Effect of Using Automated Auditing Tools on Detecting Compliance Failures in Unmanaged Processes

  • Yurdaer Doganata
  • Francisco Curbera
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5701)


The effect of using automated auditing tools to detect compliance failures in unmanaged business processes is investigated. In the absence of a process execution engine, compliance of an unmanaged business process is tracked by using an auditing tool developed based on business provenance technology or employing auditors. Since budget constraints limit employing auditors to evaluate all process instances, a methodology is devised to use both expert opinion on a limited set of process instances and the results produced by fallible automated audit machines on all process instances. An improvement factor is defined based on the average number of non-compliant process instances detected and it is shown that the improvement depends on the prevalence of non-compliance in the process as well as the sensitivity and the specificity of the audit machine.

Topics covered

BPM Governance and Compliance Management Issues and Empirical Studies Non-traditional BPM Scenarios 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Curbera, F., Doganata, Y., Martens, A., Mukhi, M., Slominski, A.: Business Provenance - A Technology to Increase Traceability of End-to-End Operations. In: OTM Conferences vol (1) , pp. 100–119 (2008)Google Scholar
  2. 2.
    Greengard, S.: Compliance Software’s Bonus Benefits. Business Finance Magazine (February 2004)Google Scholar
  3. 3.
    Gartner.: Simplifying Compliance: Best Practices and Technology, French Caldwell, (Business Process Management Summit (June 6, 2005)Google Scholar
  4. 4.
    Hagerty, J., Hackbush, J., Gaughan, D., Jacaobson, S.: The Governance, Risk Management, and Compliance Spending Report, 2008-2009, AMR Research Report, March 25 (2008)Google Scholar
  5. 5.
    Corfield, B.: Managing the cost of compliance,
  6. 6.
    Zur Muehlen, M., Ho, D.T.: Risk Management in the BPM Lifecycle. In: Bussler, C.J., Haller, A. (eds.) BPM 2005. LNCS, vol. 3812, pp. 454–466. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Christopher, G., Müller, S., Pfitzmann, B.: From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation. IBM Research Report RZ 3662, IBM Zurich Research Laboratory (2006)Google Scholar
  8. 8.
    Lu, R., Sadiq, S., Governatori, G.: Compliance aware business process design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Milosevic, Z., Gibson, S., Linington, J.C., Kulkarni, S.: On Design and implementation of a contract monitoring facility. In: Benatallah, B. (ed.) First IEEE International Workshop on Electronic Contracts, pp. 62–70. IEEE Press, Los Alamitos (2004)Google Scholar
  10. 10.
    Governatori, G., Milosevic, Z.: A Formal Analysis of a Business Contract Language. International Journal of Cooperative Information Systems 15(4), 659–685 (2006)CrossRefGoogle Scholar
  11. 11.
    Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: Proceedings of the 10th IEEE Conference on Enterprise Distributed Object Computing (2006)Google Scholar
  12. 12.
    Ly, L.T., Rinderle, S., Dadam, P.: Integration and verification of semantic constraints in adaptive process management systems. Data and Knowledge Engineering 64(1), 3–23 (2008)CrossRefGoogle Scholar
  13. 13.
    Governatori, G.: Representing Business Contracts in RuleML. International Journal of Cooperative Information Systems 14(2–3), 181–216 (2005)CrossRefGoogle Scholar
  14. 14.
    Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: Eder, J., Dustdar, S. (eds.) BPM Workshops 2006. LNCS, vol. 4103, pp. 5–14. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Lee, J.K., Sohn, M.M.: The eXtensible Rule Markup Language. Communications of ACM 46(5), 59–64 (2003)CrossRefGoogle Scholar
  16. 16.
  17. 17.
    Joseph, L., Gyorkos, T.W., Coupal, L.: Bayesian estimation of disease prevalence and the parameters of diagnostic tests in the absence of a gold standard. Am. J. Epidemiol (1995)Google Scholar
  18. 18.
    Gelfand, A.E., Smith, A.F.M.: Sampling-based approaches to calculating marginal densities. Journal American Statistics Assoc. 85, 348–409 (1990)MathSciNetzbMATHGoogle Scholar
  19. 19.
    Gelfand, A.E., Hills, S.E., Racine-Poon, A., et al.: Illustration of Bayesian Inference in normal data using Gibbs sampling. Journal of American Statistics Assoc. 85, 972–985 (1990)CrossRefGoogle Scholar
  20. 20.
    Tanner, M.A.: Tools for statistical inference. Springer, New York (1991)CrossRefzbMATHGoogle Scholar
  21. 21.
    Katsis, A.: Sample size determination of binomial data with the presence of misclassification. Metrika 63, 323–329 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Pooled Prevalence Calculator,
  23. 23.
    Geman, S., Geman, D.: Stochastic Relaxation, Gibbs Distributions, and the Bayesian Restoration of Images. IEEE Transactions on Pattern Analysis and Machine Intelligence 6, 721–741 (1984)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yurdaer Doganata
    • 1
  • Francisco Curbera
    • 1
  1. 1.IBM T J Watson Research CenterHawthorne

Personalised recommendations