Business Process Compliance through Reusable Units of Compliant Processes

Schumm, David; Türetken, Oktay; Kokash, Natallia; Elgammal, Amal; Leymann, Frank; Heuvel, Willem‐Jan van den

doi:10.1007/978-3-642-16985-4_29

Cited by 49 publications

(37 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sadiq et al [24] use the concepts control objective, internal control, risk, process control flow, process task, and property to ontologically align the compliance domain with process modeling. Schumm et al [25] and Turetken et al [26] present a conceptual model that focuses on compliance requirements. A compliance requirement stems from a compliance source, is associated to a compliance risk and can be assessed by a compliance request.…”

Section: Related Research and Empirical Resultsmentioning

confidence: 99%

Modeling Concepts for Internal Controls in Business Processes – An Empirically Grounded Extension of BPMN

Schultz

Radloff

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.With the increasing number and complexity of legal obligations, ensuring business process compliance presents a major challenge for today's organizations. In this regard, implementing a set of control means and regularly auditing their effectiveness are suitable measures to ensure a compliant design and enactment of a business process. However, common business process modeling languages (PML) do not provide appropriate concepts to comprehensively model such control means. Not surprisingly, common PMLs are not widely used in the audit domain. To address this gap, this paper presents an extension of a PML with modeling concepts for process-integrated control means. As it is based on previous empirical research with auditors, the extension especially considers their requirements. The results of a laboratory experiment with 78 participants demonstrate that the extension supports auditors to gain a more comprehensive understanding of internal controls in a process model compared to current audit practice.

show abstract

Section: Related Research and Empirical Resultsmentioning

confidence: 99%

Modeling Concepts for Internal Controls in Business Processes – An Empirically Grounded Extension of BPMN

Schultz

Radloff

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The interrelation of reusable process artifacts implementing compliance requirements on one side, and the compliance patterns approach by Turetken et al has been explored in [14].…”

Section: Research Foundationsmentioning

confidence: 99%

An approach to combine data-related and control-flow-related compliance rules

Schleicher

Grohe²,

Leymann

et al. 2011

2011 IEEE International Conference on Service-Oriented Computing and Applications (SOCA)

Self Cite

View full text Add to dashboard Cite

Compliance of IT-enabled business processes is a research area gaining more and more attraction for enterprises today. Many enterprises are on the gap of installing workflow systems within their premises. During this process they need to make sure that several regulations, coming from governments or enterprise-internal institutions, are obeyed. We argue that the compliance regulations, enterprises are faced with today, can be built using a number of atomic compliance rules. Until now only control-flow-related atomic compliance rules have been identified in literature. In this paper we extend this list with several data-related atomic compliance rules. We further show how control-flow-related compliance rules and data-related compliance rules can be combined. A fundamental finding that we made in our work with industrial use case partners from EU projects, as well as projects with customers, is that for the specification of control-flow-related compliance rules data issu es must also be considered. The main contribution of this paper is a collection of combined compliance rules implementing complex compliance requirements which consist of atomic control-flow related and data-related compliance rules

show abstract

“…More elaborative approaches can additionally handle business objects Elgammal et al 2010;Kokash and Arbab 2009;Schumm et al 2010) (№ 12). The approach of Accorsi et al (2011) (№ 13) focuses on data security annotations, while the PENELOPE approach (Goedertier and Vanthienen 2006) (№ 16) supports the definition and check of activity operators.…”

Section: Modeling Language Supportmentioning

confidence: 99%

Business process compliance checking – applying and evaluating a generic pattern matching approach for conceptual models in the financial sector

et al. 2014

View full text Add to dashboard Cite

Given the strong increase in regulatory requirements for business processes the management of business process compliance becomes a more and more regarded field in IS research. Several methods have been developed to support compliance checking of conceptual models. However, their focus on distinct modeling languages and mostly linear (i.e., predecessor-successor related) compliance rules may hinder widespread adoption and application in practice. Furthermore, hardly any of them has been evaluated in a real-world setting. We address this issue by applying a generic pattern matching approach for conceptual models to business process compliance checking in the financial sector. It consists of a model query language, a search algorithm and a corresponding modelling tool prototype. It is (1) applicable for all graph-based conceptual modeling languages and (2) for different kinds of compliance rules. Furthermore, based on an applicability check, we (3) evaluate the approach in a financial industry project setting against its relevance for decision support of audit and compliance management tasks.

show abstract

Business Process Compliance through Reusable Units of Compliant Processes

Cited by 49 publications

References 15 publications

Modeling Concepts for Internal Controls in Business Processes – An Empirically Grounded Extension of BPMN

Modeling Concepts for Internal Controls in Business Processes – An Empirically Grounded Extension of BPMN

An approach to combine data-related and control-flow-related compliance rules

Business process compliance checking – applying and evaluating a generic pattern matching approach for conceptual models in the financial sector

Contact Info

Product

Resources

About