Skip to main content

Advertisement

SpringerLink
Log in

A visual language for modeling multiple perspectives of business process compliance rules

  • Theme Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify, and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

Notes

  1. In this paper, the notion of process perspective corresponds to a specific business process modeling dimension according to Businska [13].

  2. Note that imperative process modeling approaches tend to (over-)specify business processes. Hence, they are not well suited for specifying declarative constraints and process compliance rules [31, 75, 83].

  3. Note that we reconducted the experiment with the same environment in order to involve a larger number of subjects (42 subjects in the first run, 38 subjects in the second run).

  4. A Kolmogorov–Smirnov test (p value 0.006) suggested not accepting the assumption of a normal distribution.

  5. Interpretation of Cohen’s d: \(d \ge 0.8\) large effect, \(0.8 > d \ge 0.5\) medium effect, \(0.5 > d \ge 0.2\) small effect, \(d < 0.2\) trivial/no effect.

  6. Note that the compliance checker visualizes eCRGs based on a layouting algorithm; i.e., positioning information from the modeling environment is not used.

References

  1. Abdullah, N.S., Sadiq, S.W., Indulska, M.: Emerging challenges in information systems research for regulatory compliance management. In: CAiSE’10, LNCS, vol. 6051, pp. 251–265. Springer (2010)

  2. Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3(3), 145–154 (2011)

    Article  Google Scholar 

  3. Alberti, M., Chesani, F., Gavanelli, M., Lamma, E., Mello, P., Montali, M., Torroni, P.: Expressing and verifying business contracts with abductive logic programming. Int. J. Electron. Commerce 12(4), 9–38 (2008)

    Article  MATH  Google Scholar 

  4. Alles, M., Kogan, A., Vasarhelyi, M.: Putting continuous auditing theory into practice: lessons from two pilot implementations. Inf. Sys. 22(2), 195–214 (2008)

    Google Scholar 

  5. Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: BPM’08, LNCS, vol. 5240, pp. 326–341. Springer (2008)

  6. Awad, A., Weidlich, M., Weske, M.: Specification, verification and explanation of violation for data aware compliance rules. In: ICSOC’09, LNCS, vol. 5900, pp. 500–515. Springer (2009)

  7. Awad, A., Weidlich, M., Weske, M.: Visually specifying compliance rules and explaining their violations for business processes. J. Vis. Lang. Comput. 22(1), 30–55 (2011)

    Article  Google Scholar 

  8. Barba, I., Lanz, A., Weber, B., Reichert, M., Valle, C.D.: Optimized time management for declarative workflows. In: BPMDS’12, LNCS, vol. 113, pp. 195–210. Springer (2012)

  9. Barros, A., Dumas, M., ter Hofstede, A.: Service interaction patterns. In: BPM’05, LNCS, vol. 3649, pp. 302–318. Springer (2005)

  10. Baumgrass, A., Baier, T., Mendling, J., Strembeck, M.: Conformance checking of rbac policies in process-aware information systems. In: BPM’12 Workshops, LNBIP, vol. 100, pp. 435–446. Springer (2012)

  11. Becker, J., Delfmann, P., Eggert, M., Schwittay, S.: Generalizability and applicability of model-based business process compliance-checking approaches—a state-of-the-art analysis and research roadmap. BuR Bus. Res. 5(2), 221–247 (2012)

    Article  Google Scholar 

  12. Berry, A., Milosevic, Z.: Extending choreography with business contract constraints. Coop. Inf. Sys. 14(2–3), 131–179 (2005)

    Article  Google Scholar 

  13. Businska, L.: Multidimensional business process modeling approach. In: ADBIS’10, LNCS, vol. 5968, pp. 247–256. Springer (2010)

  14. Cabanillas, C., Knuplesch, D., Resinas, M., Reichert, M., Mendling, J., Ruiz-Cortes, A.: RALph: a graphical notation for resource assignments in business processes. In: CAiSE’15, LNCS, vol. 9097, pp. 53–68. Springer (2015)

  15. Cabanillas, C., Resinas, M., Cortés, A.R.: Defining and analysing resource assignments in business processes with RAL. In: ICSOC’11, LNCS, vol. 7084, pp. 477–486. Springer (2011)

