Introduction to modeling methods for capturing compliance requirements

Source: Internet
Author: User

This is a new model-based framework that captures and manages compliance requirements for business processes through full automation and ongoing audits of business processes.

In today's IT-centric business environment, compliance management of regulations, laws, and their mandates has become the key to success. Directives control almost every aspect of the business, requiring the organization to provide assurance to regulators, stakeholders, customers, and business partners. 1. Ensuring compliance across the enterprise urgently requires a holistic, easy to implement, self-discipline approach that defines a complete, consistent process and the internal control set of the system layer. In particular, internal controls should help organizations achieve their goals, which involve effective and efficient operation, reliable internal and external reporting, and compliance with applicable laws, regulations and internal policies. Scandals over a series of large companies in the early 2000 led to the creation of various laws and regulations, such as Sarbanes–oxley Act (SOX) and Basel I–III. To achieve these regulatory measures, many companies have taken steps to integrate control into their business processes and corporate systems. However, most of their attempts have created a unique, isolated solution that includes hard coding for the control that implements compliance requirements across multiple systems. These detached structures are difficult to adapt to the changing business environment and to the increasing number of laws, regulations and standards. 2. Our first step towards integrated business process compliance management is to develop a model-based approach to capture and manage business process compliance requirements. This method is used as a starting point for fully automating and continuously auditing business processes. The mainstream approach to business process compliance also faces challenges in managing internal control management of business processes, which are too fragmented and focused only on retrospective reporting. 3. However, this creates passive risk prevention and therefore often entails costly costs, such as existing tools for Oracle GRC (governance, risk and compliance) accelerators and SAP Business Objects The solution provided by the GRC solution can only be used in an All-in-one application (such as an enterprise resource planning system, or an ERP system). This seriously affects the availability of these solutions in modern business processes and in the enterprise systems that support them, because these systems are highly dispersed and interconnected.

Because business process compliance and specifications are accompanied by different lifecycles, and they are often developed by different stakeholders, they should be decoupled and managed as separate entities. By logically decoupling the compliance requirements in the process specification, we can better manage their evolution and rewrite. To achieve this goal, we should establish a two-way traceability between compliance requirements and business process specification specifications. Backtracking the initial source of compliance requirements, the process of experience, the implemented and implemented business systems to analyze the impact of change compliance requirements. In this way, we can also avoid repeatedly implementing methods of handling compliance information in different applications.

by partially or completely automating quality assurance tasks, we can largely avoid errors and omissions in expensive manual process testing, thus reducing the overall cost of compliance quality assurance. The degree of automation depends on the ability to capture and formalize compliance requirements. Unfortunately, it is difficult for business users to use formal language to capture requirements because they do not have the language skills and relevant experience.

Our frameworks and models

Issues related to business process compliance, including adaptation and evolution, passive risk management, and automation (including formalization), require a repeatable, predictable, holistic approach that spans all business process lifecycle. To address these issues, we first developed a business process compliance management (BPCM) framework that consolidates compliance management practices for business process lifecycle. We then developed a conceptual model for a centralized compliance repository (closely linked to the framework above) that captures and manages compliance requirements and related concepts. (A paper has been published to introduce the framework and conceptual model.) Figure 1: Business process Compliance Management (BPCM) framework (a) operational dimension components. (b) Key elements of the conceptual model of the compliance repository. This framework consolidates the compliance management practices of the business process lifecycle. The model captures and manages compliance requirements and related concepts.

Figure 1: Business process Compliance Management (BPCM) framework. (a) Operational dimension components. (b) Conceptual model of key elements of a compliance resource. The framework consolidates compliance management practices for the business process lifecycle. The model captures and manages compliance requirements and related concepts.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.