=Paper=
{{Paper
|id=None
|storemode=property
|title=Business Process and Regulations Compliance Management Technology
|pdfUrl=https://ceur-ws.org/Vol-731/01.pdf
|volume=Vol-731
|dblpUrl=https://dblp.org/rec/conf/caise/Buksa11
}}
==Business Process and Regulations Compliance Management Technology==
https://ceur-ws.org/Vol-731/01.pdf
Business Process and Regulations Compliance
Management Technology
Ilze Buksa
Riga Technical University, Institute of Applied Computer Systems,
Meza street 1/4, LV-1048, Riga, Latvia
ilze.buksa@rtu.lv
Supervisor Prof. Marite Kirikova
Riga Technical University, Institute of Applied Computer Systems,
Meza street 1/4, LV-1048, Riga, Latvia
marite.kirikova@cs.rtu.lv
Abstract. Organisations are more and more under pressure to comply with an
increasing number of external and internal regulations for business governance
and must ensure that their processes are running accordingly to requirements of
regulations. Therefore business process and regulations compliance analysis,
audit and management tasks take very important role in daily operational
activities of each organisation. Due to high complexity and weak support of IT
tools this task can become challenging. During my Phd studies I want to
develop business process and regulations compliance management technology.
To reach this goal current activity in progress is to develop software prototype
to link business processes to regulations.
Keywords: business process, compliance, regulations.
1 Research question
Usually business processes in organisation are affected by requirements of
regulations. Many organisations use business process management to model,
simulate, execute, change, monitor and optimize business processes. Business process
management can also serve as a proof that organisation is running accordingly to
regulations. To ensure such proof organisation must form and manage linkage
between regulations and business processes.
In many cases organisations have their business processes specified
independently or not specifically linked with regulations, even if business processes
are directly impacted by regulations. Reasons for such situation can be lack of widely
known and applicable methodologies and weak business process management suite
support to link business processes to regulations. Currently no business process
�management suite supports business process linkage specifically to regulations and
relevant change management of regulations and impacted business processes.
Goal of doctoral work is to develop business process and regulations compliance
management technology. As a result developed technology should address and have
solutions for the following main topics:
(1) management of regulations (approach and solution for retrieval, storing,
updating, and versioning of regulations),
(2) extraction of requirements from regulations (approach and solution for
capturing requirements from regulations which are affecting business
processes),
(3) linkage of business processes and regulations (prototype of technical
solution to ensure linkage),
(4) business process and regulations mutual change management and on-
time compliance monitoring (methodology and prototype of technical
solution).
To reach these goals current activity in progress is to develop solution prototype
to link business process activities to the structural parts of regulation. Solution will
use in most of the business process management suits existing business process and
document linkage functionality.
Users of business process and regulation linkage and management solution
would be:
(1) leadership and compliance auditors will gain real time transparency and
proof that business processes are running accordingly to regulations,
(2) process executors will gain visible processes thus facilitating process
execution, re-engineering and optimisation,
(3) lawyers will gain illustration of regulations as a running business
processes which will allow to identify gaps in regulations and optimize
requirements made in regulations as well as any changes in regulations
will allow to see impacted business processes,
(4) software engineers will gain documented processes with specified
regulatory requirements according to which processes are executed, thus
facilitating and speeding-up development of new systems or
maintenance of existing systems to make sure that systems are fulfilling
requirements of regulations.
2 Significant problems in the field of research
From organisations’ point of view challenge is traditional approach of treating
regulations separately from business processes. Usually organisations ensure business
processes compliance with regulations through audits. Due to the need to provide
regular updates on compliance, a more strategic approach to compliance management
is needed. This implies a shift from regular reviews to continual assurance and
�introduces a need for advanced compliance management systems that reflect and
ensure real time compliance management [2, 10].
Currently there are not many specific researches available with focus on
business process and regulations compliance management in order to provide
solutions for existing challenges: lack of methodologies and IT tool support.
However in publications of the latest years, topics on business processes and
regulations provide insight in wider researches in these domains. Lack of specific
researches leads to lack of tested and applicable guidelines and specific IT tool
solutions to support linkage of business processes to regulations.
3 Current knowledge of the problem domain and state of
existing solutions
There are number of researches available which propose approaches for
analysing regulations [1, 6, 9, 10, 15], capturing requirements from regulation [13, 14,
19, 20, 21], facilitating understanding of regulations by graphical representation [12]
and managing compliance with requirements and business processes [2, 3, 4, 5, 7, 16,
17]. Also researches made in document engineering domain [1, 8, 11, 18] are
applicable since regulations basically are documents with specific content –
regulatory requirements.
Figure 1 gives summary of research domains which are applicable in compliance
management. Figure combines domains discovered during the survey of related
works.
