To answer these two research questions, we discuss related work and present a conceptual model for automating compliance checking in Section 2. In Section 3 we continue with the textual analysis of German food regulations. The regulations have been retrieved by querying the database of the Federal Ministry of Justice and Consumer Protection [ 2 ]. The title search for the keyword “food” led to 20 national regulations, which were analyzed to specify requirement, objective and risk for every single regulation. Control patterns that are extracted from regulations are classified with regard to the given process information. Concluding remarks and prospects on future work are given in Section 5. 2 2.1

Considerable work on patterns has been provided by Dwyer, Avrunin and Corbett (1999), who developed a pattern system for finite-state verification based on a large sample of over 500 examples of property specifications [ 1 ]. Extensive work on compliance automation has also been conducted by Sadiq, Governatori (2015) [ 9 ], Namiri (2007) [ 8 ] as well as Turetken et al. (2012) [ 13 ] by exploiting formal techniques (e.g. MTL/LTL and FCL) in alignment to the de facto standard COSO for managing internal controls. COSO has been settled by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to comply with significant regulations like SOX [ 12 ]. We decided to build our conceptual model upon the four control patterns Order, Occurrence, Resource and Time suggested by Turetken et al. (2012) [ 13 ] because of the existence of a framework for the key elements of business process compliance management (BPCM) and its alignment to an established control framework like COSO. The key elements of BPCM refer to the operational activities of compliance management (e.g. risk assessment and response) and corresponding entities of the compliance repository (e.g. risk). 2.2

In order to capture compliance controls in the food industry we adopted the BPCM framework of Turetken et al. (2012) [ 13 ]. The focus of the framework has been shifted from operational compliance management activities to the formalization of natural text language through control patterns. Control Patterns form a separate layer in the continuum of abstraction ranging from Regulations to machine-readable Process Execution Languages (see Fig. 1). Each layer contains several process elements represented by different operands (compare Section 3.2). Regulations are the source of compliance requirements used to define the requirement, objective and risk of a control. The smallest entity of a Regulation is a rule. In this layer relevant rules are adopted, control objectives are set and possible risks are assed. The next layer is assigned to the scope of Control Patterns. Within this layer the templates for process controls are defined and classified. In the bottom layer we specified a number of criteria for selecting a compatible Process Execution Language to pave the way for automated compliance controls.

Adoption of relevant rules

Regulations Requirement

Objective

Risk

Control Patterns Specification of process requirements

Order

As we conducted a facet classification on compliance checking approaches in previous work [ 3 ], we adopted one of its dimensions to assess the scope of regulations in the food industry. We chose the dimension Scope because we wanted to analyze the applicability of its elements in more detail. The dimension Scope is based on the compliance concerns identified by COMPAS, a study on Compliance-driven Models, Languages and Architectures for Services (COMPAS), which has been conducted by Tilburg University (2008) [ 12 ]. The study introduces two categories of compliance 1 In alignment to Turetken et al. (2012). concerns that have been aligned from business process modeling. The first category comprises the basic compliance concerns control flow, locative, information, resource and time. The second category describes more advanced compliance concerns (e.g. monitoring, privacy and quality aspects). 3 3.1

Regulations for the German food industry have been discovered by searching the database of the Federal Ministry of Justice and Consumer Protection, which claims to offer nearly the entire body of federal law [ 2 ]. A title search for the German equivalent for “food” returned 20 hits of national regulations, which were further analyzed to gain information on the requirement, objective and risk of each regulation. The analysis of subsequent paragraphs and sections of each regulation led us to a total of 108 single requirements with process characteristics. The requirements are used to extract important process information for specifying control patterns. While a requirement can be seen as an early stage of a control pattern, the objective is necessary to express the importance of each control and the risk to access the negative consequence of non-compliance. Table 1 shows an excerpt of the complete listing which is addressing the scope of compliance regulations (compare RQ1). The advantage of the chosen examples is that they cover nearly all facets of the dimension Scope, which is used in Section 3.2 to demonstrate the transformation from compliance requirements to control patterns. The retrieved types of regulations vary from the definition of: • quality controls, • hygiene and purity requirements, • requirements regarding the processing of goods, • preventing the spread of animal diseases, • requirements regarding transport and storage, • disclosure agreements to • tax and export regulations.

