Abstract
A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify, and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice.
Similar content being viewed by others
Notes
In this paper, the notion of process perspective corresponds to a specific business process modeling dimension according to Businska [13].
Note that we reconducted the experiment with the same environment in order to involve a larger number of subjects (42 subjects in the first run, 38 subjects in the second run).
A Kolmogorov–Smirnov test (p value 0.006) suggested not accepting the assumption of a normal distribution.
Interpretation of Cohen’s d: \(d \ge 0.8\) large effect, \(0.8 > d \ge 0.5\) medium effect, \(0.5 > d \ge 0.2\) small effect, \(d < 0.2\) trivial/no effect.
Note that the compliance checker visualizes eCRGs based on a layouting algorithm; i.e., positioning information from the modeling environment is not used.
References
Abdullah, N.S., Sadiq, S.W., Indulska, M.: Emerging challenges in information systems research for regulatory compliance management. In: CAiSE’10, LNCS, vol. 6051, pp. 251–265. Springer (2010)
Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3(3), 145–154 (2011)
Alberti, M., Chesani, F., Gavanelli, M., Lamma, E., Mello, P., Montali, M., Torroni, P.: Expressing and verifying business contracts with abductive logic programming. Int. J. Electron. Commerce 12(4), 9–38 (2008)
Alles, M., Kogan, A., Vasarhelyi, M.: Putting continuous auditing theory into practice: lessons from two pilot implementations. Inf. Sys. 22(2), 195–214 (2008)
Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: BPM’08, LNCS, vol. 5240, pp. 326–341. Springer (2008)
Awad, A., Weidlich, M., Weske, M.: Specification, verification and explanation of violation for data aware compliance rules. In: ICSOC’09, LNCS, vol. 5900, pp. 500–515. Springer (2009)
Awad, A., Weidlich, M., Weske, M.: Visually specifying compliance rules and explaining their violations for business processes. J. Vis. Lang. Comput. 22(1), 30–55 (2011)
Barba, I., Lanz, A., Weber, B., Reichert, M., Valle, C.D.: Optimized time management for declarative workflows. In: BPMDS’12, LNCS, vol. 113, pp. 195–210. Springer (2012)
Barros, A., Dumas, M., ter Hofstede, A.: Service interaction patterns. In: BPM’05, LNCS, vol. 3649, pp. 302–318. Springer (2005)
Baumgrass, A., Baier, T., Mendling, J., Strembeck, M.: Conformance checking of rbac policies in process-aware information systems. In: BPM’12 Workshops, LNBIP, vol. 100, pp. 435–446. Springer (2012)
Becker, J., Delfmann, P., Eggert, M., Schwittay, S.: Generalizability and applicability of model-based business process compliance-checking approaches—a state-of-the-art analysis and research roadmap. BuR Bus. Res. 5(2), 221–247 (2012)
Berry, A., Milosevic, Z.: Extending choreography with business contract constraints. Coop. Inf. Sys. 14(2–3), 131–179 (2005)
Businska, L.: Multidimensional business process modeling approach. In: ADBIS’10, LNCS, vol. 5968, pp. 247–256. Springer (2010)
Cabanillas, C., Knuplesch, D., Resinas, M., Reichert, M., Mendling, J., Ruiz-Cortes, A.: RALph: a graphical notation for resource assignments in business processes. In: CAiSE’15, LNCS, vol. 9097, pp. 53–68. Springer (2015)
Cabanillas, C., Resinas, M., Cortés, A.R.: Defining and analysing resource assignments in business processes with RAL. In: ICSOC’11, LNCS, vol. 7084, pp. 477–486. Springer (2011)
Cabanillas, C., Resinas, M., Ruiz-Cortés, A.: Hints on how to face business process compliance. In: JISBD’10, pp. 26–32 (2010)
Cohen, J.: Statistical Power Analysis for the Behavioral Sciences. Lawrence Erlbaum, Hillsdale (1998)
Decker, G., Weske, M.: Interaction-centric modeling of process choreographies. Inf. Syst. 36(2), 292–312 (2011)
Delfmann, P., Steinhorst, M., Dietrich, H.A., Becker, J.: The generic model query language GMQL conceptual specification, implementation, and runtime evaluation. Inf. Syst. 47, 129–177 (2015)
Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP’98, pp. 7–15. ACM (1998)
Eder, J., Tahamtan, A.: Temporal conformance of federated choreographies. In: DEXA’08, LNCS, vol. 5181, pp. 668–675. Springer (2008)
Feja, S., Speck, A., Witt, S., Schulz, M.: Checkable graphical business process representation. In: ADBIS’11, LNCS, vol. 6295, pp. 176–189. Springer (2011)
