Compliance checking of business processes executed by auditors requires to analyze documents e.g. log files, business process models depending on requirements derived from reference guidelines. This paper presents a forward compliance checking application for facilitating conformant behavior by detecting organizational operations and their deviations based on these documents in a semantic way. This application has been tested on the Internalization process in the respect of Erasmus mobility.
Auditors have to collect evidence whether organizational operations are working
according guidelines and well-documented. Computer-aided audit tools are not capable
of processing documents in a semantic way [
Ordered pairs Interpretation of them performed_by (M(S), M(R)) A given role is responsible for executing a given process step Produces_output(M(S),M(D))
Uses_system(M(S), M(T))
by a process step
A given process step uses an input for its run
A given process step uses an information
system for its run
In our solution, business process models in the shape of process ontologies are
extracted from organizational documents with using standard process models in the
form of process ontologies as well. The structure and objects of standard process
models are used as compliance specifications because, in our approach, these
processes must be run if conformant behavior is followed by a given organization. The
deviations can be discovered by investigating the structure and objects of the
abovementioned process ontologies. Ontology matching is capable of performing this kind
of structural and semantic examination. Hence an ontology matching tool is used to
detect deviations of organizational processes from standard ones and create a
transparent report from them for auditors. This forward compliance checking is executed
in design time without using any runtime data, on process level instead of task level
and with embodied ontology-based techniques. Ontology-based approach was used by
[
The process ontology building component is responsible for discovering semantic contents in documents in an automated manner. This module uses reference process ontologies transformed from BOC ADONIS1 process models by using XSLT transformation as inputs. These process ontologies and business process models are stored in the repository of this system. The first step of the algorithm is to build the organizational process ontology (OPO) with the help of the reference process ontology (RPO). The skeleton of these ontologies are the same. Semantic rules are used to find process elements (like IT resources, roles, input/output documents). First of all, the name of these process elements (like Student, Coordinator as Roles) are tried to find within the document. If it does, the initial OPO will be extended by these entities as classes. New process elements will be discovered by using the initial relations of the process ontologies (see in Table 1) as open queries. For example the goal is to find a role who performs a process step. The meaning of „performed_by“ relation suggests that “<x>by the<y>” open query as pattern within text can detect a relation between an x task (process step) and an y role. Newly discovered process elements will be added to the OPO.
The algorithm picks each process steps from the RPO in order to add process steps to the OPO. It splits the name of these process steps into terms. It seeks them through texts and measures the frequency of their occurrence within a given sentence. The sentence providing the higher value will validate this process step. Having identified these process steps, they are added to the OPO and connected to an existent other process elements of the OPO (Role, IT resources etc) which are located nearby (namely within a given radius). The process ontology building component creates the organizational process ontology containing process elements from the organizational document.
Documents
ontology building component Standards
The ontology matching component uses DL Queries and Protégé 4 OWL Diff for filtering the ontologies, adding instances with a predefined attribute (e.g. region) to them and creating a technical report after executing the matching. This report is processed by a report generator to create a transparent report for auditors which contains information about the number of task, filtered role, missing, unnecessary or common organizational process elements. Hence auditors can discover areas requiring deeper investigations in the next phase when leaders are interrogated by them. 3
Nowadays Campus Mundi projects are to improve higher education processes in Hungary. The audit guideline elaborated for investigating compliance checking of Internationalization activities wants to detect “how the current mechanisms are effective”. Our semantic audit application can help to compare institutional processes with standard processes articulated in the Erasmus Mobility Handbook. The Student Application procedure was used to test this application. Erasmus mobility calls represent the organizational documents. This test was executed on ten different sources.2 The precision of this application is presented by the following charts. The first one shows that how many total and meaningful roles were detected by the above-mentioned algorithm using “by the” semantic rule. It seems that at most one wrong role was extracted in the most cases. The blue line on the second chart presents how many tasks related to the Student role were extracted from the organizational documents, the red line shows how many of them were the same as in the reference process. The notable differentiation between them indicates two cases: the algorithm identified tasks badly or the higher education institutions obligate students to perform tasks which are related to a different role in the handbook. The latter case must be investigated by the auditors, because the segregation of duties control might be failed. So the improvement of the algorithm leads to emerge an application that provides auditors reports for facilitating further investigations. This JAVA application containing libraries of OWL API, DLQueryExample and the SVN Repository of Protégé 4 OWL Diff. 2 http://erasmus.yasar.edu.tr/student-mobility/outgoing-students/ http://www.ciim.ac.cy/outgoing-students https://www.international.tum.de/en/going-abroad/students/erasmus/...etc.