Integrated Modelling of Business Process Models and Business Rules: A Research Agenda

Process models are the basis for a wide range of critical activities within an organisation. It is not surprising then that process models, and the act of process modelling, have been the focus of much research over the last two decades. Recent research indicates, however, that common process modelling notations lack sufficient representation for capturing business rules. Although the need for business processes and business rules to be modelled in an integrated manner is well established, the body of knowledge on integrated modelling of the two is limited. In this paper our aim is to review the state of related research and develop a research agenda, based on a systematic review of related literature, to advance research in this field. We present a consolidated view of the benefits of rule and process model integration, together with an overview of current related approaches, and a research agenda going forward

An Architecture to infer Business Rules from Event Condition Action Rules implemented in the Persistence Layer

The business rules that govern the behaviour of a business process can be hardcoded in different ways in a software application. The modernization or improvement of these applications to a process-oriented perspective implies typically the modification of the business rules. Frequently, legacy systems are not well-documented, and almost always, the documentation they have is not updated. As a consequence many times is necessary the analysis of source code and databases structures to be transformed into a business language more understandable by the business experts involved in the modernization process. Database triggers are one of the artefacts in which business rules are hardcoded. We focus on this kind of artefacts, having in mind to avoid the manual analysis of the triggers by a database expert, and bringing it closer to business experts. To get this aim we need to discover business rules that are hardcoded in triggers, and translate it into vocabularies that are commonly used by business experts. In this paper we propose an ADM-based architecture to discover business rules and rewrite then into a language that can be understood by the business experts.Ministerio de Ciencia y Tecnología TIN2009-13714Ministerio de Ciencia y Tecnología TIN2010-20057-C03-02Ministerio de Ciencia y Tecnología TIN2010-21744-C02-

Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey

1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD

Personal Data Protection Inside and Out Integrating - Data Protection Requirements in the Data Lifecycle

Personal data is increasingly positioned as a valuable asset. While individuals generate and expose ever-expanding volumes of personal information online, certain tech companies have built their business models on the personal data they gather. In this context, lawmakers are revising data protection regulations in order to provide individuals with enhanced rights and set new rules regarding the way corporations collect, manage, and share personal information. We argue that recent data protection regulatory frameworks such as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) are fundamentally about data management. Yet, there have been no attempts to analyze the regulations in terms of their implications on the data life cycle. In this paper, we systematically analyze the GDPR and the CCPA, and identify their implications on the data life cycle. To synthesize our findings, we propose a semi-formal notation of the resulting changes on the personal data life cycle, in the form of a process and data model governed by business rules, consolidated in a reference personal data life cycle model for data protection. To the best of our knowledge, this study represents one of the first attempts to provide a data-centric view on data protection regulatory requirements

Enterprise modelling framework for dynamic and complex business environment: socio-technical systems perspective

The modern business environment is characterised by dynamism and ambiguity. The causes include global economic change, rapid change requirements, shortened development life cycles and the increasing complexity of information technology and information systems (IT/IS). However, enterprises have been seen as socio-technical systems. The dynamic complex business environment cannot be understood without intensive modelling and simulation. Nevertheless, there is no single description of reality, which has been seen as relative to its context and point of view. Human perception is considered an important determinant for the subjectivist view of reality. Many scholars working in the socio-technical systems and enterprise modelling domains have conceived the holistic sociotechnical systems analysis and design possible using a limited number of procedural and modelling approaches. For instance, the ETHICS and Human-centred design approaches of socio-technical analysis and design, goal-oriented and process-oriented modelling of enterprise modelling perspectives, and the Zachman and DoDAF enterprise architecture frameworks all have limitations that can be improved upon, which have been significantly explained in this thesis. [Continues.

Current and Future Issues in BPM Research: A European Perspective from the ERCIS Meeting 2010

Business process management (BPM) is a still-emerging field in the academic discipline of Information Systems (IS). This article reflects on a workshop on current and future issues in BPM research that was conducted by seventeen IS researchers from eight European countries as part of the 2010 annual meeting of the European Research Center for Information Systems (ERCIS). The results of this workshop suggest that BPM research can meaningfully contribute to investigating a broad variety of phenomena that are of interest to IS scholars, ranging from rather technical (e.g., the implementation of software architectures) to managerial (e.g., the impact of organizational culture on process performance). It further becomes noticeable that BPM researchers can make use of several research strategies, including qualitative, quantitative, and design-oriented approaches. The article offers the participants’ outlook on the future of BPM research and combines their opinions with research results from the academic literature on BPM, with the goal of contributing to establishing BPM as a distinct field of research in the IS discipline

Declarative techniques for modeling and mining business processes..

