Skip to main content

TS

Compliance by design: Synthesis of business processes by declarative specifications

Authors

Francesco Olivieri

NICTA

Abstract

Business Process Compliance are three words which scholars use to describe what happens, or should happen, when two very different worlds collide. The first world is meant to represent enterprises and how they do what they do or, more simply, which procedures and processes they adopt to offer improved products to their customers. Scholars of the field refer to the Business Process Management as a “process optimisation process” and they study approaches, methodologies, and formal languages to describe and improve what they esteem as the heart of every organisation, the business process.

A business process can be visualised as a self-contained, temporal, and logical order in which a set of activities (tasks) are executed to achieve some business objectives. Within a business process, much information is available: The control flow describes what can be done and when, while the relevant data clarify what needs to be work on as well as which actors will do the work.

The second world is the world of governments, of consortia, of all those entities which have enough power to create regulations, norms, and policies which directly impact organisations. Such entities state the boundaries of legality by imposing which actions can be considered legal to be performed within the aforementioned business processes, and which actions should be avoided in order not to incur severe sanctions.

Business Process Compliance is the research field where scholars try to un- derstand how organisations should behave in order to continue offering good products while respecting a set of regulations which strictly affect their processes. In general, a compliance regimen must include three interrelated but distinct per- spectives of compliance: Corrective, detective, and preventative measures. While the first two measures try to mitigate or intervene after compliance breaches are detected, the preventative focus assumes a completely different perspective by stating that “compliance should be embedded into the business practice, rather than be seen as a distinct activity, (...) thus achieving compliance by design” [Sadiq and Governatori, 2015].

An issue of great importance is that of devising automated tools which are able to create an entirely new, compliant process starting from a fully declarative description of both the organisation and the environment it is acting in. Such a description include: (i) A set of business objectives to be reached, (ii) The specifi- cations of a process, (iii) The norms ruling the organisational environment. This doctorate dissertation will confront this problem by following two sequential research paths.

First things first, we need a formalism able to state, given a particular context, which norms are in force, which objectives are desirable and which objectives are feasible, in order for the organisation to decide which objectives to commit to. Thus, we liken organisations to agents and, accordingly, refer to the literature of BDI (Belief-Desire-Intention) agents. The BDI architecture addresses how agents try to fulfil their goals based on the knowledge of the environment and a collection of plans. We shall analyse different notions of the concept of goal starting from the idea of sequences of “alternative acceptable outcomes”. We shall study the relationships between goals and concepts like agent’s beliefs, norms and desires, and propose a computationally oriented formalisation using a variant of Defeasible Logic extended with modal operators that will provide a suitable approach. The resulting system, being able to capture various nuances of the notion of goal, is of interest for business enterprises, for which the right decision is not only context-dependent but one which should be chosen from a preferably large pool of alternatives.

Finally, we shall propose algorithms to compute all provable and refutable conclusions of the modal defeasible theory, and we shall prove their soundness and computational complexity.

At the end of the aforementioned phase, the system (organisation) knows whether courses of action exist (in term of logical derivations) which lead to norm and outcome compliant situations. The second question then being how to determine which legitimate courses of action the agent may commit to, and how to transform them into a business process-like graphic notation.

We therefore shall propose algorithms which (i) Construct a graph by navi- gating backwards the derivation trees from the “compliant” outcomes up to the facts of the theory, and (ii) Transform such a graph by recognising JOIN and SPLIT patterns typical of process model notation. And, as stated before, we shall end the section by presenting a computational analysis.

BibTeX Entry

  @phdthesis{Olivieri:phd,
    school           = {Griffith University/Institute for Integrated and Intelligent Systems},
    author           = {Olivieri, Francesco},
    month            = {dec},
    slides           = {http://www.nicta.com.au/pub-download/slides/8494},
    year             = {2014},
    keywords         = {agents, bdi paradigm, business process, business process compliance, non- monotonic reasoning, modal
                        defeasible logic, graph theory},
    title            = {Compliance by Design: Synthesis of Business Processes by Declarative Specifications},
    type             = {{PhD} Thesis},
    address          = {Brisbane, Australia}
  }

Download