Model-Driven Management of Internal Controls for Business Process Compliance

The thesis tackles the problem of high effort for achieving business process compliance to regulations in the area of Enterprise Risk Management. Common to these regulations are requirements on the presence of effective internal controls in companies. The level of automation with regard to translating compliance requirements into a set of internal controls and assuring the effectiveness of these controls during execution of business processes is raised thorugh a novel model-driven approach

Modeling control objectives for business process compliance

Business process design is primarily driven by process improvement objectives. However, the role of control objectives stemming from regulations and standards is becoming increasingly important for businesses in light of recent events that led to some of the largest scandals in corporate history. As organizations strive to meet compliance agendas, there is an evident need to provide systematic approaches that assist in the understanding of the interplay between (often conflicting) business and control objectives during business process design. In this paper, our objective is twofold. We will firstly present a research agenda in the space of business process compliance, identifying major technical and organizational challenges. We then tackle a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models. Control objective modeling is proposed through a specialized modal logic based on normative systems theory, and the visualization of control objectives on business process models is achieved procedurally. The proposed approach is demonstrated in the context of a purchase-to-pay scenario

A Semantic-based Approach for Compliance Management of Internal Controls in Business Processes

Abstract. Enterprises require mechanisms to ensure that their business processes implement and fulfill internal controls in context of regulatory compliance such as Sarbanes Oxley Act. In this paper we propose an approach for the modeling and implementation of internal controls in business processes. The approach is based on the formal modeling of internal controls, thus it can serve as the basis for usage of logic mechanisms in the compliance verification process.

Towards Business Level Verification of Cross- Organizational Business Processes

Abstract. In this paper we present a novel approach for the verification of a business process configuration. The approach is formal, so that logic mechanisms are used in the verification process. The approach has been applied in the scope of the project ATHENA for the verification of cross organizational business processes