Model-Based Compliance in Information Systems – Foundations, Case Description and Data Set of the MobIS-Challenge for Students and Doctoral Candidates

Information systems (IS) can significantly support the organization of business processes. However, the proceeding digitalization of processes can also lead to an increasing organizational complexity and the need to more intensely investigate the adherence to external or internal compliance rules. Process-related data from IS and underlying process models can, however, also contribute to an effective compliance checking. This paper first presents conceptual foundations of model-based compliance checking that motivated the MobIS-Challenge workshop for students and doctoral candidates at WI 2019.Second, we introduce the challenge itself and its corresponding data set. The data describes an exemplary travel management process in a medium-sized consulting company and served for the development and validation of adequate solutions addressing the compliance checking requirements. Solutions accepted for presentation at the workshop are briefly outlined in this paper

Collection and Elicitation of Business Process Compliance Patterns with Focus on Data Aspects

Business process compliance is one of the prevalent challenges for companies. Despite an abundance of research proposals, companies still struggle with manual compliance checks and the understanding of compliance violations in the light of missing root-cause explanations. Moreover, approaches have merely focused on the control flow perspective in compliance checking, neglecting other aspects such as the data perspective. This paper aims at analyzing the gap between existing academic work and compliance demands from practice with a focus on the data aspects. The latter emerges from a small set of regulatory documents from different domains. Patterns are assumed as the right level of abstraction for compliance specification due to their independence of (technical) implementation in (process-aware) information systems, potential for reuse, and understandability. A systematic literature review collects and assesses existing compliance patterns. A first analysis of ten regulatory documents from different domains specifically reveals data-oriented compliance constraints that are not yet reflected by existing compliance patterns. Accordingly, data-related compliance patterns are specified

Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems

Key to the use of process management systems (PrMS) in practice is their ability to facilitate the implementation, execution, and adaptation of business processes while still being able to ensure error-free process executions. Mechanisms have been developed to prevent errors at the syntactic level such as deadlocks. In many application domains, processes often have to comply with business level rules and policies (i.e., semantic constraints). Hence, in order to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints throughout the process lifecycle. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they meet the requirements and which challenges still have to be tackled. Finally, we show how the challenge of life time compliance can be dealt with by integrating design time and runtime process validation

ENFORCING COMPLIANCE ON BUSINESS PROCESSES THROUGH THE USE OF PATTERNS

In the past recent years, business process compliance has become an area of significant concern to many organizations. Despite an increasing number of methods and tools, organizations are still facing difficulties in finding effective support to ensure that their business processes comply with the requirements set forth by regulations, laws, standards, etc. While manual solutions offer limited assurance for compliance, there is a lack of a comprehensive framework for semi-automatically managing compliance requirements and ensuring compliance throughout all the phases of business process lifecycle. One of the foundational building blocks of such a framework is a generic conceptual model that supports factoring compliance and its relation to business processes. This paper introduces a compliance conceptual model to capture and manage compliance requirements and to relate them to business processes in a transparent and verifiable manner. The model also incorporates a set of patterns to facilitate the specification of formal compliance rules to be used for automated compliance verification and monitoring. We have developed a set of integrated tools that supports our framework and partially validated the framework in two case studies involving industry companies

A systematic investigation of risk management and process mining ontologies

Διπλωματική εργασία--Πανεπιστήμιο Μακεδονίας, Θεσσαλονίκη, 2019.This study proposes and examines the ‘’Risk – Process’’ ontology with respect to and in comparison with the Process mining methodology. The ontology consists of Process elements (Process Mining, Business Process Management and Business Process Intelligence) and Risk elements (Governance, Risk Management & Compliance, Internal Audit and Enterprise Risk Management). A two-fold literature review is executed, focusing firstly on the six key elements of the ‘’Risk - Process’’ ontology, and secondly at the “Risk” components of the ontology. Moving on, as an original contribution, the popularity and the coherence of the aforementioned elements in internet searches from 2004 to 2018 is presented and forecasted with the use of the Google Trends tool. As a last step, a statistical analysis of the time series obtained through Google Trends is performed, in order to find relation, correlations, statistical significance and predictors with respect to Process minin

