A quantitative summarization referring to the achievement of the stated compliance objectives (e.g., the number of unauthorized accesses to our payroll data).
Published in Chapter:
Aiding Compliance Governance in Service-Based Business Processes
Patrícia Silveira (University of Trento, Italy), Carlos Rodríguez (University of Trento, Italy), Aliaksandr Birukou (University of Trento, Italy), Fabio Casati (University of Trento, Italy),
Florian Daniel (University of Trento, Italy), Vincenzo D’Andrea (University of Trento, Italy), Claire Worledge (Deloitte Conseil, France), and Zouhair Taheri (PricewaterhouseCoopers Accountants, The Netherlands)
Copyright: © 2012
|Pages: 25
DOI: 10.4018/978-1-61350-432-1.ch022
Abstract
Assessing whether a company’s business practices conform to laws and regulations and follow standards and SLAs, i.e., compliance management, is a complex and costly task. Few software tools aiding compliance management exist; yet, they typically do not address the needs of who is actually in charge of assessing and understanding compliance. We advocate the use of a compliance governance dashboard and suitable root cause analysis techniques that are specifically tailored to the needs of compliance experts and auditors. The design and implementation of these instruments are challenging for at least three reasons: (1) it is fundamental to identify the right level of abstraction for the information to be shown; (2) it is not trivial to visualize different analysis perspectives; and (3) it is difficult to manage and analyze the large amount of involved concepts, instruments, and data. This chapter shows how to address these issues, which concepts and models underlie the problem, and, eventually, how IT can effectively support compliance analysis in Service-Oriented Architectures (SOAs).