Advanced search
Publication Cover
Journal of Decision Systems Volume 31, 2022 - Issue 3
Submit an article Journal homepage
3,255
Views
2
CrossRef citations to date
0
Altmetric
Articles

Maintaining business process compliance despite changes: a decision support approach based on process adaptations

Tobias SeyffarthDepartment of Management Information Systems and Operations Research, Martin Luther University Halle-Wittenberg, Chair of Information Management, Halle (Saale), GermanyCorrespondence[email protected]
&
Stephan KuehnelDepartment of Management Information Systems and Operations Research, Martin Luther University Halle-Wittenberg, Chair of Information Management, Halle (Saale), Germany
Pages 305-335 | Received 18 Mar 2020, Accepted 01 Dec 2020, Published online: 29 Dec 2020

References

  • Aleliunas, R., Karp, R.M., Lipton, R.J., Lovasz, L., & Rackoff, C. (1979). Random walks, universal traversal sequences, and the complexity of maze problems. In 20th Annual Symposium on Foundations of Computer Science (sfcs 1979) (pp. 218–223), San Juan, Puerto Rico, USA. https://doi.org/https://doi.org/10.1109/SFCS.1979.34
  • Awad, A. (2007). BPMN-Q: A language to query business processes. In Reichert, M., Strecker, S. & Turowski, K. (Hrsg.), (Eds.), Enterprise modelling and information systems architectures – concepts and applications (pp. 115–128). Bonn: Gesellschaft für Informatik e. V.
  • Awad, A., Smirnov, S., & Weske, M. (2009). Resolution of compliance violation in business process models: A planning-based approach. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, R. Meersman, T. Dillon, & P. Herrero (Eds.), On the Move to Meaningful Internet Systems: OTM 2009 (Vol. 5870, pp. 6–23). Springer Berlin Heidelberg.
  • Basili, V. (1992). Software modeling and measurement: The Goal/Question/Metric Paradigm. University of Maryland, CS-TR-2956, UMIACS-TR-92-96, September 1992.
  • Becker, J., Delfmann, P., Dietrich, H.-A., Steinhorst, M., & Eggert, M. (2016). Business process compliance checking – Applying and evaluating a generic pattern matching approach for conceptual models in the financial sector. Information Systems Frontiers, 18(2), 359–405. https://doi.org/https://doi.org/10.1007/s10796-014-9529-y
  • Becker, J., Eggert, M., Winkelmann, A., & Knackstedt, R. (2011). Towards a contingency theory based model of the influence of regulation on MIS. In Americas conference on information systems, Detroit, Michigan, USA.
  • Becker, J., Heddier, M., Braeuer, S., & Knackstedt, R. (2014). Integrating regulatory requirements into information systems design and implementation. In ICIS 2014 proceedings, Auckland, New Zealand.
  • Buchert, T., Ko, N., Graf, R., Vollmer, T., Alkhayat, M., Brandenburg, E., Stark, R., Klocke, F., Leistner, P., & Schleifenbaum, J.H. (2019). Increasing resource efficiency with an engineering decision support system for comparison of product design variants. Journal of Cleaner Production, 210, 1051–1062. https://doi.org/https://doi.org/10.1016/j.jclepro.2018.11.104
  • Cheng, E.W.L. (2019). Choosing between the theory of planned behavior (TPB) and the technology acceptance model (TAM). Educational Technology Research and Development, 67(1), 21–37. https://doi.org/https://doi.org/10.1007/s11423-018-9598-6
  • Coenen, T., Coertjens, L., Vlerick, P., Lesterhuis, M., Mortier, A.V., Donche, V., & Ballon, P. (2018). An information system design theory for the comparative judgement of competences. European Journal of Information Systems, 27(2), 248–261. https://doi.org/https://doi.org/10.1080/0960085X.2018.1445461
  • Committee of Sponsoring Organizations of the Treadway Commission. (2012). Internal control - integrated framework: framework and appendices.
