160 likes | 322 Views
Modeling and Analysis of Business Process Compliance. Jörg Becker, Christoph Ahrendt, André Coners, Burkhard Weiß , Axel Winkelmann Hamburg, 22.9.2011. Business Process Compliance – An Emerging Research Field. Assuring business process compliance is a crucial issue in any company.
E N D
Modeling and Analysis of Business Process Compliance Jörg Becker, Christoph Ahrendt, André Coners, Burkhard Weiß, Axel Winkelmann Hamburg, 22.9.2011
Business Process Compliance – An Emerging Research Field Assuring business process compliance is a crucial issue in any company. However, this is increasingly becoming more and more difficult as more and more external and internal regulations are made. Particularly, with the upcoming of the financial crisis and Euro crisis the amount of regulations has increased significantly – especially for banks. As a result, banks are challenged to find new ways to deal with this increasing amount of bureaucracy to assure compliance in an effective and efficient way.
Research Question ? How can banksassuretheir business process compliance effectively and efficientlyin a process-oriented context?
State of the Art First approaches to business process compliance management have suggested by several authors ranging from: • simple IF-THEN-rules derived from event-condition-action(-alternative) (ECA(A)) rules to • business process compliance languages that define inclusion, precedence, existence conditions, based on the control flow and activities of a process or the specification of controls with regard to data and resources • Problem remains that all approaches are: • very limited and mostly concentrate on process control flow analysis, while neglecting other process model and related conceptual model information (e.g. from organizational models or resource models that are linked to process models) and • are hardly understood by process compliance officers and • only support semantic interpretation on a very abstract level, since a predefined ontology for a domain-specific vocabulary is missing
Methodological Business Process Compliance Requirements According to El Kharbili et al. (2008), successful BPC implementations require: • an integrated approach, reflecting the entire BPM lifecycle • should support compliance verification beyond simple control flow aspects • need an intuitive graphical notation for compliance requirements that is also comprehendible for non-experts and • should support the application of semantic technologies for the definition, implementation and execution of automated compliance verification
Idea of Semantic Business Process Modelling Language Universal Business Process Modeling Language SBPML Domain-specific process building blocks for banking sector that encap-sulate every activi-ty of a banking process in a highly standardized way
Automated Process Analysis through Pattern Matching Process Pattern Used for Pattern Matching Analysis
Types of Business Process Compliance Rules Control Flow Related Business Process Compliance Rules:refertodependenciesbetweenprocesselementsaspartof a processflow. Resource / Organisation Related Business Process Compliance Rules:concern the allocation of rights and organizational units, as well as other resources (e.g. IT systems). 1 2 Data Related Business Process Compliance Rules:refertopropertiesandcharacteristicsofbusinessobjectsthatarebeingprocessed / producedaspartof a process. 3
Control-Flow Related Compliance Rules (1/3) Activity A mustbe part ofa process Activity A may not be part of a process Activity A mustprecede Activity B Activity A may not precede Activity B
Control-Flow Related Compliance Rules (2/3) Activity A mustlead to Activity B Activity A may not lead to Activity B Activity B may not be between Activity A and Activity C
Control-Flow Related Compliance Rules (3/3) Activity A must be the first activity in a process Activity A must lead directly to Activity B
Resource / Organisation and Data Related Compliance Rules Existence of Business Object A implies existence of Activity A Activity A and Activity B must be executed by different persons Activity A must be executed by Person A whereas Person B mustcheck execution of Activity A
Business Process Compliance Analysis Object of Study: credit process of a universal bank in Germany, which belongs to the market leaders in the credit processing industry Modeling and Analysis Result Modeling of rules was done within minutes, analysis of business rules could be automated and only needed a few milliseconds
Conclusion, Contribution, Limitations and Outlook Conclusion: Use of semantic business process modeling language (SBPML) seems to be particularly well-suited for modeling and analysis of business process compliance rules Contribution: Conceptual extension of semantic process modeling method with respect to “Compliance View” for modeling and analysing business process compliance rules Limitations: Business process compliance rules may not be complete and they have only been tested within a limited scope (few processes, few banks) Outlook: Further studies are planned in which entire legislations are to be modeled with respect to business process compliance-related rules and large process model repositories are to be checked to estimate efficiency and effectiveness of this new approach vs. manual approach Σ
Contacts Prof. Dr. Jörg Becker E-Mail: becker@ercis.uni-muenster.de Tel.: +49 (0) 251 83-38100 BSc. Wirt.-Inform. Christoph Ahrendt E-Mail: christoph.ahrendt@gmail.com Prof. Dr. André Coners E-Mail: coners@fh-swf.de Tel.: +49 (0) 2331 9330-717 Dipl. Wirt.-Inform. Burkhard Weiß E-Mail: burkhard.weiss@ercis.uni-muenster.de Tel.: +49 (0) 251 83-38089 PD Dr. Axel Winkelmann E-Mail: axel.winkelmann@ercis.uni-muenster.de Tel.: +49 (0) 251 83-38086