COBI 2014 - Designing a Meta Model as the Foundation for Compliance Capability

378 views

Published on

The goal of this paper lead by FR, which was presented at the Cobi 2014 workshop as full paper, is to depict compliance concepts and the relations between them, as a conceptual meta-model. It aims to assist business analysts to extract compliance rules from compliance documents and to enable compliance enforcement in all the phases of business process lifecycle.

Published in: Software
  • Be the first to comment

  • Be the first to like this

COBI 2014 - Designing a Meta Model as the Foundation for Compliance Capability

  1. 1. STRATIGAKI CHRISTINA PROF. LOUCOPOULOS PERICLES PROF. NIKOLAIDOU MARA HAROKOPIO UNIVERSITY OF ATHENS Designing a Meta Model as the Foundation for Compliance Capability
  2. 2. DIT@HUA 2 Scientific context Design rationale Design a compliance meta-model Testing through a use case Conclusions & Future work Overview
  3. 3. DIT@HUA 3 Scientific context-Definitions 1Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management. 2Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005), 150-161. 3Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health and Safety. Policy Studies, 26, 2 2005), 149-169. 4Small_Business_Research_Centre. The Impact of Regulation on Small Business Performance. 2008. 5Blackburn, R., Hart, M., Smallbone, D., Kitching, J., Eadson, W. and Bannon, K. Analysis of the Impact of the Tax System on the Cash Flow of Small Businesses: A Report for HM Revenue and Customs (HMRC). 2005. 6Edwards, P., Ram, M. and Black, J. The Impact of Employment Legislation on Small Firms: a Case Study Analysis. DTI Employment Relations Research Series No. 202003). Compliance capability Have the ability and the capacity to manage regulations within an organization. Concept of compliance Compliance denotes that the execution of certain business processes complies with a set of regulations1 Why? It is faced differently across all businesses6. 1. Business owner’s awareness of regulation4 2. Different attitudes3 3. Capacity of business owner to discover, interpret and adapt to a regulation5
  4. 4. DIT@HUA 4 Scientific context-Objective Regulatory Compliance Capability to manage regulations Develop a solid methodology Concept of compliance Compliance capability Objective  Business processes will ensure that enterprise actors conforms to a set of standards  Information system will assist in process enactment. HOW?
  5. 5. DIT@HUA 5 Scientific context- Primary Scope 1. Define a meta-model that could act as the kernel of a compliance development methodology. 2. To use the meta-model as the means to developing a repository for supporting such a methodology.
  6. 6. DIT@HUA 6 Scientific context-Analysis of existing approaches 1Papazoglou, M. P. (2011). Making Business Processes Compliant to Standards & Regulations. The 16h IEEE International Enterprise Computing Conference (EDOC 2011). Helsinki, Finland. 1Turetken, O., et al. (2012). "Capturing Compliance Requirements: A Pattern-Based Approach." IEEE Software May/ June 2012: 28-36. 1Turetken, O., et al. (2011). Enforcing compliance on business processes through the use of patterns. European Conference on Information Systems (ECIS 2011). Helsinki, Finland: Paper No. 5. 2COSO Internal Control – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission City, 1994. 3Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management. COMPAS1-Focused on compliance awareness. Model-driven engineering approach and used annotation techniques for relating system and requirement models at design-time. Sadiq, Governatori et al. 20073 Modelling control objectives within BP structures. A basic model to capture compliance requirements. COSO Framework2 offered the internalization of abstract compliance requirements into a set of organization-specific concrete norms.
  7. 7. DIT@HUA 7 Scientific context-Scope Design a compliance meta-model with a specific focus on the compliance domain description and identification. It is essential to develop a meta-model for compliance management that will be useful and ready to be applied in all phases of BP lifecycle.
  8. 8. DIT@HUA 8 Proposed meta-model for compliance 1Conklin, E. J. and K. C. B. Yakemovic (1991) A Process-Oriented Approach to Design Rationale, Human-Computer Interaction 6(3,4): 357-391. 1Lee, J. and K.-Y Lai (1991) What's in Design Rationale? , Human-Computer Interaction 6(3,4): 251-280. 1Jarczyk, A. P. J., P. Loffler and F. M. Shipman III (1992) Design Rationale for Software Engineering: A Survey, 25th Hawaii International Conference on System Sciences, Conference, Kauai, Hawaii, IEEE Computer Society Press: 577-586. 1Louridas P.,Loucopoulos P. (2000) A Generic Model for Reflective Design, ACM Transactions, on Software Engineering and Methodology 9(2):199-237  The functionality of the meta-model would be the semantic definition and description of the notions of compliance  The methodology followed for the construction of the meta-model is presented as a design rationale1 Hypotheses Justifications Design Action Goal Problem Analysis Evaluation Resolution Problem Setting
