Toward a Holistic Method for Regulatory Change Management

Sagar Sunkle, Vinay Kulkarni

Abstract

Complexity of regulatory compliance is heightened for modern enterprises due their global footprints and multiple regulations they are subjected to across varied domains and geographies and continual changes therein. This necessitates a method for compliance management that is capable of establishing compliance to both regulations and changes to regulations from a holistic perspective of governance, risk, and compliance (GRC). We propose such a method using a conceptual model of integrated GRC whereby formal compliance checking and norm change techniques for regulations represented as formal rules are coupled with business process change propagation and risk modeling. The method also considers legal and business goals of regulators and regulatees respectively in enacting compliance to regulation and changes therein. The method is substantiated with a brief example of a real world banking regulation.

References

  1. Alberth, S., Babel, B., Becker, D., Kaltenbrunner, G., Poppensieker, T., Schneider, S., Stegemann, U., and Wegner, T. (2012). Compliance and control 2.0: Unlocking potential through compliance and quality-control activities. McKinsey Working Papers on Risk, 33.
  2. Antoniou, G., Bikakis, A., Dimaresis, N., Genetzakis, M., Georgalis, G., Governatori, G., Karouzaki, E., Kazepis, N., Kosmadakis, D., Kritsotakis, M., Lilis, G., Papadogiannakis, A., Pediaditis, P., Terzakis, C., Theodosaki, R., and Zeginis, D. (2008). Proof explanation for a nonmonotonic semantic web rules language. Data & Knowledge Engineering, 64(3):662 - 687.
  3. Becker, J., Delfmann, P., Eggert, M., and Schwittay, S. (2012). Generalizability and applicability of modelbased business process compliance-checking approaches - a state-of-the-art analysis and research roadmap. BuR - Business Research, 5(2):221-247. Publication status: Published.
  4. Boella, G., Governatori, G., Rotolo, A., and van der Torre, L. (2009). Lex Minus Dixit Quam Voluit, Lex Magis Dixit Quam Voluit: A formal study on legal compliance and interpretation. In Casanovas, P., Pagallo, U., Sartor, G., and Ajani, G., editors, AI Approaches to the Complexity of Legal Systems., volume 6237 of Lecture Notes in Computer Science, pages 162-183. Springer.
  5. English, S. and Hammond, S. (2014). Cost of compliance 2014 (Thomson Reuters Accelus).
  6. French Caldwell, J. A. W. (2013). Magic quadrant for enterprise governance, risk and compliance platforms (Gartner).
  7. Gómez-Sebastià, I., Í lvarez-Napagao, S., VázquezSalceda, J., and Felipe, L. O. (2012). Towards runtime support for norm change from a monitoring perspective. In Ossowski, S., Toni, F., and Vouros, G. A., editors, Proceedings of the First International Conference on Agreement Technologies, AT 2012, Dubrovnik, Croatia, October 15-16, 2012, volume 918 of CEUR Workshop Proceedings, pages 71-85. CEUR-WS.org.
  8. Governatori, G., Hoffmann, J., Sadiq, S., and Weber, I. (2009). Detecting regulatory compliance for business process models through semantic annotations. In Ardagna, D., Mecella, M., and Yang, J., editors, Business Process Management Workshops, volume 17 of Lecture Notes in Business Information Processing, pages 5-17. Springer Berlin Heidelberg.
  9. Governatori, G. and Rotolo, A. (2008a). Changing legal systems: Abrogation and annulment part I: revision of defeasible theories. In van der Meyden, R. and van der Torre, L., editors, Deontic Logic in Computer Science, 9th International Conference, DEON 2008, Luxembourg, Luxembourg, July 15-18, 2008. Proceedings, volume 5076 of Lecture Notes in Computer Science, pages 3-18. Springer.
  10. Governatori, G. and Rotolo, A. (2008b). Changing legal systems: Abrogation and annulment. part II: temporalised defeasible logic. In Boella, G., Pigozzi, G., Singh, M. P., and Verhagen, H., editors, Third International Workshop on Normative Multiagent Systems - NorMAS 2008, Luxembourg, July 15-16, 2008. Proceedings, pages 112-127.
  11. Koehler, J. (2011). The process-rule continuum - can BPMN & SBVR cope with the challenge? In Hofreiter, B., Dubois, E., Lin, K., Setzer, T., Godart, C., Proper, E., and Bodenstaff, L., editors, 13th IEEE Conference on Commerce and Enterprise Computing, CEC 2011, Luxembourg-Kirchberg, Luxembourg, September 5-7, 2011, pages 302-309. IEEE Computer Society.
