Using a Generic Model Query Approach to Allow for Process Model Compliance Checking – An Algorithmic Perspective

Increased regulation forces financial companies to assure their business processes’ compliance with legal and company-internal rules. In this paper, we introduce a model-driven business process compliance checking approach. It allows for defining compliance rules and identifying their occurrences in process models based on a graph theory-based approach. We outline the challenges to be met in the conceptualization of the approach and especially its implementation through suitable algorithms. Furthermore, we present an according modeling tool and evaluate the approach against related work

Understanding governance, risk and compliance information systems (GRC IS): the experts view

Although Governance, Risk and Compliance (GRC) is an emerging field of study within the information systems (IS) academic community, the concept behind the acronym has to still be demystified and further investigated. The study investigates GRC systems in depth by (a) reviewing the literature on existing GRC studies, and (b) presenting a field study on views about GRC application by professional experts. The aim of this exploratory study is to understand the aspects and the nature of the GRC system following an enterprise systems approach. The result of this study is a framework of particular GRC characteristics that need to be taken into consideration when these systems are put in place. This framework includes specific areas such as: goals and objectives, purpose of the system, key stakeholders, methodology and requirements prior to implementation, critical success factors and problems/barriers. Further discussion about the issues, the concerns and the diverse views on GRC would assist in developing an agenda for the future research on the GRC field

The Implementation of Governance Risk and Compliance Information Systems (GRC IS): Adoption Lifecycle and Enterprise Value

Governance, Risk and Compliance (GRC) has become an emerging field within the IS academic community. Motivated by this research direction, the study capitalizes on the theoretical background of Enterprise Systems (ES) and extends the focus on GRC systems’ implementation (enterprise value and lifecycle). Building upon expert views on GRC IS implementation projects, the analysis indicates that the three value drivers of integration; optimization and information should be considered throughout the whole GRC IS implementation lifecycle

Planteamiento de una metodología de sostenibilidad para disminuir el incumplimiento de los planes de gestión ambiental en empresas mineras

La degradación de la calidad ambiental por los impactos ambientales generados por la actividad humana se viene agravando cada vez más, esto ha conllevado a que las diferentes industrias busquen variadas soluciones a dichos impactos. El sector minero no escapa de dicho contexto. Al ser una de las industrias con un mayor impacto sobre el medio ambiente y la sociedad se ha enfocado en buscar variadas soluciones para mitigar sus impactos. El presente trabajo se enfocó en analizar una de estas posibles soluciones al desafío, los reportes de sostenibilidad, que como parte de las estrategias de transparencia de una empresa e integrados dentro de la Responsabilidad Social Corporativa, buscan informar a las partes interesadas sobre las actividades económicas, sociales y medio ambientales de esta. Es así que la investigación se centró en tres empresas de la gran minería peruana, Volcan Compañía Minera S.A., Minsur S.A. y Cerro Verde analizando tanto los actos administrativos generados por la entidad fiscalizadora – OEFA – así como las observaciones dentro de cada una de estas con la finalidad de reconocer tendencias asociadas a la aplicación de los reportes de sostenibilidad. Es así que los resultados del presente trabajo demuestran un decremento del incumplimiento de los planes de gestión ambiental expresados en la disminución de actos administrativos a lo largo de los años observados comparados en un antes y después de aplicado el reporte de sostenibilidad mediante la metodología del Global Reporting Initiative, que, para el presente, se concluye como la mejor alternativa a utilizarTrabajo de investigació

On Compliance Checking for Clausal Constraints in Annotated Process Models

Compliance management is important in several industry sectors where there is a high incidence of regulatory control. It must be ensured that business practices, as reflected in business processes, comply with the rules. Such compliance checks are challenging due to (1) the different life cycles of rules and processes, and (2) their disparate representations. (1) requires retrospective checking of process models. To address (2), we herein devise a framework where processes are annotated to capture the semantics of task execution, and compliance is checked against a set of constraints posing restrictions on the desirable process states. Each constraint is a clause, i.e., a disjunction of literals. If a process can reach a state that falsifies all literals of one of the constraints, then that constraint is violated in that state, and indicates non-compliance. Naively, such compliance can be checked by enumerating all reachable states. Since long waiting times are undesirable, it is important to develop efficient (low-order polynomial time) algorithms that (a) perform exact compliance checking for restricted cases, or (b) perform approximate compliance checking for more general cases. Herein, we observe that methods of both kinds can be defined as a natural extension of our earlier work on semanti

IT-gestütztes Compliance Management für Geschäftsprozesse

Die Einhaltung regulatorischer Anforderungen und interner Richtlinien ist zunehmend kritisch für den Unternehmenserfolg geworden. In dieser Arbeit wird ein Ansatz vorgestellt, der eine effiziente Compliance-Prüfung von Geschäftsprozessen basierend auf den in standardisierten Ereignisprotokollen aufgezeichneten Ereignisdaten ermöglicht. Neben einer Referenzimplementierung des Ansatzes werden eine Erweiterung für ein Geschäftsprozessmanagementwerkzeug sowie ein webbasiertes Dashboard entwickelt