Skip to main content

Flexible Workflows and Compliance: A Solvable Contradiction?!

  • Chapter
  • First Online:
BPM - Driving Innovation in a Digital World

Part of the book series: Management for Professionals ((MANAGPROF))

Abstract

Managing workflows is increasingly becoming flexible on both the conceptual and technical level. Reacting directly to new context situations and adapting workflows to changing requests both rapidly and flexibly are seen as key characteristic for future agile companies. Providing flexibility in process execution for single workflow instances is also a promising basis for expanding the scope of Business Process Management to other application fields and for integrating so-called dark processes into the system. However, workflows are not only subject to “pure” business needs but also increasingly to compliance requirements. To validate that a workflow is compliant with relevant laws and regulations, in principal, each change of a workflow has also to be checked according to its consequences for compliance. Not surprisingly, validating compliance is currently a well-known challenge for many companies, specifically their IT governance, and is, usually, a time-consuming manual task dealing with the challenge of fast adaptations and changes. Management has to balance the trade-off between flexible but (possibly) non-compliant workflows and compliant but (mostly) inflexible workflows. Addressing this trade-off, we present a novel approach called FlexCom and its prototypical implementation in this contribution. It aims at solving the trade-off by allowing a person in charge to change a workflow, even during execution, according to business needs, and by automatically integrating required control processes for achieving the correspondent compliance requirements. It is demonstrated that with such “sticky” controls at hand, the balance between flexibility of processes and compliance can be managed in a novel and promising way.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  • van der Aalst, W. M. P., & van Hee, K. M. (2004). Workflow management: Models, methods, and systems. Cambridge, MA: The MIT.

    Google Scholar 

  • van der Aalst, W. M. P., Weske, M., & Grünbauer, D. (2005). Case handling: A new paradigm for business process support. Data Knowledge Engineering, 53, 129–162.

    Article  Google Scholar 

  • Betke, H., Kittel, K., & Sackmann, S. (2013). Modeling controls for compliance – An analysis of business process modeling languages. In Proceedings of the 27th IEEE international conference on advanced information networking and applications workshops (WAINA-2013) (pp. 866–871). Barcelona, Spain.

    Google Scholar 

  • Cabanillas, C., Resinas, M., & Ruiz-Cortes, A. (2011). Exploring features of a full-coverage integrated solution for business process compliance. In C. Salinesi & O. Pastor (Eds.), CAiSE 2011 workshops (GRCIS’11) (LNBIP, Vol. 83, pp. 218–227). Berlin: Springer.

    Google Scholar 

  • Cannon, J., & Byers, M. (2006). Compliance deconstructed. ACM Queue, 4, 30–37.

    Article  Google Scholar 

  • Compas. (2008). State-of-the-art in the field of compliance languages. Tilburg University. Retrieved from http://ec.europa.eu/information_society/apps/projects/logos/5/215175/080/deliverables/D2.1_State-of-the-art-for-compliance-languages.pdf

  • Dadam, P., Reichert, M., Rinderle-Ma, S., Lanz, A., Pryss, R., Predeschly, M., et al. (2009). From ADEPT to AristaFlow BPM suite: A research vision has become reality. In Proceedings of the 1st international workshop on empirical research in business process management (ER-BPM’09) (pp. 529–531).

    Google Scholar 

  • Goedertier, S., & Vanthienen, J. (2006). Designing compliant business processes with obligations and permissions. Business Process Management Workshops, 4103, 5–14.

    Article  Google Scholar 

  • Kittel, K. (2013). Agilität von Geschäftsprozessen trotz Compliance. In R. Alt & B. Franczyk (Eds.), Tagungsband der 11. Internationale Tagung Wirtschaftsinformatik (pp. 967–981).

    Google Scholar 

  • Kittel, K., & Sackmann, S. (2011). Gaining flexibility and compliance in rescue processes with BPM. In Proceedings of the ARES conference – Workshop on “Resilience and IT-Risk in Social Infrastructures” (RISI 2011). Vienna, Austria.

