The Journey to Business Process Compliance

The Journey to Business Process Compliance

Guido Governatori (Queensland Research Laboratory, Australia) and Shazia Sadiq (University of Queensland, Australia)
Copyright: © 2009 |Pages: 29
DOI: 10.4018/978-1-60566-288-6.ch020
OnDemand PDF Download:


It is a typical scenario that many organisations have their business processes specified independently of their business obligations (which includes contractual obligations to business partners, as well as obligations a business has to fulfil against regulations and industry standards). This is because of the lack of guidelines and tools that facilitate derivation of processes from contracts but also because of the traditional mindset of treating contracts separately from business processes. This chapter will provide a solution to one specific problem that arises from this situation, namely the lack of mechanisms to check whether business processes are compliant with business contracts. The chapter begins by defining the space for business process compliance and the eco-system for ensuring that process are compliant. The key point is that compliance is a relationship between two sets of specifications: the specifications for executing a business process and the specifications regulating a business. The central part of the chapter focuses on a logic based formalism for describing both the semantics of normative specifications and the semantics of compliance checking procedures.
Chapter Preview

1. Introduction

The term compliance is applied in many disciplines such as management, standards development, regulations, medical practice and so on. It is often used to denote and demonstrate adherence of one set of rules (we refer to them as ‘source rules’ hereafter) against other set of rules (we refer to them as ‘target rules’ hereafter). Typically, target rules represent an established or agreed set of guidelines, norms, laws, regulations, recommendations or qualities which, if obeyed, will deliver certain effect or value to those to whom they can apply, or to those with whom they interact. In some way, the target rules are intended for a global or broad community of participants in a specific universe of discourse. On the other hand, source rules are developed to apply to participants and their behaviours in certain local contexts, and adherence of source rules to the target rules then ensures that both local and global expectations or requirements can be met.

In management for example, target rules represent policies that need to be obeyed by companies, their staff or executives, while undertaking their normal course of actions to meet their goals. Examples of such rules are the US regulations such as Sarbanes-Oxley Act1 or Health Insurance Privacy Act (HIPPA)2. In standards development, compliance requirements are stated to ensure necessary consistency of one set of requirements with some broader set of requirements, e.g., a compliance of the ODP Enterprise Language with ODP-RM3. Note that in standards communities, the term conformance has a different meaning: it is used to relate an implementation to a standard specification. Finally, in health sector, compliance is referred to a patient’s (or doctor’s) adherence to a recommended course of treatment.

Similarly, we apply this interpretation of compliance as a metaphor to discuss adherence or consistence of a set of rules in business processes against a set of rules regulating a particular business. This set of rules can stem from different sources, legislation, standards, best practices, internal guidelines and policies, contracts between the parties involved in the process and so on. We will refer to the source of these as normative documents, and to the rules themselves as norms or normative specifications. So, ensuring compliance of business processes with a normative document means ensuring consistency of norms stated in normative documents and rules covering the execution of business processes. In other words, to check that the specification of a business process complies with a normative document regulating the domain of the process, one has to verify that all execution paths of the process, possible according to the specification of the business process, comply with the normative specification. This means that no execution path is in breach of the regulation. This consistency, for example, is necessary to satisfy commitments that parties typically state in their agreements or business contracts while carrying out their mutually related internal business activities. Such compliance also leads to benefits to both parties, e.g., minimisation of costs or damages to either party whether these are associated with potentially inadvertent behaviour or deliberate violations while seeking more opportunistic engagements.

Key Terms in this Chapter

Compliance: Compliance, also know as regulatory compliance, is the process by which an organisation ensures that the specifications for implementing business processes, operations and practise are in accordance with a prescribed and/or agreed set of norms.

Deontic Logic: Deontic logic is the branch of logic that studies the formalisation and properties of normative notions such as obligation, permission, prohibitions, violations and so on. Typically a deontic logic is an extension of classical propositional logic with modal (deontic) operators modelling normative concepts, i.e., obligations, permissions, prohibitions.

Formal Contract Logic (FCL): Formal Contract Logic is obtained from the combination of Defeasible logic (extended with deontic operators) and a Deontic logic of violation. The logic offers two main reasoning mechanisms, one mechanism to combine and to derive new norms (rules) from existing ones, and the second mechanism to derive the normative position in force for a particular case.

Defeasible Logic: Defeasible logic is a simple and efficient rule based non-monotonic formalism. The key idea of the logic is to derive (tentative) conclusions, i.e., conclusions that can be retracted when new piece of information become available, with a minimum amount of information.

Normative Position: A normative position regulates the (prescribed) behaviour of a group of actors in an institution (described by a set of norms). A one-agent normative position regulates the act of one actor; a two-agent normative positions regulate the (possibly joint) acts of two agents, and so on. Typically, obligations, permissions, prohibitions are basic normative positions, complex normative positions, e.g., delegation, power, are obtained by combination of simplex normative positions and actions.

Business Process Model: A business process model (BPM) describes the tasks to be executed (and the order in which they are executed) to fulfil some objectives of a business. BPMs aim to automate and optimise business procedures and are typically given in graphical languages. A language for BPM usually has two main elements: tasks and connectors. Tasks correspond to activities to be performed by actors (either human or artificial) and connectors describe the relationships between tasks.

