Compliance Management is Becoming a Major Issue in IS Design

This article aims at improving the information systems management support to Risk and Compliance Management process, i.e. the management of all compliance imperatives that impact an organization, including both legal and stra- tegically self-imposed imperatives. We propose a process to achieve such regula- tory compliance by aligning the Governance activities with the Risk Management ones, and we suggest Compliance should be considered as a requirement for the Risk Management platform. We will propose a framework to align law and IT compliance requirements and we will use it to underline possible directions of investigation resumed in our discussion section. This work is based on an exten- sive review of the existing literature and on the results of a four-month internship done within the IT compliance team of a major financial institution in Switzer- land, which has legal entities situated in different countries

Aiding compliance governance in service-based business processes

Assessing whether a company's business practices conform to laws and regulations and follow standards and SLAs, i.e., compliance management, is a complex and costly task. Few software tools aiding compliance management exist; yet, they typically do not address the needs of who is actually in charge of assessing and understanding compliance. We advocate the use of a compliance governance dashboard and suitable root cause analysis techniques that are specifically tailored to the needs of compliance experts and auditors. The design and implementation of these instruments are challenging for at least three reasons: (1) it is fundamental to identify the right level of abstraction for the information to be shown; (2) it is not trivial to visualize different analysis perspectives; and (3) it is difficult to manage and analyze the large amount of involved concepts, instruments, and data. This chapter shows how to address these issues, which concepts and models underlie the problem, and, eventually, how IT can effectively support compliance analysis in Service-Oriented Architectures (SOAs). © 2012, IGI Global

A Semantic-based Approach for Compliance Management of Internal Controls in Business Processes

Abstract. Enterprises require mechanisms to ensure that their business processes implement and fulfill internal controls in context of regulatory compliance such as Sarbanes Oxley Act. In this paper we propose an approach for the modeling and implementation of internal controls in business processes. The approach is based on the formal modeling of internal controls, thus it can serve as the basis for usage of logic mechanisms in the compliance verification process.