Abstract
Today’s business entities face an ever-growing number of laws and regulations due to recent high profile business scandals and failures. Small and medium scale enterprises (SMSE) in developing countries do not have an efficient compliance checking mechanism to make their business processes compliant with these regulatory standards. This checking mechanism is needed to give the enterprises full assurance of complete adherence to regulatory standards, bodies, or Service Level Agreements. Therefore, a structured and efficient compliance management model is needed to aid SMSE in launching their businesses safely and to ensure business processes fit into the classical regulatory standards. This paper presents a business rules compliance checking model and architecture for SMSEs in developing countries to verify and monitor their business process models at design time and at run time. It involves a systematic compliance requirements classification and analysis that employs a goal based requirement engineering approach prior to design time verification. It also introduces the idea and demonstration of network analysis for runtime business processes monitoring. The business process model will be verified at design time using a Simple PROMELA Interpreter model checker through Linear Temporal Logic rules. The approaches were tested on a financial institution in Nigeria, a developing nation in Africa at the time of this research. In order to ensure that the choice of the requirements analysis approach was efficient, a number of standard metrics for evaluating requirements engineering techniques were used and promising results were obtained. We also carried out a comparative analysis of the proposed approach in this paper with the approaches of previous research papers. This approach proved to be effective in terms of clarity, simplicity, flexibility and expressiveness while reducing incomplete adherence of business processes and enhancing the correctness of the business process.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Adeleke RA, Halid OY, Ogunwale OD, Olubiyi AO (2011) Application of network analysis to project management. Pac J Sci Technol 12(1):305–313
Anton AI (1996) Goal based requirements Analysis. In: Proceedings of ICRE. IEEE, pp 136–144
Barnawi A, Awad A, Elgammal A, Elshawi R, Almalaise A, Sakr S (2015) BP-MaaS: a runtime compliance-monitoring system for business processes. In: Motahari-Nezhad HR, Recker J, Weidlich M (eds) 13th conference in business process management (BPM15). Springer, Innsbruck
Becker J, Ahrendt C, Coners A, Weiß B, Winkelmann A (2011) Modeling and analysis of business process compliance. In: Governance and sustainability in information systems. Managing the transfer and diffusion of IT. Springer, Berlin, pp 259–269
Breaux TD, Anton AI (2007) A Systematic method for acquiring regulatory requirements: a frame-based approach. In: 6th international workshop on requirements for high assurance systems (RHAS-6)
Cabanillas C, Knuplesch D, Resinas M, Reichert M, Mendling J, Ruiz-Cortés A (2015) RALph: a graphical notation for resource assignments in business processes. In: Zdravkovic J, Kirikova M, Johannesson P (eds) Advanced information systems engineering, CAiSE, vol 9097. Springer International Publishing, Cham, pp 53–68
CBN (2009) The CBN anti-money laundering/combating financing of terrorism (AML/CFT) Regulation 2009 which included the Know Your Customer (KYC) Act
CBN (2010) Revised Guideline for prudential guideline for financial institutions, June 2010
CBN (2012) The CBN revised regulatory and supervisory guidelines for Microfinance Banks (MFB) in Nigeria, December 2012
Daniel F, Casati F, D’Andrea V, Strauch S, Schumm D, Leymann F, Mulo E, Zdun U, Dustdar S, Sebahi S, de Marchi F, Hacid M (2009) Business compliance governance in service-oriented architectures. In: Proceedings of the IEEE 23rd international conference on advanced information networking and applications (AINA’09). IEEE Press
Elgammal A, Turetken O (2015) Lifecycle business process compliance management: a semantically-enabled framework. 978-1-4673-6618-2/15/$31.00 ©2015. IEEE
Elgammal A, Turetken O, van den Heuvel WJ, Papazoglou M (2014) Formalizing and applying compliance patterns for business process compliance. Softw Syst Model 15:119–146
Ernst & Young A (2010) The Ernst & Young business risk Report 2010—the top 10 risks for global business. Found at www.ey.com/au. 6:47
Iqbal S, Khan MNA (2012) Yet another set of requirement metrics for software projects. Int J Software Eng Appl 6(1):19
Koetter F, Kochanowski M, Weisbecker A, Fehling C, Leymann F (2014) Integrating compliance requirements across business and it. In: Enterprise distributed object computing conference (EDOC), IEEE 18th International, pp 218–225
Ly LT, Rinderle-Ma S, Göser K, Dadam P (2012) On enabling integrated process compliance with semantic constraints in process management systems. Inf Syst Fron 14(2):195–219
Morales LEM (2014) Business process verification: the application of model checking and timed automata. CLEI Electron J 17(2):2
OMG (2011) Business Process Model and Notation (BPMN)—version 2.0. Object Management Group (OMG)
Open Group Source. http://www.opengroupsource.com. Accesses Nov 2015
Papazoglou M (2011) Making business processes compliant to standards and regulations. In: 15th EDOC 2011 conference, held in August–September (2011) in Helsinki, Finland
Pham TA, Le Thanh N (2015) Checking the compliance of business processes and business rules using OWL2 ontology and SWRL. In: Proceedings of the 2nd international Afro-European conference for industrial advancement AECIA 2015. Springer, pp 11–20
Solaiman E, Sun W, Molina-Jimenez C (2015) Tool for the automatic verification of BPMN choreographies. In: 2015 IEEE international conference on services computing. pp 728–735
Turetken O, Elgammal A, van den Heuvel WJ, Papazoglou MP (2011) Enforcing compliance on business processes through the use of patterns. In: 19th European conference on information systems, Finland, June 2011
Wenzhong S (2012) Design and implementation of a BPMN to PROMELA Translator. MSc Dissertation in Advanced Computer Science. School of Computing Science, Newcastle University, UK, August 2012
Winston WL, Venkataramanan M, Goldberg JB (2003) Introduction to mathematical programming, vol 1. Thomson/Brooks/Cole, Pacific Grove
Acknowledgements
The authors would like to thank the anonymous reviewers for their thorough review and contributions.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mustapha, A.M., Arogundade, O.T., Vincent, O.R. et al. Towards a compliance requirement management for SMSEs: a model and architecture. Inf Syst E-Bus Manage 16, 155–185 (2018). https://doi.org/10.1007/s10257-017-0354-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10257-017-0354-y