Conduct quality controls if infectious animal diseases are reported.

Export goods within a certain time limit or store goods in an approved or registered national storage.

Spread of infectious animal diseases.

Violation of tax and import regulations. 01 02

LMÜV § 5, Sec. 1 LMEV § 9, Sec. 2 (1) Fulfil occasionally imposed obligations to combat animal diseases. (2) Take precaution if infectious animal diseases occur.

Export goods within 30 days to a third country or store goods within 60 days in an approved or registered national storage unit.

LME Appendix 4, Chapter I, No. 3 TLMV § 2 ATP § 5 LMHV § 20

Depending on the statutory sample size, a sensory testing and a legal assessment have to be conducted after opening the packaging.

During deep freezing, goods have to be separated from specified inadmissible substances.

Containers classified as thermal maritime by land without transloading the goods does not require an export permit.

Transport and store chicken eggs 18 days after laying date at a temperature between 5 °C and 8 °C.

Conduct quality control to check goods after opening the packaging.

Prevent contact to forbidden substances.

Transport goods without permit if containers are classified as thermal maritime by land.

Transport special goods within a certain time limit at a given temperature range.

Processing, trade and consumption of spoiled or contaminated goods.

Processing, trade and consumption of spoiled or contaminated goods.

Violation of disclosure agreements.

Processing, trade and consumption of spoiled or contaminated goods. • processing, trade and consumption of spoiled or contaminated goods, • spread of infectious animal diseases, • violation of disclosure agreements and • violation of tax and import regulations.

Subsequent risks are negative consequences like disposal costs, sanctions and financial penalties or even health hazards. However, these consequences depend on the risks above so they have not been considered as single risk types. Given these explicit information on requirement, objective and risk the next Section is dedicated to the control pattern layer that serves as intermediary to automate compliance controls with process execution languages (compare Section 2.2). 3.2

The formalization of legal text implies to find a reasonable abstraction level. This raises the question to what extent regulations can be formalized by simple constructs like control patterns (compare RQ2). Table 2 provides an overview on frequent control patterns in the food industry. Due to space limitations, only those patterns have been listed that have been applied to formalize compliance regulations. The frequency (FRQ) indicates how often a pattern has been used and to which category it belongs. The listing contains 21 unique control patterns that can be combined to express even more complex compliance requirements using operands and Boolean delimiters (see Table 3). Patterns can be defined using simple verb constructs and prepositions (e.g. Oi CompliesWith Qi). Operands are either used to specify general process elements (e.g. object Oi) or specific compliance concerns (e.g. quality control Qi), which were introduced in Section 2.2. A complete description of operands is given in Table 2.

c Aj Precedes Ai i s a B Ai LeadsTo Aj

Oi Exclusive Oj c i s aB Oi Exists

ProcessedWith pi

StoredIn li c isa MovedFrom li MovedTo lj B (Oi , …; m) MultiProcessedWith pi (Oi , …; m) MultiStoredIn li

Oi CompliesWith Qi ced Oi CompliesWith Di n a v d A

Ai CompliesWith Pi Ai CompliesWith Qi

Given A, O, l, p, k and t as operands representing process elements: A = activity, O = object, l = location, p = production facility, k = time, t = temperature and FRQ

Q, D and P as operands representing compliance concerns: Q = quality, D = disclosure and P = security precautions, with i, j = 1, 2, 3, …n, i ≠ j and constant m. 1 1 6 3 5 4 4 3 1 24 10 3 2

Ai must be preceded by Aj.

Ai must be followed by Aj.

If Oi is present then Oj must be absent and vice versa.

Oi must exist in the process specification.

Used with order and occurrence patterns to denote a given Oi is processed with production facility pi.

Used with order and occurrence patterns to denote a given Oi is stored in storage unit li.

Used with order and occurrence to denote a given Oi is moved from storage unit li to another storage unit lj.

A set of objects (Oi , …) has to be processed with a certain number of m different production facilities pi.

A set of objects (Oi , …) has to be stored in a certain number of m different storage units li.

Object Oi complies with quality standards, hygiene and purity requirements by passing regular quality controls as well as extraordinary quality controls Qi. Subject of these controls are e.g. temperature, weight, date of expiry, ingredients, texture and consistence.

