Upload
caas-eu-fp7-project
View
90
Download
0
Tags:
Embed Size (px)
Citation preview
STRATIGAKI CHRISTINAPROF. LOUCOPOULOS PERICLES
PROF. NIKOLAIDOU MARAHAROKOPIO UNIVERSITY OF ATHENS
Designing a Meta Model as the Foundation for
Compliance Capability
DIT@HUA 2
Scientific context
Design rationale
Design a compliance meta-model
Testing through a use case
Conclusions & Future work
Overview
DIT@HUA 3
Scientific context-Definitions
1Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management.2Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005), 150-161.3Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health and Safety. Policy Studies, 26, 2 2005), 149-169.4Small_Business_Research_Centre. The Impact of Regulation on Small Business Performance. 2008. 5Blackburn, R., Hart, M., Smallbone, D., Kitching, J., Eadson, W. and Bannon, K. Analysis of the Impact of the Tax System on the Cash Flow of Small Businesses: A Report for HM Revenue and Customs (HMRC). 2005. 6Edwards, P., Ram, M. and Black, J. The Impact of Employment Legislation on Small Firms: a Case Study Analysis. DTI Employment Relations Research Series No. 202003).
Compliance capabilityHave the ability and the capacity to manage regulations within an organization.
Concept of complianceCompliance denotes that the execution of certain business processes complies with a set of regulations1
Why?It is faced differently across all businesses6.
1. Business owner’s awareness of regulation42. Different attitudes33. Capacity of business owner to discover, interpret and adapt to a regulation5
DIT@HUA 4
Scientific context-Objective
Regulatory Compliance
Capability to manage regulations
Develop a solid
methodology
Concept of compliance
Compliance capability
Objective
Business processes will ensure that enterprise actors conforms to a set of standards
Information system will assist in process enactment.
HOW?
DIT@HUA 5
Scientific context- Primary Scope
1. Define a meta-model that could act as the kernel of a compliance development methodology.
2. To use the meta-model as the means to developing a repository for supporting such a methodology.
DIT@HUA 6
Scientific context-Analysis of existing approaches
1Papazoglou, M. P. (2011). Making Business Processes Compliant to Standards & Regulations. The 16h IEEE International Enterprise Computing Conference (EDOC 2011). Helsinki, Finland.1Turetken, O., et al. (2012). "Capturing Compliance Requirements: A Pattern-Based Approach." IEEE Software May/ June 2012: 28-36.1Turetken, O., et al. (2011). Enforcing compliance on business processes through the use of patterns. European Conference on Information Systems (ECIS 2011). Helsinki, Finland: Paper No. 5.2COSO Internal Control – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission City, 1994.3Sadiq, S., et al. (2007). Modeling Control Objectives for Business Process Compliance. 5th International Conference on Business Process Management.
COMPAS1-Focused on compliance awareness. Model-driven engineering approach and used annotation techniques for relating system and requirement models at design-time.
Sadiq, Governatori et al. 20073 Modelling control objectives within BP structures. A basic model to capture compliance requirements.
COSO Framework2 offered the internalization of abstract compliance requirements into a set of organization-specific concrete norms.
DIT@HUA 7
Scientific context-Scope
Design a compliance meta-model with a specific focus on the compliance domain description and identification. It is essential to develop a meta-model for compliance management that will be useful and ready to be applied in all phases of BP lifecycle.
DIT@HUA 8
Proposed meta-model for compliance
1Conklin, E. J. and K. C. B. Yakemovic (1991) A Process-Oriented Approach to Design Rationale, Human-Computer Interaction 6(3,4): 357-391.1Lee, J. and K.-Y Lai (1991) What's in Design Rationale? , Human-Computer Interaction 6(3,4): 251-280.1Jarczyk, A. P. J., P. Loffler and F. M. Shipman III (1992) Design Rationale for Software Engineering: A Survey, 25th Hawaii International Conference on System Sciences, Conference, Kauai, Hawaii, IEEE Computer Society Press: 577-586.1Louridas P.,Loucopoulos P. (2000) A Generic Model for Reflective Design, ACM Transactions, on Software Engineering and Methodology 9(2):199-237
The functionality of the meta-model would be the semantic
definition and description of the notions of compliance
The methodology followed for the construction of the meta-model
is presented as a design rationale1
Hypotheses
Justifications
Design Action
Goal
Problem Analysis Evaluation
ResolutionProblem Setting
DIT@HUA 10
Starting point
Maintain the entities:
Compliance source(further
analysis) Compliance
rule(further analysis)
Examine the section of BPs as a compliance rule
target
DIT@HUA 13
Use the sections of the meta-
model(teleology, methodology and ontology) as a
conceptual compass Variability and
differentiability among the legal documents
Examine the usability of the proposed
entities
Instantiate the meta-model/ Design Rationale
Port Authority Act-MontserratHealthCare Regulation of Massachusetts SLA-Managed IT Support
Compendium concepts
Healthcare regulation1 instance of Teleology and Methodology sections
Teleology
Methodology
DIT@HUA 141State_of_Massachusetts General Laws-Public Health. City, 2012.
