Abstract
The ever-increasing obligations of regulatory compliance are presenting a new breed of challenges for organizations across several industry sectors. Aligning control objectives that stem from regulations and legislation with business objectives devised for improved business performance is a foremost challenge. The organizational as well as IT structures for the two classes of objectives are often distinct and potentially in conflict. In this chapter, we present an overarching methodology for aligning business and control objectives. The various phases of the methodology are then used as a basis for discussing state-of-the-art in compliance management. Contributions from research and academia as well as industry solutions are discussed. The chapter concludes with a discussion on the role of BPM as a driver for regulatory compliance and a presentation of open questions and challenges.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
“The AML/CTF Act is a principles-based piece of legislation. It sets out broad obligations which reporting entities and others affected by the legislation must meet, but leaves the methods of meeting those obligations to be decided by those on whom the obligations fall” (AUSTRAC 2006).
- 2.
“Internal control is broadly defined as a process effected by an entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations” (COSO 1994).
References
Agrawal R, Johnson C, Kiernan J, Leymann F (2006) Taming compliance with sarbanes-oxley internal controls using database technology. In: Proceedings of the 22nd International conference on data engineering, 2006. Atlanta, GA, USA, IEEE Computer Society
Alberti M, Chesani F, Gavanelli M, Lamma E, Mello P, Torroni P (2006) Compliance verification of agent interaction: a logic based tool. Appl Artif Int 20(2–4):133–157
ASX (2006) Australian securities exchange principles of good governance, recommendation 7.1, Nov. 2006. www.asx.gov.au (last accesses June 01, 2008)
AUSTRAC (2006) Australian transaction reports and analysis centre supervisory framework. www.austrac.gov.au/files/supervisory_framework.pdf. Accessed 01 Jun 2008)
BPM Forum (2006) CEE: the future. Building the compliance enabled enterprise. Report produced by global fluency in partnership with: AXS-One, chief executive magazine and IT compliance institute
Caldwell F, Eid T (2007) Magic quadrant for finance governance, risk and compliance management software, 2007. Gartner RAS Core Research Note G00145150, 1 Feb 2007, RS196 0906 2007
Caldwell F, Eid T (2008) Magic quadrant for enterprise governance, risk and compliance platforms. ID. G00158295. June 2008. Gartner Research
Carmo J, Jones AJ (2002) Deontic logic and contrary to duties. In: Gabbay D, Guenther F (eds.) Handbook of Philosophical Logic, 2nd edn., vol. 8, pp 265–343
COSO –The committee of sponsoring organizations of the treadway commission (1994) Internal control – integrated framework. May 1994
Desai N, Mallya AU, Chopra AK, Singh MP (2005) Interaction protocols as design abstractions for business processes. IEEE Trans Softw Eng 31(12):1015–1027
Desai N, Nanjangud NC, Singh MP (2008) Checking correctness of business contracts via commitments. In: Padgham L, Parkes DC, Müller J, Parsons S (eds) Proceedings of 7th International conference on autonomous agents and multiagent systems (AAMAS2008), Estoril, Portugal, 12–16 May 2008
Farrell ADH, Sergot MJ, Sallé M, Bartolini C (2005) Using the event-calculus for tracking the normative state in contracts. Int J Coop Infor Syst 14(2–3):99–129
Giblin C, Muller S, Pfitzmann B (2006) From regulatory policies to event monitoring rules: towards model driven compliance automation. IBM Research Report. Zurich Research Laboratory
Goedertier S, Vanthienen J (2006) Designing compliant business processes with obligations and permissions. In Eder J, Dustdar S et al. (eds) Proceedings of workshop on business process design, Springer, Vienna, Austria, pp 5–14, LNCS 4103
Governatori G (2005) Representing business contracts in RuleML. Int J Coop Infor Syst 14(2–3):181–216
Governatori G, Milosevic Z (2006) A formal analysis of a business contract language. Int J Coop Infor Syst 15(4):659–685
Governatori G, Rotolo A (2006) Logic of violations: a gentzen system for reasoning on contrary-to-duty obligations. Austral J Logic 4:193–215
Governatori G, Rotolo A, Sartor G (2005) Temporalised normative positions in defeasible logic. In: Gardner A (ed) Proceedings of the 10th International conference on artificial intelligence and law, ACM Press, pp 25–34
