the study described in this paper is considered to be
unique.
Business process studies from the perspective of
law compliance and standards are part of the field of
business process compliance. These studies provide
a framework for internal control in accordance with
the Committee of Sponsoring Organizations of the
Treadway Commission (COSO) and in accordance
with health care privacy as established by the U.S.
Health Insurance Portability and Accountability Act
of 1996 (HIPPA) by analyzing the entire laws and
standards. (Breaux et al., 2006); (Siena et al., 2009)
However, this paper does not provide a specific
method that conforms to the standards established by
COSO and HIPPA.
We are aware of a Resources, Events, and
Agents (REA) study that analyzes and models
financial accounting systems. In that study, all
aspects of financial accounting are analyzed, but
specific proposals for accounting audits are not
provided. (McCarthy, 1982)
6 CONCLUSION
Comparison of received transaction documents with
archived transaction documents by a person in
charge of each division in a company is naturally
performed to prevent any errors in the operation of
each division. However, we cannot conclude that
such a simple check in each division is enough to
ensure consistency for the entire set of transaction
documents in the business process, despite
consistency in transaction documents belonging to
individual divisions.
As indicated above, if the business process is
properly designed, the consistency for the entire set
of transaction documents is ensured. This operation
approximately corresponds to auditing done by
CPAs to confirm the existence of transactions.
This paper proposes a method of assessing
business processes by checking transaction
documents for inconsistency risks. This method
consists of a “Business Process Diagram” and an
“Inconsistency Risk Detection Algorithm.”
Using the "Business Process Diagram" and the
"Inconsistency Risk Detection Algorithm,” business
processes can be classified in two categories. For
any process in the first category, the consistency of
any pair of transaction documents in the process is
checked, and there is no risk of inconsistency. For
any process in the second category, the consistency
of some pairs of transaction documents in the
process cannot be checked, and there is a risk of
inconsistency.
When a business process is properly designed to
meet the needs of the business process in the first
category, inconsistency risks can be reduced.
We confirmed in the case study that the standard
purchase order process established in the practices,
due to the accumulation of experience over many
years, is a business process in the first category.
This study aims to establish a high-quality
method for inconsistency risk evaluation that can be
incorporated into business rules and business
processes by analyzing documents that are created
on the basis of business rules and business processes.
In this study, we modeled the business processes of
transactions and assessed them for consistency risks.
We will pursue logical verification by using
CafeOBJ to refine our "Inconsistency Risk Detection
Algorithm."
We will research a method to investigate
mistakes and fraud in business processes in the
future.
ACKNOWLEDGEMENTS
We thank Prof. Syuji Iida and Dr. Yasuhito Arimoto,
Prof. Takao Okubo, Prof. Naoharu Kaiya, Mr.
Motoharu Hirukawa, Ms. Junko Torimitsu for their
valuable comments and feedback for our approach.
REFERENCES
K. Shimizu, M. Nakamura, 2007: Internal Control for IT
Professionals, Zeimukeiri Kyoukai (in Japanese).
M. Maruyama, S. Kamei and T. Miki, 2008: Readings
from Internal Control Environment, Shoeisha (in
Japanese).
M. Sasano, 2006: Introduction and Practice of Internal
Control, Chuokeizaisha (in Japanese).
A. Kaneko 2001: Business Seminar Company Accounting
Introduction, Third Edition, Nihon Keizai Shimbun,
Inc. (in Japanese).
H. Yamaura, 2002: Financial Auditing Theory, second
edition, Chuokeizaisha (2002) (in Japanese).
T. Cormen, C. Leiserson, R. Rivest and C. Stein, 2009:
Introduction to Algorithms [Volume 2], third edition,
MIT Press.
Travis D. Breaux, Matthew W. Vail, and Annie I. Anton,
2006: Towards Regulatory Compliance: Extracting
Rights and Obligations to Align Requirements with
Regulations. RE 2006: 46-55.
Alberto Siena, Anna Perini, Angelo Susi, and John
Mylopoulos, 2009: Towards a framework for law-
compliant software requirements. ICSE Companion
2009: 251-254.
Sixth International Symposium on Business Modeling and Software Design
44