From the Stone Age to the Cloud: A Case Study of Risk-Focused Process Improvement

Organizations strive to continually improve organizational performance while maintaining compliance to increasingly complex rules and regulations. Several methods and techniques for the identification and management of operational risks in business processes have been proposed in the academic literature, yet there are few examples of practical applications. This paper addresses this gap through a case study of a process improvement project that employed some of the proposed risk and compliance management techniques. We describe a business process reengineering project within the purchasing and accounts payable operations of a university United States. The project focused on improving service quality by improving the transparency and predictability of operations through the introduction of a workflow management system. We outline the stepwise transformation of manual process operations through technology, and discuss the risk and compliance objectives identified throughout the project and their impact on process design. This case study illustrates how process re-engineering techniques can improve process designs while balancing performance and compliance objectives. It provides guidance for the selection of an appropriate level of abstraction during process analysis and demonstrates how process objectives and technology capabilities shape the design of to-be processes

How to Evaluate the Practical Relevance of Business Process Compliance Checking Approaches?

To comply with legal regulations becomes a more and more challenging task for companies of all industry sectors. In particular business processes have to comply with legal requirements. Its checking and control lead to tedious tasks for compliance managers. In order to reduce the compliance management effort special checking approaches have been developed that enable an automatic check of processes regarding their compliance with laws and regulations. Until now, these approaches appear in research but lack in practical evaluation. To close this gap an evaluation method based on the technology acceptance model and focus group sessions as well as its application is presented in this paper

Architecture System Framework for a Continuing Airworthiness Management Organization

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementInternational Civil Aviation Organization (ICAO) main goal is to increase safety of global aviation. To pursue such goal, a Global Aviation Safety Plan was issued. This document highlights the importance of Safety Management System (SMS) requirements compliance by aviation stakeholders. At regional level, European Union Aviation Safety Agency (EASA) issued the European Plan for Aviation Safety which identifies the strategy and the enablers for the near future. This includes the implementation of SMS on aviation industry, but also identifies the importance of digitalization and technology to improve safety level. In industry, having an enterprise architecture helps Organizations to have a systematic approach to ensure Processes, Information and Technology architectures alignment. Technology shall be used to improve the processes to a higher level of effectiveness and efficiency, producing the information effectively needed by different organizational levels. So, the question that arises is how can Continuing Airworthiness Management Organizations (CAMO) leverage its business, promoting safety and bringing value to stakeholder’s expectations? The goal of this dissertation was to promote the development of a high-level CAMO architecture system framework which complies with applicable SMS and airworthiness regulations. To meet this goal, three data vectors will be analyzed: the organizational architectures, the airworthiness CAMO requirements and the data provided by studies on how technology is leveraging industrial aviation. This will allow the identification of which business processes and compliance information are required and enable the discussion of which applicable architecture model should be more effective. The study led to the Architecture System Framework components proposal within the Continuing Airworthiness Management Organization, namely the Business Process architecture, the Information architecture and the Technological enablers guidance proposals. The Business Process architecture proposal is divided trough 3 processes levels that includes 8 level 1 processes, 31 level 2 processes and a third level where each of the level 2 process was designed using BPMN detail approach. To design Information Architecture was used DFD notation where 11 high level data entities repository were identified, evaluated and proposed. In the end of this work and using the identified technological enablers applied to aviation industry at the moment, it was discussed how these technologies could leverage the identified processes. Then it was developed a technological guidance scheme where was integrated the identified processes with the possible technologies to be used