Governatori G, Milosevic Z, Sadiq S (2006) Compliance checking between business processes and business contracts. In: Proceedings of the 10th IEEE conference on enterprise distributed object computing, Hong Kong
Governatori G, Hoffmann J, Sadiq S, Weber, I (2008) Detecting regulatory compliance for business process models through semantic annotations. In: 4th International workshop on business process design (BPD'08). In conjunction with the 6th International Conference on Business Process Management, Milan, Italy. pp 1-4
Hagerty J, Hackbush J, Gaughan D, Jacobson S (2008) The governance, risk management, and compliance spending report, 2008–2009: Inside the $32B GRC Market. March 25, 2008. AMR Research, Boston USA
Kuster J, Ryndina K, Gall H (2007) Generation of business process models for object life cycle. In: Proceedings of the 5th International conference on business process management. Springer, Brisbane, Australia, pp 165–180
KPMG Advisory (2005) The compliance journey: balancing risk and controls with business improvement
Liu Y, Muller S, Xu K (2007) A static compliance checking framework for business process models. IBM Syst J 46:335–361
Lu R, Sadiq S, Governatori G (2008) Compliance aware business process design. Third International workshop on business process design (BPD'07). In: conjunction with the 5th International conference on business process management, 24–28 September 2007. Springer Berlin, LNCS Volume 4928/2008, pp 120–131
Neiger D, Churilov L, zur Mühlen M, Rosemann M (2006) Integrating risks in business process models with value focused process engineering. In: Proceedings of the 2006 European conference on information systems (ECIS 2006), Goteborg, Sweden, 12–14 June 2006
Padmanabhan V, Governatori G, Sadiq S, Colomb R, Rotolo A (2006) Process modeling: the deontic way. In Stumptner M, Hartmann S, Kiyoki Y (eds) Australia–Pacific conference on conceptual modeling, pp 75–84, CRPIT 53
Pesic M, van der Aalst WMP (2006) A declarative approach for flexible business processes. In: Eder J, Dustdar S (eds) Business process management workshops, workshop on dynamic process management (DPM 2006), volume 4103 of Lecture notes in computer science. Springer-Verlag, Berlin, pp 169–180
Sadiq S, Sadiq W, Orlowska M (2005) A framework for constraint specification and validation in flexible workflows. Inf Syst 30(5):349–378
Sadiq S, Governatori G, Naimiri K (2007) Modeling control objectives for business process compliance. In: Proceedings of the 5th International conference on business process management, Springer, Brisbane, Australia, pp 149–164
Sartor G (2005) Legal reasoning: a cognitive approach to the law. Springer, Berlin
van der Aalst WMP, van Dongen BF, Herbst J, Maruster L, Schimm G, Weijters AJMM (2003) Workflow mining: a survey of issues and approaches. Data Knowl Eng 47:237–267
van der Aalst WMP, Alves de Medeiros AK, Weijters AJMM (2006) Process equivalence: comparing two process models based on observed behavior. In: Proceedings of the 4th International conference on business process management, Vienna, Austria, 2007. Springer, pp 129–144
van Dongen BF, de Medeiros AKA, Verbeek HMW, Weijters AJMM, van der Aalst WMP (2005) The ProM Framework: a new era in process mining tool support. In: Proceedings of 26th International conference applications and theory of petri nets, Springer, Miami, USA, pp 444–454
zur Mühlen M, Rosemann M (2005) Integrating risks in business process models. In: Proceedings of 16th Australasian conference on information systems. Sydney, Australia
zur Mühlen M, Indulska M, Kamp G (2007) Business process and business rule modelling languages for compliance management: a representational analysis. In: 26th International Conference on Conceptual Modelling – ER2007 –Tutorials, Posters, Panels and Industrial Contributions, Auckland, New Zealand
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Sadiq, S., Governatori, G. (2010). Managing Regulatory Compliance in Business Processes. In: vom Brocke, J., Rosemann, M. (eds) Handbook on Business Process Management 2. International Handbooks on Information Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01982-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-01982-1_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01981-4
Online ISBN: 978-3-642-01982-1
eBook Packages: Business and EconomicsBusiness and Management (R0)