  • Corea, C., & Delfmann, P. (2017). Detecting Compliance with Business Rules in Ontology-Based Process Modeling, in Leimeister, J.M.; Brenner, W. (eds.): Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, 226–240.
  • Davis, F. (1985). A technology acceptance model for empirically testing new end-user information systems: Theory and results. MIT.
  • Delfmann, P., Steinhorst, M., Dietrich, H.-A., & Becker, J. (2015). The generic model query language GMQL – Conceptual specification, implementation, and runtime evaluation. Information Systems, 47(1), 129–177. https://doi.org/https://doi.org/10.1016/j.is.2014.06.003
  • Dreyfus, D., & Iyer, B. (2006). Enterprise architecture: A social network perspective. In Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS’06) (pp. 178a–178a), Kauia, HI, USA. https://doi.org/https://doi.org/10.1109/HICSS.2006.155
  • El Kharbili, M., Medeiros, A., Stein, S., & van der Aalst, W.M.P. (2008). Business process compliance checking: Current state and future challenges. Modellierung betrieblicher Informationssysteme (MobIS 2008), 107–113.
  • Elgammal, A., Turetken, O., van den Heuvel, W.-J., & Papazoglou, M. (2010). Root-cause analysis of design-time compliance violations on the basis of property patterns. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, P. P. Maglio, M. Weske, J. Yang, & M. Fantinato (Eds.), Service-oriented computing (Vol. 6470, pp. 17–31). Springer Berlin Heidelberg.
  • Elgammal, A., Turetken, O., & van den Heuvel, W.-J. (2012). Using patterns for the analysis and resolution of compliance violations. International Journal of Cooperative Information Systems, 21(1), 31–54. https://doi.org/https://doi.org/10.1142/S0218843012400023
  • Fdhila, W., Indiono, C., Rinderle-Ma, S., & Reichert, M. (2015). Dealing with change in process choreographies: Design and implementation of propagation algorithms. Information Systems, 49(1), 1–24. https://doi.org/https://doi.org/10.1016/j.is.2014.10.004
  • Fdhila, W., Rinderle-Ma, S., & Reichert, M. (2012). Change propagation in collaborative processes scenarios. In 8th international conference on collaborative computing: networking, applications and worksharing (CollaborateCom),Pittsburgh, PA, USA.
  • Fellmann, M., Thomas, O., & Busch, B. (2011). A query-driven approach for checking the semantic correctness of ontology-based process representations. In: W. Abramowicz (ed) Business Information Systems: 14th International Conference, BIS 2011 (pp. 62–73). Poznań, Poland, June 15–17, 2011. Proceedings. Springer-Verlag GmbH Berlin Heidelberg, Berlin, Heidelberg.
  • Foster, M.E.D., & Deardorff, M.A. (2017). Open Science Framework (OSF). Journal of the Medical Library Association (JMLA),105(2). https://doi.org/https://doi.org/10.5195/JMLA.2017.88
  • Frank, U., Heise, D., Ulrich, K.H., Ferguson, D.F., Hadar, E., & Waschke, M.G. (2009). ITML: A domain-specific modeling language for supporting business driven IT management. In Proceeding of the 9th OOPSLA workshop on domain-specific modeling,Helsinki, Finland.