    Google Scholar 

  • Kittel, K., & Sackmann, S. (2012). Flexible controls for compliance in catastrophe management processes. In Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI’12) (pp. 1675–1687). Berlin: GITO.

    Google Scholar 

  • Kittel, K., Sackmann, S., Betke, H., & Hofmann, M. (2013a). Achieving flexible and compliant processes in disaster management. In Proceedings of the HICSS 2013 (pp. 4687–4696).

    Google Scholar 

  • Kittel, K., Sackmann, S., & Göser, K. (2013b). Flexibility and compliance in workflow systems – The KitCom prototype. In Proceedings of the 25th international conference on advanced information systems engineering (CAISE’13) (pp. 154–160). Valencia, Spain.

    Google Scholar 

  • Krafzig, D., Banke, K., & Slama, D. (2005). Enterprise SOA: Service-oriented architecture best practices. Upper Saddle River, NJ: Prentice Hall.

    Google Scholar 

  • Ly, L., Rinderle-Ma, S., Knuplesch, D., & Dadam, P. (2011). Monitoring business process compliance using compliance rule graphs. In On the move to meaningful internet systems: OTM 2011 (pp. 82–99). Berlin: Springer.

    Google Scholar 

  • Pitthan, D. K. J., & Philipp, D. W. I. M. (1997). Einsatz von Petri-Netzen für die Aufnahme, Dokumentation und Analyse Interner Kontrollsysteme im Rahmen der Jahresabschlußprüfung. In W. Stucky & U. Winand (Eds.), Petri-Netze zur Modellierung verteilter DV-Systeme (pp. 87–104). Karlsruhe: University of Karlsruhe.

    Google Scholar 

  • Reichert, M., Rinderle, S., Kreher, U., & Dadam, P. (2005). Adaptive process management with ADEPT2. In Proceedings of the 21st ICDE (pp. 1113–1114).

    Google Scholar 

  • Rinderle, S. (2004). Schema evolution in process management systems. Ph.D. thesis, University Ulm, Germany.

    Google Scholar 

  • Rinderle, S., Reichert, M., & Dadam, P. (2004). Correctness criteria for dynamic changes in workflow systems – A survey. Data and Knowledge Engineering, 50, 9–34.

    Article  Google Scholar 

  • Sackmann, S. (2011). Economics of controls. In Proceedings of the international workshop on information systems for social innovation 2011 (ISSI 2011) (pp. 230–236). Tachikawa, Tokio.

    Google Scholar 

  • Sackmann, S., Hofmann, M., & Kühnel, S. (2013). Return on controls invest – Ein Ansatz zur wirtschaftlichen Spezifizierung von internen Kontrollsystemen. HMD – Praxis der Wirtschaftsinformatik, 289(2), 31–40.

    Article  Google Scholar 

  • Sadiq, S. W., Governatori, G., & Namiri, K. (2007). Modeling control objectives for business process compliance. In G. Alonso et al. (Eds.), International conference on business process management (LNCS, pp. 149–164). Berlin: Springer.

    Google Scholar 

  • Schumm, D., Leymann, F., Ma, Z., Scheibler, T., & Strauch, S. (2010). Integrating compliance into business processes: Process fragments as reusable compliance controls. In Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI’10). Göttingen, Germany.

    Google Scholar 

  • Smith, H., & Fingar, P. (2003). Business process management: The third wave. Tampa, FL: Meghan-Kiffer.

    Google Scholar 

  • Weske, M. (2012). Business process management – Concepts, languages, architectures. Berlin: Springer.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stefan Sackmann .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Sackmann, S., Kittel, K. (2015). Flexible Workflows and Compliance: A Solvable Contradiction?!. In: vom Brocke, J., Schmiedel, T. (eds) BPM - Driving Innovation in a Digital World. Management for Professionals. Springer, Cham. https://doi.org/10.1007/978-3-319-14430-6_16

Download citation

Publish with us

Policies and ethics