Regtech, Compliance and Technology Judgement Rule

This Article focuses on the rise of Financial Technology, which revolutionized consumer financial service products, and challenged policymakers with regulating the rapidly evolving financial industry. In particular, it explores Regulatory Technology, also known as RegTech, which is the finance industry’s use of technology, especially information technology, in the context of regulatory monitoring, reporting and compliance. RegTech is designed to solve industry needs for a more effective and efficient way to automate corporate governance and compliance processes. Not only has FinTech proven to be a vital revenue source, especially in connection with lending or money transmission services, but it also helps entities cut costs, promotes good corporate practice in compliance management and enhances desired regulatory compliance outcomes. In particular, RegTech does this by enabling businesses to: automate ordinary compliance tasks, reduce operational risks associated with compliance obligations, enable compliance functions to make informed risk choices based on data provided insight, and create cost-effectives solutions to problems. Those solutions ensure that companies are up to date with the latest regulatory changes, minimize the likelihood of human error, and increase the overall governance process. Additionally, RegTech can prove valuable especially in identity management, risk management, and security, including from a corporate governance perspective, such as in cyber whistleblower or Bug Bounty programs. Nevertheless, this article argues that RegTech is not a panacea for all corporate governance challenges. First, there are certain barriers to the adoption of RegTech. Second, RegTech alone cannot extirpate undesired and unethical business practices, or resolve ethical issues resulting from corporate culture. Moreover, technology can be used by businesses to evade regulations and frustrate regulators, a phenomenon referred to as anti-RegTech. Third, technology can hinder good judgment and human input in the governance and risk management decision processes, which operate based on opaque programmed reasoning that is often biased and reflects altered interpretations of the law. Fourth, given the high stakes, financial institutions must be careful when partnering with third party firms, and include regulators in the conversation before entering into such partnerships, especially given the increasing cyber risks. Lastly, many of the RegTech’s automation and efficiency gains have been offset by the costs of expanded regulatory requirements, such as the increasing number of information requests from regulators

Demonstrating Context-aware Process Injection with the CaPI Tool

Today's enterprises face individual customer expectations, high product variability, and an abundance of regulations. Consequently, they must cope with numerous business process variants, whose design and execution depend on a multiplicity of influencing factors, like, e.g., customer requests, resource availability, compliance rules, or process data. Moreover, already running processes need to be also adjustable to respond to contextual changes, emerging regulations, or new customer requests. With the goal to provide support for process variant management at both design and run time, this demo paper presents the prototype of the context-aware process framework (CaPI). The latter, in particular, enables the sophisticated modeling of process variants based on the context-aware injection of process fragments into a base process. Thus, executed process variants may dynamically evolve during run time, considering the current context of the respective process instance. The CaPI tool was developed based on existing adaptive process management technology. Overall, CaPI enables context-aware process injection, and, thus, the specification of varying processes while providing high process flexibility at run time

OUTSOURCING DOCUMENT MANAGEMENT SYSTEM/APPLICATION AS KEY FACTOR FOR COMPLIANT PROCESS IMPLEMENTATION AND INCREASING MANAGEMENT EFFICIENCY

Today, in knowledge and information technology era, the world’s businesses, both large and small, are increasingly seeking to useinformation technologies – especially information systems. There are implemented and maintained several of information systems:resource view based, customer orientated, document exchange information systems and universal ones, as opposed to specialized,and contains a lot more functionality offer. Information systems are implemented to ensure the core business functionality by automatingcertain processes, providing benefits such as business process transparency, arrangement and actualization. By the use ofinformation systems certain services became popular, which are related with the established information system maintenance – theongoing process of auditing, risk identification and management, and compliance regulations, laws, standards and guidelines. Suchcompliance is essential for the better functioning of information systems and aligns its activities. This article explores a theory of IToutsourcing and IT Compliance definition to give an idea of the need for it, and point to the benefits organizations can in carrying outthese processes – system dynamics modeling research method was used in following research.KEYWORDS: IT Compliance, Outsourcing, Business Efficiency, Electronic Documents Management Systems

Context-Aware Process Injection: Enhancing Process Flexibility by Late Extension of Process Instances

Companies must cope with high process variability and a strong demand for process flexibility due to customer expectations, product variability, and an abundance of regulations. Accordingly, numerous business process variants need to be supported depending on a multiplicity of influencing factors, e.g., customer requests, resource availability, compliance rules, or process data. In particular, even running processes should be adjustable to respond to contextual changes, new regulations, or emerging customer requests. This paper introduces the approach of context-aware process injection. It enables the sophisticated modeling of a context-aware injection of process fragments into a base process at design time, as well as the dynamic execution of the specified processes at run time. Therefore, the context-aware injection even considers dynamic wiring of data flow. To demonstrate the feasibility and benefits of the approach, a case study was conducted based on a proof-of-concept prototype developed with the help of an existing adaptive process management technology. Overall, context-aware process injection facilitates the specification of varying processes and provides high process flexibility at run time as well

Supporting compliance verification for collaborative business processes.