  9. 9. Design rationale analysis DIT@HUA 9 Compendium concepts
  10. 10. DIT@HUA 10 Starting point  Maintain the entities:  Compliance source(further analysis)  Compliance rule(further analysis)  Examine the section of BPs as a compliance rule target
  11. 11. DIT@HUA 11 Proposed compliance meta-model Compendium concepts
  12. 12. DIT@HUA 12 Compliance Meta-model Testing Example
  13. 13. DIT@HUA 13  Use the sections of the meta- model(teleology, methodology and ontology) as a conceptual compass  Variability and differentiability among the legal documents  Examine the usability of the proposed entities Instantiate the meta-model/ Design Rationale Port Authority Act-Montserrat HealthCare Regulation of Massachusetts SLA-Managed IT Support Compendium concepts
  14. 14. Healthcare regulation1 instance of Teleology and Methodology sections Teleology Methodology DIT@HUA 14 1State_of_Massachusetts General Laws-Public Health. City, 2012.
  15. 15. DIT@HUA 15 Ontology/Applicability section-Abortion regulation Complex rules Simple Rules CR1 Description: If a pregnancy has existed for less than twenty-four weeks no abortion may be performed except by a physician and only if, in the best medical judgment of a physician, the abortion is necessary under all attendant circumstances. MTL Expression: Pregnancy CoExists Judgment_of_Abortion_as_Necessary LeadsTo Performance_of_Abortion PerformedBy Physician SR1a Text Description: If a pregnancy has existed for less than twenty-four weeks no abortion may be performed except by a physician. MTL Expression: Pregnancy ExistsMax 24 weeks LeadsTo Performance_of_Abortion PerformedBy Physician SR1b Text Description: The abortion may be performed only if the physician has ruled as necessary under all attendant circumstances. MTL Expression: Judgment_of_Abortion_as_Necessary LeadsTo Performance_of_Abortion PerformedBy Physician
  16. 16. DIT@HUA 16 Remarks about the instantiations In every instance the perception for each entity was the same for the modeler The use of patterns and MTL expressions improve the understanding of rule’s syntax The methodology section of the meta-model is very important for compliance management and categorization Complex and simple rule entities are describing accurately the structure of rule as both semantically and lexically. The applicability section of the meta-model is perfectly defining the factors that a rule affect
  17. 17. Ontological analysis  Evaluation of completeness and expressiveness of the proposed meta-model.  The ontological analysis requires a representation of mapping of the ontological concepts to its corresponding meta-model concepts.  An ontology in OWL will increase the usability of the meta- model DIT@HUA 17 Ongoing research
  18. 18. DIT@HUA 18 Ongoing research- OWL Ontology
  19. 19. DIT@HUA 19 Open issues Possible changes and adjustments in the meta-model Further study and analysis on the methods of extraction rules from a legal document Combine textual and semantic extraction of rules for robust results Evolve the OWL ontology Ontology-Reasoning
  20. 20. THANK YOU
  21. 21. 1. Bulygin, E. What Can One Expect from Logic in the Law? (Not Everything, but More than Something: A Reply to Susan Haack). Ratio Juris, 21, 1 2008), 150-156. 2. Siena, A., Ingolfo, S., Perini, A., Susi, A. and Mylopoulos, J. Automated Reasoning for Regulatory Compliance. City, 2013. 3. Mitchell, S. and Switzer, C. S. GRC Capability Model "Red Book" 2.0. OCEG, 2009. 4. Ghose, A. K. and Koliadis, G. Auditing business process compliance. City, 2007. 5. Namiri, K. and Stojanovic, N. A Formal Approach for Internal Controls Compliance in Business Processes. In Proceedings of the 8th Workshop on Business Process Modeling, Development and Support (BPMDS'07) (2007) 6. Buksa, I. Business Process and Regulations Compliance Management Technology. In Proceedings of the The CAiSE Doctoral Consortium 2011 (London, UK, 2011). http://ceur-ws.org/Vol-731/, [insert City of Publication]. 7. State_of_Massachusetts General Laws-Public Health. City, 2012. 8. BPM_Forum. CEE: the Future. Building the Compliance Enabled Enterprise. Report Produced by Global Fluency in Partnership with: AXS- One. 2006. 9. Ram, M., Gilman, M., Arrowsmith, J. and Edwards, P. Once More into the Sunset? Asian Clothing Firms after the National Minimum Wage. Environment and Planning C: Government and Policy, 21, 1 2003), 71-88. 10. Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005), 150-161. 11. Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health and Safety. Policy Studies, 26, 2 2005), 149-169. Suggested Bibliography DIT@HUA 21

×