bpCMon: A Rule-Based Monitoring Framework for Business Processes Compliance

bpCMon: A Rule-Based Monitoring Framework for Business Processes Compliance

Ping Gong (Department of Computer Science, Fujian Normal University, Fuzhou, China), David Knuplesch (Institute of Databases and Information Systems, Ulm University, Ulm, Germany), Zaiwen Feng (State Key Laboratory of Software Engineering, Wuhan University, Wuhan, China) and Jianmin Jiang (Department of Computer Science, Fujian Normal University, Fuzhou, China)
Copyright: © 2017 |Pages: 23
DOI: 10.4018/IJWSR.2017040105
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


Business processes compliance monitoring checks whether running business processes comply with involved compliance rules. Business processes in modern enterprise are rarely supported by a single and centralized workflow system, but instead implemented over different applications (e.g., CRM, ERP, WfMS, and legacy systems). The running data (i.e., event) about process executions are scattered across these applications. Under such circumstance, understanding the compliance of running processes entails the compliance monitoring enabling to correlate events from different applications and even different process instances. This paper introduces a framework named as bpCMon for business process compliance monitoring. bpCMon consists of an expressive compliance rule language ECL and a rule system ERS. ECL is a pattern-based formal language for specifying compliance rules of multiple process perspectives, and also allows for describing event-correlation conditions. ERS, generated from compliance rules in ECL, in turn plays as a compliance monitor enabling to correlate events efficiently by means of an indexing structure created from event-correlation conditions. The applicability of bpCMon is demonstrated by experiments on real-world data sets, and the efficiency of bpCMon is illustrated by comparing with related approaches. Overall, bpCMon enables business process compliance monitoring to meet real-world requirements.
Article Preview

1. Introduction

Business processes compliance (BPC) requires that business processes are executed in conformance with prescribed and approved sets of compliance rules. The latter may stem, for example, from norms, standards, and laws (Sadiq, et al. 2011). In general, there are compliance checking approaches of various kinds taken on different phases of process life cycle to enforce the BPC, e.g., a-priori checking at design time or a-posteriori checking based on the event logs of completed process instances.

However, a-priori checking is not always sufficient, since process instances may deviate from prescribed process implementations (Schonenberg, et al. 2008). Furthermore, in many enterprise systems, processes are not model-driven, but more or less hard coded in the respective system (de Lenoi, et al. 2016). In turn, a-posteriori checking might be inapplicable for decision making when quick reaction is needed for compliance violations. These thus emphasize the need for run-time compliance checking, i.e., compliance monitoring.

Figure 1.

Business process compliance monitoring

Example 1.­
Following compliance rules address the prevention of frauds in banking domain (Basin,et al. 2013, 2015):
B1. Every bank transfer of a customer, who was involved in a suspicious bank transfer (e.g., with an amount greater than €10,000) within the last 30 days, must be reported afterward within 2 days.
B2. The sum of withdraws from account within 30 days, must not exceed the limit of €10,000.
B3. For each user, the number of withdrawing peaks over the last 30 days does not exceed a threshold of 5, where a peak is a value at least twice the average over some time window (30 days).

Complete Article List

Search this Journal:
Volume 20: 1 Issue (2023): Forthcoming, Available for Pre-Order
Volume 19: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 18: 4 Issues (2021)
Volume 17: 4 Issues (2020)
Volume 16: 4 Issues (2019)
Volume 15: 4 Issues (2018)
Volume 14: 4 Issues (2017)
Volume 13: 4 Issues (2016)
Volume 12: 4 Issues (2015)
Volume 11: 4 Issues (2014)
Volume 10: 4 Issues (2013)
Volume 9: 4 Issues (2012)
Volume 8: 4 Issues (2011)
Volume 7: 4 Issues (2010)
Volume 6: 4 Issues (2009)
Volume 5: 4 Issues (2008)
Volume 4: 4 Issues (2007)
Volume 3: 4 Issues (2006)
Volume 2: 4 Issues (2005)
Volume 1: 4 Issues (2004)
View Complete Journal Contents Listing