On Enabling Integrated Process Compliance with Semantic Constraints in Process Management Systems

Key to broad use of process management systems (PrMS) in practice is their ability to foster and ease the implementation, execution, monitoring, and adaptation of business processes while still being able to ensure robust and error-free process enactment. To meet these demands a variety of mechanisms has been developed to prevent errors at the structural level (e.g., deadlocks). In many application domains, however, processes often have to comply with business level rules and policies (i.e., semantic constraints) as well. Hence, to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they are able to meet the requirements and which challenges still have to be tackled. In order to tackle the particular challenge of providing integrated compliance support over the process lifecycle, we introduce the SeaFlows framework. The framework introduces a behavioural level view on processes which serves a conceptual process representation for constraint specification approaches. Further, it provides general compliance criteria for static compliance validation but also for dealing with process changes. Altogether, the SeaFlows framework can serve as formal basis for realizing integrated support of semantic constraints in PrMS

On the Distinction between Truthful, Invisible, False and Unobserved Events An Event Existence Classification Framework and the Impact on Business Process Analytics Related Research Areas

In this paper we present an event existence classification framework based on five business criteria. As a result we are able to distinguish thirteen event types distributed over four categories, i.e. truthful, invisible, false and unobserved events. Currently, several of these event types are not commonly dealt with in business process analytics research. Based on the proposed framework we situate the different business process analytics research areas and indicate the potential issues for each field. A real world case will be elaborated to demonstrate the relevance of the event classification framework

A scientometric analysis and review of fall from height research in construction

Fall from height (FFH) in the construction industry has earned much attention among researchers in recent years. The present review-based study introduced a science mapping approach to evaluate the FFH studies related to the construction industry. This study, through an extensive bibliometric and scientometric assessment, recognized the most active journals, keywords and the nations in the field of FFH studies since 2000. Analysis of the authors’ keywords revealed the emerging research topics in the FFH research community. Recent studies have been discovered to pay more attention to the application of Computer and Information Technology (CIT) tools, particularly building information modelling (BIM) in research related to FFH. Other emerging research areas in the domain of FFH include rule checking, and prevention through design. The findings summarized the mainstream research areas (e.g., safety management program), discussed existing research gaps in FFH domain (e.g., the adaptability of safety management system), and suggests future directions in FFH research. The recommended future directions could contribute to improving safety for the FFH research community by evaluating existing fall prevention programs in different contexts; integrating multiple CIT tools in the entire project lifecycle; designing fall safety courses to workers associated with temporary agents and prototype safety knowledge tool development. The current study was restricted to the FFH literature sample included the journal articles published only in English and in Scopus

The evolution of ontology in AEC: A two-decade synthesis, application domains, and future directions

Ontologies play a pivotal role in knowledge representation, particularly beneficial for the Architecture, Engineering, and Construction (AEC) sector due to its inherent data diversity and intricacy. Despite the growing interest in ontology and data integration research, especially with the advent of knowledge graphs and digital twins, a noticeable lack of consolidated academic synthesis still needs to be addressed. This review paper aims to bridge that gap, meticulously analysing 142 journal articles from 2000 to 2021 on the application of ontologies in the AEC sector. The research is segmented through systematic evaluation into ten application domains within the construction realm- process, cost, operation/maintenance, health/safety, sustainability, monitoring/control, intelligent cities, heritage building information modelling (HBIM), compliance, and miscellaneous. This categorisation aids in pinpointing ontologies suitable for various research objectives. Furthermore, the paper highlights prevalent limitations within current ontology studies in the AEC sector. It offers strategic recommendations, presenting a well-defined path for future research to address these gaps