  • Gacitua-Decar, V., & Pahl, C. (2009). Automatic business process pattern matching for enterprise services design. In 2009 world conference on services – II (pp. 111–118), Bangalore, India . https://doi.org/https://doi.org/10.1109/SERVICES-2.2009.28
  • Ghanavati, S., Amyot, D., & Peyton, L. (2009). Compliance analysis based on a goal-oriented requirement language evaluation methodology. In 17th IEEE international requirements engineering conference (pp. 133–142), Atlanta, GA, USA. https://doi.org/https://doi.org/10.1109/RE.2009.42
  • Governatori, G., & Sadiq, S. (2009). The journey to business process compliance. Handbook of Research on Business Process Modeling, 426–454. https://doi.org/https://doi.org/10.4018/978-1-60566-288-6.ch020
  • Gregor, S., & Hevner, A.R. (2013). Positioning and presenting design science research for maximum impact. MIS Quarterly, 37(2), 337-355. https://doi.org/https://doi.org/10.25300/MISQ/2013/37.2.01
  • Halle, S. (2011). Causality in message-based contract violations: A temporal logic “Whodunit”. In 2011 IEEE 15th international enterprise distributed object computing conference, Helsinki, Finland . https://doi.org/https://doi.org/10.1109/EDOC.2011.21
  • Heckel, R., & Taentzer, G. (2020). Graph transformation for software engineers: With applications to model-based development and domain-specific language engineering (1st ed.). Springer eBook Collection. Springer International Publishing; Imprint Springer.
  • Hess, T.J., McNab, A.L., & Basoglu, K.A. (2014). Reliability generalization of perceived ease of use, perceived usefulness, and behavioral intentions. MIS Quarterly, 38(1), 1–28. https://doi.org/https://doi.org/10.25300/MISQ/2014/38.1.01
  • Hevner, A.R., March, S.T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105. https://doi.org/https://doi.org/10.2307/25148625
  • ISACA. (2013). COBIT 5: Enabling information.
  • Kittel, K., Sackmann, S., & Göser, K. (2013). Flexibility and compliance in workflow systems: The KitCom prototype. In Proceedings of the CAiSE’13 Forum at the 25th International Conference on Advanced Information Systems Engineering (CAiSE) (pp. 154–160), Valencia, Spain.
  • Klinkmüller, C., & Weber, I. (2017). Analyzing control flow information to improve the effectiveness of process model matching techniques. Decision Support Systems, 100(1), 6–14. https://doi.org/https://doi.org/10.1016/j.dss.2017.06.002
  • Knackstedt, R., Eggert, M., Heddier, M., Chasin, F., & Becker, J. (2013). The relationship of is and law - The perspective of and implications for IS research. ECIS 2013 Completed Research. https://aisel.aisnet.org/ecis2013_cr/18/URL
  • Knuplesch, D., Fdhila, W., Reichert, M., & Rinderle-Ma, S. (2015). Detecting the effects of changes on the compliance of cross-organizational business processes. In P. Johannesson, M. Lee, S. Liddle, A. Opdahl, & Ó. Pastor López (eds) Conceptual Modeling. Lecture Notes in Computer Science (pp. 94–107), Springer, Cham. https://doi.org/https://doi.org/10.1007/978-3-319-25264-3_7
  • Koetter, F., Kintz, M., Kochanowski, M., Wiriyarattanakul, T., Fehling, C., Gildein, P., Wagner, S., Leymann, F., & Weisbecker, A. (2016). An universal approach for compliance management using compliance descriptors. In M. Helfert, D. Ferguson, V. Méndez Muñoz, & J. Cardoso (eds) Cloud Computing and Services Science: 6th International Conference, CLOSER 2016 (pp. 209–231). Rome, Italy, April 23–25, 2016, Springer International Publishing. Revised Selected Papers. Cham, s.l.
  • Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., & Leymann, F. (2014). Integrating compliance requirements across business and IT. In 2014 IEEE 18th international enterprise distributed object computing conference,Ulm, Germany. https://doi.org/https://doi.org/10.1109/EDOC.2014.37
  • Kramer, T., Heinzl, A., & Neben, T. (2017). Cross-organizational software development: Design and evaluation of a decision support system for software component outsourcing. In Hawaii international conference on system sciences (pp. 343–352), Puako, Hawaii, United States. https://doi.org/https://doi.org/10.24251/HICSS.2017.041
  • Kriglstein, S., Leitner, M., Kabicher-Fuchs, S., & Rinderle-Ma, S. (2016). Evaluation methods in process-aware information systems research with a perspective on human orientation. Business & Information Systems Engineering, 58(6), 397–414. https://doi.org/https://doi.org/10.1007/s12599-016-0427-3
  • Leopold, H., Meilicke, C., Fellmann, M., Pittke, F., Stuckenschmidt, H., & Mendling, J. (2015). Towards the automated annotation of process models. In International Conference on Advanced Information Systems Engineering (pp. 401–416), Stockholm, Sweden.