DIT@HUA 15
Ontology/Applicability section-Abortion regulation
Complex rules Simple RulesCR1 Description:
If a pregnancy has existed for less than twenty-four weeks no
abortion may be performed except by a physician and only if, in
the best medical judgment of a physician, the abortion is necessary
under all attendant circumstances.
MTL Expression:
Pregnancy CoExists Judgment_of_Abortion_as_Necessary LeadsTo
Performance_of_Abortion PerformedBy Physician
SR1a Text Description:
If a pregnancy has existed for less than
twenty-four weeks no abortion may be
performed except by a physician.
MTL Expression:
Pregnancy ExistsMax 24 weeks LeadsTo
Performance_of_Abortion PerformedBy Physician
SR1b Text Description:
The abortion may be performed only if the
physician has ruled as necessary under all attendant circumstances.
MTL Expression:
Judgment_of_Abortion_as_Necessary LeadsTo
Performance_of_Abortion PerformedBy Physician
DIT@HUA 16
Remarks about the instantiationsIn every instance the perception for each entity was the same for the modeler
The use of patterns and MTL expressions improve the understanding of rule’s syntax
The methodology section of the meta-model is very important for compliance management and categorization
Complex and simple rule entities are describing accurately the structure of rule as both semantically and lexically.
The applicability section of the meta-model is perfectly defining the factors that a rule affect
Ontological analysis
Evaluation of completeness and expressiveness of the proposed meta-model.
The ontological analysis requires a representation of mapping of the ontological concepts to its corresponding meta-model concepts.
An ontology in OWL will increase the usability of the meta-model
DIT@HUA 17
Ongoing research
DIT@HUA 19
Open issues
Possible changes and adjustments in the meta-model
Further study and analysis on the methods of extraction rules from a legal document
Combine textual and semantic extraction of rules for robust results
Evolve the OWL ontology Ontology-Reasoning
1. Bulygin, E. What Can One Expect from Logic in the Law? (Not Everything, but More than Something: A Reply to Susan Haack). Ratio Juris, 21, 1 2008), 150-156.
2. Siena, A., Ingolfo, S., Perini, A., Susi, A. and Mylopoulos, J. Automated Reasoning for Regulatory Compliance. City, 2013.
3. Mitchell, S. and Switzer, C. S. GRC Capability Model "Red Book" 2.0. OCEG, 2009.
4. Ghose, A. K. and Koliadis, G. Auditing business process compliance. City, 2007.
5. Namiri, K. and Stojanovic, N. A Formal Approach for Internal Controls Compliance in Business Processes. In Proceedings of the 8th Workshop on Business Process Modeling, Development and Support (BPMDS'07) (2007)
6. Buksa, I. Business Process and Regulations Compliance Management Technology. In Proceedings of the The CAiSE Doctoral Consortium 2011 (London, UK, 2011). http://ceur-ws.org/Vol-731/, [insert City of Publication].
7. State_of_Massachusetts General Laws-Public Health. City, 2012.
8. BPM_Forum. CEE: the Future. Building the Compliance Enabled Enterprise. Report Produced by Global Fluency in Partnership with: AXS-One. 2006.
9. Ram, M., Gilman, M., Arrowsmith, J. and Edwards, P. Once More into the Sunset? Asian Clothing Firms after the National Minimum Wage. Environment and Planning C: Government and Policy, 21, 1 2003), 71-88.
10. Yapp, C. and Fairman, R. Assessing Compliance with Food Safety Legislation in Small Businesses. British Food Journal, 107, 3 2005), 150-161.
11. Vickers, I., James, P., Smallbone, D. and Baldock, R. Understanding Small Firm Responses to Regulation: the Case of Workplace Health and Safety. Policy Studies, 26, 2 2005), 149-169.
Suggested Bibliography
DIT@HUA 21