Maintaining business process compliance despite changes: a decision support approach based on process adaptations

Figures & data

Figure 1. Compliance meta-model (based on (Seyffarth et al., 2016; 2017a)).

Figure 2. Simplified purchase to pay process (based on (Frank et al., 2009; Namiri & Stojanovic, 2007; Seyffarth et al., 2018; 2019)).

Table 1. Author centric concept matrix

		Determine compliance requirements and compliance violations					Generate compliant business processes
		BP	BP-CR	CR-IT	CR-CR	BP-IT-CR	Reorder	Separate
(Awad, 2007)		X
(Gacitua-Decar & Pahl, 2009)		X	(X)
(Delfmann et al., 2015)		X	(X)			(X)
(Fellmann et al., 2011)		X	(X)
(Ghanavati et al., 2009)			X
(Corea & Delfmann, 2017)			X
(Rudzajs & Buksa, 2011)			X
(Fdhila et al., 2015)			X
(Knuplesch et al., 2015)			X
(Becker et al., 2011)				X
(Becker et al., 2014)				X
(Knackstedt et al., 2013)				X
(Elgammal et al., 2010)					X
(Halle, 2011)					X
(Koetter et al., 2014)						X
(Koetter et al., 2016)						X
(Awad et al., 2009)							X
(Elgammal et al., 2012)							X
(Schumm et al., 2010a)								X
(Sackmann & Kittel, 2015)								X
Our proposed method		X	X	X	X	X	(X)	X
Legend	BP: Query within Business Process BP-CR: Query relations between Business Process and Compliance Requirement CR-IT: Query relations between compliance requirement and IT component CR-CR: Query relations between different compliance requirements BP-IT-CR: Business Process, Compliance Requirement and IT component Reorder: reorder process elements to ensure compliance Separate: separate modelling and storing of business processes and compliant business fragments (X): Can be done implicitly

Figure 3. Our design science research approach based on (Peffers et al., 2006).

Figure 4. Compliance requirements when replacing andcompliance violations when deleting ‘ERP MM’.

Figure 5. Algorithm to automatically determine compliance requirements when replacing an IT component.

Figure 6. Algorithm to automatically determine compliance violations and obsolete compliance requirements when deleting an IT component.

Figure 7. Alternative compliance processes and proposed compliantpurchase to pay processes (based on (Seyffarth et al., 2019)).

Figure 8. Algorithm to propose compliant business process models.

Table 2. Evaluation episodes in the research project

#	Functional Purpose	Paradigm of Evaluation Study	Focus of Evaluation	Applied Evaluation Method	Evaluation Result
1	Formative	Artificial	Compliance meta model, compliance process taxonomy	Ex ante evaluation (Literature review)	Meet ending conditions according to (Nickerson et al., 2013)
2	Formative	Artificial	Methods to create the analyse graph and compliance requirements/compliance violations	Prototyping and discussion with peers	Tentative proof-of-concept BCIT
3	Formative	Artificial/Naturalistic	Method to recommend compliant business processes	Prototyping and discussion with peers	Advanced proof-of-concept BCIT
4	Summative	Naturalistic	Extension of Proof-of-concept BCIT	Case study with domain experts	Perceived usefulness of BCIT

Figure 9. Violated compliance requirement when removing an IT component.

Figure 10. Compliant business process including thealternative compliance process ‘manually check invoice’.

Table 3. Statements and aggregated results of the perceived usefulness evaluation

Statement (S)	Cluster	Mean	Standard Deviation	Median	Number of responses
S1: Using BCIT improves the quality of the work I do.	A	1.043	1.574	2	23
S6: Using BCIT improves my job performance.	A	0.455	1.437	1	22
S8: Using BCIT enhances my effectiveness on the job.	A	0.409	1.586	1	22
S3. BCIT enables me to accomplish tasks more quickly.	B	0.727	1.420	1	22
S5. Using BCIT increases my productivity.	B	0.429	1.466	0	21
S7. Using BCIT allows me to accomplish more work than would otherwise be possible.	B	0.609	1.635	1	23
S4. BCIT supports critical aspects of my job.	C	1.318	1.394	2	22
S9. Using BCIT makes it easier to do my job.	C	0.522	1.559	1	23
S2. Using BCIT gives me greater control over my work.	D	1.000	1.826	2	24
S10. Overall, I find BCIT useful in my job.	E	1.083	1.441	1.5	24
A: job effectiveness | B: productivity and time savings | C: Importance of the system to the users’ job | D: control over the job | E: overall assessment

Figure 11. Overview of the perceived usefulness assessment of BCIT.