  16. Cabanillas, C., Resinas, M., Ruiz-Cortés, A.: Hints on how to face business process compliance. In: JISBD’10, pp. 26–32 (2010)

  17. Cohen, J.: Statistical Power Analysis for the Behavioral Sciences. Lawrence Erlbaum, Hillsdale (1998)

    MATH  Google Scholar 

  18. Decker, G., Weske, M.: Interaction-centric modeling of process choreographies. Inf. Syst. 36(2), 292–312 (2011)

    Article  Google Scholar 

  19. Delfmann, P., Steinhorst, M., Dietrich, H.A., Becker, J.: The generic model query language GMQL conceptual specification, implementation, and runtime evaluation. Inf. Syst. 47, 129–177 (2015)

    Article  Google Scholar 

  20. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP’98, pp. 7–15. ACM (1998)

  21. Eder, J., Tahamtan, A.: Temporal conformance of federated choreographies. In: DEXA’08, LNCS, vol. 5181, pp. 668–675. Springer (2008)

  22. Feja, S., Speck, A., Witt, S., Schulz, M.: Checkable graphical business process representation. In: ADBIS’11, LNCS, vol. 6295, pp. 176–189. Springer (2011)

  23. Fellmann, M., Zasada, A.: State-of-the-art of business process compliance approaches: a survey. In: ECIS’14, pp. 1–17 (2014)

  24. Field, A., Hole, G.: How to Design and Report Experiments. Sage, Beverley Hills (2003)

    Google Scholar 

  25. Frank, U.: Multi-perspective enterprise modeling: foundational concepts, prospects and future research challenges. Softw. Syst. Model. 13(3), 941–962 (2014)

    Article  Google Scholar 

  26. Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: ICSOC’07, LNCS, vol. 4749, pp. 169–180. Springer (2007)

  27. Giblin, C., Müller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: towards model-driven compliance automation. Technical report RZ-3662, IBM (2006)

  28. Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: BPM’06 Workshops, LNCS, vol. 4103, pp. 5–14. Springer (2006)

  29. Governatori, G., Hoffmann, J., Sadiq, S., Weber, I.: Detecting regulatory compliance for business process models through semantic annotations. In: BPM’08 Workshops, LNBIP, vol. 17, pp. 5–17. Springer (2009)

  30. Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: EDOC’06, pp. 221–232. IEEE (2006)

  31. Governatori, G., Sadiq, S.: The journey to business process compliance. In: Cardoso, J., van der Aalst, W.M.P. (eds.) Handbook of Research on BPM, pp. 426–454. IGI Global, Hershey (2009)

    Google Scholar 

  32. Grosof, B.N., Labrou, Y.: An approach to using XML and a rule-based content language with an agent communication language. In: Issues in Agent Communication, LNCS, vol. 1916, pp. 96–117. Springer (2000)

  33. Haisjackl, C., Barba, I., Zugal, S., Soffer, P., Hadar, I., Reichert, M., Pinggera, J., Weber, B.: Understanding declare models: strategies, pitfalls, empirical results. Softw. Syst. Model. 1–28 (2014). doi:10.1007/s10270-014-0435-z

  34. Haisjackl, C., Zugal, S.: Investigating differences between graphical and textual declarative process models. In: CAiSE’14 Workshops, LNBIP, vol. 178, pp. 194–206. Springer (2014)

  35. Herbst, H.: Business rules in systems analysis: a meta-model and repository system. Inf. Syst. 21(2), 147–166 (1996)

    Article  Google Scholar 

  36. Hildebrandt, T., Mukkamala, R., Slaats, T.: Nested dynamic condition response graphs. In: FSEN’12, LNCS, vol. 7141, pp. 343–350. Springer (2012)

  37. Höhn, S.: Model-based reasoning on the achievement of business goals. In: SAC’09, pp. 1589–1593. ACM (2009)

  38. Höst, M., Regnell, B., Wohlin, C.: Using students as subjects a comparative study of students and professionals in lead-time impact assessment. Empir. Softw. Eng. 5(3), 201–214 (2000)