  • Marangunić, N., & Granić, A. (2015). Technology acceptance model: A literature review from 1986 to 2013. Universal Access in the Information Society, 14(1), 81–95. https://doi.org/https://doi.org/10.1007/s10209-014-0348-1
  • March, S.T., & Smith, G.F. (1995). Design and natural science research on information technology. Decision Support Systems, 15(4), 251–266. https://doi.org/https://doi.org/10.1016/0167-9236(94)00041-2
  • March, S.T., & Storey, V.C. (2008). Design science in the information systems discipline: An introduction to the special issue on design science research. MIS Quarterly, 32(4), 725–730. https://doi.org/https://doi.org/10.2307/25148869
  • Mican, D., Sitar-Tăut, D.-A., & Moisescu, O.-I. (2020). Perceived usefulness: A silver bullet to assure user data availability for online recommendation systems. Decision Support Systems, 139(1), 113420. https://doi.org/https://doi.org/10.1016/j.dss.2020.113420
  • Namiri, K., & Stojanovic, N. (2007). Using control patterns in business processes compliance. In WISE 2007 Workshops (pp. 178–190), Nancy, France.
  • Nickerson, R.C., Varshney, U., & Muntermann, J. (2013). A method for taxonomy development and its productservice in information systems. European Journal of Information Systems, 22(3), 336–359. https://doi.org/https://doi.org/10.1057/ejis.2012.26
  • Peffers, K., Tuunanen, T., Gengler, C., Rossi, M., Hui, W., Virtanen, V., & Bragge, J. (2006). The design science research process: A model for producing and presenting information systems research. In 1st International Conference on Design Science in Information Systems and Technology (DESRIST) (pp. 83–106), Claremont, California, USA.
  • Radeschütz, S., Schwarz, H., & Niedermann, F. (2015). Business impact analysis—a framework for a comprehensive analysis and optimization of business processes. Computer Science – Research and Development, 30(1), 69–86. https://doi.org/https://doi.org/10.1007/s00450-013-0247-3
  • Rinderle, S., Reichert, M., & Dadam, P. (2004). Correctness criteria for dynamic changes in workflow systems: A survey. Data & Knowledge Engineering, 50(1), 9–34. https://doi.org/https://doi.org/10.1016/j.datak.2004.01.002
  • Rinderle-Ma, S., Reichert, M., & Weber, B. (2008). On the formal semantics of change patterns in process-aware information systems. In Proc. 27th Int’l Conference on Conceptual Modeling (ER’08)(pp. 279-293), Barcelona, Spain.
  • Rosenkrantz, D.J., Stearns, R.E., & Lewis, I.P.M.I. (1977). An analysis of several heuristics for the traveling salesman problem. SIAM Journal on Computing, 6(3), 563–581. https://doi.org/https://doi.org/10.1137/0206041
  • Rudzajs, P., & Buksa, I. (2011). Business process and regulations: Approach to linkage and change management. In J. Grabis & M. Kirikova (Eds.), Perspectives in business informatics research (Vol. 90, pp. 96–109). Springer Berlin Heidelberg.
  • Runeson, P., & Höst, M. (2009). Guidelines for conducting and reporting case study research in software engineering. Empirical Software Engineering, 14(2), 131–164. https://doi.org/https://doi.org/10.1007/s10664-008-9102-8
  • Sackmann, S., & Kittel, K. (2015). Flexible workflows and compliance: A solvable contradiction? In J. Vom Brocke & T. Schmiedel (Eds.), BPM - Driving innovation in a digital world (pp. 247–258). Springer International Publishing.
