Teahcing material for the Business Process Management course at ITU 2018, that regard to Business Process Compliance, analysis, modelling, checking, monitoring, and auditing.
7. IT UNIVERSITY OF COPENHAGEN
THE ENRON SCANDAL
Enron, the 7th largest US company in 2001, files for bankruptcy in
December 2001.
Investors and retirees are left with worthless stock.
Enron is charged with securities fraud (fraudulent manipulation of
publicly reported financial results, lying to U.S. Securities and Exchange
Commission, etc),
Investigative findings conclude that Enron used complex dubious energy
trading schemes.
3
8. IT UNIVERSITY OF COPENHAGEN
THE ENRON SCANDAL (II)
“The Death Star” trading scheme: One of the fraudulent schemes used by
Enron
4
Takes advantage of loopholes in
energy trading regulations in
California.
Schedules power transmission from
congested line from bus A to bus
B in the opposite direction of
demand, charging a “congestion
reduction fee”
Reschedules the routing all the way
back to A so no energy was
actually bought or sold by
Enron. It was just a routing
scheme.
9. IT UNIVERSITY OF COPENHAGEN
CORRECTNESS & COMPLIANCE
Policies and regulations are there to protect users from fraudulent, unethical
and fraudulent behaviour.
The case of Enron and similar companies motivated changes in the regulation.
Sarbanes-Oxley (SOX) Act in 2002:
It provides the foundation for new corporate governance rules, regulations
& standards issued by the Securities and Exchange Commission. It covers
a range of topics from criminal penalties to Corporate Board
responsibilities. SOX also covers issues such as independent auditing
requirements, corporate governance, internal control assessment,
and enhanced financial disclosure.
Applicable to “Issuers” as defined in the SEC Act of 1934 (approximately
15,000 public companies by 2002).
5
10. IT UNIVERSITY OF COPENHAGEN
BUSINESS PROCESS COMPLIANCE
Is it important?
• Siemens growth in compliance importance by 700% 1
Market responds to a need:
• Consulting companies: PriceWaterhouseCoppers, Deloitte etc.
• IBM Lotus workplace for Business Controls & Reporting
• Microsoft Office Solutions Accelerator for Sarbanes-Oxley
• SAP GRC (Governance, Risk and Compliance)
• Niche vendors such as OpenPages, Paisley Consulting, Qumas
Inc,…
New upcoming regulations: GDPR
6
1. Halfmann, A.: Siemens versiebenfacht Zahl der
Compliance-Mitarbeiter (January 2009)
11. IT UNIVERSITY OF COPENHAGEN
CORRECTNESS IN BUSINESS PROCESSES
7
Compliance
Soundness
Syntax Conformance
(semantic correctness)
(behavioral correctness)
(structural correctness)
12. IT UNIVERSITY OF COPENHAGEN
A TALE OF USERS
8
business process monitoring will assess the design of internal controls and serve as an
input to internal controls certification.
Fig. 1. Interconnect of Process Management and Controls Management
Given the scale and diversity of compliance requirements and additionally the fact
that these requirements may frequently change, business process compliance is indeed
a large and complex problem area with several challenges. Following our initial
premise that business and control objectives are (or should be) designed separately,
but must converge at some point, we present below a list of essential methods and
techniques that need to be developed to tackle this overall problem.
2.1 Control Directory Management
Regulations and other compliance directives are complex, vague and require
interpretation. Often in legalese, these mandates need to be translated by experts. For
example the COSO framework [6] is recognized by regulatory bodies as a defacto
standard for realizing controls for financial reporting. A company-specific interpret-
tation results in the following (textual) information being created:
<control objective, risk, internal control 1
>
[1]
S. Sadiq, G. Governatori, and K. Namiri, “Modeling Control Objectives for Business
Process Compliance,” in Business Process Management, 2007, pp. 149–164.
13. IT UNIVERSITY OF COPENHAGEN
A TALE OF USERS
8
the actors’ behavior. On the other hand, governmental
regulations are formulated and imposed by legal authorities
to ensure social welfare, protect local interests, and regu-
et al. 2012). Norm
potential approach
environments where
as autonomous agen
the normative con
agents.
In a nutshell, CC
the notion of agents
of norms (obligatio
not only provides t
normative constrain
To indicate organi
concept of event
behavioral traces th
process. With these
Table 1 Governmental regulations and business processes
Governmental regulations Business processes
Issued by legal authorities Designed and implemented by
organizations
National perspective Organizational perspective
Focus on the effects of actions Focus on the process of actions
Increase social welfare; economics,
safety, environmental concern
Increase the efficiency of
organizations to achieve
higher organizational benefit
Legal authority Secondary authority
394
[1]
J. Jiang, H. Aldewereld, V. Dignum, S. Wang, and Z. Baida,
“Regulatory compliance of business processes,” AI & Soc,
vol. 30, no. 3, pp. 393–402, Aug. 2015.
business process monitoring will assess the design of internal controls and serve as an
input to internal controls certification.
