Formalization of Risks and Control Activities in Business Process
It has been an important issue in society to evaluate effectiveness of control activities in business processes in order to ensure that control activities are dealing with risks as expected.
In this paper, we propose a method to model business processes with risks and control activities formally in order to verify effectiveness of control activities precisely. Formal descriptions gives us deeper understanding of risks and control activities, and by formal verification, we can evaluate control activities in a precise way. Our approach to formal modeling of business processes with risks and control activities is modeling business processes by focusing on activities related to documents which are handled during business activities.
The main contribution of this work is to show how we can solve problems in risk managements of business domain by application of a technology in Computer Science and Information Engineering.
KeywordsControl Activity Business Process Formal Description Reachable State Model Business Process
Unable to display preview. Download preview PDF.
- 1.Pub. L. 107-204. 116 Stat. 754, Sarbanes Oxley Act (2002)Google Scholar
- 2.The Committee of Sponsoring Organizations of the Treadway Commision (COSO), Internal Control - Integrated Framework, http://www.snai.edu/cn/service/library/book/0-Framework-final.pdf
- 3.Financial Service Agency, Financial Instruments and Exchange Law, http://law.e-gov.go.jp/htmldata/S23/S23HO025.html
- 4.van der Aalst, W.M.P.: Three Good Reasons for Using a Petri-net-based Workflow Management System. In: Navathe, S., Wakayama, T. (eds.) Proceedings of the International Working Conference on Information and Process Integration in Enterprises (IPIC 1996), Cambridge, Massachusetts (November 1996)Google Scholar
- 5.Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: Introduction. In: Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.) All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350, pp. 1–28. Springer, Heidelberg (2007)Google Scholar
- 6.Diaconescu, R., Futatsugi, K.: AMAST Series in Computing, vol. 6. Cafe OBJ Report, World Acientific (1998)Google Scholar
- 7.Governatori, G., Milosevic, Z., Sadiq, S.: Compliance Checking between Business Processes and Business Contracts. In: Proceedings of the 10th IEEE International Enterprise Destributed Object Computing Conference. IEEE (2006)Google Scholar
- 8.Iida, S., Denker, G., Talcott, C.: Document Logic: Risk Analysis of Business Processes Through Document Authenticity. In: Proceedings of 2nd International Workshop on Dynamic and Declarative Business Processes. IEEE (2009)Google Scholar
- 9.Namiri, K., Stojanovic, N.: Pattern-based Design and Validation of Business Process Compliance. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part I. LNCS, vol. 4803, pp. 59–76. Springer, Heidelberg (2007)Google Scholar
- 10.Futatsugi, K., Babu, C. S., Ogata, K.: Verifying Design with Proof Scores. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 277–290. Springer, Heidelberg (2008)Google Scholar
- 11.Sasano, M.: Naibutousei no Nyuumon to Jissen (Introduction and Practice of Internal Control), 2nd edn., Chuuou Keizaisha (2007)Google Scholar