A methodological evaluation of business process compliance management frameworks

Existing compliance management frameworks (CMFs) offer a multitude of compliance management capabilities that makes difficult for enterprises to decide on the suitability of a framework. Making a decision on the suitability requires a deep understanding of the functionalities of a framework. Gaining such an understanding is a difficult task which, in turn, requires specialised tools and methodologies for evaluation. Current compliance research lacks such tools and methodologies for evaluating CMFs. This paper reports a methodological evaluation of existing CMFs based on a pre-defined evaluation criteria. Our evaluation highlights what existing CMFs offer, and what they cannot. Also, it underpins various open questions and discusses the challenges in this direction.

Evaluating business process compliance management frameworks

This research contributes a formal framework to evaluate whether existing CMFs can model and reason about various types of normative requirements. The framework can be used to determine the level of coverage of concepts provided by CMFs, establish mappings between CMF languages and the semantics for the normative concepts and evaluate the suitability of a CMF for issuing a certification of compliance. The developed framework is independent of any specific formalism and it has been formally defined and validated through the examples of such mappings of CMFs.

Normative requirements for regulatory compliance: An abstract formal framework

By definition, regulatory rules (in legal context called norms) intend to achieve specific behaviour from business processes, and might be relevant to the whole or part of a business process. They can impose conditions on different aspects of process models, e.g., control-flow, data and resources etc. Based on the rules sets, norms can be classified into various classes and sub-classes according to their effects. This paper presents an abstract framework consisting of a list of norms and a generic compliance checking approach on the idea of (possible) execution of processes. The proposed framework is independent of any existing formalism, and provides a conceptually rich and exhaustive ontology and semantics of norms needed for business process compliance checking. The possible uses of the proposed framework include to compare different compliance management frameworks (CMFs).

Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches – A State-of-the-Art Analysis and Research Roadmap

With a steady increase of regulatory requirements for business processes, automation support of compliance management is a field garnering increasing attention in Information Systems research. Several approaches have been developed to support compliance checking of process models. One major challenge for such approaches is their ability to handle different modeling techniques and compliance rules in order to enable widespread adoption and application. Applying a structured literature search strategy, we reflect and discuss compliance-checking approaches in order to provide an insight into their generalizability and evaluation. The results imply that current approaches mainly focus on special modeling techniques and/or a restricted set of types of compliance rules. Most approaches abstain from real-world evaluation which raises the question of their practical applicability. Referring to the search results, we propose a roadmap for further research in model-based business process compliance checking.

Coordenação e fiscalização de obras na empresa Landway, S.A.

Relatório de Estágio para obtenção do grau de Mestre em Engenharia na Área de Especialização em Edificações

Automated support for versioning compliance checking between workflow management and product lifecycle management (in Chinese)

With the development of enterprise informatisation, Product Lifecycle Management (PLM) systems have been widely deployed and applied in enterprises. This paper analyzes the requirement that conducting version operations on business objects as specified in process models should be compliant with the versioning policies imposed by product lifecycles. This leads to the introduction of the concept of versioning compliance, and the approach of compliance checking that we proposed in our earlier work, which comprises both syntactical compatibility and behavioural compatibility checking. The paper then focuses on the tool implementation for providing automated support to the versioning compliance checking. An empirical evaluation of the tool was also performed with industrial partners using the well-known questionnaire-based method. The evaluation and feedback from practitioners further evidence the practical significance of this research question in the PLM field and demonstrate that the proposed solution with its automated tool support possesses a high application potential.

Beyond compliance : project on an integrated systems approach for pest risk management in South East Asia

The Beyond Compliance project, which began in July 2011 with funding from the Standards and Trade Development Facility for 2 years, aims to enhance competency and confidence in the South East Asian sub-region by applying a Systems Approach for pest risk management. The Systems Approach involves the use of integrated measures, at least two of which are independent, that cumulatively reduce the risk of introducing exotic pests through trade. Although useful in circumstances where single measures are inappropriate or unavailable, the Systems Approach is inherently more complicated than single-measure approaches, which may inhibit its uptake. The project methodology is to take prototype decision-support tools, such as Control Point-Bayesian Networks (CP-BN), developed in recent plant health initiatives in other regions, including the European PRATIQUE project, and to refine them within this sub-regional context. Case studies of high-priority potential agricultural trade will be conducted by National Plant Protection Organizations of participating South East Asian countries in trials of the tools, before further modifications. Longer term outcomes may include: more robust pest risk management in the region (for exports and imports); greater inclusion of stakeholders in development of pest risk management plans; increased confidence in trade negotiations; and new opportunities for trade.