    Article  MATH  Google Scholar 

  39. Hull, R.: Artifact-centric business process models: brief survey of research results and challenges. In: OTM’08, LNCS, vol. 5332, pp. 1152–1163. Springer (2008)

  40. Kharbili, M.E., de Medeiros, A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS’08, pp. 107–113 (2008)

  41. Knuplesch, D., Ly, L.T., Rinderle-Ma, S., Pfeifer, H., Dadam, P.: On enabling data-aware compliance checking of business process models. In: ER’2010, LNCS, vol. 6412, pp. 332–346. Springer (2010)

  42. Knuplesch, D., Pryss, R., Reichert, M.: Data-aware interaction in distributed and collaborative workflows: modeling, semantics, correctness. In: CollaborateCom’12, pp. 223–232. IEEE (2012)

  43. Knuplesch, D., Reichert, M.: Ensuring business process compliance along the process life cycle. Technical report 2011-06, Ulm University (2011)

  44. Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On enabling compliance of cross-organizational business processes. In: BPM’13, LNCS, vol. 8094, pp. 146–154. Springer (2013)

  45. Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: On the formal semantics of the extended compliance rule graph. Technical Report 2013-05, Ulm University (2013)

  46. Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: Visual modeling of business process compliance rules with the support of multiple perspectives. In: ER’2013, LNCS, vol. 8217, pp. 106–120. Springer (2013)

  47. Knuplesch, D., Reichert, M., Mangler, J., Rinderle-Ma, S., Fdhila, W.: Towards compliance of cross-organizational processes and their changes. In: BPM’12 Workshops, LNBIP, vol. 132, pp. 649–661. Springer (2013)

  48. Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., Rinderle-Ma, S.: Ensuring compliance of distributed and collaborative workflows. In: CollaborateCom’13, pp. 133–142. IEEE (2013)

  49. Konyen, I., Reichert, M., Schultheiß, B.: Organisationsstrukturen einer Universitätsklinik am Beispiel der Uni-Frauenklinik Ulm. Technical report DBIS-18, University of Ulm (1996)

  50. Konyen, I., Reichert, M., Schultheiß, B., Frank, S., Mangold, R.: Ein Prozessentwurf für den Bereich der minimal invasiven Chirugie. Technical report DBIS-14, University of Ulm (1996)

  51. Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf eines Ablaufs im Labor. Technical report DBIS-16, University of Ulm (1996)

  52. Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf für den Ablauf einer radiologischen Untersuchung. Technical report DBIS-15, University of Ulm (1996)

  53. Kumar, A., Yao, W., Chu, C.: Flexible process compliance with semantic constraints using mixed-integer programming. INFORMS J. Comput. 25(3), 543–559 (2013)

    Article  Google Scholar 

  54. Künzle, V., Reichert, M.: PHILharmonicFlows: towards a framework for object-aware process management. J. Softw. Maint. Evol. Res. Pract. 23(4), 205–244 (2011)

    Article  Google Scholar 

  55. Küster, J., Ryndina, K., Gall, H.: Generation of business process models for object life cycle compliance. In: BPM’07, LNCS, vol. 4714. Springer (2007)

  56. Lanz, A., Reichert, M., Weber, B.: Process time patterns: a formal foundation. Inf. Syst. 57, 38–68 (2016)

    Article  Google Scholar 

  57. Lanz, A., Weber, B., Reichert, M.: Time patterns for process-aware information systems. Requir. Eng. 19, 1–29 (2012)

    Google Scholar 

  58. Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)

    Article  Google Scholar 

  59. Lumley, T., Diehr, P., Emerson, S., Chen, L.: The importance of the normality assumption in large public health data sets. Annu. Rev. Public Health 23(1), 151–169 (2002)

    Article  Google Scholar 

  60. Ly, L.T., Maggi, F.M., Montali, M., Rinderle-Ma, S., van der Aalst, W.M.P.: A framework for the systematic comparison and evaluation of compliance monitoring approaches. In: EDOC’13, pp. 7–16. IEEE (2013)

