<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Economic Assessment and Analysis of Business Process Compliance: An Approach based on Basic Control Flow Patterns and Extensible Event Streams (Extended Abstract)</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Stephan Kuehnel</string-name>
          <email>stephan.kuehnel@wiwi.uni-halle.de</email>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Martin Luther University Halle-Wittenberg</institution>
          ,
          <addr-line>Universitaetsring 3, 06108 Halle (Saale)</addr-line>
          ,
          <country country="DE">Germany</country>
        </aff>
      </contrib-group>
      <abstract>
        <p>In many industries, ensuring compliance in business processes has become a cost-intensive task due to intensive regulation. For companies to operate profitably despite current regulatory developments, approaches to the economic assessment and analysis of process-based compliance measures are needed. The dissertation entitled “Economic Assessment and Analysis of Business Process Compliance: An Approach based on Basic Control Flow Patterns and Extensible Event Streams” addresses that need by designing, implementing, and evaluating: 1) a mathematical method for the economic assessment of BPC drawing on patterns of basic control flows, and 2) an information technology-based method for the economic analysis and selection of compliance measures drawing on eXtensible Event Streams. This paper is an extended abstract of the dissertation, which briefly presents the two methods. Its conclusion discusses the implementation of a software artifact and the results of a summative evaluation.</p>
      </abstract>
      <kwd-group>
        <kwd>Business Process Compliance</kwd>
        <kwd>Economic Assessment</kwd>
        <kwd>Compliance Cost</kwd>
        <kwd>Design Science Research</kwd>
        <kwd>Software Artifact</kwd>
        <kwd>EconBPC</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>-</title>
      <p>
        In business contexts, the term "compliance" refers to the adherence to rules, i.e.,
corporate actions in accordance with applicable regulations originating from various sources,
such as laws, standards, contracts, internal organizational provisions, etc. [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ]. Business
Process Compliance (BPC) describes and addresses the adherence to business-related
requirements when designing and executing business processes [
        <xref ref-type="bibr" rid="ref1 ref2">1, 2</xref>
        ]. Against the
background of a growing number of compliance requirements, ensuring BPC has not
only become a complex technical challenge, but also a cost-intensive task [
        <xref ref-type="bibr" rid="ref3 ref4 ref5">3–5</xref>
        ]. In this
context, BPC is even described as a "heavy cost driver" [
        <xref ref-type="bibr" rid="ref6">6</xref>
        ]. Therefore, the need for
approaches that also address non-technical economic dimensions in securing BPC was
Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons
communicated in science and practice. The principle of economic efficiency is
essentially based on an input–output relation, which can be specified by quantitative
parameters for various domains, including BPC [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ]. The investigation of process-based
compliance measures in regard to this relation, i.e., the investigation of compliance
activities and activity sequences in business processes, is a procedure called economic
analysis of BPC [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. This analysis requires an economic assessment of process-based
compliance measures to identify inefficiencies and stimulate process improvements [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ].
      </p>
      <p>
        The literature already provides approaches addressing the economic assessment and
analysis of compliance controls [
        <xref ref-type="bibr" rid="ref10 ref11 ref9">9–11</xref>
        ]. While these approaches allow for the
determination of an adequate control intensity from an economic point of view, they neglect
the assessment of process-based compliance measures in business processes, which is
a fundamental prerequisite for the economic analysis of BPC.
      </p>
      <p>
        Consequently, the cumulative dissertation entitled "Economic Assessment and
Analysis of Business Process Compliance: An Approach based on Basic Control Flow
Patterns and Extensible Event Streams" [
        <xref ref-type="bibr" rid="ref2">2</xref>
        ] conceptualized, implemented, and evaluated
methods for the economic assessment and analysis of BPC. For the realization of the
research project, a multi-cyclical design science research approach was applied,
resulting in four core papers of the cumulative dissertation and two methods for the economic
assessment and analysis of BPC. The first method draws on the well-known Basic
Control Flow Patterns of van der Aalst et al. [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ], the second method builds on the standard
for eXtensible Event Streams (XES) [
        <xref ref-type="bibr" rid="ref13">13</xref>
        ].
      </p>
      <p>This extended abstract briefly presents both methods in Sections 2 and 3. Section 4
closes this article by discussing both the implementation of a corresponding software
artifact and the results of a summative evaluation.
2</p>
    </sec>
    <sec id="sec-2">
      <title>Economic Assessment of Business Process Compliance with Basic Control Flow Patterns</title>
      <p>
        The first method comprises three steps (see Fig. 1) and enables the assessment of
process-based compliance measures drawing on the Basic Control Flow Patterns [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ].
1. Complexity reduction. Since the economic assessment of BPC is focused on
compliance activities, other activities of a business process can be neglected. The
application of complexity reduction mechanisms allows one to derive a (reduced)
compliance process [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ] that merely contains activities relevant to the assessment of BPC.
2. Assessment and pattern matching. A compliance process is subsequently broken
down into assessable sub-processes/process fragments matching the well-known
Basic Control Flow Patterns [
        <xref ref-type="bibr" rid="ref12">12</xref>
        ]. Calculation rules have been developed for these
patterns, which can be used to calculate economic parameters of compliance
activities and activity sequences, considering control flows [
        <xref ref-type="bibr" rid="ref14">14</xref>
        ].
3. Assessment aggregation. The calculation rules of [
        <xref ref-type="bibr" rid="ref14">14</xref>
        ] can be used to determine
economic benefits for well-formed combinations of compliance activities at different
levels of abstraction (respectively aggregation). Thus, the complexity of (extensive)
calculations can be resolved step by step, even for large-scale compliance processes.
      </p>
    </sec>
    <sec id="sec-3">
      <title>Economic Assessment of Business Process Compliance with eXtensible Event Streams</title>
      <p>
        The second method comprises four steps (see Fig. 2) and enables the assessment of
process-based compliance measures drawing on XES [
        <xref ref-type="bibr" rid="ref13">13</xref>
        ].
1. Annotation and complexity reduction. The flexible character of the XES standard
opens up the opportunity to annotate log files, i.e., to enrich events with data relevant
to BPC assessment, such as costs. The XES-based method also starts by reducing
complexity, whereby all events that are not of the type „compliance“ are removed
from the log file [
        <xref ref-type="bibr" rid="ref2">2</xref>
        ]. This increases the method's computing efficiency. The reduced
log file is referred to as a compliance log file. Although no graphical process
reconstruction is required for this assessment method, the compliance process can
be reconstructed and visualized from the compliance log file [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ].
2. Identification of compliance process patterns. Based on the compliance log file, the
event sequences of all compliance traces are analyzed. Subsequently, a list of all
differing sequences with their relative frequency of occurrence is created. Each entry
in the list is a unique tuple that represents one of a finite number of path sequences
through a compliance process and is referred to as a compliance process pattern.
3. Assessment of compliance process patterns. Using the calculation rules of the
pattern-based method (cf. Section 2), economic parameters for compliance process
patterns are determined. Since the compliance process patterns are derived from the
traces of a business process, and a trace always has either a parallel or a sequential
character, only the calculation rules for sequence, parallel split, and synchronization
patterns have to be considered for economic assessment and analysis.
4. Assessment aggregation. Considering the occurrence probabilities of the
compliance process patterns determined in Step 2, the method of [
        <xref ref-type="bibr" rid="ref14">14</xref>
        ] can be used to
calculate the expected economic benefit of a compliance process (i.e., for
aggregation purposes). In contrast to the pattern-based method, the XES-based
method is not limited to well-formed processes.