Compliance measurement-guided medication management programs in hypertension : a systematic review

Objectif principal: Il n’est pas démontré que les interventions visant à maîtriser voire modérer la médicamentation de patients atteints d’hypertension peuvent améliorer leur gestion de la maladie. Cette revue systématique propose d’évaluer les programmes de gestion contrôlée de la médicamentation pour l’hypertension, en s’appuyant sur la mesure de l’observance des traitements par les patients (CMGM). Design: Revue systématique. Sources de données: MEDLINE, EMBASE, CENTRAL, résumés de conférences internationales sur l’hypertension et bibliographies des articles pertinents. Méthodes: Des essais contrôlés randomisés (ECR) et des études observationnelles (EO) ont été évalués par 2 réviseurs indépendants. L’évaluation de la qualité (de ce matériel) a été réalisée avec l’aide de l’outil de Cochrane de mesure du risque de biais, et a été estimée selon une échelle à quatre niveaux de qualité Une synthèse narrative des données a été effectuée en raison de l'hétérogénéité importante des études. Résultats: 13 études (8 ECR, 5 EO) de 2150 patients hypertendus ont été prises en compte. Parmi elles, 5 études de CMGM avec l’utilisation de dispositifs électroniques comme seule intervention ont relevé une diminution de la tension artérielle (TA), qui pourrait cependant être expliquée par les biais de mesure. L’amélioration à court terme de la TA sous CMGM dans les interventions complexes a été révélée dans 4 études à qualité faible ou modérée. Dans 4 autres études sur les soins intégrés de qualité supérieure, il n'a pas été possible de distinguer l'impact de la composante CMGM, celle-ci pouvant être compromise par des traitements médicamenteux. L’ensemble des études semble par ailleurs montrer qu’un feed-back régulier au médecin traitant peut être un élément essentiel d’efficacité des traitements CMGM, et peut être facilement assuré par une infirmière ou un pharmacien, grâce à des outils de communication appropriés. Conclusions: Aucune preuve convaincante de l'efficacité des traitements CMGM comme technologie de la santé n’a été établie en raison de designs non-optimaux des études identifiées et des ualités méthodologiques insatisfaisantes de celles-ci. Les recherches futures devraient : suivre les normes de qualité approuvées et les recommandations cliniques actuelles pour le traitement de l'hypertension, inclure des groupes spécifiques de patients avec des problèmes d’attachement aux traitements, et considérer les résultats cliniques et économiques de l'organisation de soins ainsi que les observations rapportées par les patients.

The role of Investment Management Systems in regulatory compliance: a Post-Financial Crisis study of displacement mechanisms

The financial crisis of 2007–2009 and the resultant pressures exerted on policymakers to prevent future crises have precipitated coordinated regulatory responses globally. A key focus of the new wave of regulation is to ensure the removal of practices now deemed problematic with new controls for conducting transactions and maintaining holdings. There is increasing pressure on organizations to retire manual processes and adopt core systems, such as Investment Management Systems (IMS). These systems facilitate trading and ensure transactions are compliant by transcribing regulatory requirements into automated rules and applying them to trades. The motivation of this study is to explore the extent to which such systems may enable the alteration of previously embedded practices. We researched implementations of an IMS at eight global financial organizations and found that overall the IMS encourages responsible trading through surveillance, monitoring and the automation of regulatory rules and that such systems are likely to become further embedded within financial organizations. We found evidence that some older practices persisted. Our study suggests that the institutionalization of technology-induced compliant behaviour is still uncertain.

Building post crisis watchtowers: investment management Systems and new institutional logics for regulatory compliance

The financial crisis of 2007-2009 has precipitated large scale regulatory change. Tight deadlines for implementation require organizations to start working on remediation projects before final drafts of regulations are crystalized. Firms are faced with engaging in complex and costly change management programs at a time when profits are diminished. As a consequence of these factors, pre-crisis logics for organizing compliance practices are being questioned and new approaches introduced. Our study explores the use of Investment Management Systems (IMS) in facilitating compliance arrangements. Our motivation is to understand the new logics and the part played by IMS in supporting these approaches. The study adopts an institutional logics perspective to explore the use of such systems at eight financial organizations. The study found new logics for organizing compliance include consolidation, centralization, harmonization and consistency and that the IMS plays an important role in supporting and enabling related activities.

Accounting information systems as institutional carriers: a case study of regulatory compliance in UK asset management houses

Previously, governments have responded to the impacts of economic failures and consequently have developed more regulations to protect employees, customers, shareholders and the economic wellbeing of the state. Our research addresses how Accounting Information Systems (AIS) may act as carriers for institutionalised practices associated with maintaining regulatory compliance within the context of UK Asset Management Houses. The AIS was found to be a strong conduit for institutionalized compliance related practices, utilising symbolic systems, relational systems, routines and artefacts to carry approaches relating to regulative, normative and cultural-cognitive strands of institutionalism. Thus, AIS are integral to the development and dissipation of best practice for the management of regulatory compliance. As institutional elements are clearly present we argue that AIS and regulatory compliance provide a rich context to further institutionalism. Since AIS may act as conduits for regulatory approaches, both systems adopters and clients may benefit from actively seeking to codify and abstract best practices into AIS. However, the application of generic institutionalized approaches, which may be applied across similar organizations, must be tempered with each firm’s business environment and associated regulatory exposure. A balance should be sought between approaches specific enough to be useful but generic enough to be universally applied.