  61. Ly, L.T., Rinderle, S., Dadam, P.: Integration and verification of semantic constraints in adaptive process management systems. Data Knowl. Eng. 64(1), 3–23 (2008)

    Article  Google Scholar 

  62. Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and verification of instantiable compliance rule graphs in process-aware information systems. In: CAiSE’10, LNCS, vol. 6051, pp. 9–23. Springer (2010)

  63. Ly, L.T., Rinderle-Ma, S., Knuplesch, D., Dadam, P.: Monitoring business process compliance using compliance rule graphs. In: OTM’11, LNCS, vol. 7044, pp. 82–99. Springer (2011)

  64. Maggi, F., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: BPM’11, LNCS, vol. 6896, pp. 132–147. Springer (2011)

  65. Maggi, F.M., Francescomarino, C.D., Dumas, M., Ghidini, C.: Predictive monitoring of business processes. In: CAiSE’14, LNCS, vol. 8484, pp. 457–472. Springer (2014)

  66. Meyer, A., Pufahl, L., Batoulis, K., Kruse, S., Lindhauer, T., Stoff, T., Fahland, D., Weske, M.: Automating data exchange in process choreographies. In: CAiSE’14, LNCS, vol. 8484. Springer (2014)

  67. Meyer, A., Pufahl, L., Fahland, D., Weske, M.: Modeling and enacting complex data dependencies in business processes. In: BPM’13, LNCS, vol. 8094, pp. 171–186. Springer (2013)

  68. Montali, M., Chesani, F., Mello, P., Maggi, F.M.: Towards data-aware constraints in declare. In: SAC’13, pp. 1391–1396. ACM (2013)

  69. Moody, D.L.: The physics of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)

    Article  Google Scholar 

  70. Namiri, K., Stojanovic, N.: Pattern-based design and validation of business process compliance. In: OTM’07, LNCS, pp. 59–76. Springer (2007)

  71. OMG: BPMN 2.0. Recommendation, OMG (2011)

  72. OMG: SBVR 1.3. Recommendation, OMG (2015)

  73. Ottensooser, A., Fekete, A., Reijers, H.A., Mendling, J., Menictas, C.: Making sense of business process descriptions: an experimental comparison of graphical and textual notations. J. Syst. Softw. 85(3), 596–606 (2012)

    Article  Google Scholar 

  74. Outmazgin, N., Soffer, P.: A process mining-based analysis of business process work-arounds. Softw. Syst. Model. 1–15 (2014). doi:10.1007/s10270-014-0420-6

  75. Pesic, M., Schonenberg, H., van der Aalst, W.M.P.: DECLARE: full support for loosely-structured processes. In: EDOC’07, pp. 287–300. IEEE (2007)

  76. Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where did I misbehave? Diagnostic information in compliance checking. In: BPM’12, LNCS, vol. 7481, pp. 262–278. Springer (2012)

  77. Ramezani, E., Fahland, D., van der Werf, J.M., Mattheis, P.: Separating compliance management and business process management. In: BPM’11 Workshops, LNBIP, vol. 100, pp. 459–464. Springer (2012)

  78. Ramezani Taghiabadi, E., Fahland, D., van Dongen, B.F., van der Aalst, W.M.P.: Diagnostic information for compliance checking of temporal compliance requirements. In: CAiSE’13, LNCS, vol. 7908, pp. 304–320. Springer (2013)

  79. Ratcliffe, J.F.: The effect on the t distribution of non-normality in the sampled population. J. R. Stat. Soc. Ser. C (Appl. Stat.) 17(1), 42–48 (1968)

    MathSciNet  Google Scholar 

  80. Reichert, M., Dadam, P.: ADEPT\(_{flex}\)—supporting dynamic changes of workflows without losing control. Intell. Inf. Sys. 10(2), 93–129 (1998)

    Article  Google Scholar 

  81. Reichert, M., Rinderle, S., Kreher, U., Dadam, P.: Adaptive process management with ADEPT2. In: ICDE’05, pp. 1113–1114. IEEE (2005)

  82. Reichert, M., Weber, B.: Business Process Compliance, pp. 297–320. Springer, Berlin (2012)

    Google Scholar 

  83. Reichert, M., Weber, B.: Enabling Flexibility in Process-Aware Information Systems—Challenges, Methods, Technologies. Springer, Berlin (2012)

    Book  MATH  Google Scholar 

  84. Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: identification, representation and tool support. In: CAiSE’05, LNCS, vol. 3520, pp. 216–232. Springer (2005)

  85. Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: BPMDS’14, LNBIP, vol. 175, pp. 200–214. Springer (2014)

  86. Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M.: Prozessentwurf für den Ablauf einer stationären Chemotherapie. Technical report DBIS-5, University of Ulm (1996)

  87. Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf am Beispiel eines Ablaufs aus dem OP-Bereich - Ergebnisse einer Analyse an der Universitätsfrauenklinik Ulm. Technical report DBIS-6, University of Ulm (1996)

  88. Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf für den Ablauf einer ambulanten Chemotherapie. Technical report DBIS-7, University of Ulm (1996)

  89. Semmelrodt, F.: Modellierung klinischer Prozesse und Compliance Regeln mittels BPMN 2.0 und eCRG. Master thesis, Ulm University, Germany (2013)

  90. Semmelrodt, F., Knuplesch, D., Reichert, M.: Modeling the resource perspective of business process compliance rules with the extended compliance rule graph. In: BPMDS’14, LNBIP, vol. 175, pp. 48–63. Springer (2014)

  91. Sunkle, S., Kholkar, D., Kulkarni, V.: Toward better mapping between regulations and operational details of enterprises using vocabularies and semantic similarity. In: CAiSE’15 Forum, pp. 229–236. CEUR-WS (2015)

  92. Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects—an empirical evaluation. In: ESEM’08, pp. 288–290. ACM (2008)

  93. Turetken, O., Elgammal, A., van den Heuvel, W.J., Papazoglou, M.: Capturing compliance requirements: a pattern-based approach. IEEE Softw. 29, 29–36 (2012)

    Article  Google Scholar 

  94. van der Aalst, W.M.P.: Verification of workflow nets. In: ICATPN’97, LNCS, vol. 1248, pp. 407–426. Springer (1997)

  95. van der Aalst, W.M.P., Beer, H.D., van Dongen, B.: Process mining and verification of properties: an approach based on temporal logic. In: OTM’05, LNCS, vol. 3760, pp. 130–147 (2005)

  96. van der Aalst, W.M.P., ter Hofstede, A.H.: YAWL: yet another workflow language. Inf. Syst. 30(4), 245–275 (2005)

    Article  Google Scholar 

  97. van der Aalst, W.M.P., Lohmann, N., Massuthe, P., Stahl, C., Wolf, K.: Multiparty contracts: agreeing and implementing interorganizational processes. Comput. J. 53(1), 90–106 (2010)

    Article  Google Scholar 

  98. Zasada, A., Fellmann, M.: A pattern-based approach to transform natural text from laws into compliance controls in the food industry. In: LWA’15 Workshops, pp. 230–238. CEUR-WS (2015)

  99. Zugal, S., Soffer, P., Haisjackl, C., Pinggera, J., Reichert, M., Weber, B.: Investigating expressiveness and understandability of hierarchy in declarative business process models. Softw. Syst. Model. 14(3), 1081–1103 (2015)

    Article  Google Scholar 

Download references

Acknowledgments

This work was accomplished in the C\(^3\)Pro research project, which is funded by the German Research Foundation (DFG), under Project Number RE 1402/2-1, as well as the Austrian Science Fund (FWF) under Project Number I743.

Author information

Authors and Affiliations

  1. Institute of Database and Information Systems, Ulm University, James-Franck-Ring, 89081, Ulm, Germany

    David Knuplesch & Manfred Reichert

Authors
  1. David Knuplesch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manfred Reichert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Knuplesch.

Additional information

Communicated by Dr. Selmin Nurcan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Knuplesch, D., Reichert, M. A visual language for modeling multiple perspectives of business process compliance rules. Softw Syst Model 16, 715–736 (2017). https://doi.org/10.1007/s10270-016-0526-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-016-0526-0

Keywords

Search

Navigation