Compliant and flexible business processes with business rules.

When modeling business processes, we often implicitly think of internal business policies and external regulations. Yet to date, little attention is paid to avoid hard-coding policies and regulations directly in control-flow based process models. The standpoint of this analysis is the role of business rule modeling in achieving business process flexibility. In particular, it is argued that flexible business process models require business rules as a declarative formalism to capture the semantics of policy and regulation. Four kinds of business rules can be used as a starting point to generate less complex control-flow-based business process models. It is shown that these different kinds of business rules relate to different perspectives in the taxonomy of business process flexibility.

Change Support in Process-Aware Information Systems - A Pattern-Based Analysis

In today's dynamic business world the economic success of an enterprise increasingly depends on its ability to react to changes in its environment in a quick and flexible way. Process-aware information systems (PAIS) offer promising perspectives in this respect and are increasingly employed for operationally supporting business processes. To provide effective business process support, flexible PAIS are needed which do not freeze existing business processes, but allow for loosely specified processes, which can be detailed during run-time. In addition, PAIS should enable authorized users to flexibly deviate from the predefined processes if required (e.g., by allowing them to dynamically add, delete, or move process activities) and to evolve business processes over time. At the same time PAIS must ensure consistency and robustness. The emergence of different process support paradigms and the lack of methods for comparing existing change approaches have made it difficult for PAIS engineers to choose the adequate technology. In this paper we suggest a set of changes patterns and change support features to foster the systematic comparison of existing process management technology with respect to process change support. Based on these change patterns and features, we provide a detailed analysis and evaluation of selected systems from both academia and industry. The identified change patterns and change support features facilitate the comparison of change support frameworks, and consequently will support PAIS engineers in selecting the right technology for realizing flexible PAIS. In addition, this work can be used as a reference for implementing more flexible PAIS

Designing compliant business processes with obligations and permissions. Business process management workshops.

The sequence and timing constraints on the activities in business processes are an important aspect of business process compliance. To date, these constraints are most often implicitly transcribed into control-flow-based process models. This implicit representation of constraints, however, complicates the verification, validation and reuse in business process design. In this paper, we investigate the use of temporal deontic assignments on activities as a means to declaratively capture the control-flow semantics that reside in business regulations and business policies. In particular, we introduce PENELOPE, a language to express temporal rules about the obligations and permissions in a business interaction, and an algorithm to generate compliant sequence-flow-based process models that can be used in business process design.

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations

The legal framework for Australia's Carbon Pricing Mechanism: a critique

As part of the Australian Government’s Clean Energy Plan, the Government has attempted to harness the legal innovation of the tradeable emissions unit, within a capped carbon trading system, to reduce greenhouse gas emissions. Such an approach promises to send a price signal to the market which will influence emitting behaviours and reduce our emissions in a cost-effective manner. However, if the carbon trading scheme is to successfully achieve cost-effective emissions reductions then the carbon market must be supported by an appropriate legal framework. This paper will consider the key features of the Australian Carbon Pricing Mechanism, including the Carbon Farming Initiative, and critique whether it has all the hallmarks of an effective legal framework to reduce Australia’s net greenhouse gas emissions. The likely future of the trading scheme, following the 2013 elections, will also be addressed

The PRIMO FORTE framework for good governance in public, private and civic organisations : an analysis on small EU states

Purpose: In this article we lay out and discuss a framework proposed by the Public Risk Management Organisation (PRIMO) (https://www.primo-europe.eu/) of which the authors are board members and the results of a test on public and private entities of EU small jurisdictions, specifically Malta, Slovenia, Luxembourg, Lithuania, Latvia, Estonia and Cyprus. These are countries within the EU having less than 3 million people population. Design/methodology/approach: We collected our primary data by using a semi-structured questionnaire and administering it to participants who are working directly or indirectly with entities within these EU states. The questionnaire was structured using the FORTETM acronym as themes, ‘Financial and compliant design’, ‘Object orientation and delivery’, ‘Responsibility and stewardship’, ‘Tools and processes for creation’ and ‘Environmental awareness and interaction’, with 5 statements under each theme to which participants were required to answer using a 5-point Likert-scale ranging from “Strongly Disagree” to “Strongly Agree”. We, however, allowed the participants to open up and discuss each statement and recorded these comments. Some demographic data was also collected as to the type of entity the participants are working with, the level of expertise on governance of the participant and the size of the entity. The quantitative data was subjected to statistical analysis while the results from the open ended question was analysed using the Thematic approach. Findings: Factor analysis provided support for the FORTE Good Governance model for both the Private and Public entities, no-matter if they are small or large. Originality/value: The study provides a better understanding and supports the FORTE Model established by PRIMO-Europe, after approximately 15 years of collecting data on public risks and for the first time tests it on both Private and Public entities, in large and small firms in small EU Jurisdictions. Moreover, this model contributed to the vast literature on models of risk management within organisations, but was not validated empirically for reliability of the factors, and on small jurisdictions. Therefore, the significance and importance of such a study lies firstly on the premise that testing on small countries, can be deemed as small laboratories for more complex politics, regulations and policies of larger countries.peer-reviewe

Business Process Redesign in the Perioperative Process: A Case Perspective for Digital Transformation

This case study investigates business process redesign within the perioperative process as a method to achieve digital transformation. Specific perioperative sub-processes are targeted for re-design and digitalization, which yield improvement. Based on a 184-month longitudinal study of a large 1,157 registered-bed academic medical center, the observed effects are viewed through a lens of information technology (IT) impact on core capabilities and core strategy to yield a digital transformation framework that supports patient-centric improvement across perioperative sub-processes. This research identifies existing limitations, potential capabilities, and subsequent contextual understanding to minimize perioperative process complexity, target opportunity for improvement, and ultimately yield improved capabilities. Dynamic technological activities of analysis, evaluation, and synthesis applied to specific perioperative patient-centric data collected within integrated hospital information systems yield the organizational resource for process management and control. Conclusions include theoretical and practical implications as well as study limitations