Abstract
Policies are an important organizational tool giving an effective support for building business systems, from the strategic level down to the operational and technical levels. In particular, policies are a cornerstone for the governance system of financial institutions. In international organizations, a lot of policies span all country-local representatives and span all organizational levels. This work is part of a series concerning the improvement of requirements engineering methods for process-based organizations. This requires enhancing a shared vision between employees of the process responsibilities, by advocating cross-functional thinking with the focus set to the outcomes of the processes, and defining the outcomes in relationship with the business goals. We complement the works on business process models by the managers’ concerns, i.e. the managers’ responsibilities for value to be delivered by the processes. This research proposes a method for constructing policy models. Ontology is defined for interoperability purposes of the models of different organizational levels. The main formal analyse that is used for verification purposes is the reliability of the policy system and its impact on the reliability of the operational system which is one important objective of recent governance regulations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
6 References
M. Hammer (1996) Beyond Reengineering: How the Process-Centered Organization is Changing Our Lives. HarperBusiness.
A. Gunasekaran and B. Kobu (2002) Modelling and analysis of business process reengineering, Int. J. Prod. Res., 2002, vol. 40, no. 11, 2521:2546
F. Baader et al., editors. (2003) The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press.
IFRS: International Financial Reporting Standards, IASCF, USA. SoX: Sarbanes Oxley Act of 2002, USA. COSO: Internal Control — Integrated Framework, CSOTC.
BIS (2004) International Convergence of Capital Measurement and Capital Standards.
R. Crook, D. Ince, B. Nuseibeh (2003) Modelling access policies using roles in requirements engineering, Information and Software Technology, 45:979–991.
N. Damianou, A. Bandara, M. Sloman and E. Lupu, (2002) A survey of policy specification approaches, Imperial College, London
A. Rifaut, M. Picard and B. Di Renzo (2006) ISO/IEC 15504 Process Improvement to Support Basel II Compliance of Operational Risk Management in Financial Institutions, International Conference SPiCE 2006
R.N. Anthony (1965) Planning and Control Systems: A Framework for Analysis. Harward University, Boston, USA.
A. Rifaut and C. Feltus (2006) Improving Operational Risk Management Systems by Formalizing the Basel II Regulation with Goal Models and the ISO/IEC 15504 Approach, REMO2V, CAISE06, Luxembourg.
CSSF (2006) http://www.cssf.lu/index.php?id=130
A. Rifaut (2005) Goal-Driven Requirements Engineering for Supporting the ISO 15504 Assessment Process, EuroSPI 2005, Budapest.
J. Henderson and N. Venkatraman (1999) Strategic alignment: Leveraging technology for transforming organizations IBM Systems Journal: 38.
Osterwalder and Pigneur (2005) An Ontology for e-business models. In Value Creation from E-Business Models, Wendy Currie ed., Butterworth-Heinenmann.
W. Robson (1997) Strategic Management and Information Systems, Pitman.
Chaffey et al. (2005) Business Information Systems: Technology, Development and Management for the E-business, Prentice Hall.
E. Kavakli and P. Loucopoulos (2004) Goal Driven Requirements Engineering: Analysis and Critique of Current Methods, in Information Modeling Methods and Methodologies (Adv. topics of Database Research), 102:124
Van Solingen (1999) The Goal/Question/Metric Method: A Practical Guide For Quality Improvement of Software Development McGraw-Hill,.
P. Giorgini, N. Maiden, J. Mylopoulos, E. Yu (eds.) (2006) “Tropos/i*: Applications, variations and Extensions”, Cooperative Information Systems Series, MIT Press.
R. Kaplan and D. Norton (1996) The Balanced Scorecard. Harvard Bus. School Press
B. Di Renzo, M. Hillairet, M. Picard, A. Rifaut, C. Bernard, D. Hagen, P. Maar, D. Reinard (2005) Operational Risk management in Financial Institutions: Process Assessment in Concordance with Basel II, International Conference SPiCE 2005.
Rifaut A., (2005) An assessment method compliant to the Basel II regulation on operational risk management, Proceedings of the conference New developments in Financial Planning Hochschule, Liechtenstein, December 2005.
J. Dobson and J. McDermid.(1989) A Framework for Expressing Models of Security Policy. in IEEE Symposium on Security and Privacy. Oakland, CA.
J. Dobson (1993) New Security Paradigms: What Other Concepts Do We Need as Well? In 1st New Security Paradigms Workshop. Little Compton: IEEE Press.
C. Ponsard, P. Massonet, A. Rifaut, J.F. Molderez, A.l van Lamsweerde, H. Tran Van (2005) Early Verification and Validation of Mission Critical Systems. Electr. Notes Theor. Comput. Sci. 133: 237–254
A. Rifaut, P. Massonet, J.F. Molderez, C. Ponsard, P. Stadnik, A. van Lamsweerde, H. Tran Van (2003) FAUST: Formal Analysis Using Specification Tools. RE 2003: 350
SWI-Prolog-XPCE Semantic Web Library package (http://www.swi-prolog.org)
T. Latvala, A. Biere, K. Heljanko, T.A.. Junttila, (2005) Simple Is Better: Efficient Bounded Model Checking for Past LTL. VMCAI 2005:380–395
Kececioglu, D. (1991) Reliability Engineering Handbook, Vol. 2, Prentice Hall.
A. Schaad and J. D. Moffett (2002) Delegation of Obligations, POLICY 2002.
Basel Committee on Banking Supervision (2002) The 2002 Loss Data Collection Exercise for Operational Risk: Summary of the Data Collected. Basel.
J. Moffett and M. Sloman (1993) Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communication, 11–9: 1404–1414.
J. Park and R. Sandhu (2004) The UCON-ABC Usage Control Model, ACM Transactions on Information and System Security, Vol. 7, No. 1: 128–174.
X. Zhang, M. Nakae, M.J. Covington, R. Sandhu (2005) A Usage-based Authorization Framework for Collaborative Computing Systems. ACM, SACMAT
S. Hawke (2003) surnia — OWL full reasoner based on otter, http://www.w3.org/2003/08/surnia/
J. A. Kalman (2001) Automated Reasoning with Otter, Rinton Press.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag London Limited
About this paper
Cite this paper
Feltus, C., Rifaut, A. (2007). An Ontology for Requirements Analysis of Managers’ Policies in Financial Institutions. In: Gonçalves, R.J., Müller, J.P., Mertins, K., Zelm, M. (eds) Enterprise Interoperability II. Springer, London. https://doi.org/10.1007/978-1-84628-858-6_3
Download citation
DOI: https://doi.org/10.1007/978-1-84628-858-6_3
Publisher Name: Springer, London
Print ISBN: 978-1-84628-857-9
Online ISBN: 978-1-84628-858-6
eBook Packages: EngineeringEngineering (R0)