Fig. 1. Interconnect of Process Management and Controls Management
Given the scale and diversity of compliance requirements and additionally the fact
that these requirements may frequently change, business process compliance is indeed
a large and complex problem area with several challenges. Following our initial
premise that business and control objectives are (or should be) designed separately,
but must converge at some point, we present below a list of essential methods and
techniques that need to be developed to tackle this overall problem.
2.1 Control Directory Management
Regulations and other compliance directives are complex, vague and require
interpretation. Often in legalese, these mandates need to be translated by experts. For
example the COSO framework [6] is recognized by regulatory bodies as a defacto
standard for realizing controls for financial reporting. A company-specific interpret-
tation results in the following (textual) information being created:
<control objective, risk, internal control 1
>
[1]
S. Sadiq, G. Governatori, and K. Namiri, “Modeling Control Objectives for Business
Process Compliance,” in Business Process Management, 2007, pp. 149–164.
14. IT UNIVERSITY OF COPENHAGEN
ANATOMY OF COMPLIANCE FRAMEWORKS
9
WI SCHWERPUNKTAUFSATZ
superordinated level correctly and com-
pletely so that their fulfillment is identical
with the fulfillment of the respective laws.
on the principal of Schneider’s execution
monitor (Schneider 2006) that intercepts
allthosecommandsatprocessor-levelthat
a corresponding log-file. For such valida-
tions, e.g., the Hippocratic database offers
an interface to its query logs, and Delbaere
……
Best practice
Compliance validation
…
Compliance requirements 3
Compliance requirements 2
Compliance
requirements 1 Manually checked
control objectives
Automatable control
objectives
Compliance policy 3
Compliance policy 2
Compliance policy 1
…
…
Forensic
Audit
Control process
Business process management
Log-file
Standards
Laws Contracts
Compliance and risk
management
Fig. 1 Process of compliance validation
[1]
S. Sackmann and M. Kähmer, “ExPDT: A policy-based approach for automating compliance
[ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance],” Wirtschaftsinformatik,
vol. 50, no. 5, pp. 366–374, 2008.
15. IT UNIVERSITY OF COPENHAGEN
ANATOMY OF A COMPLIANCE RULE
10
Diagnostic Information in Compliance Checking 267
Fig. 1. Compliance Rule Framework
Furthermore, a compliance rule can
(4) impose time-related constraints (e.g.,
“Within 6 months the claim must be de-
cided.”) or can be untimed,(5) prescribe
properties of a single case or of multiple
cases (e.g., “20% of all claims require a
detailed check.”), and (6) prescribe prop-
erties of the process design (e.g., “The
claim process must have a time-out event
handler.”) or properties of the process ex-
ecutions, which can be observed (i.e.,
recorded in an event log).
These six dimensions give rise to
the framework shown in Fig. 1. In this
paper, we present compliance rules for
control flow, data flow as well as organi-
zational aspects, where we focus on un-
timed, observation-based properties of individual cases. The remainder of this section
presents control flow compliance rules and their formalization. Section 5 presents data
flow rules and organizational rules and their combination with control flow rules.
4.2 Control Flow Compliance Rules
Eliciting and formalizing compliance rules for a business process comprise determining
the laws and regulations that are relevant for this process and formulating these compli-
ance rules in an unambiguous, yet understandable manner [30]. Typically, this involves
expressing a given informal requirement in a formal notation: a task an end user may not
[1]
E. Ramezani, D. Fahland, and W. M. P. van der Aalst,
“Where Did I Misbehave? Diagnostic Information in
Compliance Checking,” in Business Process Management,
2012, pp. 262–278.
16. IT UNIVERSITY OF COPENHAGEN
ANATOMY OF A COMPLIANCE RULE
10
agnostic Information in Compliance Checking 267
Fig. 1. Compliance Rule Framework
can
(e.g.,
e de-
cribe
ltiple
ire a
prop-
“The
event
s ex-
(i.e.,
e to
this
s for
gani-
n un-
of individual cases. The remainder of this section
es and their formalization. Section 5 presents data
nd their combination with control flow rules.
les
rules for a business process comprise determining
vant for this process and formulating these compli-
derstandable manner [30]. Typically, this involves
ent in a formal notation: a task an end user may not
[1]
E. Ramezani, D. Fahland, and W. M. P. van der Aalst,
“Where Did I Misbehave? Diagnostic Information in
Compliance Checking,” in Business Process Management,
2012, pp. 262–278.
268 E. Ramezani, D. Fahland, W.M.P. van der Aalst
Table 1. Categorization of the 55 Control Flow Compliance Rules
Category (Rules) Description
Existence (2) Limits the occurrence or absence of a given event A within a
scope. [4],[15],[9], [14],[21],[36],[33]
Bounded Existence (6) Limits the number of times a given event A must or must not
occur within a scope. [15],[14]
Bounded Sequence (5) Limits the number of times a given sequence of events must
or must not occur within a scope. [15],[14]
Parallel (1) A specific set of events should occur in parallel within a scope.