Seyffarth, T., Kühnel, S., & Sackmann, S. (2016). ConFlex: An ontology-based approach for the flexible integration of controls into business processes. Proceedings of theMultikonferenz Wirtschaftsinformatik 2016 (MKWI'16), 2016, (pp. 1341–1352), Ilmenau, Germany.

 Google Scholar

Seyffarth, T., Kühnel, S., & Sackmann, S. (2017a). A taxonomy of compliance processes for business process compliance. In 15th international conference on business process management, business process management forum. In: Lecture Notes in Business Information Processing (LNBIP) (pp. 71–87), Barcelona, Spain.

 Google Scholar

Frank, U., Heise, D., Ulrich, K.H., Ferguson, D.F., Hadar, E., & Waschke, M.G. (2009). ITML: A domain-specific modeling language for supporting business driven IT management. In Proceeding of the 9th OOPSLA workshop on domain-specific modeling,Helsinki, Finland.

 Google Scholar

Namiri, K., & Stojanovic, N. (2007). Using control patterns in business processes compliance. In WISE 2007 Workshops (pp. 178–190), Nancy, France.

 Google Scholar

Seyffarth, T., Kühnel, S., & Sackmann, S. (2018). Business process compliance and business process change: An approach to analyze the interactions. In Business Information Systems. BIS 2018. Lecture notes in business information processing (pp. 176–189), Berlin, Germany.

 Google Scholar

Seyffarth, T., Kühnel, S., & Sackmann, S. (2019). Business process compliance despite change: Towards proposals for a business process adaption. Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, 350, 227–239. https://doi.org/https://doi.org/10.1007/978-3-030-21297-1_20

 Google Scholar

Awad, A. (2007). BPMN-Q: A language to query business processes. In Reichert, M., Strecker, S. & Turowski, K. (Hrsg.), (Eds.), Enterprise modelling and information systems architectures – concepts and applications (pp. 115–128). Bonn: Gesellschaft für Informatik e. V.

 Google Scholar

Gacitua-Decar, V., & Pahl, C. (2009). Automatic business process pattern matching for enterprise services design. In 2009 world conference on services – II (pp. 111–118), Bangalore, India . https://doi.org/https://doi.org/10.1109/SERVICES-2.2009.28

 Google Scholar

Delfmann, P., Steinhorst, M., Dietrich, H.-A., & Becker, J. (2015). The generic model query language GMQL – Conceptual specification, implementation, and runtime evaluation. Information Systems, 47(1), 129–177. https://doi.org/https://doi.org/10.1016/j.is.2014.06.003

 Web of Science ®Google Scholar

Fellmann, M., Thomas, O., & Busch, B. (2011). A query-driven approach for checking the semantic correctness of ontology-based process representations. In: W. Abramowicz (ed) Business Information Systems: 14th International Conference, BIS 2011 (pp. 62–73). Poznań, Poland, June 15–17, 2011. Proceedings. Springer-Verlag GmbH Berlin Heidelberg, Berlin, Heidelberg.

 Google Scholar

Ghanavati, S., Amyot, D., & Peyton, L. (2009). Compliance analysis based on a goal-oriented requirement language evaluation methodology. In 17th IEEE international requirements engineering conference (pp. 133–142), Atlanta, GA, USA. https://doi.org/https://doi.org/10.1109/RE.2009.42

 Google Scholar

Corea, C., & Delfmann, P. (2017). Detecting Compliance with Business Rules in Ontology-Based Process Modeling, in Leimeister, J.M.; Brenner, W. (eds.): Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, 226–240.

 Google Scholar

Rudzajs, P., & Buksa, I. (2011). Business process and regulations: Approach to linkage and change management. In J. Grabis & M. Kirikova (Eds.), Perspectives in business informatics research (Vol. 90, pp. 96–109). Springer Berlin Heidelberg.

