• Corpus ID: 9097945

A methodological framework for aligning business processes and regulatory compliance

  title={A methodological framework for aligning business processes and regulatory compliance},
  author={Shazia Wasim Sadiq and Guido Governatori},
The ever increasing obligations of regulatory compliance are presenting a new breed of challenges for organizations across several industry sectors. Aligning control objectives that stem from regulations and legislation, with business objectives devised for improved business performance, is a foremost challenge. The organizational as well as IT structures for the two classes of objectives are often distinct and potentially in conflict. In this chapter, we present an overarching methodology for… 

Figures from this paper

Towards an Empirically Grounded Conceptual Model for Business Process Compliance

An empirically grounded conceptual model for compliance in the context of business processes is constructed and takes into account the wide range of control means that are applied in organizations to assure compliance.

Control Patterns - Bridging The Gap Between Is Controls And BPM

The presented concept enables linking process models with internal control systems and provides a common language for all parties involved to bridge the gap between regulatory compliance and business process management.

Separating Compliance Management and Business Process Management

A life cycle for the management of compliance rules is introduced and a separate compliance engine is used to define and check compliance rules independent from the existing IS within an organization.

A Roadmap for Research in Business Process Compliance

A snapshot recommendation for the two aspects of research in compliance and risk management, namely a compliance by design methodology that has a fundamentally preventative focus, and an industry driven research agenda that is derived through expert opinion and practitioner feedback are presented.

Assessing the Impact of Business Process Redesign Decisions on Internal Control within Banks: A Methodology

Banks are struggling to successfully implement control requirements into their processes and information systems, while laws and regulations are getting more and more elaborate and require banks to

Requirements for Business Process Legal Compliance Monitoring

This paper focuses on modeling and data collection requirements when thinking of business process legal compliance monitoring and tries to look at this issue from global point of view so that it can provide requirements that reflect the whole complexity of this topic.

Designing a Process Guidance System to Support User's Business Process Compliance

This work follows a design science approach and suggests a process guidance system supporting users’ business process compliance and derives meta-requirements and design principles of such systems and is evaluated by two expert workshops discussing the proposed solution.

Model-Based Compliance in Information Systems - Foundations, Case Description and Data Set of the MobIS-Challenge for Students and Doctoral Candidates

Information systems (IS) can significantly support the organization of business processes. However, the proceeding digitalization of processes can also lead to an increasing organizational complexity

Business Process Data Compliance

This work proposes a methodology to automatically extract annotations related to the data schema and templates linked to the various tasks in a business process with semantic annotations.



Compliance Aware Business Process Design

This paper presents a support method which allows the process designer to quantitatively measure the compliance degree of a given process model against a set of control objectives, which will allow process designers to comparatively assess the Compliance degree of their design as well as be better informed on the cost of non-compliance.

Modeling Control Objectives for Business Process Compliance

This paper tackles a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models, through a specialized modal logic based on normative systems theory.

Integrating Risks in Business Process Models

In the context of process management, risk has been considered mainly from a project management perspective. But risk is an inherent property of every business process and techniques are needed to

Compliance checking between business processes and business contracts

This paper provides a solution to the lack of mechanisms to check whether business processes are compliant with business contracts, namely logic based formalism for describing both the semantics of contract and the semanticsof compliance checking procedures.

Integrating risks in business process models with value focused process engineering

A framework that extends the capabilities of existing enterprise systems and enables risk-oriented process management which incorporates a multi-disciplinary view of risk is developed and illustrated in the context of a critical administrative process in a university.

From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation

It is shown how subsets of the regulations, industry guidances or best practices expressed in terms of the metamodel can be (semi-)automatically transformed into event monitoring rules with the help of temporal rule patterns.

A Declarative Approach for Flexible Business Processes Management

This work proposes a fundamental paradigm shift for flexible process management and proposes the ConDec language for modelling and enacting dynamic business processes, based on temporal logic rather than some imperative process modelling language.

Magic Quadrant for Enterprise Governance , Risk and Compliance Platforms

Governance, risk and compliance (GRC) as a marketplace can be broadly divided between GRC management (GRCM) products for the oversight and operation of risk management and compliance programs, and

Designing Compliant Business Processes with Obligations and Permissions

PENELOPE is introduced, a language to express temporal rules about the obligations and permissions in a business interaction, and an algorithm to generate compliant sequence-flow-based process models that can be used in business process design.

A Formal Analysis of a Business Contract Language

The paper shows how this formalism for the representation of contrary-to-duty obligations can be mapped onto the key policy concepts of a contract specification language, called Business Contract Language (BCL), previously developed to express contract conditions for run time contract monitoring.