[33]
Precedence (10) Limits the occurrence of a given event A in precedence over
a given event B. [15],[33],[14],[36],[9],[19],[21],[4],[33]
Chain Precedence (4) Limits the occurrence of a sequence of events A1, . . . , An
over a sequence of events B1, . . . , Bn. [15],[14],[21]
Response (10) Limits the occurrence of a given event B in response to a
given event A. [33],[14],[21],[15],[37],[9],[19]
Chain Response (4) Limits the occurrence of a sequence of events B1, . . . , Bn in
response to a sequence of events A1, . . . , An. [15]
Between (7) Limits the occurrence of a given event B between a sequence
of events A and C. [14]
Exclusive (1) Presence of a given event A mandates the absence of an
event B. [15]
Mutual Exclusive (1) Either a given event A or event B must exist but not none of
them or both. [15],[34]
Inclusive (1) Presence of a given event A mandates that event B is also
present. [15]
Prerequisite (1) Absence of a given event A mandates that event B is also
absent. [15]
Substitute (1) A given event B substitutes the absence of event A. [15]
Corequisite (1) Either given events A and B should exist together or to be
absent together. [15]
Petri-net patterns. Although being an unusual choice, we could formalize operational
rules as well as declarative rules in a systematic and understandable way. The complete
17. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
18. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
19. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
Inclusion: Presence of a given task A mandates B to be also present
20. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
Inclusion: Presence of a given task A mandates B to be also present
21. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
Inclusion: Presence of a given task A mandates B to be also present
Response: Presence of a given task A mandates B to be also present
22. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN DCR
Occurrence: The occurrence of task A is within the scope of the process.
11
Inclusion: Presence of a given task A mandates B to be also present
Response: Presence of a given task A mandates B to be also present
23. One must learn by doing the thing;
for though you think you know it,
you have no certainty, until you try.
Sophocles, 496-405 BC.
24. IT UNIVERSITY OF COPENHAGEN
HANDS-ON
Model the following patterns in a DCR-graph (use the simulator to verify if
your model is right):
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.” If B occurs without a directly preceding A, the rule is
violated. For instance, ⟨ACCAAC⟩ and ⟨ABCAAB⟩ comply to the rule,
whereas ⟨ABACB⟩ violates the rule.
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.” (hint:
consider A/B as non-atomic tasks)
3. Bounded Existence of a Task: Task A should be executed exactly k
times.” If A occurs less than or more than k times, the rule is violated. For
instance, for k = 2, the trace ⟨BCADBCAD⟩ complies to this rule and
⟨BCADBCAAD⟩ violates the rule.
4. Execution in Between. “Task B should be performed not before task A
has been executed, and not later than C.”
13
25. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
Matches the specification of compliance rules and the executions of
business processes.
- If specifications are satisfied by the runs in a BP, the process is compliant,
otherwise, it is in violation with the compliance rule.
14
are associated with potentially inadvertent behaviour or deliberate viola-
tions while seeking more opportunistic engagements.
Figure 1: Compliance Space
1.1 Compliance Space
Compliance of business processes with normative documents is thus im-
portant to ensure establishing better links between these two traditionally
separate universes of discourse, i.e., legal and business process spaces (see
Figure 1).
[1]
G. Governatori and S. Sadiq, The journey to business process compliance. 2009.
28. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
16
29. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.”
(Prepare_patient Λ Send_patient_to_surgical_suite) ∨ (Prepare_patient W
Send_patient_to_surgical_suite)
16
30. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.”
(Prepare_patient Λ Send_patient_to_surgical_suite) ∨ (Prepare_patient W
Send_patient_to_surgical_suite)
3. Execution in Between. “Task B should be performed not before task A
has been executed, and not later than C.”
16
31. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.”
(Prepare_patient Λ Send_patient_to_surgical_suite) ∨ (Prepare_patient W
Send_patient_to_surgical_suite)
3. Execution in Between. “Task B should be performed not before task A
has been executed, and not later than C.”
Exercise.
16
32. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.”
(Prepare_patient Λ Send_patient_to_surgical_suite) ∨ (Prepare_patient W
Send_patient_to_surgical_suite)
3. Execution in Between. “Task B should be performed not before task A
has been executed, and not later than C.”
Exercise.
4. Mutual Exclusion. “Either tasks A and B must be executed, but no none
of them, or both”.
16
33. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE RULES IN LTL
1. Direct Precedence of a Task. “Every time B occurs, it should be directly
preceded by A.”
(¬Perform_surgery W Prepare_patient) Λ (¬Perform_surgery W
Send_patient_to_surgical_suite)
2. Direct Precedence or Simultaneous Occurrences of Tasks. “Task A
must always be executed simultaneously or directly before task B.”
(Prepare_patient Λ Send_patient_to_surgical_suite) ∨ (Prepare_patient W
Send_patient_to_surgical_suite)
3. Execution in Between. “Task B should be performed not before task A
has been executed, and not later than C.”
