A Pattern-Based Approach to Capturing Compliance Requirements

Ensuring compliance to laws, regulations, and standards in a constantly changing business environment is a major challenge for companies. So, organizations have an increasing need for systematic approaches to manage compliance throughout the business process life cycle. A new pattern-based approach, including a toolset, captures and manages business process compliance requirements. This approach is a first step toward comprehensive management of business process compliance and acts as a springboard to fully automate and continuously audit business processes.

An article by Oktay Turetken, Amal Elgammal, Willem-Jan van den Heuvel, and Michael P. Papazoglou will help you understand the subject.

A new pattern-based framework captures and manages business process compliance requirements by acting as a springboard to fully automate and continuously audit business processes.

In today’s IT-centric business environment, managing compliance withregulations, laws, and other imperatives has become critical for success. Directives govern almost every aspect of running a business, requiring organizations to provide assurances to regulators, stakeholders, customers, and business partners. Assuring compliance across an enterprise necessitates a holistic, tractable, and disciplined approach for defining an integrated, consistent set of process- and system-level internal controls. Internal controls in particular should help an organization achieve its objectives regarding effective and efficient operations; reliable internal and external reporting; and compliance with applicable laws, regulations, and internal policies.

1. A series of large corporate scandals in the early 2000s led to various laws and regulations, such as the Sarbanes–Oxley Act (SOX) and Basel I–III. To address these regulatory measures, many companies have taken steps to integrate controls in their business processes (BPs) and enterprise systems. However, most of these attempts have led to highly tailored, isolated solutions involving hardcoded controls implementing requirements across multiple systems. This scattered structure impedes adaptation to the constantly changing business environment and growing body of laws, regulations, and standards.
2. As a first step toward comprehensive management of BP compliance, we’ve developed a pattern-based approach that captures and manages BP compliance requirements. This approach acts as a springboard to fully automate and continuously audit BPs. The Challenges of BP Compliance Mainstream approaches to managing internal controls in BPs are fragmented and focus mainly on retrospective reporting.
3. However, this can lead to reactive risk prevention, which often incurs costly penalties. Existing tools, such as Oracle GRC (Governance, Risk, and Compliance) Accelerators and SAP BusinessObjects GRC solutions, offer solutions only for monolithic applications (such as enterprise resource planning systems). This severely restricts these solutions’ usability for modern BPs and supporting enterprise systems, which are highly distributed and interconnected.