Fellmann, M., Zasada, A.: State-of-the-art of business process compliance approaches: a survey. In: ECIS’14, pp. 1–17 (2014)
Field, A., Hole, G.: How to Design and Report Experiments. Sage, Beverley Hills (2003)
Frank, U.: Multi-perspective enterprise modeling: foundational concepts, prospects and future research challenges. Softw. Syst. Model. 13(3), 941–962 (2014)
Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: ICSOC’07, LNCS, vol. 4749, pp. 169–180. Springer (2007)
Giblin, C., Müller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: towards model-driven compliance automation. Technical report RZ-3662, IBM (2006)
Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: BPM’06 Workshops, LNCS, vol. 4103, pp. 5–14. Springer (2006)
Governatori, G., Hoffmann, J., Sadiq, S., Weber, I.: Detecting regulatory compliance for business process models through semantic annotations. In: BPM’08 Workshops, LNBIP, vol. 17, pp. 5–17. Springer (2009)
Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: EDOC’06, pp. 221–232. IEEE (2006)
Governatori, G., Sadiq, S.: The journey to business process compliance. In: Cardoso, J., van der Aalst, W.M.P. (eds.) Handbook of Research on BPM, pp. 426–454. IGI Global, Hershey (2009)
Grosof, B.N., Labrou, Y.: An approach to using XML and a rule-based content language with an agent communication language. In: Issues in Agent Communication, LNCS, vol. 1916, pp. 96–117. Springer (2000)
Haisjackl, C., Barba, I., Zugal, S., Soffer, P., Hadar, I., Reichert, M., Pinggera, J., Weber, B.: Understanding declare models: strategies, pitfalls, empirical results. Softw. Syst. Model. 1–28 (2014). doi:10.1007/s10270-014-0435-z
Haisjackl, C., Zugal, S.: Investigating differences between graphical and textual declarative process models. In: CAiSE’14 Workshops, LNBIP, vol. 178, pp. 194–206. Springer (2014)
Herbst, H.: Business rules in systems analysis: a meta-model and repository system. Inf. Syst. 21(2), 147–166 (1996)
Hildebrandt, T., Mukkamala, R., Slaats, T.: Nested dynamic condition response graphs. In: FSEN’12, LNCS, vol. 7141, pp. 343–350. Springer (2012)
Höhn, S.: Model-based reasoning on the achievement of business goals. In: SAC’09, pp. 1589–1593. ACM (2009)
Höst, M., Regnell, B., Wohlin, C.: Using students as subjects a comparative study of students and professionals in lead-time impact assessment. Empir. Softw. Eng. 5(3), 201–214 (2000)
Hull, R.: Artifact-centric business process models: brief survey of research results and challenges. In: OTM’08, LNCS, vol. 5332, pp. 1152–1163. Springer (2008)
Kharbili, M.E., de Medeiros, A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS’08, pp. 107–113 (2008)
Knuplesch, D., Ly, L.T., Rinderle-Ma, S., Pfeifer, H., Dadam, P.: On enabling data-aware compliance checking of business process models. In: ER’2010, LNCS, vol. 6412, pp. 332–346. Springer (2010)
Knuplesch, D., Pryss, R., Reichert, M.: Data-aware interaction in distributed and collaborative workflows: modeling, semantics, correctness. In: CollaborateCom’12, pp. 223–232. IEEE (2012)
Knuplesch, D., Reichert, M.: Ensuring business process compliance along the process life cycle. Technical report 2011-06, Ulm University (2011)
Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On enabling compliance of cross-organizational business processes. In: BPM’13, LNCS, vol. 8094, pp. 146–154. Springer (2013)
Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: On the formal semantics of the extended compliance rule graph. Technical Report 2013-05, Ulm University (2013)
Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: Visual modeling of business process compliance rules with the support of multiple perspectives. In: ER’2013, LNCS, vol. 8217, pp. 106–120. Springer (2013)
Knuplesch, D., Reichert, M., Mangler, J., Rinderle-Ma, S., Fdhila, W.: Towards compliance of cross-organizational processes and their changes. In: BPM’12 Workshops, LNBIP, vol. 132, pp. 649–661. Springer (2013)
Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., Rinderle-Ma, S.: Ensuring compliance of distributed and collaborative workflows. In: CollaborateCom’13, pp. 133–142. IEEE (2013)
