Advertisement

Business Process Compliance and Business Process Change: An Approach to Analyze the Interactions

  • Tobias Seyffarth
  • Stephan Kuehnel
  • Stefan Sackmann
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 320)

Abstract

The adherence of business process compliance (BPC) is crucial for many companies. In addition, business processes may be supported by IT components, which can also be affected by compliance requirements. Due to business process change and the avoidance of compliance violations, companies must analyze, among other things, the interactions between business process change and BPC. Following the design science research paradigm, we developed and prototypically implemented a method that is able to analyze interactions between BPC and business process change considering supporting IT components and compliance processes. The method takes the business process change patterns “replace” and “delete” into account.

Keywords

Business process compliance Business process change Compliance process Information technology 

References

  1. 1.
    Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., van den Heuvel, W.-J.: Business process compliance through reusable units of compliant processes. In: Daniel, F., Facca, F.M. (eds.) ICWE 2010. LNCS, vol. 6385, pp. 325–337. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-16985-4_29CrossRefGoogle Scholar
  2. 2.
    Turetken, O., Elgammal, A., van den Heuvel, W.-J., Papazoglou, M.: Enforcing compliance on business processes through the use of patterns. In: 19th ECIS 2011 (2011)Google Scholar
  3. 3.
    Schäfer, T., Fettke, P., Loos, P.: Towards an integration of GRC and BPM – requirements changes for compliance management caused by externally induced complexity drivers. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM 2011. LNBIP, vol. 100, pp. 344–355. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28115-0_33CrossRefGoogle Scholar
  4. 4.
    Sadiq, S., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-75183-0_12CrossRefGoogle Scholar
  5. 5.
    Knackstedt, R., Eggert, M., Heddier, M., Chasin, F., Becker, J.: The relationship of is and law - the perspective of and implications for IS research. In: ECIS 2013 Completed Research (2013)Google Scholar
  6. 6.
    The Audit of Financial Statements in an Information Technology Environment. IDW AuS 330 (2002)Google Scholar
  7. 7.
    Committee of Sponsoring Organizations of the Treadway Commission (COSO): Internal Control - Integrated Framework. Framework and Appendices (2012)Google Scholar
  8. 8.
    Rudzajs, P., Buksa, I.: Business process and regulations: approach to linkage and change management. In: Grabis, J., Kirikova, M. (eds.) BIR 2011. LNBIP, vol. 90, pp. 96–109. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-24511-4_8CrossRefGoogle Scholar
  9. 9.
    Fdhila, W., Indiono, C., Rinderle-Ma, S., Reichert, M.: Dealing with change in process choreographies: design and implementation of propagation algorithms. Inf. Syst. 49, 1–24 (2015)CrossRefGoogle Scholar
  10. 10.
    Rinderle, S., Reichert, M., Dadam, P.: Correctness criteria for dynamic changes in workflow systems—a survey. Data Knowl. Eng. 50, 9–34 (2004)CrossRefGoogle Scholar
  11. 11.
    Awad, A.: BPMN-Q: a language to query business processes. In: Proceedings of EMISA 2007, pp. 115–128 (2007)Google Scholar
  12. 12.
    Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., Leymann, F.: Integrating compliance requirements across business and IT. In: 2014 IEEE 18th International Enterprise Distributed Object Computing Conference (2014)Google Scholar
  13. 13.
    Hevner, A.R., Gregor, S.: Positioning and presenting design science research for maximum impact. MIS Q. 37 (2013)Google Scholar
  14. 14.
    Yu, P.S., Han, J., Faloutsos, C. (eds.): Link Mining: Models, Algorithms, and Applications. Springer Science + Business Media LLC, New York (2010).  https://doi.org/10.1007/978-1-4419-6515-8CrossRefGoogle Scholar
  15. 15.
    Camunda: Camunda BPMN model API. https://github.com/camunda/camunda-bpmn-model
  16. 16.
    Naveh, B.: JGraphT. http://jgrapht.org/
  17. 17.
    OMG (Hg): Business Process Model and Notation (BPMN). http://www.omg.org/spec/BPMN/2.0/PDF/
  18. 18.
    Jonkers, H., Lankhorst, M., van Buuren, R., Hoppenbrouwers, S., Bonsangue, M., van der Torre, L.: Concepts for modeling enterprise architectures. Int. J. Coop. Inf. Syst. 13, 257–287 (2004)CrossRefGoogle Scholar
  19. 19.
    Juris (ed.): Gesetze im Internet. http://www.gesetze-im-internet.de
  20. 20.
    Seyffarth, T., Kühnel, S., Sackmann, S.: ConFlex: an ontology-based approach for the flexible integration of controls into business processes. Multikonferenz Wirtschaftsinformatik (MKWI) 2016, 1341–1352 (2016)Google Scholar
  21. 21.
    Kharbili, M., Medeiros, A.K.A.d., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. MobIS 141, 107–113 (2008)Google Scholar
  22. 22.
    Sackmann, S., Kittel, K.: Flexible workflows and compliance: a solvable contradiction?! In: Vom Brocke, J., Schmiedel, T. (eds.) BPM - Driving Innovation in a Digital World, pp. 247–258. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-14430-6_16CrossRefGoogle Scholar
  23. 23.
