Proceedings of the 21st ICDE (pp. 1113–1114).
Rinderle, S. (2004). Schema evolution in process management systems. Ph.D. thesis, University Ulm, Germany.
Rinderle, S., Reichert, M., & Dadam, P. (2004). Correctness criteria for dynamic changes in workflow systems – A survey. Data and Knowledge Engineering, 50, 9–34.
Sackmann, S. (2011). Economics of controls. In Proceedings of the international workshop on information systems for social innovation 2011 (ISSI 2011) (pp. 230–236). Tachikawa, Tokio.
Sackmann, S., Hofmann, M., & Kühnel, S. (2013). Return on controls invest – Ein Ansatz zur wirtschaftlichen Spezifizierung von internen Kontrollsystemen. HMD – Praxis der Wirtschaftsinformatik, 289(2), 31–40.
Sadiq, S. W., Governatori, G., & Namiri, K. (2007). Modeling control objectives for business process compliance. In G. Alonso et al. (Eds.), International conference on business process management (LNCS, pp. 149–164). Berlin: Springer.
Schumm, D., Leymann, F., Ma, Z., Scheibler, T., & Strauch, S. (2010). Integrating compliance into business processes: Process fragments as reusable compliance controls. In Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI’10). Göttingen, Germany.
Smith, H., & Fingar, P. (2003). Business process management: The third wave. Tampa, FL: Meghan-Kiffer.
Weske, M. (2012). Business process management – Concepts, languages, architectures. Berlin: Springer.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Sackmann, S., Kittel, K. (2015). Flexible Workflows and Compliance: A Solvable Contradiction?!. In: vom Brocke, J., Schmiedel, T. (eds) BPM - Driving Innovation in a Digital World. Management for Professionals. Springer, Cham. https://doi.org/10.1007/978-3-319-14430-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-14430-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14429-0
Online ISBN: 978-3-319-14430-6
eBook Packages: Business and EconomicsBusiness and Management (R0)