Skip to main content
Springer Nature Link
Log in

On the Risk Management and Auditing of SOA Based Business Processes

  • Conference paper
Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2008)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 17))

  • 1049 Accesses

Abstract

SOA-enabled business processes stretch across many cooperating and coordinated systems, possibly crossing organizational boundaries, and technologies like XML and Web services are used for making system-to-system interactions commonplace. Business processes form the foundation for all organizations, and as such, are impacted by industry regulations. This requires organizations to review their business processes and ensure that they meet the compliance standards set forth in legislation. In this paper we sketch a SOA-based service risk management and auditing methodology including a compliance enforcement and verification system that assures verifiable business process compliance. This is done on the basis of a knowledge-based system that allows integration of internal control systems into business processes conform pre-defined compliance rules, monitor both the normal process behavior and those of the control systems during process execution, and log these behaviors to facilitate retrospective auditing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alves, A., Arkin, A., Askary, A., Barreto, C., Bloch, B., Curbera, F., Ford, M., Goland, Y., Guízar, A., Kartha, N., Liu, C., Khalaf, R., König, D., Marin, M., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0 (April 2007)

    Google Scholar 

  2. Bajaj, S., Box, D., Chappell, D., Curbera, F., Daniels, G., Hallam-Baker, P., Hondo, M., Kaler, C., Langworthy, D., Nadalin, A., Nagaratnam, N., Prafullchandra, H., von Riegen, C., Roth, D., Schlimmer, J. (eds.) Sharp, C., Shewchuk, J., Vedamuthu, A., Yalçýnalp, Ü., Orchard, D.: Web services policy 1.2 framework (April 2006)

    Google Scholar 

  3. Basel Committee on Banking Supervision. International convergence of capital measurement and capital standards (June 2006)

    Google Scholar 

  4. Breaux, T., Antón, A., Spafford, E.: A distributed requirements management framework for legal compliance and accountability. Technical Report 14, North Carolina State University Computer Science (2006)

    Google Scholar 

  5. Canadian Institute of Chartered Accountants. Continuous auditing: research report. CICA/AICPA (1999)

    Google Scholar 

  6. COSO. Internal control for financial reporting - guidance for smaller public companies (2006)

    Google Scholar 

  7. Department of Health and Human Services. Hipaa privacy rule. US Federal Register (December 2000)

    Google Scholar 

  8. Ghanavati, S., Amyot, D., Peyton, L.: A requirements management framework for privacy compliance. In: Proceedings of the Workshop on Requirements Engineering (2007)

    Google Scholar 

  9. Ghose, A., Koliadis, G.: Auditing business process compliance. In: Proceedings of the International Conference on Service-Oriented Computing (2007)

    Google Scholar 

  10. Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: Eder, J., Dustdar, S. (eds.) BPM Workshops 2006. LNCS, vol. 4103, pp. 5–14. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Governatori, G., Milosevic, Z.: A formal analysis of a business contract language. International Journal of Cooperative Information Systems 15(4) (2006)

    Google Scholar 

  12. Grosof, B., Gruninger, M., Kifer, M., Martin, D., McGuinness, D., Parsia, B., Payne, T., Tate, A.: Semantic web services language requirements (February 2008)

    Google Scholar 

  13. Hayes, R., Dassen, R., Schilder, A., Wallage, P.: Principles of Auditing: An introduction to international standards on Auditing. Prentice Hall/Financial Times (2005)

    Google Scholar 

  14. International Federation of Accountants. Handbook of International Auditing, Assurance and Ethics Pronouncements. John Wiley, Chichester (2006)

    Google Scholar 

  15. IT Governance Institute. Framework for control objectives: Management guidelines and maturity models (cobit 4.1) (2007)

    Google Scholar 

  16. ITU-T. User requirements notation (urn) – language requirements and framework. ITU-T Recommendation Z.150 (February 2003)

    Google Scholar 

  17. Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Systems Journal 46(2), 335–362 (2007)

    Article  Google Scholar 

  18. Luckham, D.: The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems (Hardcover). Addison-Wesley Professional, Reading (2002)

    Google Scholar 

  19. Mouratidis, H., Giorgini, P., Manson, G.: An ontology for modelling security: The tropos approach. In: Proceedings of the 7th International Conference on Knowledge-Based Intelligent Information & Engineering Systems, Oxford, United Kingdom (September 2003)

    Google Scholar 

  20. Murthy, U., Groomer, S.: A continuous auditing web services model for xml-based accounting systems. Accounting Information Systems 5, 139–163 (2004)

    Article  Google Scholar 

  21. Namiri, K., Stojanovic, N.: Towards a formal framework for business process compliance. In: Proceedings of the Multikonferenz Wirtschaftsinformatik (February 2008)

    Google Scholar 

  22. Object Management Group. Business process modeling notation (February 2006)

    Google Scholar 

  23. Padmanabhan, V., Governatori, G., Sadiq, S., Colomb, R., Rotolo, A.: Process modeling: The deontic way. In: Proceedings Of The Australia-Pacific Conference on Conceptual Modeling (2006)

    Google Scholar 

  24. PriceWaterhouseCoopers. Adopting ifrs first-time adoption of international financial reporting standards (June 2004)

    Google Scholar 

  25. Sadiq, S., Governatori, G., Naimiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  26. Svirskas, A., Courbis, C., Molva, R., Bedzinskas, J.: Compliance proofs for collaborative interactions using aspect-oriented approach. In: Proceedings of the IEEE Congress on Services (2007)

    Google Scholar 

  27. US Congress. Sarbanes-oxley of 2002 (January 2002)

    Google Scholar 

  28. van Gelder, A., Ross, K., Schlipf, J.: The well-founded semantics for general logic programs. Journal of the ACM 38(3), 620–650 (1991)

    MathSciNet  MATH  Google Scholar 

  29. Yu, S., Neter, J.: A stochastic model of the internal control system. Journal of Accounting Research 11, 273–295 (1973)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Information Management, Tilburg University, PO Box 90153, 5000 LE, Tilburg, The Netherlands

    Bart Orriens, Willem-Jan v/d Heuvel & Mike Papazoglou

Authors
  1. Bart Orriens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willem-Jan v/d Heuvel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mike Papazoglou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universität Potsdam, August-Bebel-Str. 89, 14482, Potsdam, Germany

    Tiziana Margaria

  2. Technische Universität Dortmund, Otto-Hahn-Str. 14, 44227, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Orriens, B., Heuvel, WJ.v., Papazoglou, M. (2008). On the Risk Management and Auditing of SOA Based Business Processes. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2008. Communications in Computer and Information Science, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88479-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88479-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88478-1

  • Online ISBN: 978-3-540-88479-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics