research-article

Runtime detection of business process compliance violations: an approach based on anti patterns

Authors:

Abduallah Almalaise,

Sherif SakrAuthors Info & Claims

SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied Computing

Pages 1203 - 1210

https://doi.org/10.1145/2695664.2699488

Published: 13 April 2015 Publication History

Abstract

Today's enterprises demand a high degree of compliance in their business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. Theoretically, design-time compliance checking could provide a preliminary assurance that corresponding running instances would be compliant to relevant laws and regulations; however, due to the existence of human and machine related errors and the absence of necessary contextual information during design-time, runtime compliance monitoring becomes a must. In this paper, we present a generic proactive runtime Business Process (BP) compliance monitoring framework:BP-MaaS, which incorporates a wide range of expressive high-level compliance patterns for the abstract specification of runtime constraints. Compliance monitoring is achieved by means of anti-patterns, a novel evaluation approach that is independent of any underlying technology and could be applied to the checking of compliance in the different phases of the BP lifecycle. As a proof-of-concept, complex event processing (CEP) technology is adopted as one of the possible realizations of the framework.

References

[1]

W. M. P. V. D. Aalst and A. K. A. D. Medeiros. Process Mining and Security: Detecting Anomalous Process Executions. In (WISP), 2004.

[2]

A. Awad, M. Weidlich, and M. Weske. Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In ICSOC/ServiceWave, 2009.

Digital Library

[3]

A. Awad and M. Weske. Visualization of compliance violation in business process models. In BPM Workshops, 2009.

[4]

R. Baldwin, M. Cave, and M. Lodge. Understanding regulation: theory, strategy, and practice. Oxford University Press, 2011.

[5]

F. Barbon and et al. Run-time monitoring of instances and classes of web service compositions. In ICWS, 2006.

Digital Library

[6]

C. Beeri, A. Eyal, T. Milo, and A. Pilberg. Monitoring business processes with queries. In VLDB, 2007.

Digital Library

[7]

R. Cheng, S. Sadiq, and M. Indulska. Framework for Business Process and Rule Integration: A Case of BPMN and SBVR. 2011.

[8]

A. Elgammal, O. Turetken, W.-J. van den Heuvel, and M. Papazoglou. Formalizing and appling compliance patterns for business process compliance. Software and Systems Modeling, 2014.

[9]

O. Etzion and P. Niblett. Event processing in action. Manning, 2010.

Digital Library

[10]

S. Hallé and R. Villemaire. Runtime monitoring of message-based workflows with data. In EDOC, 2008.

Digital Library

[11]

S. Hallé and R. Villemaire. XML Methods for Validation of Temporal Properties on Message Traces with Data. In OTM, 2008.

Digital Library

[12]

B. S. Lerner, S. Christov, L. J. Osterweil, R. Bendraou, U. Kannengiesser, and A. Wise. Exception Handling Patterns in Process-Aware Information Systems. IEEE TSE, 36(2), 2010.

Digital Library

[13]

L. T. Ly, F. M. Maggi, M. Montali, S. Rinderle-Ma, and W. M. P. V. D. Aalst. A Framework for the Systematic Comparison and Evaluation of Compliance Monitoring Approaches. In EDOC, 2013.

Digital Library

[14]

L. T. Ly, S. Rinderle-Ma, D. Knuplesch, and P. Dadam. Monitoring Business Process Compliance Using Compliance Rule Graphs. In OTM, 2011.

Digital Library

[15]

F. M. Maggi, M. Montali, M. Westergaard, and W. M. P. V. D. Aalst. Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata. In BPM, 2011.

Digital Library

[16]

K. Mahbub and G. Spanoudakis. A framework for requirents monitoring of service based systems. In ICSOC, 2004.

Digital Library

[17]

V. Mijovic and S. Vranes. A survey and Evaluation of CEP Tools. In YUINFO, 2011.

[18]

M. Montali, F. M. Maggi, F. Chesani, P. Mello, and W. M. P. van der Aalst. Monitoring business constraints with the event calculus. 2013.

Digital Library

[19]

E. Mulo, U. Zdun, and S. Dustdar. Domain-specific language for event-based compliance monitoring in process-driven SOAs. Service Oriented Computing and Applications, 7(1), 2013.

Digital Library

[20]

M. Papazoglou. Web services and business transactions. World Wide Web, 6(1):49--91, 2003.

Digital Library

[21]

M. Pesic, H. Schonenberg, and W. M. P. van der Aalst. Declare: Full support for loosely-structured processes. In EDOC, 2007.

Digital Library

[22]

S. Rinderle-Ma, S. Kabicher, and L. T. Ly. Activity-Oriented Clustering Techniques in Large Process and Compliance Rule Repositories. In BPM Workshops. 2012.

[23]

N. Russell, W. M. P. V. D. Aalst, A. H. M. ter Hofstede, and D. Edmond. Workflow Resource Patterns: Identification, Representation and Tool Support. In CAiSE, 2005.

Digital Library

[24]

S. Sakr. GraphREL: A Decomposition-Based and Selectivity-Aware Relational framework for processing sub-graph queries. In DASFAA, 2009.

Digital Library

[25]

S. Sebahi and M.-S. Hacid. Business process monitoring with bpath - (short paper). In OTM Conferences (1), 2010.

Digital Library

[26]

R. Thullner, S. Rozsnyai, J. Schiefer, H. Obweger, and M. Suntinger. Proactive business process compliance monitoring with event-based systems. In EDOC Workshops, 2011.

Digital Library

[27]

M. Weidlich, H. Ziekow, and J. Mendling. Event-based Monitoring of Process Execution Violations. In BPM, 2011.

Digital Library

Cited By

Park Gvan der Aalst W(2025)Operational process monitoring: An object-centric approachComputers in Industry10.1016/j.compind.2024.104170164(104170)Online publication date: Jan-2025
https://doi.org/10.1016/j.compind.2024.104170
Ranjit Kumar Gupta Sagar Shukla Anaswara Thekkan Rajan Sneha Aravind (2024)Strategies for Effective Product Roadmap Development and Execution in Data Analytics PlatformsInternational Journal for Research Publication and Seminar10.36676/jrps.v15.i3.151515:3(318-332)Online publication date: 18-Sep-2024
https://doi.org/10.36676/jrps.v15.i3.1515
Bueno Momčilović TBalta D(2024)Challenges of Assuring Compliance of Information Systems in FinanceSoftware Quality as a Foundation for Security10.1007/978-3-031-56281-5_8(135-152)Online publication date: 12-Apr-2024
https://doi.org/10.1007/978-3-031-56281-5_8
Show More Cited By

Index Terms

Runtime detection of business process compliance violations: an approach based on anti patterns

Recommendations

A framework for visually monitoring business process compliance

Any enterprise must ensure that its business processes comply with imposed compliance rules. The latter stem, for example, from corporate guidelines, legal regulations, and best practices. In general, a compliance rule may constrain multiple ...
Runtime self-monitoring approach of business process compliance in cloud environments
Abstract
Recently, several industrial studies have concluded that compliance management is one of the major challenges companies face nowadays. In practice, runtime compliance monitoring is of utmost importance for compliance assurance as during the design-...
Monitoring business process compliance using compliance rule graphs
OTM'11: Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I

Driven by recent trends, effective compliance control has become a crucial success factor for companies nowadays. In this context, compliance monitoring is considered an important building block to support business process compliance. Key to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied Computing

April 2015

2418 pages

ISBN:9781450331968

DOI:10.1145/2695664

Conference Chairs:
Roger L. Wainwright
University of Tulsa
,
Juan Manuel Corchado
University of Salamanca, Spain
,
Program Chairs:
Alessio Bechini
University of Pisa, Italy
,
Jiman Hong
Soongsil University, South Korea

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

SAC 2015

Sponsor:

SIGAPP

SAC 2015: Symposium on Applied Computing

April 13 - 17, 2015

Salamanca, Spain

Acceptance Rates

SAC '15 Paper Acceptance Rate 291 of 1,211 submissions, 24%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
216
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Park Gvan der Aalst W(2025)Operational process monitoring: An object-centric approachComputers in Industry10.1016/j.compind.2024.104170164(104170)Online publication date: Jan-2025
https://doi.org/10.1016/j.compind.2024.104170
Ranjit Kumar Gupta Sagar Shukla Anaswara Thekkan Rajan Sneha Aravind (2024)Strategies for Effective Product Roadmap Development and Execution in Data Analytics PlatformsInternational Journal for Research Publication and Seminar10.36676/jrps.v15.i3.151515:3(318-332)Online publication date: 18-Sep-2024
https://doi.org/10.36676/jrps.v15.i3.1515
Bueno Momčilović TBalta D(2024)Challenges of Assuring Compliance of Information Systems in FinanceSoftware Quality as a Foundation for Security10.1007/978-3-031-56281-5_8(135-152)Online publication date: 12-Apr-2024
https://doi.org/10.1007/978-3-031-56281-5_8
Zasada AHashmi MFellmann MKnuplesch D(2023)Evaluation of Compliance Rule Languages for Modelling Regulatory Compliance RequirementsSoftware10.3390/software20100042:1(71-120)Online publication date: 28-Jan-2023
https://doi.org/10.3390/software2010004
van Beest NGroefsema HCryer AGovernatori GTosatto SBurke H(2023)Cross-Instance Regulatory Compliance Checking of Business Process Event LogsIEEE Transactions on Software Engineering10.1109/TSE.2023.331908649:11(4917-4931)Online publication date: Nov-2023
https://doi.org/10.1109/TSE.2023.3319086
Park Gvan der Aalst W(2023)Monitoring Constraints in Business Processes Using Object-Centric Constraint GraphsProcess Mining Workshops10.1007/978-3-031-27815-0_35(479-492)Online publication date: 26-Mar-2023
https://doi.org/10.1007/978-3-031-27815-0_35
Pícha PHönel SBrada PEricsson MLöwe WWingkvist ADaněk J(2022)Process anti-pattern detection – a case studyProceedings of the 27th European Conference on Pattern Languages of Programs10.1145/3551902.3551965(1-18)Online publication date: 6-Jul-2022
https://dl.acm.org/doi/10.1145/3551902.3551965
Park Gvan der Aalst W(2022)Action-oriented process mining: bridging the gap between insights and actionsProgress in Artificial Intelligence10.1007/s13748-022-00281-7Online publication date: 2-Jul-2022
https://doi.org/10.1007/s13748-022-00281-7
Czepa CZdun U(2020)On the Understandability of Temporal Properties Formalized in Linear Temporal Logic, Property Specification Patterns and Event Processing LanguageIEEE Transactions on Software Engineering10.1109/TSE.2018.285992646:1(100-112)Online publication date: 1-Jan-2020
https://doi.org/10.1109/TSE.2018.2859926
Tosatto SGovernatori GBeest N(2020)Verifying Compliance of Process Compositions Through Certification of its Components2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC)10.1109/EDOC49727.2020.00020(87-96)Online publication date: Oct-2020
https://doi.org/10.1109/EDOC49727.2020.00020
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten