Abstract
Compliance is often achieved ‘by design’ through a coherent system of controls consisting of information systems and procedures. This system-based control requires a new approach to auditing in which companies must demonstrate to the regulator that they are ‘in control’. They must determine the relevance of a regulation for their business, justify which set of control measures they have taken to comply with it, and demonstrate that the control measures are operationally effective. In this paper we show how value-based argumentation theory can be applied to the compliance domain. Corporate values motivate the selection of control measures (actions) which aim to fulfil control objectives, i.e. adopted norms (goals). In particular, we show how to formalize the audit dialogue in which companies justify their compliance decisions to regulators using value-based argumentation. The approach is illustrated by a case study of the safety and security measures adopted in the context of EU customs regulation.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
We noticed that under the definitions of Atkinson et al. (2006) there is no formal connection between goals and values; the two are only indirectly connected through the valuation of actions.
As an aside, we would like to make the point that methodologically, not only new approaches or logics deserve to be studied; also applications and empirical valuation of existing approaches deserves attention.
References
Alles M, Brennan G et al (2006) Continuous monitoring of business process controls: a pilot implementation of a continuous auditing system at Siemens. Acc Inf Syst 7:137–161
Atkinson K, Bench-Capon T (2007) Practical reasoning as presumptive argumentation using action based alternating transition systems. Artif Intell 171:855–874
Atkinson K, Bench-Capon T et al (2005) A dialogue game protocol for multi-agent argument for proposals over action. Auton Agents Multi-Agent Syst 11(2):153–171
Atkinson K, Bench-Capon T et al (2006) Computational representation of practical argument. Synthese 152(2):157–206
Ayres I, Braithwaite J (1992) Responsive regulation: transcending the deregulation debate. Oxford University Press, Oxford
Burgemeestre B, Hulstijn J et al (2009a) Rule-based versus principle-based regulatory compliance. Proceedings of JURIX 2009, IOS Press
Burgemeestre B, Hulstijn J et al (2009b) Towards an architecture for self-regulating agents: a case study in international trade. COIN@MALLOW Turin, Springer
Burgemeestre B, Liu J et al (2009c) Early requirements engineering for e-customs decision support: assessing overlap in mental models. In: Yu E, Eder J, Rolland C (eds) Forum Proceedings of the 21st CAiSE conference. Amsterdam, pp 31–36
Burgemeestre B, Hulstijn J et al (2010). Norm emergence in regulatory compliance. Proceedings of Normas 2010, Leicester
COSO (1992) Internal Control—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission
COSO (2004) Enterprise Risk Management—Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission
Dworkin R (1977) Taking rights seriously. Duckworth, London
European Commission (2006a) Commission Regulation No 1875/2006 of 18 December 2006. Off J Eur Union 360:64–125
European Commission (2006b) The AEO compact model
European Commission (2007) AEO guidelines
Fabian B, Gürses S et al (2010) A comparison of security requirements engineering methods. Requir Eng 15:7–40
Gribnau H (2008) Soft law and taxation: the case of the Netherlands. Legisprudence 1(3)
Helderman J-K, Honingh ME (2009) Systeemtoezicht: Een onderzoek naar de condities en werking van systeemtoezicht in zes sectoren. Radboud Universiteit Nijmegen, Nijmegen
Hofstede G, Neuijen B et al (1990) Measuring organizational cultures: a qualitative and quantitative study. Administr Sci Q 35(2):286–316
IFAC (2008) IAASB. Audit sampling: redrafted international standard on auditing (ISA 530). International Federation of Accountants (IFAC)
ISACF (2007) Control objectives for information and related technology (COBIT 4.1), Information Systems Audit and Control Foundation
Jones AJI, Sergot M (1996) A formal characterisation of institutionalised power. J Interest Group Pure Appl Logic 3:427–443