    Seyffarth, T., Kühnel, S., Sackmann, S.: A taxonomy of compliance processes for business process compliance. In: Carmona, J., Engels, G., Kumar, A. (eds.) BPM 2017. LNBIP, vol. 297, pp. 71–87. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-65015-9_5CrossRefGoogle Scholar
  24. 24.
    IEEE: IEEE Recommended Practice for Architectural Description of Software Intensive Systems, (IEEE Std 1 1471–2000). IEEE Computer Society, New York (2000)Google Scholar
  25. 25.
    TOGAF (ed.): Content Metamodel. Content Metamodel Vision and Concepts. http://pubs.opengroup.org/architecture/togaf9-doc/arch/
  26. 26.
    Winter, R., Fischer, R.: Essential layers, artifacts, and dependencies of enterprise architecture. In: 2006 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW 2006), p. 30 (2006)Google Scholar
  27. 27.
    The Open Group (ed.): TOGAF 9.1. Content Meta Model. http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap34.html
  28. 28.
    Weber, B., Reichert, M., Rinderle-Ma, S.: Change patterns and change support features – enhancing flexibility in process-aware information systems. Data Knowl. Eng. 66, 438–466 (2008)CrossRefGoogle Scholar
  29. 29.
    Rinderle-Ma, S., Reichert, M., Weber, B.: On the formal semantics of change patterns in process-aware information systems. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 279–293. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-87877-3_21CrossRefGoogle Scholar
  30. 30.
    Fdhila, W., Rinderle-Ma, S., Reichert, M.: Change propagation in collaborative processes scenarios. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom) (2012)Google Scholar
  31. 31.
    Namiri, K.: Model-Driven Management of Internal Controls for Business Process Compliance. Karlsruhe (2008)Google Scholar
  32. 32.
    Frank, U., Heise, D., Ulrich, Kattenstroth, H., Ferguson, D.F., Hadar, E., Waschke, M.G.: ITML: a domain-specific modeling language for supporting business driven IT management. In: Proceedings of the 9th OOPSLA Workshop on Domain-Specific Modeling (2009)Google Scholar
  33. 33.
    Principles of Proper Accounting When Using Information Technology. IDW AcP FAIT 1 (2002)Google Scholar
  34. 34.
    Kirikova, M., Penicina, L., Gaidukovs, A.: Ontology based linkage between enterprise architecture, processes, and time. Commun. Comput. Inf. Sci. 539, 382–391 (2015)Google Scholar
  35. 35.
    Vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: 17th European Conference on Information Systems, pp. 2206–2217 (2009)Google Scholar
  36. 36.
    Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26, xiii–xxiii (2002)Google Scholar
  37. 37.
    Delfmann, P., Steinhorst, M., Dietrich, H.-A., Becker, J.: The generic model query language GMQL – conceptual specification, implementation, and runtime evaluation. Inf. Syst. 47, 129–177 (2015)CrossRefGoogle Scholar
  38. 38.
    Gacitua-Decar, V., Pahl, C.: Automatic business process pattern matching for enterprise services design. In: 2009 World Conference on Services - II (2009)Google Scholar
  39. 39.
    Fellmann, M., Thomas, O., Busch, B.: A query-driven approach for checking the semantic correctness of ontology-based process representations. In: Abramowicz, W. (ed.) BIS 2011. LNBIP, vol. 87, pp. 62–73. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21863-7_6CrossRefGoogle Scholar
  40. 40.
    Ghanavati, S., Amyot, D., Peyton, L.: Compliance analysis based on a goal-oriented requirement language evaluation methodology. In: 2009 17th IEEE International Requirements Engineering Conference (2009)Google Scholar
  41. 41.
    Fdhila, W., Rinderle-Ma, S., Knuplesch, D., Reichert, M.: Change and compliance in collaborative processes. In: 2015 IEEE International Conference on Services Computing (2015)Google Scholar
  42. 42.
    Knuplesch, D., Fdhila, W., Reichert, M., Rinderle-Ma, S.: Detecting the effects of changes on the compliance of cross-organizational business processes. In: Johannesson, P., Lee, M.L., Liddle, Stephen W., Opdahl, Andreas L., López, Ó.P. (eds.) ER 2015. LNCS, vol. 9381, pp. 94–107. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-25264-3_7CrossRefGoogle Scholar
  43. 43.
    Knackstedt, R., Braeuer, S., Heddier, M., Becker, J.: Integrating regulatory requirements into information systems design and implementation. In: ICIS 2014 Proceedings (2014)Google Scholar
  44. 44.
    Elgammal, A., Turetken, O., van den Heuvel, W.-J., Papazoglou, M.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: Maglio, Paul P., Weske, M., Yang, J., Fantinato, M. (eds.) ICSOC 2010. LNCS, vol. 6470, pp. 17–31. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17358-5_2CrossRefGoogle Scholar
  45. 45.
    Halle, S.: Causality in message-based contract violations. a temporal logic “Whodunit”. In: 2011 IEEE 15th International Enterprise Distributed Object Computing Conference (2011)Google Scholar
  46. 46.
    Koetter, F., et al.: An universal approach for compliance management using compliance descriptors. In: Helfert, M., Ferguson, D., Méndez Muñoz, V., Cardoso, J. (eds.) CLOSER 2016. CCIS, vol. 740, pp. 209–231. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-62594-2_11CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Tobias Seyffarth
    • 1
  • Stephan Kuehnel
    • 1
  • Stefan Sackmann
    • 1
  1. 1.Martin Luther University Halle-WittenbergHalle (Saale)Germany

Personalised recommendations