  12. Liu, Y., Müller, S., and Xu, K. (2007). A static compliancechecking framework for business process models. IBM Systems Journal, 46(2):335-362.
  13. Ly, L. T., Knuplesch, D., Rinderle-Ma, S., Göser, K., Pfeifer, H., Reichert, M., and Dadam, P. (2010). Seaflows toolset - compliance verification made easy for process-aware information systems. In Soffer, P. and Proper, E., editors, Information Systems Evolution - CAiSE Forum 2010, Hammamet, Tunisia, June 7-9, 2010, Selected Extended Papers, volume 72 of Lecture Notes in Business Information Processing, pages 76-91. Springer.
  14. Neiger, D., Churilov, L., zur Muehlen, M., and Rosemann, M. (2006). Integrating risks in business process models with value focused process engineering. In Ljungberg, J. and Andersson, M., editors, Proceedings of the Fourteenth European Conference on Information Systems, ECIS 2006, Göteborg, Sweden, 2006, pages 1606-1615.
  15. Racz, N., Weippl, E., and Seufert, A. (2011). Governance, risk & compliance (GRC) software - an exploratory study of software vendor and market research perspectives. In Proceedings of the 2011 44th Hawaii International Conference on System Sciences, HICSS 7811, pages 1-10, Washington, DC, USA. IEEE Computer Society.
  16. Racz, N., Weippl, E. R., and Seufert, A. (2010). A frame of reference for research of integrated governance, risk and compliance (GRC). In Decker, B. D. and Schaumüller-Bichl, I., editors, Communications and Multimedia Security, 11th IFIP TC 6/TC 11 International Conference, CMS 2010, Linz, Austria, May 31 - June 2, 2010. Proceedings, volume 6109 of Lecture Notes in Computer Science, pages 106-117. Springer.
  17. Sadiq, S. W., Governatori, G., and Namiri, K. (2007). Modeling control objectives for business process compliance. In Alonso, G., Dadam, P., and Rosemann, M., editors, Business Process Management, 5th International Conference, BPM 2007, Brisbane, Australia, September 24-28, 2007, Proceedings, volume 4714 of Lecture Notes in Computer Science, pages 149-164. Springer.
  18. Sinur, J. (2009). The art and science of rules vs. process flows (Gartner Research Report G00166408).
  19. Sunkle, S., Kholkar, D., Rathod, H., and Kulkarni, V. (2014). Incorporating directives into enterprise TOBE architecture. In Grossmann, G., Hallé, S., Karastoyanova, D., Reichert, M., and Rinderle-Ma, S., editors, 18th IEEE International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, EDOC Workshops 2014, Ulm, Germany, September 1-2, 2014, pages 57-66. IEEE.
  20. Sunkle, S., Roychoudhury, S., and Kulkarni, V. (2013). Using Intentional and System Dynamics Modeling to Address WHYs in Enterprise Architecture. In Cordeiro, J., Marca, D. A., and van Sinderen, M., editors, ICSOFT, pages 24-31. SciTePress.
  21. Switzer, C. S., Suri, A., Kapoor, G., and Nazemoff, V. (2013). Governance, risk management, and compliance: Creating the right grc strategy for your company Books24x7.
  22. Vicente, P. and da Silva, M. M. (2011). A conceptual model for integrated governance, risk and compliance. In Mouratidis, H. and Rolland, C., editors, Advanced Information Systems Engineering - 23rd International Conference, CAiSE 2011, London, UK, June 20-24, 2011. Proceedings, volume 6741 of Lecture Notes in Computer Science, pages 199-213. Springer.
Download


Paper Citation


in Harvard Style

Sunkle S. and Kulkarni V. (2015). Toward a Holistic Method for Regulatory Change Management . In Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD, ISBN 978-989-758-111-3, pages 218-223. DOI: 10.5220/0005887402180223


in Bibtex Style

@conference{bmsd15,
author={Sagar Sunkle and Vinay Kulkarni},
title={Toward a Holistic Method for Regulatory Change Management},
booktitle={Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,},
year={2015},
pages={218-223},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005887402180223},
isbn={978-989-758-111-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,
TI - Toward a Holistic Method for Regulatory Change Management
SN - 978-989-758-111-3
AU - Sunkle S.
AU - Kulkarni V.
PY - 2015
SP - 218
EP - 223
DO - 10.5220/0005887402180223