Application and Economic Implications of an Automated Requirement-Oriented and Standard-Based Compliance Monitoring and Reporting Prototype

2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI:10.1109/ARES.2010.88

M. Kehlenbeck, Thorben Sandner, M. Breitner

{"title":"Application and Economic Implications of an Automated Requirement-Oriented and Standard-Based Compliance Monitoring and Reporting Prototype","authors":"M. Kehlenbeck, Thorben Sandner, M. Breitner","doi":"10.1109/ARES.2010.88","DOIUrl":null,"url":null,"abstract":"Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"07 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.88","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.

查看原文本刊更多论文

面向需求和基于标准的自动化遵从性监控和报告原型的应用和经济意义

法规遵从性管理是一项具有挑战性的任务，受到不断增加的法律要求的影响。通过将控制活动合并到业务流程中，可以确保符合法律要求。但是，这些控制活动的维护和监视是一项复杂、耗时且通常是手动的任务。然而，控制异常的及时沟通是法规遵循管理成功的一个重要因素。本文提出了一个自动化合规监测和报告系统的创新原型实现。该系统基于既定的标准和现有的技术。特别是，业务流程用BPMN表示，用XPDL建模，控制活动使用COSO链接到风险，控制异常使用SWRL定义，访问控制数据从专有模型转换为XACML。原型机的开发与普通的设计科学研究是一致的。根据不同的业务需求和信息需求，简要地讨论了所开发原型的应用及其经济含义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量