Organisaties worden vandaag de dag geconfronteerd met een schijnbare tegenstelling. Hoewel ze aan de ene kant veel geld geïnvesteerd hebben in informatiesystemen die hun bedrijfsprocessen automatiseren, lijken ze hierdoor minder in staat om een goed inzicht te krijgen in het verloop van deze processen. Een gebrekkig inzicht in de bedrijfsprocessen bedreigt hun flexibiliteit en conformiteit. Flexibiliteit is belangrijk, omdat organisaties door continu wijzigende marktomstandigheden gedwongen worden hun bedrijfsprocessen snel en soepel aan te passen. Daarnaast moeten organisaties ook kunnen garanderen dan hun bedrijfsvoering conform is aan de wetten, richtlijnen, en normen die hun opgelegd worden. Schandalen zoals de recent aan het licht gekomen fraude bij de Franse bank Société Générale toont het belang aan van conformiteit en flexibiliteit. Door het afleveren van valse bewijsstukken en het omzeilen van vaste controlemomenten, kon één effectenhandelaar een risicoloze arbitragehandel op prijsverschillen in futures omtoveren tot een risicovolle, speculatieve handel in deze financiële derivaten. De niet-ingedekte, niet-geautoriseerde posities bleven lange tijd verborgen door een gebrekkige interne controle, en tekortkomingen in de IT beveiliging en toegangscontrole. Om deze fraude in de toekomst te voorkomen, is het in de eerste plaats noodzakelijk om inzicht te verkrijgen in de operationele processen van de bank en de hieraan gerelateerde controleprocessen. In deze tekst behandelen we twee benaderingen die gebruikt kunnen worden om het inzicht in de bedrijfsprocessen te verhogen: procesmodellering en procesontginning. In het onderzoek is getracht technieken te ontwikkelen voor procesmodellering en procesontginning die declaratief zijn. Procesmodellering process modeling is de manuele constructie van een formeel model dat een relevant aspect van een bedrijfsproces beschrijft op basis van informatie die grotendeels verworven is uit interviews. Procesmodellen moeten adequate informatie te verschaffen over de bedrijfsprocessen om zinvol te kunnen worden gebruikt bij hun ontwerp, implementatie, uitvoering, en analyse. De uitdaging bestaat erin om nieuwe talen voor procesmodellering te ontwikkelen die adequate informatie verschaffen om deze doelstelling realiseren. Declaratieve procestalen maken de informatie omtrent bedrijfsbekommernissen expliciet. We karakteriseren en motiveren declaratieve procestalen, en nemen we een aantal bestaande technieken onder de loep. Voorts introduceren we een veralgemenend raamwerk voor declaratieve procesmodellering waarbinnen bestaande procestalen gepositioneerd kunnen worden. Dit raamwerk heet het EM-BrA�CE raamwerk, en staat voor `Enterprise Modeling using Business Rules, Agents, Activities, Concepts and Events'. Het bestaat uit een formele ontolgie en een formeel uitvoeringsmodel. Dit raamwerk legt de ontologische basis voor de talen en technieken die verder in het doctoraat ontwikkeld worden. Procesontginning process mining is de automatische constructie van een procesmodel op basis van de zogenaamde event logs uit informatiesystemen. Vandaag de dag worden heel wat processen door informatiesystemen in event logs geregistreerd. In event logs vindt men in chronologische volgorde terug wie, wanneer, welke activiteit verricht heeft. De analyse van event logs kan een accuraat beeld opleveren van wat er zich in werkelijkheid afspeelt binnen een organisatie. Om bruikbaar te zijn, moeten de ontgonnen procesmodellen voldoen aan criteria zoals accuraatheid, verstaanbaarheid, en justifieerbaarheid. Bestaande technieken voor procesontginning focussen vooral op het eerste criterium: accuraatheid. Declaratieve technieken voor procesontginning richten zich ook op de verstaanbaarheid en justifieerbaarheid van de ontgonnen modellen. Declaratieve technieken voor procesontginning zijn meer verstaanbaar omdat ze pogen procesmodellen voor te stellen aan de hand van declaratieve voorstellingsvormen. Daarenboven verhogen declaratieve technieken de justifieerbaarheid van de ontgonnen modellen. Dit komt omdat deze technieken toelaten de apriori kennis, inductieve bias, en taal bias van een leeralgoritme in te stellen. Inductief logisch programmeren (ILP) is een leertechniek die inherent declaratief is. In de tekst tonen we hoe proces mining voorgesteld kan worden als een ILP classificatieprobleem, dat de logische voorwaarden leert waaronder gebeurtenis plaats vindt (positief event) of niet plaatsvindt (een negatief event). Vele event logs bevatten van nature geen negatieve events die aangeven dat een bepaalde activiteit niet kon plaatsvinden. Om aan dit probleem tegemoet te komen, beschrijven we een techniek om artificiële negatieve events te genereren, genaamd AGNEs (process discovery by Artificially Generated Negative Events). De generatie van artificiële negatieve events komt neer op een configureerbare inductieve bias. De AGNEs techniek is geïmplementeerd als een mining plugin in het ProM raamwerk. Door process discovery voor te stellen als een eerste-orde classificatieprobleem op event logs met artificiële negatieve events, kunnen de traditionele metrieken voor het kwantificeren van precisie (precision) en volledigheid (recall) toegepast worden voor het kwantificeren van de precisie en volledigheid van een procesmodel ten opzicht van een event log. In de tekst stellen we twee nieuwe metrieken voor. Deze nieuwe metrieken, in combinatie met bestaande metrieken, werden gebruikt voor een uitgebreide evaluatie van de AGNEs techniek voor process discovery in zowel een experimentele als een praktijkopstelling.