Exercise.
4. Mutual Exclusion. “Either tasks A and B must be executed, but no none
of them, or both”.
Exercise.
16
34. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
35. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
☹
36. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
☹
☹
37. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
38. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
39. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
40. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
41. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant
42. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant ☹
43. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant ☹
Partially (Weakly) Compliant
At least a trace satisfy the rule
44. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant
☺
☹
Partially (Weakly) Compliant
At least a trace satisfy the rule
45. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant
☺
☹
Partially (Weakly) Compliant
At least a trace satisfy the rule
Violated
All traces violate the rule
46. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE CHECKING
All traces satisfy the rule
17
< E, D, F, G, B >
< G, C, F, D, G >
< C, A, B, D, B >
< G, C, B, A, D >
< A, F, A, D, B >
< A, D, B, G, A >
flexible as the generation can be repeated when rules are
added, removed, or changed. Third, the approach is
complete in the sense that an unsuccessful model gen-
eration can be interpreted as ‘‘the business process cannot
be made compliant’’ rather than ‘‘the current model is
brings our approach in the context of related w
Section 8 concludes the paper.
2. Running example: insurance claim handli
We use a simple insurance claim handl
(based on [12]) as running example for this p
process, a customer submits a claim to an i
then prepares a fraud detection check off
external service. Based on the result of this
claim is either (1) assessed and the settlemen
(2) detected fraudulent and reported, or (
incomplete. In the last case, further infor
requested from the customer before the clai
mitted to the fraud detection service. In this s
customer can alternatively decide to withdraw
On successful assessment, a settlement case i
by a financial clerk. The claim is settlement pa
rates or all at once. A single complete paym
requires an authorization of the controlling of
the settlement is finally paid, the claim is arc
One way to model this process is to expli
he actions to be taken and to give an opera
ness process model. An alternative to this
approach offers an artifact-centric framew
starts by identifying what is acted on (noun-
to derive a business process from the life c
Fig. 1. Approaches to achieve compliance. (a) Compliance by detection
and (b) compliance by design.
Compliance Rule
(Response of a Task)
G(A F(B))
Executions
(Generated from the transition
system)
✓
☹
☹
☹
☹
☹
Full Compliant
☺
☹
☹
Partially (Weakly) Compliant
At least a trace satisfy the rule
Violated
All traces violate the rule
47. IT UNIVERSITY OF COPENHAGEN
BUSINESS PROCESS LIFECYCLE
18
(Re-)Design
Simulation/
Validation
Execution
Change in
Processes /
Legislations
Analysis
48. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AS PART OF THE LIFECYCLE
19
and parameter thresholds are violated. Adjustments and
corrective actions could effect changes in business process
components in an SOA-based application.
Figure 2. Conceptual architecture for compliance management.
Compliance management commences with compliance
monitoring are two important and compl
process compliance checking phases.
provides a lifetime guaranteed complia
design-time compliance verification, a
considered as complian
relevant compliance re
allows only for the exe
instances not violating
[12]. Consequently, it
ensured that corresp
instances are compli
compliance verification
of detecting and resolvin
violations as early as p
actual business process
providing a preven
support. Design-time com
has lower verification c
the subsequent dynamic
Hence, it is desirable t
compliance requiremen
during design-time. Ho
always feasible to enforc
process models at de
compliance requiremen
variable instantiations
information that cannot b
design time. Runtime
compliance requirement
checked during design-ti
verified against running
instances during runtime. Runtime comp
and offline compliance analysis and mo
integrated, holistic view of complianc
[1]
M. P. Papazoglou, “Making business processes compliant to standards & regulations,” in
Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOC,
Helsinki, 2011, pp. 3–13.
49. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AS PART OF THE LIFECYCLE
19
and parameter thresholds are violated. Adjustments and
corrective actions could effect changes in business process
components in an SOA-based application.
Figure 2. Conceptual architecture for compliance management.
Compliance management commences with compliance
monitoring are two important and compl
process compliance checking phases.
provides a lifetime guaranteed complia
design-time compliance verification, a
considered as complian
relevant compliance re
allows only for the exe
instances not violating
[12]. Consequently, it
ensured that corresp
instances are compli
compliance verification
of detecting and resolvin
violations as early as p
actual business process
providing a preven
support. Design-time com
has lower verification c
the subsequent dynamic
Hence, it is desirable t
compliance requiremen
during design-time. Ho
always feasible to enforc
process models at de
compliance requiremen
variable instantiations
information that cannot b
design time. Runtime
compliance requirement
checked during design-ti
verified against running
instances during runtime. Runtime comp
and offline compliance analysis and mo
integrated, holistic view of complianc
[1]
M. P. Papazoglou, “Making business processes compliant to standards & regulations,” in
Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOC,
Helsinki, 2011, pp. 3–13.
