Modeling Control Objectives for Business Process Compliance
Business process design is primarily driven by process improvement objectives. However, the role of control objectives stemming from regulations and standards is becoming increasingly important for businesses in light of recent events that led to some of the largest scandals in corporate history. As organizations strive to meet compliance agendas, there is an evident need to provide systematic approaches that assist in the understanding of the interplay between (often conflicting) business and control objectives during business process design. In this paper, our objective is twofold. We will firstly present a research agenda in the space of business process compliance, identifying major technical and organizational challenges. We then tackle a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models. Control objective modeling is proposed through a specialized modal logic based on normative systems theory, and the visualization of control objectives on business process models is achieved procedurally. The proposed approach is demonstrated in the context of a purchase-to-pay scenario.
KeywordsCompliance Risk Internal Controls Business Process Design
Unable to display preview. Download preview PDF.
- 4.BPM Forum CEE: The Future. Building the Compliance Enabled Enterprise. Report produced by GlobalFluency in partnership with: AXS-One, Chief Executive Magazine and IT Compliance Institute (2006)Google Scholar
- 5.Carmo, J., Jones, A.J.I.: Deontic Logic and Contrary-to-Duties. In: Handbook of Philosophical Logic, 2nd edn., vol. 8, pp. 265–344. Kluwer, Dordrecht (2002)Google Scholar
- 6.COSO - The Committee of Sponsoring Organizations of the Treadway Commission Internal Control – Integrated Framework (May 1994)Google Scholar
- 8.Dignum, V., Vázquez-Salceda, J., Dignum, F.: OMNI: Introducing Social Structure, Norms and Ontologies into Agent Organizations. In: Bordini, R.H., Dastani, M., Dix, J., Seghrouchni, A.E.F. (eds.) Programming Multi-Agent Systems. LNCS (LNAI), vol. 3346, pp. 181–198. Springer, Heidelberg (2005)Google Scholar
- 10.Giblin, C., Muller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: Towards model driven compliance automation. IBM Research Report. Zurich Research Laboratory (October 2006)Google Scholar
- 12.Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: Proceedings of the 10th IEEE Conference on Enterprise Distributed Object Computing, Hong Kong, October 16-20, 2006, pp. 16–20. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
- 17.Hagerty, J.: SOX Spending for 2006. AMR Research, Boston USA. (November 29, 2007)Google Scholar
- 19.Sartor, G.: Legal Reasoning: A Cognitive Approach to the Law. Springer, Heidelberg (2005)Google Scholar
- 21.Padmanabhan, V., Governatori, G., Sadiq, S., Colomb, R., Rotolo, A.: Process Modeling: The Deontic Way. In: Stumptner, M., Hartmann, S., Kiyoki, Y. (eds.) Australia-Pacific Conference on Conceptual Modeling 2006, CRPIT, vol. 53, pp. 75–84 (2006)Google Scholar
- 22.zur Muehlen, M., Rosemann, M.: Integrating Risks in Business Process Models. In: 16th Australasian Conference on Information Systems. November 29 – December 2, Sydney, Australia (2005)Google Scholar