Towards Multi-level Organizational Control Framework to Manage the Business Transaction Workarounds

Sérgio Guerreiro


Organizations strive to find solutions that perform their business processes more efficiently and effective. Steering the organizational operation using a priori prescribed models derives from the classical control engineering theories. These approaches are valid for business information systems domain but require contextual adaptation for dealing with concerns such as change management. In the context of business transaction, the models prescribe the design freedom restrictions for producing a new service or product, and share a common understanding between the stakeholders that have diverse interpretations of it. However, for many and diverse reasons, organizational actors perform workarounds at operation time that could be extremely different from the previous prescribed business transaction models. This paper reviews the organizational control related work and synthesizes it in a conceptual framework. The goal is to establish a set of concepts, and their relationships, to identify workarounds occurring at operation time and then feedback the organizational management with reviewed models, where the control solution encompasses three competence levels: enterprise governance, business rules and access control.


  1. Alter S., 2013, Theory of Workarounds. Communications of the Association for Information Systems.
  2. Alter, S., 2013. Work System Theory: Overview of Core Concepts, Extensions, and Challenges for the Future, Journal of the Association for Information Systems, 14 (2), article 1.
  3. Beer, S., 1979. The Heart of the Enterprise, John Wiley & Sons Inc. New York, NY.
  4. Beer, S., 1981. Brain of the Firm: The Managerial Cybernetics of Organization. John Wiley & Sons Inc. New York, NY.
  5. Bertalanffy, L., 1969. General Systems Theory. George Braziller, New York, NY.
  6. Bertino, E., Ferrari, E., and Atluri, V., 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur., 2(1):65-104.
  7. Davison, R., & Ou, C., 2013. Sharing Knowledge In Technology Deficient Environments: Individual Workarounds Amid Corporate Restrictions. In 21th European Conference on Information Systems, Utrecht.
  8. DHS, 2013. Department of homeland security strategic plan fiscal years 2008-2013. Homeland Security, USA, retrieved from
  9. Dietz, J., 2006. Enterprise Ontology - Theory and Methodology. Berlin, Heidelberg, Springer-Verlag.
  10. Dietz, J., Hoogervorst, J., Albani, A., Aveiro, D., Babkin, E., Barjis, J., Caetano, A., Huysmans, P., Iijima, J., van Kervel, S., Mulder, H., Op 't Land, M., Proper, H., Sanz, J., Terlouw, L., Tribolet, J., Verelst, J., & Winter, R., 2013. The discipline of enterprise engineering. International Journal of Organisational Design and Engineering, 3 (1), 86-114.
  11. ENISA, 2013. European network and information security agency. Retrieved September 20, 2013, from
  12. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R., 2001. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 4(3):224-274.
  13. Franklin, F., Powell, D., & Emami-Naeini, A., 2009. Feedback control of dynamic systems. 6th ed. Addison-Wesley Publishing Company.
  14. Guerreiro, S., Vasconcelos, A, & Tribolet, J., 2012. Enterprise dynamic systems control enforcement of run-time business transactions. In EEWC 2012, series Lecture Notes in Business Information Processing, volume 110, part 2, Delft, Netherlands pp.46-60.
  15. Guerreiro, S., & Tribolet, J., 2013. Conceptualizing Enterprise Dynamic Systems Control for Run-Time Business Transactions. In 21th European Conference on Information Systems, Utrecht.
  16. Herwig, M. & Verelst, J. 2009. Normalized Systems: Recreating Information Technology based on Laws for Software Evolvability. Koppa.
  17. Hoogervorst, J., & Dietz, J., 2008. Enterprise architecture in enterprise engineering. Enterprise Modelling and Information Systems Architecture, 3 (1), 3-11.
  18. Hoogervorst, J., 2009. Enterprise governance and enterprise engineering. Springer-Verlag.
  19. IBM, 2012. Fast track to the future, IBM Center for Applied Insights, The 2012 IBM Tech Trends Report.
  20. ISACA, 2013. Control Objectives for Information and related Technology, COBIT 5.
  21. Kang, M. H., Park, J. S., and Froscher, J. N., 2001. Access control mechanisms for interorganizational workflow. In SACMAT 7801: Proceedings of the sixth ACM symposium on Access control models and technologies, pp. 66-74, New York, NY, USA. ACM.
  22. Land, M., Proper, E., Waage, M., Cloo, J., and Steghuis, C., 2009. Enterprise Architecture Creating Value by Informed Governance. Springer-Verlag.
  23. Muehlen, M. & Indulska, M., 2010. Modeling languages for business processes and business rules: A representational analysis. Information Systems Journal, 35 (4), 379-390.
  24. Nordberg, T., 2009. Security and trust, the foundation for building an eunion. Paper presented at the Proceedings of the 5th Ministerial eGovernment Conference, Malmö.
  25. OGC, 2011. Office for Government Commerce, ITIL v3, Information Technology Infrastructure Library.
  26. OMG, 2013. Object management group. Semantics of business vocabulary and business rules. Retrieved from
  27. Rozinat, A. & van der Aalst, W., 2008. Conformance checking of processes based on monitoring real behavior. Information Systems Journal, 33 (1), 64-95.
  28. U.S. Securities, 2010. U.S. security & exchange commission: Preliminary findings regarding market events of may 6. U.S. Commodity Futures Trading U.S. Securities & Exchange Commission, 2010.
  29. Wand, Y. & Weber, R., 1993. On the ontological expressiveness of information systems analysis and design grammars, Information Systems Journal, 3 (4), 217-237.

Paper Citation

in Harvard Style

Guerreiro S. (2014). Towards Multi-level Organizational Control Framework to Manage the Business Transaction Workarounds . In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-758-029-1, pages 288-294. DOI: 10.5220/0004870502880294

in Bibtex Style

author={Sérgio Guerreiro},
title={Towards Multi-level Organizational Control Framework to Manage the Business Transaction Workarounds},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - Towards Multi-level Organizational Control Framework to Manage the Business Transaction Workarounds
SN - 978-989-758-029-1
AU - Guerreiro S.
PY - 2014
SP - 288
EP - 294
DO - 10.5220/0004870502880294