Object Oi complies with disclosure requirements Di. Subject of these requirements are the consumer protection, tax and import regulations e.g. by correct and complete product declaration, complying with quality and security standards, transparent production processes and a traceable supply chain.

Activity Ai has to be performed with special security precautions Pi in order to protect users from e.g. infectious animal diseases.

Activity Ai complies with quality standards, hygiene and purity requirements by applying regular quality controls as well as extraordinary quality controls Qi (e.g. to prevent the spread of animal diseases).

Used with order pattern to denote a given Ai to happen within k time units.

Used with order patterns to denote a given Ai to happen before k time units.

Ai must hold at most/minimum k time units once it happens Ai must happen in every k time unit.

Used with time patterns to denote a given Oi is tempered within temperature t (with i > j).

Used with time patterns to denote a given Oi is tempered below temperature t.

Used with time patterns to denote a given Oi is tempered exactly at temperature t.

Object Oi has to be tempered at most/minimum at temperature t.

To formalize the requirements given in Table 2, we distinguish a number of typical keywords for each pattern. For example, a control is often aligned to the assurance of quality standards, so that the word “control” is tied to an Information pattern. Resource patterns (Res.) are usually described by expressions that indicate how goods should be handled, which is indicated by word orders like “prevent contact”. Location patterns are clearly addressed if something is about to be “processed”, “moved” or “stored”. Depending on the context, keywords like “within” or “below” can also indicate if a pattern depends on Time and/or Temperature pattern. The most important indicators to classify control patterns with regard to our conceptual model for automating checking are: • temporal order (e.g. precedes or leads), • occurrence (e.g. exists, absent or universal), • human resource (e.g. to segregate or merge activities), • location in conjunction with the process status (e.g. processed, moved or stored), • time limitation (e.g. interval, minimum or maximum) and • temperature setting (e.g. within, below, above or exactly at).

Instead of the control flow proposed by COMPAS [ 12 ] we used the three patterns Time, Order and Occurrence recommended by Turetken et al. (2012) [ 13 ] and expanded the focus of the Resource pattern from the segregation of duties to the segregation of input goods. Besides, we added an information, location and temperature pattern. The Information pattern indicates which legal source, control objective and risk is addressed or whether the requirements of a quality control, security precaution or disclosure agreement is met. This ensures transparency and provides valuable con2

According to Turetken et al. (2012). Newly added control patterns are indicated by a grey filled table row. text information about the impact of different food regulations. The Location pattern considers how goods should be stored, moved or where they are processed with regard to time and temperature constraints. The Temperature pattern is necessary to capture compliance regulations regarding the storage and transport of perishable food. The final set of control patterns consists of seven categories: Order, Occurrence, Resource, Location, Information, Time and Temperature. Table 3 concludes with the formalization of compliance regulations that started with Table 1. It shows simple patterns as well as more complex patterns to demonstrate the applicability of the most frequent compliance patterns in the food industry.

Control Patterns 01 02 03 04 05 06

Oi CompliesWith Qi AND Ai CompliesWith Pi AND Oi ProcessedWith pi (Oi MovedFrom li MovedTo lj Within k) OR (Oi StoredIn li Within k) Ai LeadsTo Aj AND Oi CompliesWith Qi In this contribution we applied a pattern-based approach for specifying compliance controls in the food industry. Based on a sample of 20 legal text documents, provided by the German Federal Ministry of Justice and Consumer Protection law database, we derived 108 legal statements with process character. These were used to analyze the content of every regulation concerning requirement, objective and risk. To access the scope of food regulations we adopted a business process compliance framework and expanded it by refining the Scope of control patterns by Resource, Location, Information and Temperature patterns. Determining the frequency of compliance patterns we were able to present a list of relevant control patterns in the food industry. The use of control patterns has been illustrated by a choice of regulations which address the previously defined facets of the Scope dimension. This led to a deeper understanding of the involved process elements and compliance concerns, which will help to evaluate the benefits and boundaries of current process execution languages used for compliance checking. Future work will be guided by the research question, how control patterns can be used to automate compliance controls. Remaining challenges, regarding the syntax of control patterns, deal with the accuracy versus complexity of applied control patterns and a standardized use of patterns and connectors that enable the implementation of compliance patterns by common process execution languages. To improve the approach further, we will evaluate the usability for the average user with basic IT knowledge and the process modeler with high IT affinity as well.