Introduction to modeling methods for capturing compliance requirements

This is a new model-based framework that captures and manages compliance requirements for business processes through full automation and ongoing audits of business processes.

In today's IT-centric business environment, compliance management of regulations, laws, and their mandates has become the key to success. Directives control almost every aspect of the business, requiring the organization to provide assurance to regulators, stakeholders, customers, and business partners. 1. Ensuring compliance across the enterprise urgently requires a holistic, easy to implement, self-discipline approach that defines a complete, consistent process and the internal control set of the system layer. In particular, internal controls should help organizations achieve their goals, which involve effective and efficient operation, reliable internal and external reporting, and compliance with applicable laws, regulations and internal policies. Scandals over a series of large companies in the early 2000 led to the creation of various laws and regulations, such as Sarbanes–oxley Act (SOX) and Basel I–III. To achieve these regulatory measures, many companies have taken steps to integrate control into their business processes and corporate systems. However, most of their attempts have created a unique, isolated solution that includes hard coding for the control that implements compliance requirements across multiple systems. These detached structures are difficult to adapt to the changing business environment and to the increasing number of laws, regulations and standards. 2. Our first step towards integrated business process compliance management is to develop a model-based approach to capture and manage business process compliance requirements. This method is used as a starting point for fully automating and continuously auditing business processes. The mainstream approach to business process compliance also faces challenges in managing internal control management of business processes, which are too fragmented and focused only on retrospective reporting. 3. However, this creates passive risk prevention and therefore often entails costly costs, such as existing tools for Oracle GRC (governance, risk and compliance) accelerators and SAP Business Objects The solution provided by the GRC solution can only be used in an All-in-one application (such as an enterprise resource planning system, or an ERP system). This seriously affects the availability of these solutions in modern business processes and in the enterprise systems that support them, because these systems are highly dispersed and interconnected.

Because business process compliance and specifications are accompanied by different lifecycles, and they are often developed by different stakeholders, they should be decoupled and managed as separate entities. By logically decoupling the compliance requirements in the process specification, we can better manage their evolution and rewrite. To achieve this goal, we should establish a two-way traceability between compliance requirements and business process specification specifications. Backtracking the initial source of compliance requirements, the process of experience, the implemented and implemented business systems to analyze the impact of change compliance requirements. In this way, we can also avoid repeatedly implementing methods of handling compliance information in different applications.

by partially or completely automating quality assurance tasks, we can largely avoid errors and omissions in expensive manual process testing, thus reducing the overall cost of compliance quality assurance. The degree of automation depends on the ability to capture and formalize compliance requirements. Unfortunately, it is difficult for business users to use formal language to capture requirements because they do not have the language skills and relevant experience.

Our frameworks and models

Issues related to business process compliance, including adaptation and evolution, passive risk management, and automation (including formalization), require a repeatable, predictable, holistic approach that spans all business process lifecycle. To address these issues, we first developed a business process compliance management (BPCM) framework that consolidates compliance management practices for business process lifecycle. We then developed a conceptual model for a centralized compliance repository (closely linked to the framework above) that captures and manages compliance requirements and related concepts. (A paper has been published to introduce the framework and conceptual model.) Figure 1: Business process Compliance Management (BPCM) framework (a) operational dimension components. (b) Key elements of the conceptual model of the compliance repository. This framework consolidates the compliance management practices of the business process lifecycle. The model captures and manages compliance requirements and related concepts.

Figure 1: Business process Compliance Management (BPCM) framework. (a) Operational dimension components. (b) Conceptual model of key elements of a compliance resource. The framework consolidates compliance management practices for the business process lifecycle. The model captures and manages compliance requirements and related concepts.