A Priori
50. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AS PART OF THE LIFECYCLE
19
and parameter thresholds are violated. Adjustments and
corrective actions could effect changes in business process
components in an SOA-based application.
Figure 2. Conceptual architecture for compliance management.
Compliance management commences with compliance
monitoring are two important and compl
process compliance checking phases.
provides a lifetime guaranteed complia
design-time compliance verification, a
considered as complian
relevant compliance re
allows only for the exe
instances not violating
[12]. Consequently, it
ensured that corresp
instances are compli
compliance verification
of detecting and resolvin
violations as early as p
actual business process
providing a preven
support. Design-time com
has lower verification c
the subsequent dynamic
Hence, it is desirable t
compliance requiremen
during design-time. Ho
always feasible to enforc
process models at de
compliance requiremen
variable instantiations
information that cannot b
design time. Runtime
compliance requirement
checked during design-ti
verified against running
instances during runtime. Runtime comp
and offline compliance analysis and mo
integrated, holistic view of complianc
[1]
M. P. Papazoglou, “Making business processes compliant to standards & regulations,” in
Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOC,
Helsinki, 2011, pp. 3–13.
A Priori A Posteriori
51. IT UNIVERSITY OF COPENHAGEN
RUNTIME COMPLIANCE
Not always feasible to check all the constraints at compile time:
20
264 D. Knuplesch et al.
Fig. 1. Compliance Monitoring [4]
a compliance violation once it has occurred. By contrast, proactive monitoring
aims to preventively avoid any violation; e.g., by recommending appropriate
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
if a patient’s leukocyte count suddenly falls below a threshold, a drug for raising the
leukocyte count will have to be administered the same day
52. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
A monitor keeps track of the state
of each compliance rule:
• It does not apply to the running
process, or Not_Activated.
• It is Activated for the running
process, and it can be:
• Satisfied:
• But it is still violable
• Or permanently satisfied.
• Violated:
• But healable (pending)
• Or permanently violated.
21
uplesch et al.
Fig. 5. States of compliance rules
ed by the framework. The most fundamental state is Not Activa-
compliance rule does not apply to the running process instance so
ate Activated expresses that the compliance rule is applicable to
stance. Furthermore, this state includes the sub-states Satisfied
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
53. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
54. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
Violable
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
55. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
Violable
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
56. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
PerSatisfied
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
57. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
Violable
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
58. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE MONITORING
State(c1) =
22
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
State(c2) = ?
State(c3) = ?
PerViolated
[1]
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives
of Business Process Compliance,” in Business Process Management, 2015, pp. 263–279.
59. IT UNIVERSITY OF COPENHAGEN
HANDS-ON
1. Model compliance rules c1, c2 & c3 in a
DCR-graph (use additional activities to
model data/time checks).
2. Calculate what is the final state of rules
c2 & c3 after execution of event 99.
23
case, but violated in another. In particular, the depicted log refers to two differ-
ent request items related to customers Mr. Smith and Mrs. John. These items,
in turn, trigger two different instances of compliance rule c1. In both cases, the
amount is greater than 10,000 e and hence a solvency check is required (cf. c1).
However, the latter was only performed for the request item of Mr. Smith, but
not for the one of Mrs. John, i.e., c1 is violated in the latter case. In addition
to the violation of c1, compliance rule c2 is violated twice. While the violated
Fig. 2. Event log of order-to-delivery processes and compliance rules
60. IT UNIVERSITY OF COPENHAGEN
PROCESS AUDIT
Post-mortem analysis:
Given a total execution history (event-log) and a set of compliance rules, decide
whether there has been a violation of the compliance rule.
- The log complies to the rule if each log trace is described by the rule.
- In case a trace is not described, we want to locate where the trace deviates from
the rule.
24
Several figures in the next section show these alignments.
To ease presentation of our results, we abstract long sequences of events that are
not relevant to the compliance rule (i.e., which are mapped to Ω-transitions), to shorter
sequences. This way, order and relative position of compliance-relevant events are pre-
served while irrelevant details are abstracted from.
6.2 Case Study Constraints and Results
In the case study we followed the standard use case for compliance checking: (1) check
relevant regulations and elicit respective compliance requirements, (2) for each require-
ment, identify the patterns that precisely express the requirement from the rule collec-
tion in Tab. 1, (3) take the corresponding Petri-net pattern and map its transitions to the
events in the given log, and (4) run the conformance checker.
In the following, we describe our findings for three compliance requirements that
were derived from the financial department’s internal policies and medical guidelines.
Fig. 8. Non-compliant case for
‘First Visit Registration should
occur exactly once’
Compliance Requirement 1. “The hospital should reg-
ister each visiting patient and prevent duplicate regis-
trations for a patient.” This requirement is formalized
by the compliance rule “Event First Visit Registration
should occur exactly once per case.” from the category
‘bounded existence’ of Table 1. The corresponding pat-
tern is shown in Fig. 2 (left). To obtain a reliable result,
we needed to filter the data for patients who started their
treatment between 2005 and 2008. We checked compliance for 640 cases and identified
622 compliant and 18 non-compliant cases.
