Usually business processes in organisation are affected by requirements of regulations. Many organisations use business process management to model, simulate, execute, change, monitor and optimize business processes. Business process management can also serve as a proof that organisation is running accordingly to regulations. To ensure such proof organisation must form and manage linkage between regulations and business processes.

In many cases organisations have their business processes specified independently or not specifically linked with regulations, even if business processes are directly impacted by regulations. Reasons for such situation can be lack of widely known and applicable methodologies and weak business process management suite support to link business processes to regulations. Currently no business process management suite supports business process linkage specifically to regulations and relevant change management of regulations and impacted business processes.

Goal of doctoral work is to develop business process and regulations compliance management technology. As a result developed technology should address and have solutions for the following main topics: (1) management of regulations (approach and solution for retrieval, storing, updating, and versioning of regulations), (2) extraction of requirements from regulations (approach and solution for capturing requirements from regulations which are affecting business processes), (3) linkage of business processes and regulations (prototype of technical solution to ensure linkage), (4) business process and regulations mutual change management and ontime compliance monitoring (methodology and prototype of technical solution).

To reach these goals current activity in progress is to develop solution prototype to link business process activities to the structural parts of regulation. Solution will use in most of the business process management suits existing business process and document linkage functionality.

Users of business process and regulation linkage and management solution would be: (1) leadership and compliance auditors will gain real time transparency and proof that business processes are running accordingly to regulations, (2) process executors will gain visible processes thus facilitating process execution, re-engineering and optimisation, (3) lawyers will gain illustration of regulations as a running business processes which will allow to identify gaps in regulations and optimize requirements made in regulations as well as any changes in regulations will allow to see impacted business processes, (4) software engineers will gain documented processes with specified regulatory requirements according to which processes are executed, thus facilitating and speeding-up development of new systems or maintenance of existing systems to make sure that systems are fulfilling requirements of regulations. 2

From organisations’ point of view challenge is traditional approach of treating regulations separately from business processes. Usually organisations ensure business processes compliance with regulations through audits. Due to the need to provide regular updates on compliance, a more strategic approach to compliance management is needed. This implies a shift from regular reviews to continual assurance and introduces a need for advanced compliance management systems that reflect and ensure real time compliance management [ 2, 10 ].

Currently there are not many specific researches available with focus on business process and regulations compliance management in order to provide solutions for existing challenges: lack of methodologies and IT tool support. However in publications of the latest years, topics on business processes and regulations provide insight in wider researches in these domains. Lack of specific researches leads to lack of tested and applicable guidelines and specific IT tool solutions to support linkage of business processes to regulations. 3

existing solutions problem domain and state of

There are number of researches available which propose approaches for analysing regulations [ 1, 6, 9, 10, 15 ], capturing requirements from regulation [ 13, 14, 19, 20, 21 ], facilitating understanding of regulations by graphical representation [ 12 ] and managing compliance with requirements and business processes [ 2, 3, 4, 5, 7, 16, 17 ]. Also researches made in document engineering domain [ 1, 8, 11, 18 ] are applicable since regulations basically are documents with specific content – regulatory requirements.

Regarding requirement engineering authors [ 19 ] present their survey of researches in handling regulations for information system development. Summarised approaches [ 19 ] can be used in practical case studies to identify which methods can be expanded and be applicable to extract requirements from regulations for business process management.

Authors [ 13 ] have proposed method for extracting rights and obligations from regulations and further [ 14 ] have examined tool support for this by applying Cerno framework for textual semantic annotation and proposed tool for semi-automatic semantic annotation of concepts. In theses researches authors have focused on limited scope on alignment of information system requirements with regulations. Output of these researches can be analysed and expanded with focus to align requirements with business processes since approach has already proved itself in a practice and is supported by the tool.

Authors [ 20 ] have pointed out ontological differences between legal concepts and requirements, and have set decision making process about requirements from regulations for law compliant information systems. Like previous research also here authors are focusing on requirements for information system, thus showing that some statements are limited and not applicable in case where requirement engineering is used to model business processes. Newertheless this approach can be used as a basis to distinguish between legal concepts and requirements.

Authors [ 15 ] introduce a method to prioritize legal requirements to determinate order in which requirements should be implemented in information systems. Research is not applicable in a direct way as in business processes all requirements from regulations should be implemented and presented at the moment when regulations come in force, however research is applicable and gives base to prioritize requirements to denote requirements which have the highest impact level; and such prioritization can be used for handling contradictory requirements.

Authors [ 2 ] specifically present a method for validating business processes with respect to business rules which are captured from regulations. Method does not address challenges of extracting requirements from regulations, however it is practical and applicable approach to trace and visualize basic compliance.

Authors [ 4 ] introduce approach to help achieve business process flexibility with business rules and workflow patterns. Research do not cover compliance issues directly, however it is applicable as it provides approach based on assumption that changes in a business process can be confined to the variable isolated parts of the processes. This assumption is important since ordinary or regular changes of some regulations most likely will impact some parts of the process not a whole process itself.

Author [ 7 ] validates business processes with business contracts by providing logic based formalism for describing both the semantics of contract and the semantics of compliance checking procedures. Results described in the paper are promising, therefore this approach is valid in scope of author’s research and will be applied in further case studies by testing it to regulations as both, regulations and contracts, contain requirements for business processes. 4

Following domains are selected for further investigations in order to address business process and regulations compliance management: (1) management of regulations (main topics: extraction of regulatory requirements; development of regulatory document generation and update algorithm, solutions for versioning of regulations (and requirements of regulations)), (2) management of business processes (main topics: solutions to link business processes with regulations and representation capabilities), (3) management of compliance (main topics: existing solutions for compliance governance in business process management suites).

Research is not limited to listed research domains and can be expanded to other domains.

Since requirements under which organisation must operate are expressed in regulations and business processes represent procedure how these requirements should be executed [ 5, 7 ], it is rational need to find a way to link these two concepts. Characteristics of regulations make them challenging to use and directly apply in business processes, therefore captured requirements (perhaps, in a form of business rules) can be a link to link regulatory document with business process model [ 5, 7 ].

To run approach to represent requirements of regulations in the business process model the following scenario (general steps) should be performed: (1) determinate applicable regulations, (2) classify and structure regulation, (3) ensure traceability regulations,

within regulation itself and other applicable (4) extract (capture) requirements from applicable regulations, (5) ensure traceability between requirement and regulation and its sections, (6) handle inconsistencies between requirement, (7) model business process incorporating requirements, (8) ensure traceability between business process and its steps with requirements, to ensure that all applicable requirements are present, (9) link business process model and steps with regulatory document, (10) provide real time compliance monitoring.

IT tool support is highly needed to execute above mentioned scenario.

Primary research methodologies are collation, summary and synthesis of existing researches and information, and constructive research to develop solutions for identified problems through creating and validating new approaches and prototyping of technology.

Currently ongoing work is to develop approach and technology prototype to link business processes and regulatory documents using existing capabilities of business process management suits. Developed approach will be tested also in SAP Composition Environment. This work has been supported by Accenture Latvia and Riga Technical University in the context of research project No ZP-2010/7 “Development of linkage technology prototype for business process and normative documents bond”.