  • Sackmann, S., Kühnel, S., & Seyffarth, T. (2018). Using business process compliance approaches for compliance management with regard to digitization: Evidence from a systematic literature review. In International Conference on Business Process Management (BPM) (pp. 409-425), Sydney, Australia.
  • Sadiq, S., Governatori, G., & Namiri, K. (2007). Modeling control objectives for business process compliance. In G. Alonso, P. Dadam, & M. Rosemann (Eds.), Business process management (Vol. 4714, pp. 149–164). Springer Berlin Heidelberg.
  • Santos, H., & Alves, C. (2017). Exploring the ambidextrous analysis of business processes: A design science research. In International conference on enterprise information systems (pp. 543–566), Porto, Portugal.
  • Schultz, M. (2013). Enriching process models for business process compliance checking in ERP environments. International Conference on Design Science Research in Information Systems, 120–135, Helsinki, Finland. https://doi.org/https://doi.org/10.1007/978-3-642-38827-9_9
  • Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., & van den Heuvel, W.-J. (2010a). Business process compliance through reusable units of compliant processes. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell, M. Naor, O. Nierstrasz, C. Pandu Rangan, B. Steffen, M. Sudan, D. Terzopoulos, D. Tygar, M. Y. Vardi, G. Weikum, F. Daniel, & F. M. Facca (Eds.), Current trends in web engineering (Vol. 6385, pp. 325–337). Springer Berlin Heidelberg.
  • Schumm, D., Karastoyanova, D., Leymann, F., & Strauch, S. (2011). Fragmento: Advanced process fragment library. 19th International Conference onInformation Systems Development, Prague, Czech Republic.
  • Schumm, D., Leymann, F., Ma, Z., Scheibler, T., & Strauch, S. (2010b). Integrating compliance into business processes: process fragments as reusable compliance controls. Proceedings of the Multikonferenz Wirtschaftsinformatik (pp. 10), Göttingen,Germany.
  • Seeliger, A., Guinea, A.S., & Mühlhäuser, M. (2019). Process Explorer: Intelligent process mining guidance. 17th International Conference on Business Process Management (BPM), 2019, (pp. 216–231), Vienna, Austria. https://doi.org/https://doi.org/10.1007/978-3-030-26619-6_15
  • Seyffarth, T., Kühnel, S., & Sackmann, S. (2016). ConFlex: An ontology-based approach for the flexible integration of controls into business processes. Proceedings of theMultikonferenz Wirtschaftsinformatik 2016 (MKWI'16), 2016, (pp. 1341–1352), Ilmenau, Germany.
  • Seyffarth, T., Kühnel, S., & Sackmann, S. (2017a). A taxonomy of compliance processes for business process compliance. In 15th international conference on business process management, business process management forum. In: Lecture Notes in Business Information Processing (LNBIP) (pp. 71–87), Barcelona, Spain.
  • Seyffarth, T., Kühnel, S., & Sackmann, S. (2017b). Welche Compliance-Anforderungen sind für Geschäftsprozessänderungen relevant?: Ein Ansatz zur Modellierung der Beziehungen. In Proceedings of the Informatik 2017, Lecture Notes in Informatics (LNI) (pp. 1641–1646), Chemnitz, Germany.
  • Seyffarth, T., Kühnel, S., & Sackmann, S. (2018). Business process compliance and business process change: An approach to analyze the interactions. In Business Information Systems. BIS 2018. Lecture notes in business information processing (pp. 176–189), Berlin, Germany.