� Figure 1. The scope of research
Regarding requirement engineering authors [19] present their survey of
researches in handling regulations for information system development. Summarised
approaches [19] can be used in practical case studies to identify which methods can
be expanded and be applicable to extract requirements from regulations for business
process management.
Authors [13] have proposed method for extracting rights and obligations from
regulations and further [14] have examined tool support for this by applying Cerno
framework for textual semantic annotation and proposed tool for semi-automatic
semantic annotation of concepts. In theses researches authors have focused on limited
scope on alignment of information system requirements with regulations. Output of
these researches can be analysed and expanded with focus to align requirements with
business processes since approach has already proved itself in a practice and is
supported by the tool.
Authors [20] have pointed out ontological differences between legal concepts
and requirements, and have set decision making process about requirements from
regulations for law compliant information systems. Like previous research also here
authors are focusing on requirements for information system, thus showing that some
statements are limited and not applicable in case where requirement engineering is
used to model business processes. Newertheless this approach can be used as a basis
to distinguish between legal concepts and requirements.
� Authors [15] introduce a method to prioritize legal requirements to determinate
order in which requirements should be implemented in information systems. Research
is not applicable in a direct way as in business processes all requirements from
regulations should be implemented and presented at the moment when regulations
come in force, however research is applicable and gives base to prioritize
requirements to denote requirements which have the highest impact level; and such
prioritization can be used for handling contradictory requirements.
Authors [2] specifically present a method for validating business processes with
respect to business rules which are captured from regulations. Method does not
address challenges of extracting requirements from regulations, however it is practical
and applicable approach to trace and visualize basic compliance.
Authors [4] introduce approach to help achieve business process flexibility with
business rules and workflow patterns. Research do not cover compliance issues
directly, however it is applicable as it provides approach based on assumption that
changes in a business process can be confined to the variable isolated parts of the
processes. This assumption is important since ordinary or regular changes of some
regulations most likely will impact some parts of the process not a whole process
itself.
Author [7] validates business processes with business contracts by providing
logic based formalism for describing both the semantics of contract and the semantics
of compliance checking procedures. Results described in the paper are promising,
therefore this approach is valid in scope of author’s research and will be applied in
further case studies by testing it to regulations as both, regulations and contracts,
contain requirements for business processes.
4 Preliminary ideas
Following domains are selected for further investigations in order to address
business process and regulations compliance management:
(1) management of regulations (main topics: extraction of regulatory
requirements; development of regulatory document generation and
update algorithm, solutions for versioning of regulations (and
requirements of regulations)),
(2) management of business processes (main topics: solutions to link
business processes with regulations and representation capabilities),
(3) management of compliance (main topics: existing solutions for
compliance governance in business process management suites).
Research is not limited to listed research domains and can be expanded to other
domains.
�5 Proposed approach
Since requirements under which organisation must operate are expressed in
regulations and business processes represent procedure how these requirements
should be executed [5, 7], it is rational need to find a way to link these two concepts.
Characteristics of regulations make them challenging to use and directly apply in
business processes, therefore captured requirements (perhaps, in a form of business
rules) can be a link to link regulatory document with business process model [5, 7].
To run approach to represent requirements of regulations in the business process
model the following scenario (general steps) should be performed:
(1) determinate applicable regulations,
(2) classify and structure regulation,
(3) ensure traceability within regulation itself and other applicable
regulations,
(4) extract (capture) requirements from applicable regulations,
(5) ensure traceability between requirement and regulation and its sections,
(6) handle inconsistencies between requirement,
(7) model business process incorporating requirements,
(8) ensure traceability between business process and its steps with
requirements, to ensure that all applicable requirements are present,
(9) link business process model and steps with regulatory document,
(10) provide real time compliance monitoring.
IT tool support is highly needed to execute above mentioned scenario.
6 Sketch of the research methodology
Primary research methodologies are collation, summary and synthesis of
existing researches and information, and constructive research to develop solutions
for identified problems through creating and validating new approaches and
prototyping of technology.
7 Contributions of the author to the solution of the problem
Currently ongoing work is to develop approach and technology prototype to link
business processes and regulatory documents using existing capabilities of business
process management suits. Developed approach will be tested also in SAP
Composition Environment. This work has been supported by Accenture Latvia and
Riga Technical University in the context of research project No ZP-2010/7
“Development of linkage technology prototype for business process and normative
documents bond”.