Figure 8 shows diagnostic information for a non-compliant case. As described above,
ProM maps the trace on to the compliance-influencing events: First Visit Registration
occurs twice, where the first occurrence is compliant (highlighted green) and the second
one should not have been in the trace (highlighted yellow, move on log).
C1 = “The hospital should register each visiting patient and prevent
duplicate registrations for a patient.”
61. IT UNIVERSITY OF COPENHAGEN
PROCESS AUDIT
Post-mortem analysis:
Given a total execution history (event-log) and a set of compliance rules, decide
whether there has been a violation of the compliance rule.
- The log complies to the rule if each log trace is described by the rule.
- In case a trace is not described, we want to locate where the trace deviates from
the rule.
24
Several figures in the next section show these alignments.
To ease presentation of our results, we abstract long sequences of events that are
not relevant to the compliance rule (i.e., which are mapped to Ω-transitions), to shorter
sequences. This way, order and relative position of compliance-relevant events are pre-
served while irrelevant details are abstracted from.
6.2 Case Study Constraints and Results
In the case study we followed the standard use case for compliance checking: (1) check
relevant regulations and elicit respective compliance requirements, (2) for each require-
ment, identify the patterns that precisely express the requirement from the rule collec-
tion in Tab. 1, (3) take the corresponding Petri-net pattern and map its transitions to the
events in the given log, and (4) run the conformance checker.
In the following, we describe our findings for three compliance requirements that
were derived from the financial department’s internal policies and medical guidelines.
Fig. 8. Non-compliant case for
‘First Visit Registration should
occur exactly once’
Compliance Requirement 1. “The hospital should reg-
ister each visiting patient and prevent duplicate regis-
trations for a patient.” This requirement is formalized
by the compliance rule “Event First Visit Registration
should occur exactly once per case.” from the category
‘bounded existence’ of Table 1. The corresponding pat-
tern is shown in Fig. 2 (left). To obtain a reliable result,
we needed to filter the data for patients who started their
treatment between 2005 and 2008. We checked compliance for 640 cases and identified
622 compliant and 18 non-compliant cases.
Figure 8 shows diagnostic information for a non-compliant case. As described above,
ProM maps the trace on to the compliance-influencing events: First Visit Registration
occurs twice, where the first occurrence is compliant (highlighted green) and the second
one should not have been in the trace (highlighted yellow, move on log).
C1 = “The hospital should register each visiting patient and prevent
duplicate registrations for a patient.”
Diagnostic Information in Compliance Checking 275
Fig. 9. Non-compliant case
for ‘First Registration Visit
precedes x-ray’
An example of a non-compliant case is shown in
Fig. 9. The relevant sequence of events in this case is
⟨. . . x-ray . . . FirstVisitRegistration . . .⟩. The compliance
checker identified the x-ray event as an event that should not
have happened (highlighted yellow, move on log) because it
occurred before the FirstVisitRegistration event). In addi-
tion, the checker highlights the position where x-ray should
have occurred as a move on model (highlighted purple).
Compliance Requirement 3. “For safety reasons,
C2 =“Every time the event ‘x-ray’ occurs, ‘First Visit Registration’ should
have happened before x-ray.”
62. IT UNIVERSITY OF COPENHAGEN
PROCESS AUDIT
Post-mortem analysis:
Given a total execution history (event-log) and a set of compliance rules, decide
whether there has been a violation of the compliance rule.
- The log complies to the rule if each log trace is described by the rule.
- In case a trace is not described, we want to locate where the trace deviates from
the rule.
24
Several figures in the next section show these alignments.
To ease presentation of our results, we abstract long sequences of events that are
not relevant to the compliance rule (i.e., which are mapped to Ω-transitions), to shorter
sequences. This way, order and relative position of compliance-relevant events are pre-
served while irrelevant details are abstracted from.
6.2 Case Study Constraints and Results
In the case study we followed the standard use case for compliance checking: (1) check
relevant regulations and elicit respective compliance requirements, (2) for each require-
ment, identify the patterns that precisely express the requirement from the rule collec-
tion in Tab. 1, (3) take the corresponding Petri-net pattern and map its transitions to the
events in the given log, and (4) run the conformance checker.
In the following, we describe our findings for three compliance requirements that
were derived from the financial department’s internal policies and medical guidelines.
Fig. 8. Non-compliant case for
‘First Visit Registration should
occur exactly once’
Compliance Requirement 1. “The hospital should reg-
ister each visiting patient and prevent duplicate regis-
trations for a patient.” This requirement is formalized
by the compliance rule “Event First Visit Registration
should occur exactly once per case.” from the category
‘bounded existence’ of Table 1. The corresponding pat-
tern is shown in Fig. 2 (left). To obtain a reliable result,
we needed to filter the data for patients who started their
treatment between 2005 and 2008. We checked compliance for 640 cases and identified
622 compliant and 18 non-compliant cases.