 Google Scholar

Fdhila, W., Indiono, C., Rinderle-Ma, S., & Reichert, M. (2015). Dealing with change in process choreographies: Design and implementation of propagation algorithms. Information Systems, 49(1), 1–24. https://doi.org/https://doi.org/10.1016/j.is.2014.10.004

 Web of Science ®Google Scholar

Knuplesch, D., Fdhila, W., Reichert, M., & Rinderle-Ma, S. (2015). Detecting the effects of changes on the compliance of cross-organizational business processes. In P. Johannesson, M. Lee, S. Liddle, A. Opdahl, & Ó. Pastor López (eds) Conceptual Modeling. Lecture Notes in Computer Science (pp. 94–107), Springer, Cham. https://doi.org/https://doi.org/10.1007/978-3-319-25264-3_7

 Google Scholar

Becker, J., Eggert, M., Winkelmann, A., & Knackstedt, R. (2011). Towards a contingency theory based model of the influence of regulation on MIS. In Americas conference on information systems, Detroit, Michigan, USA.

 Google Scholar

Becker, J., Heddier, M., Braeuer, S., & Knackstedt, R. (2014). Integrating regulatory requirements into information systems design and implementation. In ICIS 2014 proceedings, Auckland, New Zealand.

 Google Scholar

Knackstedt, R., Eggert, M., Heddier, M., Chasin, F., & Becker, J. (2013). The relationship of is and law - The perspective of and implications for IS research. ECIS 2013 Completed Research. https://aisel.aisnet.org/ecis2013_cr/18/URL

 Google Scholar

Elgammal, A., Turetken, O., van den Heuvel, W.-J., & Papazoglou, M. (2010). Root-cause analysis of design-time compliance violations on the basis of property patterns. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, P. P. Maglio, M. Weske, J. Yang, & M. Fantinato (Eds.), Service-oriented computing (Vol. 6470, pp. 17–31). Springer Berlin Heidelberg.

 Google Scholar

Halle, S. (2011). Causality in message-based contract violations: A temporal logic “Whodunit”. In 2011 IEEE 15th international enterprise distributed object computing conference, Helsinki, Finland . https://doi.org/https://doi.org/10.1109/EDOC.2011.21

 Google Scholar

Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., & Leymann, F. (2014). Integrating compliance requirements across business and IT. In 2014 IEEE 18th international enterprise distributed object computing conference,Ulm, Germany. https://doi.org/https://doi.org/10.1109/EDOC.2014.37

 Google Scholar

Koetter, F., Kintz, M., Kochanowski, M., Wiriyarattanakul, T., Fehling, C., Gildein, P., Wagner, S., Leymann, F., & Weisbecker, A. (2016). An universal approach for compliance management using compliance descriptors. In M. Helfert, D. Ferguson, V. Méndez Muñoz, & J. Cardoso (eds) Cloud Computing and Services Science: 6th International Conference, CLOSER 2016 (pp. 209–231). Rome, Italy, April 23–25, 2016, Springer International Publishing. Revised Selected Papers. Cham, s.l.

 Google Scholar

Awad, A., Smirnov, S., & Weske, M. (2009). Resolution of compliance violation in business process models: A planning-based approach. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, R. Meersman, T. Dillon, & P. Herrero (Eds.), On the Move to Meaningful Internet Systems: OTM 2009 (Vol. 5870, pp. 6–23). Springer Berlin Heidelberg.

 Google Scholar

Elgammal, A., Turetken, O., & van den Heuvel, W.-J. (2012). Using patterns for the analysis and resolution of compliance violations. International Journal of Cooperative Information Systems, 21(1), 31–54. https://doi.org/https://doi.org/10.1142/S0218843012400023

 Web of Science ®Google Scholar

Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., & van den Heuvel, W.-J. (2010a). Business process compliance through reusable units of compliant processes. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, F. Daniel, & F. M. Facca (Eds.), Current trends in web engineering (Vol. 6385, pp. 325–337). Springer Berlin Heidelberg.

 Google Scholar

Sackmann, S., & Kittel, K. (2015). Flexible workflows and compliance: A solvable contradiction? In J. Vom Brocke & T. Schmiedel (Eds.), BPM - Driving innovation in a digital world (pp. 247–258). Springer International Publishing.

 Google Scholar

Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V., & Bragge, J. (2006). The design science research process: A model for producing and presenting information systems research. In 1st International Conference on Design Science in Information Systems and Technology (DESRIST) (pp. 83–106), Claremont, California, USA.

 Google Scholar

Nickerson, R.C., Varshney, U., & Muntermann, J. (2013). A method for taxonomy development and its productservice in information systems. European Journal of Information Systems, 22(3), 336–359. https://doi.org/https://doi.org/10.1057/ejis.2012.26

 Web of Science ®Google Scholar