Information Technology Reference
In-Depth Information
An Iterative Approach for Business Process Template
Synthesis from Compliance Rules
Ahmed Awad 1 , Rajeev Gore 2 , James Thomson 2 , and Matthias Weidlich 1
1 Hasso Plattner Institute, University of Potsdam, Germany
{ ahmed.awad,matthias.weidlich } @hpi.uni-potsdam.de
2 School of Computer Science, The Australian National University, Australia
{ Rajeev.Gore,jimmy.thomson } @anu.edu.au
Abstract. Companies have to adhere to compliance requirements. Typically, both,
business experts and compliance experts, are involved in compliance analysis of
business operations. Hence, these experts need a common understanding of the
business processes for effective compliance management. In this paper, we argue
that process templates generated out of compliance requirements can be used as
a basis for negotiation among business and compliance experts. We introduce
a semi automated approach to synthesize process templates out of compliance
requirements expressed in Linear Temporal Logic (LTL). As part of that, we
show how general constraints related to business process execution are incorpo-
rated. Building upon existing work on process mining algorithms, our approach to
synthesize process templates considers not only control-flow, but also data-flow
dependencies. Finally, we elaborate on the application of the derived process tem-
plates and present an implementation of our approach.
Keywords: Process synthesis, Analysis of business process compliance speci-
fication, Process mining.
1
Introduction
Recently, there has been a growing interest in compliance checking of business op-
erations. Financial scandals in large companies led to legislative initiatives, such as
SOX [1]. The purpose of these initiatives is to enforce controls on the business opera-
tions. Such controls relate to the execution order of business activities, the absence of
activity execution in a dedicated data context, or restrictions on role resolution to realize
separation of duty.
Driven by these trends, numerous approaches have been presented to address com-
pliance management of business processes. In general, we can distinguish two types of
approaches. First, compliance rules can guide the design of a business process [12,13].
These approaches ensure compliance by design by identifying compliance violations
in the course of process model creation. Second, existing process models are verified
against compliance rules [10,6]. Given compliance requirements and a process model
as input, these approaches identify violations on the process model level.
Evidently, addressing compliance during the design of business operations has many
advantages. Non-compliant processing is prevented at an early stage of process im-
plementation and costly post-implementation compliance verification along with root
 
Search WWH ::




Custom Search