On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management

Silveira, Patrícia Souza da; Rodríguez, Carlos; Casati, Fabio; Daniel, Florian; D’Andrea, Vincenzo; Worledge, Claire; Taheri, Zouhair

doi:10.1007/978-3-642-16132-2_20

Cited by 20 publications

(18 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our aim was to devise a solution having in mind the real needs of auditors (internal and external ones) and-more importantly-with the help of people who are involved every day in the auditing of companies (the dashboard [32] and solutions proposed in this paper have extensively been discussed with partners from Deloitte). While this paper specifically targets a company's internal compliance expert and process modeler, also the external auditor can benefit from the proposed system, for example, by using the compliance reporting dashboard as a starting point for his analysis.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

Rodríguez

Schleicher

Daniel

et al. 2013

SOCA

Self Cite

View full text Add to dashboard Cite

Facilitating compliance management, that is, assisting a company's management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors-all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company's compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholderscompliance experts and auditors-actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

show abstract

Section: Resultsmentioning

confidence: 99%

“…For instance, works like [4,11,22,29,32] and [23] focus on warehousing process execution data, so as to make these data available in a suitable schema for reporting and OLAP purposes. We face similar reporting issues in our dashboard, yet our aim is to analyze compliance of business processes not performance.…”

Section: Reporting On Business Process Performancementioning

confidence: 99%

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

Rodríguez

Schleicher

Daniel

et al. 2013

SOCA

Self Cite

View full text Add to dashboard Cite

show abstract

“…Once compliance has been checked, a mechanism to show the results is necessary. The use of a Compliance Governance Dashboard (CGD) that lets the user choose among several levels of abstraction, so all the information required to perform both internal and external audits can be drilled down, would be very useful [7]. -Root-cause analysis.…”

Section: Discussionmentioning

confidence: 99%

“…We rely on the descriptions provided by Weske to briefly define each phase of the business process lifecyle and foresee the aspects it would require to be compliance-aware. There are so-called compliance lifecycles in literature, such as the one in [3,7]. This lifecycle differs from our proposal in that it is directly focused on compliance, while we focus on business process management.…”

Section: Compliance-aware Business Process Lifecyclementioning

confidence: 99%

Exploring Features of a Full-Coverage Integrated Solution for Business Process Compliance

Cabanillas

Resinas

Ruiz–Cortés

2011

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

View full text Add to dashboard Cite

Abstract. The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided.

show abstract

“…In dynamic compliance checking, BP execution evidences are used to check for compliance. Works by Rodríguez et al [43] and Silveira et al [44] propose the use of the so-called Key Compliance Indicators (KCIs) to measure the compliance level of service-based BPs from process execution data, e.g., to measure the fulfilment of Service-Level Agreements (SLAs). In a similar approach, Casati et al [45] and Sayal et al [46] propose to warehouse process execution data to enable the monitoring, analysis and reporting on the performance of BPs, e.g., to check the duration of process execution instances when they are constrained in time.…”

Section: Related Workmentioning

confidence: 99%

Analysis and improvement of business process models using spreadsheets

Saldivar

Vairetti

Rodríguez

et al. 2016

Information Systems

Self Cite

View full text Add to dashboard Cite

a b s t r a c tSoftware in general is thoroughly analyzed before it is released to its users. Business processes often are not -at least not as thoroughly as it could be -before they are released to their users, e.g., employees or software agents. This paper ascribes this practice to the lack of suitable instruments for business process analysts, who design the processes, and aims to provide them with the necessary instruments to allow them to also analyze their processes. We use the spreadsheet paradigm to represent business process analysis tasks, such as writing metrics and assertions, running performance analysis and verification tasks, and reporting on the outcomes, and implement a spreadsheet-based tool for business process analysis. The results of two independent user studies demonstrate the viability of the approach.

show abstract

On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management

Cited by 20 publications

References 10 publications

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

Exploring Features of a Full-Coverage Integrated Solution for Business Process Compliance

Analysis and improvement of business process models using spreadsheets

Contact Info

Product

Resources

About