�References
1. Amato F., Mazzeo A., Penta A., Picariello A. Building RDF Ontologies from semi-
structured legal documents. International Conference on Complex, Intelligent and Software
Intensive System. p.997-1002 (2008)
2. Araujo B.M., Schmitz E.A, Correa A.L., Alencar A.J. A method for Validating the
Compliance of Business Processes to Business Rules. Proceedings of the ACM Symposium
on Applied Computing SAC’10 (2010)
3. Breaux T.D., Powers C. Early Studies in Acquiring Evidentiary, Reusable Business Process
Models for Legal Compliance. 6th International Conference on Information Technology:
New Generations. p.272-277 (2009)
4. Eijndhoven T., Iacob M.E., Ponisio M.L. Achieving business process flexibility with
business rules. Proceedings of the 12th International IEEE Enterprise Distributed Object
Computing Conference EDOC'08 (2008)
5. Fiorini S.T., Sampaio J.C. Integrating Business Processes with Requirements Elicitation.
Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure
for Collaborative Enterprises WET ICE'96. p.226 (1996)
6. Ghanavati S., Amyot D., Peyton L. Compliance Analysis Based on a Goal-oriented
Requirement Language Evaluation Methodology. Proceedings of the 17th International
IEEE Requirements Engineering Conference RE’09. p.133-142 (2009)
7. Governatori G., Milosevic Z., Sadiq S. Compliance checking between business processes
and business contracts. Proceedings of the 10th International IEEE Enterprise Distributed
Object Computing Conference EDOC’06. p.221-232 (2006)
8. Guo J. Achieving Transparent Integration of Information, Documents and Processes.
Proceedings of the International IEEE Conference on e-Business Engineering ICEBE’06.
p.558-562 (2006)
9. Hamdaqa M., Hamou-Lhadj A. Citation Analysis: An Approach for Facilitating the
Understanding and the Analysis of Regulatory Compliance Documents. Proceedings of the
6th International Conference on Information Technology: New Generations. p.278-283
(2009)
10. Hassan W., Logrippo L. Requirements and compliance in legal systems: a logic approach.
Proceedings of the International IEEE Requirements Engineering and Law Conference
RELAW’08. p 40-44 (2008)
11. Janiesch C., Dreiling A., Greiner U., Lippe S. Integrated Configuration of Enterprise
Systems for Interoperability - Towards Process Model and Business Document
Specification Alignment. Proceedings of the International 10th IEEE Enterprise Distributed
Object Computing Conference EDOC'06. p.445-448 (2006)
12. Kirikova M. Facilitating Comprehension of Normative Documents by Graphical
Representations. Practical Aspects of Knowledge Management, Springer Verlag, Berlin
Heidelberg. p.369-376 (2002)
13. Kiyavitskaya N, Zeni N., Breaux T.D, Anton A.I. Extracting Rights and Obligations from
Regulations: Toward a Tool-Supported Process. Proceedings of the 22nd International
IEEE/ACM conference on Automated software engineering ASE’07. p.429-432 (2007)
14. Kiyavitskaya N., Zeni N., Breaux T.D., Anton A.I., Cordy J.R., Mich L., Mylopouslos J.
Towards regulatory compliance: Extracting rights and obligations to align requirements
with regulations. Proceedings of the 14t h International IEEE Requirements Engineering
Conference RE'06. p.49-58 (2006)
15. Massey A.K., Otto P.N, Anton A.I. Prioritizing Legal Requirements. Proceedings of the 2nd
International Workshop on Requirements Engineering and Law. p.27-32 (2009)
16. Milosevic Z., Orlowska M., Sadiq S. Linking contracts, processes and services: an event-
driven approach. Proceedings of the IEEE International Conference on Services Computing
SCC’06. p.390-397 (2006)
�17. Muehlen M., Indulska M., Kamp G. Business Process and Business Rule Modeling
Languages for Compliance Management: A Representational Analysis. Tutorials, posters,
panels and industrial contributions at the 26th international conference on Conceptual
modeling ER’07 (2007)
18. Noronha M.A., Goldstein Golendziner L., Santos C.S. Extending a Structured Document
Model with Version Control. Proceedings of the International Database Engineering and
Applications Symposium IDEAS'98. p.234-242 (1998)
19. Otto P.N., Anton A.I. Addressing Legal Requirements in Requirements Engineering.
Proceedings of the 15th International IEEE Requirements Engineering Conference RE’07.
p. 5-14 (2007)
20. Siena A., Mylopoulos J., Perini A., Susi A. From Laws to Requirements. Proceedings of the
International IEEE Requirements Engineering and Law Conference RELAW’08. p. 6-10
(2008)
21. Siena A., Perini A., Susi A., Mylopoulos J. A Meta-Model for Modelling Law-Compliant
Requirements. Proceedings of the 2nd International Workshop on Requirements
Engineering and Law RELAW’09. p. 45-51 (2009)
22. Steinke G., Colleen N. Business rules as the basis of an organisation’s information systems.
Industrial Management & Data Systems, Vol. 103 Iss: 1, p.52-63 (2003)
