Abstract
The realization and documentation of an effective Internal Controls System is required by regulations such as Sarbanes Oxley Act (SOX). In this paper we introduce a pattern based approach for modeling of the Internal Controls in Business Processes. They can be captured as declarative rules and checked during execution time of processes. The approach supports the definition of the controls outside of the operative Business Processes run by e-Business Systems in order to enable the reuse of process models and controls in different business and compliance environments. A detailed discussion on the domain model of Internal Controls and the system architecture necessary for realizing the approach is provided.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pub. L. 107-204. 116 Stat. 754, Sarbanes Oxley Act (2002)
Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control – Integrated Framework (1992)
Hartman, T., Foley & Lardner LLP.: The Cost of Being Public in the Era of Sarbanes-Oxley (June 2005)
zur Muehlen, M., Rosemann, M.: Integrating Risks in Business Process Models. In: Proceedings of the 2005 Australasian Conference on Information Systems (ACIS 2005), Manly, Sydney, Australia, November 30-December 2 (2005)
Dwyer, M., Avrunin, G., Corbett, J.: Patterns in Property Specification for Finite-State Verification. In: Proceedings of the 21st International Conference on Software Engineering, pp. 411–420 (May 1999)
Davenport, T.H., Short, J.E.: The New Industrial Engineering: Information Technology and Business Process Redesign. Sloan Management Review 31, 11–27 (1990)
Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts 10th International Enterprise Distributed Object Computing Conference. In: EDOC 2006, pp. 221–232. IEEE Press, Los Alamitos (2006)
Agrawal, R., Johnson, Ch., Kiernan, J., Leymann, F.: Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. In: Proc. 22nd Int’l. Conf. on Data Engineering (ICDE 2006), April 3 – 7, 2006, Altanta, GA, USA (2006)
Reichert, M., Dadam, P.: ADEPTflex – Supporting Dynamic Changes of Workflows Without Losing Control. Journal of Intelligent Information Systems 10(2) (1998)
Public Company Accounting Oversight Board (PCAOB), PCAOB Accounting Standard No. 2, paragraph 12.
Namiri, K., Stojanovic, N., Formal, A.: Approach for Internal Controls Compliance in Business Processes. In: 8th Workshop on Business Process Modeling, Development, and Support (BPMDS 2007)(conjunction with CAiSE 2007)
Giblin, C., Muller, S.: Brigit Pfitzmann from regulatory policies to event monitoring rules: Towards model driven compliance automation. IBM Research Report. Zurich Research Laboratory (October 2006)
Casati, F., Castano, S., Fugini, M., Mirbel, I., Pernici, B.: Using Patterns to Design Rules in Workflows. IEEE Transactions on Software Engineering 26(8) (August 2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Namiri, K., Stojanovic, N. (2007). Using Control Patterns in Business Processes Compliance. In: Weske, M., Hacid, MS., Godart, C. (eds) Web Information Systems Engineering – WISE 2007 Workshops. WISE 2007. Lecture Notes in Computer Science, vol 4832. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77010-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-77010-7_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77009-1
Online ISBN: 978-3-540-77010-7
eBook Packages: Computer ScienceComputer Science (R0)