Hybrid business process modeling for the optimization of outcome data

Context: Declarative business processes are commonly used to describe permitted and prohibited actions in a business process. However, most current proposals of declarative languages fail in three aspects: (1) they tend to be oriented only towards the execution order of the activities; (2) the optimization is oriented only towards the minimization of the execution time or the resources used in the business process; and (3) there is an absence of capacity of execution of declarative models in commercial Business Process Management Systems. Objective: This contribution aims at taking into account these three aspects, by means of: (1) the formalization of a hybrid model oriented towards obtaining the outcome data optimization by combining a data-oriented declarative specification and a control-flow-oriented imperative specification; and (2) the automatic creation from this hybrid model to an imperative model that is executable in a standard Business Process Management System. Method: An approach, based on the definition of a hybrid business process, which uses a constraint programming paradigm, is presented. This approach enables the optimized outcome data to be obtained at runtime for the various instances. Results: A language capable of defining a hybrid model is provided, and applied to a case study. Likewise, the automatic creation of an executable constraint satisfaction problem is addressed, whose resolution allows us to attain the optimized outcome data. A brief computational study is also shown. Conclusion: A hybrid business process is defined for the specification of the relationships between declarative data and control-flow imperative components of a business process. In addition, the way in which this hybrid model automatically creates an entirely imperative model at design time is also defined. The resulting imperative model, executable in any commercial Business Process Management System, can obtain, at execution time, the optimized outcome data of the process.Ministerio de Ciencia y Tecnología TIN2009-1371

Effect of Linked Rules on Business Process Model Understanding

Business process models are widely used in organizations by information systems analysts to represent complex business requirements and by business users to understand business operations and constraints. This understanding is extracted from graphical process models as well as business rules. Prior research advocated integrating business rules into business process models to improve the effectiveness of important organizational activities, such as developing shared understanding, effective communication, and process improvement. However, whether such integrated modeling can improve the understanding of business processes has not been empirically evaluated. In this paper, we report on an experiment that investigates the effect of linked rules, a specific rule integration approach, on business process model understanding. Our results indicate that linked rules are associated with better time efficiency in interpreting business operations, less mental effort, and partially associated with improved accuracy of understanding