Jureta I, Faulkner S (2007) Tracing the rationale behind UML model change through argumentation. International Conference on Conceptual Modeling (ER), Auckland, New Zealand, Springer
Jureta I, Mylopoulos J et al (2008) Revisiting the core ontology and problem in requirements engineering. Proceedings of the 2008 16th IEEE International Requirements Engineering Conference. IEEE Computer Society, pp 71–80
Knechel W, Salterio S et al (2007) Auditing: assurance and risk, 3rd edn. Thomson Learning, Cincinatti
Korobkin RB (2000) Behavioral analysis and legal form: rules vs. principles revisited. Oregon Law Rev 79(1):23–60
Mackenzie J (1979) Question-begging in non-cumulative systems. J Philos Log 8:117–133
McBurney P, Parsons S (2002) Games that agents play: a formal framework for dialogues between autonomous agents. J Logic Lang Inf 11(3):315–334
Meyer JJ, Wieringa R (1993) Deontic logic in computer science: normative system specification. Wiley, London
Mylopoulos J, Chung L, Nixon BA (1992) Representing and using nonfunctional requirements: a process-oriented approach. IEEE Trans Softw Eng 18(6):483–497
NIST (2002) Risk management guide for information technology systems (NIST 800–30). National Institute for Security and Technology
Pathak J (2005) Information technology auditing: an evolving agenda. Springer Verlag
Perelman C (1980) Justice law and argument. D. Reidel Publishing Company, Dordrecht
Power M (1997) The audit society: rituals of verification. Oxford University Press, Oxford
Power M (2007) Organized uncertainty: designing a world of risk management. Oxford University Press, Oxford
Prakken H (2008a) A formal model of adjudication dialogues. Artif Intell Law 16(3):305–328
Prakken H (2008b) Formalising ordinary legal disputes: a case study. Artif Intell Law 16(4):333–359
Rees J (1988) Self regulation: an effective alternative to direct regulation by OSHA? Policy Stud J 16(3):602–614
Romney MB, Steinbart PJ (2006) Accounting information systems, 10e. Prentice Hall, NJ
Sadiq SW, Governatori G et al (2007) Modeling control objectives for business process compliance. Business Process Management (BPM 2007), Springer
Satava D, Caldwell C et al (2006) Ethics and the auditing culture: rethinking the foundation of accounting and auditing. J Bus Ethics 64:271–284
Searle JR (1995) The construction of social reality. The Free Press, Illinois
Simons R (1995) Levers of control: how managers use innovative control systems to drive strategic renewal. Harvard Business School Press, Boston
Stefik M (1995) Knowledge systems. Morgan Kauffman, San Fransisco
van Lamsweerde A (2001) Goal-oriented requirements engineering: a guided tour. International Symposium on Requirements Engineering Toronto
Vazquez-Salceda J, Aldewereld H et al (2005) Norms in multiagent systems: from theory to practice. Intl J Comput Syst Sci Eng 20(4):225–236
Walton D (1996) Argument schemes for presumptive reasoning. Lawrence Erlbaum Associates, Mahwah
Walton DN, Krabbe EC (1995) Commitment in dialogue: basic concepts of interpersonal reasoning. State University of New York Press, Albany
Westerman P (2009a) Legal or non-legal reasoning: the problems of arguing about goals. Argumentation 24:211–226
Westerman P (2009b) Who is regulating the self? Self-regulation as outsourced rule-making. In: Hertogh M, Westerman P (eds) Self-regulation and the future of the regulatory state: international and interdisciplinary perspectives. University of Groningen, Groningen, pp 23–36
Yin (2003) Case study research: design and methods, 2nd edn. Sage Publications, Thousand Oaks
Yu E (1997) Towards modelling and reasoning support for early-phase requirements engineering. In: Proceedings of the 3rd IEEE International Symposium on Requirements Engineering (RE’1997). IEEE CS Press, CA, pp 226–235
Acknowledgment
We would like to thank our colleague Huib Aldewereld and the reviewers for helping us to improve the paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Burgemeestre, B., Hulstijn, J. & Tan, YH. Value-based argumentation for justifying compliance. Artif Intell Law 19, 149 (2011). https://doi.org/10.1007/s10506-011-9113-4
Published:
DOI: https://doi.org/10.1007/s10506-011-9113-4