  • Seyffarth, T., Kühnel, S., & Sackmann, S. (2019). Business process compliance despite change: Towards proposals for a business process adaption. Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, 350, 227–239. https://doi.org/https://doi.org/10.1007/978-3-030-21297-1_20
  • Seyffarth, T., & Raschke, K. (2018). BCIT: A tool for analyzing the interactions between business process compliance and business process change. Proceedings of the Dissertation Award and Demonstration, Industrial Track at BPM, 2018, 81–85. http://ceur-ws.org/Vol-2196/BPM_2018_paper_17.pdf
  • Seyffarth, T., & Raschke, K. (2020). BCIT: A tool to recommend compliant business processes based on process adaption. In Proceedings of the best dissertation award, doctoral consortium, and demonstration & resources track at BPM 2020 co-located with the 18th International Conference on Business Process Management (BPM 2020) (pp. 107–111), Vienna, Austria.
  • Sillaber, C., & Breu, R. (2012). Managing legal compliance through security requirements across service provider chains: A case study on the German Federal Data Protection Act. GI-Jahrestagung, Informatik 2012, (pp. 1306–1318), Braunschweig, Germany.
  • Sonnenberg, C., & Vom Brocke, J. (2012). Evaluation patterns for design science research artefacts. In M. Helfert & B. Donnellan (Eds.), Practical aspects of design science (Vol. 286, pp. 71–83). Springer Berlin Heidelberg.
  • Sturm, B., & Sunyaev, A. (2019). Design principles for systematic search systems: A holistic synthesis of a rigorous multi-cycle design science research journey. Business & Information Systems Engineering, 61(1), 91–111. https://doi.org/https://doi.org/10.1007/s12599-018-0569-6
  • The Institut der Wirtschaftsprüfer in Deutschland e.V. [Institute of Public Auditors in Germany, Incorporated Association]. (2002a). Principles of proper accounting when using information technology (IDW AcP FAIT 1).
  • The Institut der Wirtschaftsprüfer in Deutschland e.V. [Institute of Public Auditors in Germany, Incorporated Association]. (2002b). The audit of financial statements in an information technology environment (IDW AuS 330).
  • Turetken, O., Elgammal, A., van den Heuvel, W.-J., & Papazoglou, M. (2011). Enforcing compliance on business processes through the use of patterns. ECIS 2011 Proceedings, 2011, Helsinki, Finland. https://aisel.aisnet.org/ecis2011/5/
  • Venable, J., Pries-Heje, J., & Baskerville, R. (2016). FEDS: A Framework for Evaluation in Design Science Research. European Journal of Information Systems, 25(1), 77–89. https://doi.org/https://doi.org/10.1057/ejis.2014.36
  • Vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009). Reconstructing the giant: On the importance of rigour in documenting the literature search process. In 17th European Conference on Information Systems (pp. 2206–2217), Verona, Italy.
  • Weber, B., Reichert, M., & Rinderle-Ma, S. (2008). Change patterns and change support features: Enhancing flexibility in process-aware information systems. Data & Knowledge Engineering, 66(3), 438–466. https://doi.org/https://doi.org/10.1016/j.datak.2008.05.001
  • Webster, J., & Watson, R.T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, 26(2), xiii–xxiii.
  • Weske, M. (2019). Business process management: Concepts, languages, architectures (3rd ed.). Springer-Verlag Berlin Heidelberg.
  • Winter, R., & Fischer, R. (2006). Essential layers, artifacts, and dependencies of enterprise architecture. In 2006 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW’06) (pp. 30–37), Hong Kong, China. https://doi.org/https://doi.org/10.1109/EDOCW.2006.33
  • Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., & Wesslén, A. (2012). Experimentation in software engineering. Springer Berlin Heidelberg.
  • Yousafzai, S.Y., Foxall, G.R., & Pallister, J.G. (2007). Technology acceptance: A meta‐analysis of the TAM: Part 1. Journal of Modelling in Management, 2(3), 251–280. https://doi.org/https://doi.org/10.1108/17465660710834453

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.