Semantic-Enabled Compliance Management

Semantic-Enabled Compliance Management

Rainer Telesko (Fachhochschule Nordwestschweiz, Switzerland) and Simon Nikles (Fachhochschule Nordwestschweiz, Switzerland)
DOI: 10.4018/978-1-60960-126-3.ch015
OnDemand PDF Download:
No Current Special Offers


A lot of companies are nowadays obliged to follow regulations and to integrate specific policies from these regulations into their business processes. Implementing compliance automation concepts is crucial for companies because of the dependencies between compliance policies, IT-infrastructure and business process management. Nowadays in many companies there exist either no compliance automation concepts at all, or automation is limited to simply integrating hard-coded checks into standard software with no linkage to the business processes. In the scientific community in the past years, some concepts for compliance automation based on business processes, workflow technology, and semantic technologies have been developed. Semantic technologies seem to be a promising approach where implemented regulations are expressed by means of ontologies. In this chapter we present an approach for a semantics-based configuration of a service package with respect to Service Level Agreements, which capitalizes on the principles and use cases of the EU-project, plugIT. This chapter discusses the approach in detail, shows the economical benefits, and concludes with an outlook for the next steps.
Chapter Preview


Compliance management is concerned with the implementation of various kinds of regulations and requires an integrated approach covering business process-, risk- and information-management aspects. In this chapter we outline the various approaches for semantic-based compliance management, assess their maturity and show what elements may be part of future commercial compliance management systems. Furthermore we present the EU-project plugIT where a modeling framework for Business-IT Alignment is currently developed. One use case in this project is focusing on the semi-automatic creation of an SLA based on existing models for the business and IT side using case-based reasoning.

Business Cases and Challenges

This section is organized as follows. We start with definitions for compliance automation and motivate the increasing demand for automation concepts. Afterwards we list the main challenges in this field and give an overview about existing approaches. Basically compliance automation approaches can be divided into the two main approaches “compliance by design” and “compliance by detection”. We conclude the section by outlining some promising approaches using different technologies.

Why Compliance Automation?

Compliance automation comprises the use of IT for ensuring that business processes and practices are in accordance with prescribed compliance regulations.

There will be an increasing demand for compliance automation concepts in future because of several reasons:

  • 1.

    The number of regulations which have to be observed will increase in future. Due to the fact that the legislative bodies pass on the costs to the companies, efficient compliance management with IT technologies is mandatory in order to avoid a cost explosion.

  • 2.

    Time-consuming and cost-intensive manual checking of documents and internal controls can be significantly reduced by using IT.

  • 3.

    Because of the increasing use of IT for the automation of business processes (e.g. Workflow, SOA etc.) and the necessity to integrate compliance management into business process management concepts for business process-based compliance automation will become more important in future.

  • 4.

    IT systems provide a lot of information that can be used for compliance validation (e.g. ERP systems etc.).

  • 5.

    Effective monitoring concepts indicating the actual compliance level need sophisticated IT.

The main challenges for compliance automation can be listed as follows (Sackmann, Kähmer, Gilliot and Lowis 2008) and (Rinderle-Ma, Ly and Dadam 2008):

  • 1.

    Multi-compliance management: Usually, enterprises have to comply with a multitude of regulations. An automated solution for compliance management has to ensure that different regulations can be handled and redundant controls are avoided. Furthermore such a solution has to guarantee that new releases of regulations are quickly integrated and valid statements about the compliance status are possible even in the case of changed business processes.

  • 2.

    Promptly delivering information about the actual compliance status.

  • 3.

    Openness concerning flexible business processes and technological developments.

  • 4.

    Proper integration into the business process framework and finding the right level of automation. Today, a lot of companies are running automation concepts on the level of integration of hard-coded checks and compliance repositories thus neglecting the integration into the business processes. However, the effort for using such approaches increases dramatically when compliance requirements and business processes are changing rapidly and multi-compliance issues have to be tackled (Sackmann et al. 2008).

Compliance Management is covering all steps from the identification of relevant regulations to the implementation with IT. Identifying the relevant regulations and deriving the policies to be applied usually cannot be automated, thus means there is no generic solution for compliance automation.

Complete Chapter List

Search this Book: