Detecting the Effects of Changes on the Compliance of Cross-organizational Business Processes

An emerging challenge for collaborating business partners is to properly define and evolve their cross-organizational processes with respect to imposed global compliance rules. Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial. Opposed to intra-organizational processes, however, change effects cannot be easily assessed in such distributed scenarios, where partners only provide restricted public views and assertions on their private processes. Even if local process changes are invisible to partners, they might affect the compliance of the cross-organizational process with the mentioned rules. This paper provides an approach for ensuring compliance when evolving a cross-organizational process. For this purpose, we construct qualified dependency graphs expressing relationships between process activities, process assertions, and compliance rules. Based on such graphs, we are able to determine the subset of compliance rules that might be affected by a particular change. Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings

An Operational Semantics for the Extended Compliance Rule Graph Language

A challenge for any enterprise is to ensure conformance of its business processes with imposed compliance rules. Usually, the latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. Like for process modeling, intuitive visual languages have been proposed for specifying compliance rules. However, business process compliance cannot completely be decided at design time, but needs to be monitored during run time as well. In previous work we introduced the extended Compliance Rule Graph (eCRG) language that enables the visual monitoring of business process compliance regarding the control flow, data, time, and resource perspectives as well as the interactions a process has with business partners. This technical report introduces an operational semantics of the eCRG language. In particular, the state of a visual compliance rule is reflected through markings and annotations of an eCRG. The proposed operational semantics not only allows detecting compliance violations at run-time, but visually highlights their causes as well. Finally, it allows providing recommendations to users in order to proactively ensure for a compliant continuation of a running business process

Combination usage of process mining and adaptive case management

Process mining performs well on structured processes like BPM. In recent years, Adaptive Case Management (ACM) was introduced to support knowledge workers by giving them the permission to define processes on the fly in unpredictable situations. By doing so, processes seem to be unstructured and hard to be enhanced. The goal of this thesis is to analyze how process mining can improve and benefit unstructured processes and to develop a prototype for a potential application. The scenario analysis focuses on (1) supporting knowledge workers with process mining, (2) transiting from unstructured to structured processes through process mining, and (3) compliance regulations in unstructured processes through process mining. One scenario is selected based on the analysis for implementing a prototype. Due to the importance of compliance regulations and rare researches on compliance regulations in unstructured processes, the scenario (3) is selected and an approach of compliance checking for unstructured processes using process mining is proposed. The prototype of the approach leverages process mining to discover hidden structured in unstructured processes and implements compliance checking functionalities consisting of graphical rule definition, rule creation and rule checking on a log in Oryx platform. The prototype visualizes violating paths on the process model and reports all violating process instances. The evaluation proves that the prototype is indeed capable of compliance checking with a large real-life data log

Integrating compliance requirements across business and IT

Ensuring compliance to laws and regulations in their business processes is a burdensome obligation for today’s companies. Compliance requirements cover many areas of business and IT, including process design, deployment and run-time. Past approaches only covered some of these aspects. In this work we introduce a generic compliance descriptor, integrating different technical compliance implementations and keeping the link between laws, requirements and implementations, thus facilitating compliance in face of changes in laws, processes, and IT