Skip to main content

TS

Evaluating business process compliance management frameworks

Authors

Mustafa Hashmi

NICTA

Queensland University of Technology

Abstract

Due to the ever-increasing pressure from regulatory authorities, the demand for organisations to stay-compliant has increased over the past few years. In response to these demands—and to support the organisational compliance reporting activities, a plethora of compliance management frameworks (CMFs) have been developed. These CMFs offer functionalities that address the compliance problem in a variety of ways to meet organisations’ specific compliance reporting requirements. Regardless of how good and flexible these CMFs can be, their effectiveness largely depends on the ability of their underlying conceptual and formal models to provide faithful representations of normative requirements. A CMF based on weak conceptual and formal models might not be suitable for providing any certification of compliance that is acceptable to the certifying bodies.

Given the breadth of the business process compliance domain and the existence of large number of CMFs, determining the suitability of a CMF is a difficult task. Despite that there are no methodologies that can be used to evaluate the abilities of a CMF. This thesis proposes a formal framework to evaluate whether a CMF correctly represents the normative requirements that a system has to comply with. The proposed framework provides the following contributions: (i) a classification model and formal semantics for normative requirements giving a rich and improved ontology of various types of norms, (ii) systematic conceptual and formal evaluations of underlying conceptual and formal models of existing CMF that determine their abilities and shortcomings, and (iii) a deontic extension to Event-Calculus (EC), a value added contribution.

The framework has been formally defined and validated through the evaluations of existing CMFs. An example of these evaluations is presented at the end of the thesis. The developed framework is independent of any specific formalism, and can fit into any other formal language.

BibTeX Entry

  @phdthesis{Hashmi:phd,
    school           = {Business ProcessManagement Discipline Information Systems School Queensland University of Technology
                        (QUT)},
    author           = {Hashmi, Mustafa},
    month            = {dec},
    year             = {2015},
    keywords         = {business processes; business process compliance; business process compliance management; business
                        compliance management frameworks; compliance frameworks; regulatory compliance; obligations; norms;
                        normative requirements; norms classification; norms compl},
    title            = {Evaluating Business Process Compliance Management Frameworks},
    type             = {{PhD} Thesis},
    address          = {Brisbane, Australia}
  }

Download