Oktay Turetken

Root-cause analysis of design-time compliance violations on the basis of property patterns

Today’s business environment demands a high degree of compliance of business processes with business rules, policies, regulations and laws. Compliance regulations, such Sarbanes-Oxley force enterprises to continuously review their business processes and service-enabled applications and ensure that they satisfy the set of relevant compliance constraints. Compliance management should be considered from the very early stages of the business process design. In this paper, a taxonomy of compliance constraints for business processes is introduced based on property specification patterns, where patterns can be used to facilitate the formal specification of compliance constraints. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually resolve design-time compliance violations. Based on the root-cause analysis, appropriate guidelines and instructions can be provided as remedies to alleviate design-time compliance deviations in service-enabled business processes.

Formalizing and appling compliance patterns for business process compliance

Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.

Capturing Compliance Requirements: A Pattern-Based Approach

In todays IT-centric business environment, managing compliance with regulations, laws, and other imperatives has become critical for success. Directives govern almost every aspect of running a business, requiring organizations to provide assurances to regulators, stakeholders, customers, and business partners. Assuring compliance across an enterprise necessitates a holistic, tractable, and disciplined approach for defining an integrated, consistent set of process and system-level internal controls. A new pattern-based framework captures and manages business process compliance requirements by acting as a springboard to fully automate and continuously audit business processes.

Business process maturity models: a systematic literature review

Abstract Context The number of maturity models proposed in the area of Business Process Management (BPM) has increased considerably in the last decade. However, there are a number of challenges, such as the limited empirical studies on their validation and a limited extent of actionable properties of these models in guiding their application. These challenges hinder the widespread usage of the maturity models in the BPM field. Objective In order to better understand the state of the research on business process maturity models (BPMMs) and identify opportunities for future research, we conducted a systematic literature review. Method We searched the studies between the years 1990 and 2014 in established digital libraries to identify empirical studies of BPMMs by focusing on their development, validation, and application. We targeted studies on generic models proposed for business process maturity, business process management or orientation maturity, and selected 61 studies out of 2899 retrieved initially. Results We found that despite that many BPMMs were proposed in the last decade, the level of empirical evidence that reveals the validity and usefulness of these models is scarce. Conclusion The current state of research on BPM maturity is in its early phases, and academic literature lacks methodical applications of many mainstream BPMMs that have been proposed. Future research should be directed towards: (1) reconciling existing models with a strong emphasis on prescriptive properties, (2) conducting empirical studies to demonstrate the validity and usefulness of BPMMs, and (3) separating the assessment method used to evaluate the maturity level from the maturity model which acts as the reference framework for the assessment.

USING PATTERNS FOR THE ANALYSIS AND RESOLUTION OF COMPLIANCE VIOLATIONS

Todays enterprises demand a high degree of compliance of business processes to meet laws and regulations, such as Sarbanes-Oxley and Basel II. Compliance should be enforced during all phases of business process lifecycle, from the phases of analysis and design to deployment, monitoring and evaluation. In this paper, a taxonomy of compliance constraints for business processes is introduced based on the notion of compliance patterns. Patterns facilitate the formal specification of compliance constraints that enable their verification and analysis against business process models. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually to resolve design-time compliance violations, by providing appropriate guidelines as remedies to alleviate design-time compliance deviations. We have developed and integrated a set of tools to observe and evaluate the applicability of our approach, and experiment with it in case studies.

On the formal specification of regulatory compliance: a comparative analysis

Todays business environment demands a high rate of compliance of service-enabled business processes with which enterprises are required to cope. Thus, a comprehensive compliance management framework is required such that compliance management must crosscut all the stages of the complete business process lifecycle, starting from the very early stages of business process design. Formalizing compliance requirements based on a formal foundation of an expressive logical language enables the application of associated verification and analysis tools to ensure the compliance. In this paper, we have conducted a comparative analysis between three languages that can be used as the formal foundation of business process compliance requirements, focusing on designtime phase. Two main families of languages have been identified, which are: the temporal and deontic families of logic. In particular, we have considered LTL, CTL and FCL. The comparative analysis is based on the capabilities and limitations of each language and a set of required identified features.

Plural: A decentralized business process modeling method

Top-down and centralized approaches prevail in the design and improvement of business processes. However, centralized structures pose difficulties for organizations in adapting to a rapidly changing business environment. Here we present the Plural method which can be used to guide organizations in performing process modeling in a decentralized way. Instead of a centralized group of people understanding, modeling and improving processes, our method allows individuals to model and improve their own processes to help in fulfilling their roles in the organization. An individual model depicts a set of activities performed by a role, which together result in a cohesive service within the organization. These individual models are then integrated as necessary to show the way the organization works. We applied the Plural method in a case study of a small-size software organization. We describe the method and its underlying principles and then discuss the findings of our case study, lessons learned, and limitations. The study thus provided evidence of Plurals utility and showed how an organization might exploit its strengths.

Software Functional Size: For Cost Estimation and More

Determining software characteristics that will effectively support project planning, execution, monitoring and closure remains to be one of the prevalent challenges software project managers face. Functional size measures were introduced to quantify one of the primary characteristics of software. Although functional size measurement methods have not been without criticisms, they have significant promises for software project management. In this paper, we explore the contributions of functional size measurement to project management. We identified diverse uses of functional size by performing a literature survey and investigating how functional size measurement can be incorporated into project management practices by mapping the uses of functional size to the knowledge areas defined in project management body of knowledge (PMBOK).

The Effect of Modularity Representation and Presentation Medium on the Understandability of Business Process Models in BPMN

Many factors influence the creation of understandable business process models for an appropriate audience. Understandability of process models becomes critical particularly when a process is complex and its model is large in structure. Using modularization to represent such models hierarchically (e.g. using sub-processes) is considered to contribute to the understandability of these models. To investigate this assumption, we conducted an experiment that involved 2 large-scale real-life business process models that were modeled using BPMN v2.0 (Business Process Model and Notation). Each process was modeled in 3 modularity forms: fully-flattened, flattened where activities are clustered using BPMN groups, and modularized using separately viewed BPMN sub-processes. The objective is to investigate if and how different forms of modularity representation in BPMN collaboration diagrams influence the understandability of process models. In addition to the forms of modularity representation, we also looked into the presentation medium (paper vs. computer) as a factor that potentially influences model comprehension. Sixty business practitioners from a large organization participated in the experiment. The results of our experiment indicate that for business practitioners, to optimally understand a BPMN model in the form of a collaboration diagram, it is best to present the model in a ‘fully-flattened’ fashion (without using collapsed sub-processes in BPMN) in the ‘paper’ format.

A Maturity Model for Scaling Agile Development

Although the agile software development approaches have gained wide acceptance in practice, the concerns regarding the scalability and integration of agile approaches in traditional system development organizations have remained. The difficulty of adopting agile practices increases when there is a need to scale these practices. Scaled Agile Framework (SAFe) has emerged as a solution to address some of these concerns. Despite few encouraging results of SAFe adoption, case studies indicate several challenges of SAFe adoption. Currently, there is a lack of a well-structured gradual approach for implementing and establishing SAFe. Before and during SAFe adoption, organizations require a uniform model for assessing the current state and progress, and for establishing a roadmap for the initiative. To address this need, we developed a maturity model for adopting agile and SAFe practices. Taking an existing agile maturity model as the basis, we extended the model with practices that are key to scaling agile practices for the SAFe. The model is developed and refined using a Delphi study. Subsequently, a case study was conducted in a large organization where the model was applied to assess the maturity level of the organization in adopting SAFe.