Figure 8 shows diagnostic information for a non-compliant case. As described above,
ProM maps the trace on to the compliance-influencing events: First Visit Registration
occurs twice, where the first occurrence is compliant (highlighted green) and the second
one should not have been in the trace (highlighted yellow, move on log).
C1 = “The hospital should register each visiting patient and prevent
duplicate registrations for a patient.”
Diagnostic Information in Compliance Checking 275
Fig. 9. Non-compliant case
for ‘First Registration Visit
precedes x-ray’
An example of a non-compliant case is shown in
Fig. 9. The relevant sequence of events in this case is
⟨. . . x-ray . . . FirstVisitRegistration . . .⟩. The compliance
checker identified the x-ray event as an event that should not
have happened (highlighted yellow, move on log) because it
occurred before the FirstVisitRegistration event). In addi-
tion, the checker highlights the position where x-ray should
have occurred as a move on model (highlighted purple).
Compliance Requirement 3. “For safety reasons,
C2 =“Every time the event ‘x-ray’ occurs, ‘First Visit Registration’ should
have happened before x-ray.”
Diagnostic Information in Compliance Checking 275
Fig. 9. Non-compliant case
for ‘First Registration Visit
precedes x-ray’
An example of a non-compliant case is shown in
Fig. 9. The relevant sequence of events in this case is
⟨. . . x-ray . . . FirstVisitRegistration . . .⟩. The compliance
checker identified the x-ray event as an event that should not
have happened (highlighted yellow, move on log) because it
occurred before the FirstVisitRegistration event). In addi-
tion, the checker highlights the position where x-ray should
have occurred as a move on model (highlighted purple).
InitΩ
P1
F
F
MRI Ω
ΩCT
Final
Fig. 10. Petri-net pattern and a non-
compliant case for ‘CT-Scan and MRI
Compliance Requirement 3. “For safety reasons,
either a CT-Scan or an MRI test of an organ should
be taken from a patient but not both.” The corre-
sponding compliance rule from the Exclusive cat-
egory has the Petri-net pattern of Fig. 10(top).
We checked this rule and identified 1092 com-
pliant cases out of 1150. Fig. 10(bottom) shows di-
agnostic information for one non-compliant case.
The relevant sequence of events for this case is
⟨...CT.MRI ...CT...MRI ...⟩. The occurrence of
CT together with MRI is a violation. In addi-
tion, the diagnostic information provided by the
checker clearly shows several violations due to
C3 = “For safety reasons, either a CT-Scan or an MRI test of an organ
should be taken from a patient but not both.”
63. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGE
-
25
C = M=
Compliant
64. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGE
-
25
C = M=
Compliant
C`= M`=
?
65. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGE
-
25
C = M=
Compliant
C`= M`=
?
66. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
26
?
C =
M=
Compliant
C`=
M`=
67. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
26
?
C =
M=
Compliant
C`=
M`=
68. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
• Refinement of C and C’
26
?
C =
M=
Compliant
C`=
M`=
69. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
• Refinement of C and C’
Are changes in M’ consistent with previous regulations?
26
?
C =
M=
Compliant
C`=
M`=
70. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
• Refinement of C and C’
Are changes in M’ consistent with previous regulations?
• Process compliance with C and M'
26
?
C =
M=
Compliant
C`=
M`=
71. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
• Refinement of C and C’
Are changes in M’ consistent with previous regulations?
• Process compliance with C and M'
Are modified versions of the regulations and processes still
compliant?
26
?
C =
M=
Compliant
C`=
M`=
72. IT UNIVERSITY OF COPENHAGEN
COMPLIANCE AND CHANGES
Compliance with new regulations:
Are regulatory changes consistent?
• Refinement of C and C’
Are changes in M’ consistent with previous regulations?
• Process compliance with C and M'
Are modified versions of the regulations and processes still
compliant?
• Process compliance of C’ and M’
26
?
C =
M=
Compliant
C`=
M`=
73. IT UNIVERSITY OF COPENHAGEN
PROCESS CHANGE COMPLIANCE
27
M complies
with §2
M‘M
M‘
M partially
complies
with §3
M partially
complies
with §4
M‘ complies
with §2
M‘ violates rule
§3
M‘ complies
with §4
M. Reichert, B. Weber. Enabling Flexibility in Process-
Aware Information Systems. 2012
§2: G(¬MakeDecision (ExaminePatient MakeDecision))
§3: G(ExaminePatient (InformAboutRisks))
§4: G(InformAboutAnesthesia (ScheduleSurgery))
75. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
28
76. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
A legal, ethical, and regulatory view on how business processes are
correct.
28
77. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
A legal, ethical, and regulatory view on how business processes are
correct.
Comes from different sources: law, standards, guidelines, common
practices.
28
78. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
A legal, ethical, and regulatory view on how business processes are
correct.
Comes from different sources: law, standards, guidelines, common
practices.
Compliance is a cross-discipline that involves users from law,
consultancy, security together with process designers.