Konyen, I., Reichert, M., Schultheiß, B.: Organisationsstrukturen einer Universitätsklinik am Beispiel der Uni-Frauenklinik Ulm. Technical report DBIS-18, University of Ulm (1996)
Konyen, I., Reichert, M., Schultheiß, B., Frank, S., Mangold, R.: Ein Prozessentwurf für den Bereich der minimal invasiven Chirugie. Technical report DBIS-14, University of Ulm (1996)
Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf eines Ablaufs im Labor. Technical report DBIS-16, University of Ulm (1996)
Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf für den Ablauf einer radiologischen Untersuchung. Technical report DBIS-15, University of Ulm (1996)
Kumar, A., Yao, W., Chu, C.: Flexible process compliance with semantic constraints using mixed-integer programming. INFORMS J. Comput. 25(3), 543–559 (2013)
Künzle, V., Reichert, M.: PHILharmonicFlows: towards a framework for object-aware process management. J. Softw. Maint. Evol. Res. Pract. 23(4), 205–244 (2011)
Küster, J., Ryndina, K., Gall, H.: Generation of business process models for object life cycle compliance. In: BPM’07, LNCS, vol. 4714. Springer (2007)
Lanz, A., Reichert, M., Weber, B.: Process time patterns: a formal foundation. Inf. Syst. 57, 38–68 (2016)
Lanz, A., Weber, B., Reichert, M.: Time patterns for process-aware information systems. Requir. Eng. 19, 1–29 (2012)
Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)
Lumley, T., Diehr, P., Emerson, S., Chen, L.: The importance of the normality assumption in large public health data sets. Annu. Rev. Public Health 23(1), 151–169 (2002)
Ly, L.T., Maggi, F.M., Montali, M., Rinderle-Ma, S., van der Aalst, W.M.P.: A framework for the systematic comparison and evaluation of compliance monitoring approaches. In: EDOC’13, pp. 7–16. IEEE (2013)
Ly, L.T., Rinderle, S., Dadam, P.: Integration and verification of semantic constraints in adaptive process management systems. Data Knowl. Eng. 64(1), 3–23 (2008)
Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and verification of instantiable compliance rule graphs in process-aware information systems. In: CAiSE’10, LNCS, vol. 6051, pp. 9–23. Springer (2010)
Ly, L.T., Rinderle-Ma, S., Knuplesch, D., Dadam, P.: Monitoring business process compliance using compliance rule graphs. In: OTM’11, LNCS, vol. 7044, pp. 82–99. Springer (2011)
Maggi, F., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: BPM’11, LNCS, vol. 6896, pp. 132–147. Springer (2011)
Maggi, F.M., Francescomarino, C.D., Dumas, M., Ghidini, C.: Predictive monitoring of business processes. In: CAiSE’14, LNCS, vol. 8484, pp. 457–472. Springer (2014)
Meyer, A., Pufahl, L., Batoulis, K., Kruse, S., Lindhauer, T., Stoff, T., Fahland, D., Weske, M.: Automating data exchange in process choreographies. In: CAiSE’14, LNCS, vol. 8484. Springer (2014)
Meyer, A., Pufahl, L., Fahland, D., Weske, M.: Modeling and enacting complex data dependencies in business processes. In: BPM’13, LNCS, vol. 8094, pp. 171–186. Springer (2013)
Montali, M., Chesani, F., Mello, P., Maggi, F.M.: Towards data-aware constraints in declare. In: SAC’13, pp. 1391–1396. ACM (2013)
Moody, D.L.: The physics of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)
Namiri, K., Stojanovic, N.: Pattern-based design and validation of business process compliance. In: OTM’07, LNCS, pp. 59–76. Springer (2007)
OMG: BPMN 2.0. Recommendation, OMG (2011)
OMG: SBVR 1.3. Recommendation, OMG (2015)
Ottensooser, A., Fekete, A., Reijers, H.A., Mendling, J., Menictas, C.: Making sense of business process descriptions: an experimental comparison of graphical and textual notations. J. Syst. Softw. 85(3), 596–606 (2012)
Outmazgin, N., Soffer, P.: A process mining-based analysis of business process work-arounds. Softw. Syst. Model. 1–15 (2014). doi:10.1007/s10270-014-0420-6
Pesic, M., Schonenberg, H., van der Aalst, W.M.P.: DECLARE: full support for loosely-structured processes. In: EDOC’07, pp. 287–300. IEEE (2007)
Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where did I misbehave? Diagnostic information in compliance checking. In: BPM’12, LNCS, vol. 7481, pp. 262–278. Springer (2012)
Ramezani, E., Fahland, D., van der Werf, J.M., Mattheis, P.: Separating compliance management and business process management. In: BPM’11 Workshops, LNBIP, vol. 100, pp. 459–464. Springer (2012)