To instantiate the methods, five design principles and an architecture model were
developed. On their basis, the software artifact EconBPC was implemented in R as a web
application (see [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]). EconBPC was qualitatively evaluated by means of think-aloud
sessions. The evaluation results show that the handling of EconBPC is intuitive and that
the automatic assessment of compliance activities/processes is perceived as cognitive
relief [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. Furthermore, it was found that the comprehensible presentation of calculation
results and inefficient compliance activities in the user interface of EconBPC is useful
for decision support. In a subsequent survey with experts, the design principles were
evaluated as comprehensible, traceable, useful, and practicable [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ]. The methods
developed and the software artifact EconBPC offer practical application potentials both for
an assessment and analysis of BPC and for decision support in selection decisions on
alternative compliance measures. Furthermore, the design principles underlying the
XES-based method can be adapted by scientists and practitioners for new application
contexts and used as a starting point for the development of further software artifacts.
      </p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          1.
          <string-name>
            <surname>Governatori</surname>
            ,
            <given-names>G.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Hashmi</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Lam</surname>
            ,
            <given-names>H.-P.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Villata</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Palmirani</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          :
          <article-title>Semantic Business Process Regulatory Compliance Checking Using LegalRuleML</article-title>
          . EKAW, pp.
          <fpage>746</fpage>
          -
          <lpage>761</lpage>
          (
          <year>2016</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          2.
          <string-name>
            <surname>Kuehnel</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          :
          <article-title>Wirtschaftliche Bewertung und Analyse von Business Process Compliance: Ein Ansatz basierend auf Basic Control Flow Patterns und Extensible Event Streams</article-title>
          .
          <source>Dissertation</source>
          . DOI:
          <volume>10</volume>
          .25673/33603, Martin Luther University Halle-Wittenberg (
          <year>2019</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          3.
          <string-name>
            <surname>Sackmann</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Kittel</surname>
            ,
            <given-names>K.</given-names>
          </string-name>
          :
          <article-title>Flexible Workflows and Compliance: A Solvable Contradiction?</article-title>
          ! In: BPM - Driving
          <source>Innovation in a Digital World</source>
          . Springer, Cham, pp.
          <fpage>247</fpage>
          -
          <lpage>258</lpage>
          (
          <year>2015</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          4.
          <string-name>
            <surname>Sadiq</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Governatori</surname>
          </string-name>
          , G.:
          <article-title>Managing Regulatory Compliance in Business Processes</article-title>
          .
          <source>In: Handbook on Business Process Management 2</source>
          , Springer Berlin, pp.
          <fpage>265</fpage>
          -
          <lpage>288</lpage>
          (
          <year>2015</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          5.
          <string-name>
            <given-names>La</given-names>
            <surname>Rosa</surname>
          </string-name>
          ,
          <string-name>
            <surname>M.</surname>
          </string-name>
          :
          <article-title>Strategic business process management</article-title>
          .
          <source>Proceedings of the International Conference on Software and Systems Process (ICSSP)</source>
          , pp.
          <fpage>177</fpage>
          -
          <lpage>178</lpage>
          (
          <year>2015</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          6.
          <string-name>
            <surname>Becker</surname>
            ,
            <given-names>J.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Delfmann</surname>
            ,
            <given-names>P.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Dietrich</surname>
          </string-name>
          , H.-A.,
          <string-name>
            <surname>Steinhorst</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Eggert</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          :
          <article-title>Business Process Compliance Checking - Applying and Evaluating a Generic Pattern Matching Approach forCconceptual Models in the Financial Sector</article-title>
          .
          <source>Inf Syst Front 18</source>
          , pp.
          <fpage>359</fpage>
          -
          <lpage>405</lpage>
          (
          <year>2016</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          7.
          <string-name>
            <surname>Kühnel</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          :
          <article-title>Toward a Conceptual Model for Cost-Effective Business Process Compliance</article-title>
          .
          <source>Proceedings of Informatik 2017, Lecture Notes in Informatics (LNI))</source>
          , pp.
          <fpage>1631</fpage>
          -
          <lpage>1639</lpage>
          (
          <year>2017</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          8.