Collaborative business processes are the current trend of business processes supported by the advances in technology like the Internet and collaborative networks. Enterprises no longer do business in isolation. The customer demands are always changing and becoming sophisticated with dynamic requirements and the shortening period in which they must be met. Collaborative business processes must conform with not only customer demands but also with laws, standards, best practice and regulations. These impose constraints on the business process that must be satisfied otherwise they attract criminal charges or financial fines. Corporate scandals for companies like Enron, World- com, Societe General etc. were a result of non-compliance. This attracted regulations like the Sarbanese Oxley Act, Basel III, Anti money laundering act among others with articles guiding operational practice. However, non compliance is still observed especially among SMEs that do not possess the skilled man power or the funding to acquire automated compliance solutions. In this thesis, we sought to support non-expert end users through a compliance management approach that can guide the specification and verification of compliance for collaborative business process with a range of policy and regulatory requirements. Collaborative business processes differ from traditional business processes. They are characterised by specific attributes that present unique verification requirements that cannot be automatically addressed by existing verification approaches. To achieve the intended goal, design science research method was employed to develop a mechanism to elicit requirements from different sources, translate them into formal constraints based on formal semantics, and a set of algorithms were composed to support compliance verification. The algorithms provide meaningful and easy to understand feedback to the end user about the compliance or violation of the collaborative business process. Due to the fact that policies and regulations change often, we adopted simulation analysis as a technique to assess and analyse the impact of such changes to the business process before actual implementation. The thesis artifacts are evaluated based on known information systems model evaluation methods following the design science recommended steps and the Method Evaluation model (MEM). We also validate and evaluate the compliance algorithms using a different industrial use case (the car insurance trading business process) from the case used in their design (the pick and pack business process). Further more, the performance of the algorithms is evaluated based on their computation complexity

Aero-industry EDP business systems environment

Aero-Industry is a Fortune 500 aerospace and industrial component manufacturing corporation. It is divided into Aerospace and Industrial business segments with total sales of $1.5 billion in 1988. It experienced rapid growth throughout the past fifteen years as it diversified its product lines. Executive management\u275 overriding operational strategy promoted decentralization of business operations and EDP business systems. The Aerospace segment consists of three divisions: Power Systems, Data Control and the Advanced Technology. These divisions have recently pleaded guilty to violations of Department of Defense (DOD) contract compliance regulations that resulted in record fines of over$130 million. The DOD specifically identified shortcomings in the inventory control and cost accounting management systems of the divisions. Most of these problems must be resolved as part of the settlement agreement. The problems will not be easy to resolve because the current systems were designed on a decentralized basis that has led to the existence of redundant data, processes and system interfaces. The lack of integration has resulted in increased staffing to use and maintain the systems. The Aerospace industry operates within a complex business environment that places many external and internal requirements on the organization and its business systems. The requirements are subject to periodic modification that creates a very complex systems environment for the divisions to maintain and operate

Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology

This article presents the findings from a longitudinal research study on regulatory technology in the UK financial services industry. The financial crisis with serious corporate and mutual fund scandals raised the profile of compliance as governmental bodies, institutional and private investors introduced a ‘tsunami’ of financial regulations. Adopting a multi-level analysis, this study examines how regulatory technology was used by financial firms to meet their compliance obligations, pre- and post-crisis. Empirical data collected over 12 years examine the deployment of an investment management system in eight financial firms. Interviews with public regulatory bodies, financial institutions and technology providers reveal a culture of compliance with increased transparency, surveillance and accountability. Findings show that dialectic tensions arise as the pursuit of transparency, surveillance and accountability in compliance mandates is simultaneously rationalized, facilitated and obscured by regulatory technology. Responding to these challenges, regulatory bodies continue to impose revised compliance mandates on financial firms to force them to adapt their financial technologies in an ever-changing multi-jurisdictional regulatory landscape