Ramezani Taghiabadi, E., Fahland, D., van Dongen, B.F., van der Aalst, W.M.P.: Diagnostic information for compliance checking of temporal compliance requirements. In: CAiSE’13, LNCS, vol. 7908, pp. 304–320. Springer (2013)
Ratcliffe, J.F.: The effect on the t distribution of non-normality in the sampled population. J. R. Stat. Soc. Ser. C (Appl. Stat.) 17(1), 42–48 (1968)
Reichert, M., Dadam, P.: ADEPT\(_{flex}\)—supporting dynamic changes of workflows without losing control. Intell. Inf. Sys. 10(2), 93–129 (1998)
Reichert, M., Rinderle, S., Kreher, U., Dadam, P.: Adaptive process management with ADEPT2. In: ICDE’05, pp. 1113–1114. IEEE (2005)
Reichert, M., Weber, B.: Business Process Compliance, pp. 297–320. Springer, Berlin (2012)
Reichert, M., Weber, B.: Enabling Flexibility in Process-Aware Information Systems—Challenges, Methods, Technologies. Springer, Berlin (2012)
Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: identification, representation and tool support. In: CAiSE’05, LNCS, vol. 3520, pp. 216–232. Springer (2005)
Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: BPMDS’14, LNBIP, vol. 175, pp. 200–214. Springer (2014)
Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M.: Prozessentwurf für den Ablauf einer stationären Chemotherapie. Technical report DBIS-5, University of Ulm (1996)
Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf am Beispiel eines Ablaufs aus dem OP-Bereich - Ergebnisse einer Analyse an der Universitätsfrauenklinik Ulm. Technical report DBIS-6, University of Ulm (1996)
Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf für den Ablauf einer ambulanten Chemotherapie. Technical report DBIS-7, University of Ulm (1996)
Semmelrodt, F.: Modellierung klinischer Prozesse und Compliance Regeln mittels BPMN 2.0 und eCRG. Master thesis, Ulm University, Germany (2013)
Semmelrodt, F., Knuplesch, D., Reichert, M.: Modeling the resource perspective of business process compliance rules with the extended compliance rule graph. In: BPMDS’14, LNBIP, vol. 175, pp. 48–63. Springer (2014)
Sunkle, S., Kholkar, D., Kulkarni, V.: Toward better mapping between regulations and operational details of enterprises using vocabularies and semantic similarity. In: CAiSE’15 Forum, pp. 229–236. CEUR-WS (2015)
Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects—an empirical evaluation. In: ESEM’08, pp. 288–290. ACM (2008)
Turetken, O., Elgammal, A., van den Heuvel, W.J., Papazoglou, M.: Capturing compliance requirements: a pattern-based approach. IEEE Softw. 29, 29–36 (2012)
van der Aalst, W.M.P.: Verification of workflow nets. In: ICATPN’97, LNCS, vol. 1248, pp. 407–426. Springer (1997)
van der Aalst, W.M.P., Beer, H.D., van Dongen, B.: Process mining and verification of properties: an approach based on temporal logic. In: OTM’05, LNCS, vol. 3760, pp. 130–147 (2005)
van der Aalst, W.M.P., ter Hofstede, A.H.: YAWL: yet another workflow language. Inf. Syst. 30(4), 245–275 (2005)
van der Aalst, W.M.P., Lohmann, N., Massuthe, P., Stahl, C., Wolf, K.: Multiparty contracts: agreeing and implementing interorganizational processes. Comput. J. 53(1), 90–106 (2010)
Zasada, A., Fellmann, M.: A pattern-based approach to transform natural text from laws into compliance controls in the food industry. In: LWA’15 Workshops, pp. 230–238. CEUR-WS (2015)
Zugal, S., Soffer, P., Haisjackl, C., Pinggera, J., Reichert, M., Weber, B.: Investigating expressiveness and understandability of hierarchy in declarative business process models. Softw. Syst. Model. 14(3), 1081–1103 (2015)
Acknowledgments
This work was accomplished in the C\(^3\)Pro research project, which is funded by the German Research Foundation (DFG), under Project Number RE 1402/2-1, as well as the Austrian Science Fund (FWF) under Project Number I743.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Dr. Selmin Nurcan.
Rights and permissions
About this article
Cite this article
Knuplesch, D., Reichert, M. A visual language for modeling multiple perspectives of business process compliance rules. Softw Syst Model 16, 715–736 (2017). https://doi.org/10.1007/s10270-016-0526-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10270-016-0526-0