Figure 4 - uploaded by Stephan Kühnel
Content may be subject to copyright.
Source publication
Actual research approaches out of the business process management in conjunction with the control and compliance theory place new demands on the flexibility of processes. Since current ontologies are not able to depict control and business processes considering these demands, we merged existing approaches and developed the refined and extended onto...
Citations
... Standards such as the Business Process Modeling and Notation (BPMN) allow for the graphical modeling and specification of business process models [49]. Business process models provide specific insights into how organizations work and we argue that they offer the opportunity to integrate IT security measures into their process landscape, as shown by Seyffarth et al. [50]. One example is the implementation of so-called access controls to monitor and control access to organizational systems for ensuring the integrity and confidentiality of data [51]. ...
... We are Figure 1. Compliance meta-model (based on (Seyffarth et al., 2016;2017a)). ...
The term compliance essentially refers to ensuring that business processes, operations and practices conform to an agreed set of rules. Such rules can influence both business processes and components of an information technology (IT) architecture, resulting in relationships between (1) compliance requirements, (2) process elements and (3) IT components. Whenever one element of these three classes is changed, e.g. when outsourcing decisions are made, a relationship analysis becomes necessary in order to identify demanding and violated compliance requirements. Since a manual relationship analysis is a complicated and elaborate task, the paper at hand presents methods to 1) automatically identify potential compliance violations in the context of changes and 2) automatically propose process adaptions for maintaining or re-establishing compliance. The methods are implemented as a software artefact, evaluated as useful in the context of an expert survey and contribute to the support of process adaptation decisions for maintaining compliance following changes.
... Abbildung 1a zeigt ein vereinfachtes Geschäftsprozessmodell, das um Sichten auf Compliance-Anforderungen (CA) und IT-Komponenten (ITK) erweitert wurde. Compliance-Anforderungen können wiederum durch andere Compliance-Anforderungen spezialisiert werden und sowohl Bedingungen an Aktivitäten als auch an IT-Komponenten stellen [KD08,SKS16] Vor der Änderung eines Startelements können direkte und transitive Beziehungen zu jedem der Zielelementtypen Aktivität, Compliance-Anforderung und IT-Komponente bestimmt werden. Die Bestimmung erfolgt in Abhängigkeit der Typen der Start-und Zielelemente und erfordert jeweils eine eigene Suchmethode. ...
Gesetze, Normen oder Standards stellen eine Vielzahl, sogenannter Compliance-
Anforderungen an Geschäftsprozesse und Informationstechnologie (IT). Änderung an Aktivitäten
eines Geschäftsprozesses, IT-Komponenten oder bestehenden Compliance-Anforderungen erfordern
weiterhin die Sicherstellung der Konformität des Geschäftsprozesses oder der ITKomponenten
gegenüber ihren Compliance-Anforderungen. Dazu bedarf es einer Methode, die
alle von der Änderung betroffenen Aktivitäten, IT-Komponenten oder Compliance-Anforderungen
bestimmen kann. Zur Problemlösung wurde die Geschäftsprozessmodellierungssprache Business
Process Model and Notation (BPMN) um einen Graphen erweitert, der alle IT-Komponenten und
Compliance-Anforderungen beinhaltet. Außerdem wurden Anfragen konzipiert und implementiert,
die es erlauben alle Compliance-Anforderungen zu bestimmen, die direkte oder transitive Bedingungen
an eine zu ändernde Aktivität oder IT-Komponente stellen.
... However, a major challenge is the determination of appropriate compliance processes, as they depend on a large number of different characteristics (c.f.[9,13,[19][20][21]). The characteristics of a compliance process can determine its execution in a business process[22]or its efficiency and effectiveness (c.f.[9,23]). Meanwhile, a substantial body of research has discussed the characteristics of compliance processes. ...
... The resulting compliance process taxonomy enhances the descriptive knowledge in the field of BPC with two main contributions[28]. First, it extends existing classifications[13,19,21,24]according to characteristics that are relevant for the ad hoc integration of compliance processes in ongoing business processes to ensure BPC during runtime[22]. Second, it combines additional general characteristics of compliance processes (e.g.[9,20,29,30]) in a traceable way. ...
... To describe relevant elements and their interrelations in the field of BPC, compliance models are often used. Many compliance models display the connection between compliance requirements, business processes, and controls or control processes[2,4,5,12,22]. For an ad hoc integration of compliance processes in ongoing business processes, a compliance model must depict at least three major requirements: (a) a separate modelling of business processes and compliance processes[15]; (b) a detailed description of the connection between compliance requirements, business processes, and further compliance processes; and (c) a separated view of process scheme and process instance. ...
Dynamic markets and new technology developments lead to an increasing number of compliance requirements. Thus, affected business processes must be flexible and adaptable. Ensuring business processes compliance (BPC) is traditionally operationalized by means of controls, which can be described as simple target-performance comparisons. Since such controls are not always suitable for achieving BPC, the view is extended by so-called compliance processes. However, the definition and design of appropriate compliance processes for effective BPC depend on a multitude of process characteristics. To address this issue on a general level, we developed a taxonomy for compliance processes consisting of 9 dimensions and 37 characteristics. As a result, the taxonomy allows researchers and practitioners to classify compliance processes according to the state of the art in a formal way. Furthermore, it provides a systematic fundament for greater flexibility, i.e. an ad hoc integration of compliance processes into ongoing business processes to ensure BPC during runtime.
The adherence of business process compliance (BPC) is crucial for many companies. In addition, business processes may be supported by IT components, which can also be affected by compliance requirements. Due to business process change and the avoidance of compliance violations, companies must analyze, among other things, the interactions between business process change and BPC. Following the design science research paradigm, we developed and prototypically implemented a method that is able to analyze interactions between BPC and business process change considering supporting IT components and compliance processes. The method takes the business process change patterns “replace” and “delete” into account.