28
79. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
A legal, ethical, and regulatory view on how business processes are
correct.
Comes from different sources: law, standards, guidelines, common
practices.
Compliance is a cross-discipline that involves users from law,
consultancy, security together with process designers.
It must be ensured at all stages in the business process lifecycle:
Design (compliance checking)
Execution (compliance monitoring)
Auditing (compliance audit)
Change.
28
80. IT UNIVERSITY OF COPENHAGEN
TO SUMMARISE
Compliance is a high-level correctness property, apart from semantic
correctness.
A legal, ethical, and regulatory view on how business processes are
correct.
Comes from different sources: law, standards, guidelines, common
practices.
Compliance is a cross-discipline that involves users from law,
consultancy, security together with process designers.
It must be ensured at all stages in the business process lifecycle:
Design (compliance checking)
Execution (compliance monitoring)
Auditing (compliance audit)
Change.
It involves studying the process at multiple dimensions: control flow,
data, organisational & time.
28
81. IT UNIVERSITY OF COPENHAGEN
EXERCISES
Discuss in groups the following questions:
1. In which cases will be important to have full compliance, and in which
cases will be important to have weak compliance with the rules?
2. Describe one scenario where applying process audit will be more
beneficial than applying process monitoring, and vice-versa.
3. According to the dimensions for compliance rules described earlier, give
examples of compliance rules describing each dimension.
• Can you find examples of multi-dimensional rules?
29
Diagnostic Information in Compliance Checking 267
Fig. 1. Compliance Rule Framework
Furthermore, a compliance rule can
(4) impose time-related constraints (e.g.,
“Within 6 months the claim must be de-
cided.”) or can be untimed,(5) prescribe
properties of a single case or of multiple
cases (e.g., “20% of all claims require a
detailed check.”), and (6) prescribe prop-
erties of the process design (e.g., “The
claim process must have a time-out event
handler.”) or properties of the process ex-
ecutions, which can be observed (i.e.,
recorded in an event log).
These six dimensions give rise to
the framework shown in Fig. 1. In this
paper, we present compliance rules for
control flow, data flow as well as organi-
zational aspects, where we focus on un-
timed, observation-based properties of individual cases. The remainder of this section
82. IT UNIVERSITY OF COPENHAGEN
EXERCISES (II)
4. Using the highlighter tool, make a compliance model of the following law
excerptsa:
30
a. Danish Consolidation act on Social Services, §42.
https://danskelove.dk/serviceloven/42
(1) The municipal council shall pay compensation for loss of earnings to persons maintaining a
child under 18 in the home whose physical or mental function is substantially and permanently
impaired, or who is suffering from serious, chronic or long-term illness. Compensation shall be
subject to the condition that the child is cared for at home as a necessary consequence of the
impaired function, and that it is most expedient for the mother or father to care for the child.
5. Define a DCR graph that implements the case handling of pay
compensation.
6. Verify whether your process description abides the compliance rules
defined. Optionally, exchange your compliance rules with a
neighbouring group, and check whether your process description
abides them
83. IT UNIVERSITY OF COPENHAGEN
WANT TO KNOW MORE?
Halfmann, A.: Siemens versiebenfacht Zahl der Compliance-Mitarbeiter (January 2009)
31
J. Jiang, H. Aldewereld, V. Dignum, S. Wang, and Z. Baida, “Regulatory compliance of business processes,” AI &
Soc, vol. 30, no. 3, pp. 393–402, Aug. 2015.
S. Sackmann and M. Kähmer, “ExPDT: A policy-based approach for automating compliance [ExPDT: Ein Policy-
basierter Ansatz zur Automatisierung von Compliance],” Wirtschaftsinformatik, vol. 50, no. 5, pp. 366–374, 2008.
E. Ramezani, D. Fahland, and W. M. P. van der Aalst, “Where Did I Misbehave? Diagnostic Information in
Compliance Checking,” in Business Process Management, 2012, pp. 262–278.
G. Governatori and S. Sadiq, The journey to business process compliance. 2009.
N. Lohmann, “Compliance by design for artifact-centric business processes,” Information Systems, vol. 38, no. 4,
pp. 606–618, 2013.
M. P. Papazoglou, “Making business processes compliant to standards & regulations,” in Proceedings - IEEE
International Enterprise Distributed Object Computing Workshop, EDOC, Helsinki, 2011, pp. 3–13.
D. Knuplesch, M. Reichert, and A. Kumar, “Visually Monitoring Multiple Perspectives of Business Process
Compliance,” in Business Process Management, 2015, pp. 263–279.
M. Reichert, B. Weber. “Enabling Flexibility in Process-Aware Information Systems”. Springer, 2012
Danish Consolidation act on Social Services, §42. https://danskelove.dk/serviceloven/42
S. Sadiq, G. Governatori, and K. Namiri, “Modeling Control Objectives for Business Process Compliance,” in Business Process
Management, 2007, pp. 149–164.