Complete Chapter List

Search this Book:
Table of Contents
Jorge Cardoso, Wil van der Aalst
Chapter 1
Tiziana Margaria, Bernhard Steffen
The one thing approach is designed to overcome the classical communication hurdles between application experts and the various levels of IT experts.... Sample PDF
Business Process Modeling in the jABC: The One-Thing Approach
Chapter 2
Huy Tran, Ta’id Holmes, Uwe Zdun, Schahram Dustdar
This chapter introduces a view-based, model-driven approach for process-driven, service-oriented architectures. A typical business process consists... Sample PDF
Modeling Process-Driven SOAs: A View-Based Approach
Chapter 3
Stefan Jablonski
This chapter presents a process modeling approach for holistic process management. The main idea is that domain specific process models are required... Sample PDF
Process Modeling for Holistic Process Management
Chapter 4
Matthias Kloppmann, Dieter Koenig, Simon Moser
This chapter introduces a set of languages intended to model and run business processes. The Business Process Modeling Notation 1.1 (BPMN) is a... Sample PDF
The Dichotomy of Modeling and Execution: BPMN and WS-BPEL
Chapter 5
Chun Ouyang, Michael Adams, Arthur H.M. ter Hofstede
Due to the absence of commonly accepted conceptual and formal foundations for workflow management, and more generally Business Process Management... Sample PDF
Yet Another Workflow Language: Concepts, Tool Support, and Application
Chapter 6
Modelling Constructs  (pages 122-141)
Ekkart Kindler
There are many different notations and formalisms for modelling business processes and workflows. These notations and formalisms have been... Sample PDF
Modelling Constructs
Chapter 7
Kwanghoon Kim, Clarence A. Ellis
This chapter introduces the basic concepts of information control net (ICN) and its workflow models. In principle, a workflow model is the... Sample PDF
ICN-Based Workflow Model and its Advances
Chapter 8
Manfred Reichert, Peter Dadam
In dynamic environments it must be possible to quickly implement new business processes, to enable ad-hoc deviations from the defined business... Sample PDF
Enabling Adaptive Process-Aware Information Systems with ADEPT2
Chapter 9
Macello La Rosa, Marlon Dumas, Arthur H.M. ter Hofstede
A reference process model represents multiple variants of a common business process in an integrated and reusable manner. It is intended to be... Sample PDF
Modeling Business Process Variability for Design-Time Configuration
Chapter 10
Cesare Pautasso
Model-driven architecture (MDA), design and transformation techniques can be applied with success to the domain of business process modeling (BPM)... Sample PDF
Compiling Business Process Models into Executable Code
Chapter 11
Cinzia Cappiello, Barbara Pernici
This chapter illustrates the concept of repairable processes and self-healing functionalities and discusses about their design requirements.... Sample PDF
Design of Repairable Processes
Chapter 12
Web Process Adaptation  (pages 245-253)
Kunal Verma
Adaptation is an important concept for Web processes. The author provides an overview of adaptation with respect to control theory and how it is... Sample PDF
Web Process Adaptation
Chapter 13
Carlo Combi, Giuseppe Pozzi
Time is a very important dimension of any aspect in human life, affecting also information and information management. As such, time must be dealt... Sample PDF
Temporalities for Workflow Management Systems
Chapter 14
Karsten Ploesser, Nick Russell
This chapter discusses the challenges associated with integrating work performed by human agents into automated workflows. It briefly recounts the... Sample PDF
The People Integration Challenge
Chapter 15
Dimka Karastoyanova, Tammo van Lessen, Frank Leymann, Zhilei Ma, Joerg Nitzche, Branimir Wetzstein
Even though process orientation/BPM is a widely accepted paradigm with heavy impact on industry and research the available technology does not... Sample PDF
Semantic Business Process Management: Applying Ontologies in BPM
Chapter 16
Hernani Mourao, Pedro Antunes
In this chapter the authors propose a solution to handle unexpected exceptions in WfMS. They characterize these events deeply and recognize that... Sample PDF
Using WfMS to Support Unstructured Activities
Chapter 17
Guillermo Jimenez
In this chapter the authors introduce the role of a business process engineer (BPE) and necessary competencies to define, simulate, analyze, and... Sample PDF
Business Process Engineering
Chapter 18
Christoph Bussler
This chapter introduces the application of process management to business-to-business (B2B) integration and enterprise application integration... Sample PDF
B2B and EAI with Business Process Management
Chapter 19
Paul Grefen
This chapter is devoted to automated support for interorganizational business process management, that is, formation and enactment of business... Sample PDF
Systems for Interorganizational Business Process Management
Chapter 20
Guido Governatori, Shazia Sadiq
It is a typical scenario that many organisations have their business processes specified independently of their business obligations (which includes... Sample PDF
The Journey to Business Process Compliance
Chapter 21
M. Castellanos, A.K. Alves de Medeiros, J. Mendling, B. Weber, A.J.M.M. Weijters
Business Process Intelligence (BPI) is an emerging area that is getting increasingly popular for enterprises. The need to improve business process... Sample PDF
Business Process Intelligence
Chapter 22
Diogo R. Ferreira
This chapter introduces the principles of sequence clustering and presents two case studies where the technique is used to discover behavioral... Sample PDF
Applied Sequence Clustering Techniques for Process Mining
Chapter 23
Kamal Bhattacharya, Richard Hull, Jianwen Su
This chapter describes a design methodology for business processes and workflows that focuses first on “business artifacts”, which represent key... Sample PDF
A Data-Centric Design Methodology for Business Processes
Chapter 24
Laura Sanchez, Andrea Delgado, Francisco Ruiz, Felix Garcia, Mario Piattini
The underlying premise of process management is that the quality of products and services is largely determined by the quality of the processes used... Sample PDF
Measurement and Maturity of Business Processes
About the Editors
About the Contributors