Business Process Compliance
Public sector ICT systems that deliver services to citizens are expensive to develop due to the extensive legislative and regulatory framework within which they must operate. Such requirements are subject to frequent change, leading to repeated effort in keeping ICT systems current and certified – work greatly complicated by their scale. The Australian Federal Government alone spends around $6 billion on ICT per year. Total public sector ICT spending (local, state and federal) in 2007–08 was $18.45 billion.
These issues are not confined to the public sector: ICT systems are now essential to control, administer and enact all core business activities, and business processes are increasingly constrained by regulation. Process compliance is now a major concern for all public and private sector businesses. Failure to comply is no longer an option
The NICTA Approach
Compliance is the set of activities, procedures, processes in a business to ensure that the core activities of a business are aligned with relevant laws, regulations and guidelines. The NICTA’s Business Process Compliance research develops a framework to capture the normative requirements, and combine and compare them with the specifications of the business processes. The approach combines aspects from different disciplines. The key aspects for a compliance-by-design methodology we envisage include:
- Formal models of normative reasoning (including modelling deontic concepts, e.g., obligations, permissions, prohibitions, violations);
- Extensions of business process models and languages with semantic annotations;
- Efficient compliance checking algorithms.
- Natural rule-based representation of normative requirements
- Integration and alignment of business processes with relevant regulatory framework
- Ability to interface with different business process and workflow languages and systems
- Efficient algorithms for checking compliance in all life-cycle phases of business processes (design-time, run-time, auditing)
- Better understanding of regulatory requirements for business processes
- Ability to design and maintain compliant-by-design business processes
- Reduced maintenance cost of business process on face of changes in the regulatory requirements.
- Increased capability of auditing business processes. Processes run by process aware information systems can be audited and screened automatically.
Dr Guido Governatori
Queensland Research Laboratory
GPO Box 2434, Brisbane, Queensland 4001, Australia
Telephone: +61 0400 934 738