          <string-name>
            <surname>Kuehnel</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Trang</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Lindner</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          : Conceptualization, Design, and
          <article-title>Implementation of EconBPC - A Software Artifact for the Economic Analysis of Business Process Compliance</article-title>
          .
          <source>In: Conceptual Modeling. 38th International Conference</source>
          , pp.
          <fpage>378</fpage>
          -
          <lpage>386</lpage>
          (
          <year>2019</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          9.
          <string-name>
            <surname>Narendra</surname>
            ,
            <given-names>N.C.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Varshney</surname>
            ,
            <given-names>V.K.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Nagar</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Vasa</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Bhamidipaty</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          :
          <article-title>Optimal Control Point Selection for Continuous Business Process Compliance Monitoring</article-title>
          .
          <source>International Conference on Service Operations and Logistics, and Informatics</source>
          , pp.
          <fpage>2536</fpage>
          -
          <lpage>2541</lpage>
          (
          <year>2008</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          10.
          <string-name>
            <surname>Bhamidipaty</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Narendra</surname>
            ,
            <given-names>N.C.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Nagar</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Varshneya</surname>
            ,
            <given-names>V.K.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Vasa</surname>
            ,
            <given-names>M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Deshwal</surname>
            ,
            <given-names>C.</given-names>
          </string-name>
          :
          <article-title>Indra: An Integrated Quantitative System for Compliance Management for IT Service Delivery</article-title>
          .
          <source>IBM J. Res. &amp; Dev</source>
          .
          <volume>53</volume>
          (
          <issue>6</issue>
          ), pp.
          <volume>6</volume>
          :
          <fpage>1</fpage>
          -
          <lpage>6</lpage>
          :
          <fpage>12</fpage>
          (
          <year>2009</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          11.
          <string-name>
            <surname>Doganata</surname>
            ,
            <given-names>Y.N.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Curbera</surname>
            ,
            <given-names>F.</given-names>
          </string-name>
          :
          <article-title>A Method of Calculating the Cost of Reducing the Risk Exposure of Non-compliant Process Instances</article-title>
          .
          <source>Proceedings of the first ACM workshop on Information security governance</source>
          , New York, pp.
          <fpage>7</fpage>
          -
          <lpage>12</lpage>
          (
          <year>2009</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          12.
          <string-name>
            <surname>van der Aalst</surname>
            ,
            <given-names>W.M.P.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>ter Hofstede</surname>
            ,
            <given-names>A.H.M.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Kiepuszewski</surname>
            ,
            <given-names>B.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Barros</surname>
            ,
            <given-names>A.P.</given-names>
          </string-name>
          : Workflow Patterns.
          <source>Distributed and Parallel Databases</source>
          <volume>14</volume>
          , pp.
          <fpage>5</fpage>
          -
          <lpage>51</lpage>
          (
          <year>2003</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref13">
        <mixed-citation>
          13.
          <string-name>
            <surname>Günther</surname>
            ,
            <given-names>C.W.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Verbeek</surname>
          </string-name>
          , E.:
          <article-title>XES Standard Definition 2.0</article-title>
          .
          <string-name>
            <surname>Eindhoven</surname>
          </string-name>
          (
          <year>2014</year>
          )
        </mixed-citation>
      </ref>
      <ref id="ref14">
        <mixed-citation>
          14.
          <string-name>
            <surname>Kuehnel</surname>
            ,
            <given-names>S.</given-names>
          </string-name>
          ,
          <string-name>
            <surname>Zasada</surname>
            ,
            <given-names>A.</given-names>
          </string-name>
          :
          <article-title>An Approach Toward the Economic Assessment of Business Process Compliance</article-title>
          . In: Advances in Conceptual Modeling. pp.
          <fpage>228</fpage>
          -
          <lpage>238</lpage>
          . Springer (
          <year>2018</year>
          )
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>