www.governatori.net

Publications on Business Process Modelling

Guido Governatori, Jörg Hoffmann, Shazia Sadiq, and Ingo Weber.

Detecting regulatory compliance for business process models through semantic annotations. In 4th International Workshop on Business Process Design, Milan, 1 September 2008 2008.
Abstract: A given business process may face a large number of regulatory obligations the process may or comply with. Providing tools and techniques through which an evaluation of the compliance degree of a given process can be undertaken is seen as a key objective in emerging business process platforms. We address this problem through a diagnostic framework that provides the ability to assess the compliance gaps present in a given process. Checking whether a process is compliant with the rules involves enumerating all reachable states and is hence, in general, a hard search problem. The approach taken here allows to provide useful diagnostic information in polynomial time. The approach is based on two underlying techniques. A conceptually faithful representation for regulatory obligations is firstly provided by a formal rule language based on a non-monotonic deontic logic of violations. Secondly, processes are formalized through semantic annotations that allow a logical state space to be created. The intersection of the two allows us to devise an efficient method to detect compliance gaps; the method guarantees to detect all obligations that will necessarily arise during execution, but that will not necessarily be fulfilled.
 

Guido Governatori, Zoran Milosevic and Shazia Sadiq.

Compliance checking between business processes and business contracts. In Patrick C. K. Hung, editor, 10th International Enterprise Distributed Object Computing Conference (EDOC 2006), Hong Kong, 16-20 October. pages 221-232. IEEE Computing Society, 2006. Copyright © IEEE
Abstract: It is a typical scenario that many organisations have their business processes specified independently of their business contracts. This is because of the lack of guidelines and tools that facilitate derivation of processes from contracts but also because of the traditional mindset of treating contracts separately from business processes. This paper provides a solution to one specific problem that arises from this situation, namely the lack of mechanisms to check whether business processes are compliant with business contracts. The central part of the paper are logic based formalism for describing both the semantics of contract and the semantics of compliance checking procedures.
 

Guido Governatori, Zoran Milosevic, Shazia Sadiq and Maria Orlowska.

On Compliance of business processes with business contracts Technical Report, School of Information Technology and Electrical Engineering, The University of Queensland. 2006.
Abstract: This paper addresses the problem of ensuring compliance of business processes, implemented within and across organisational boundaries, with the constraints stated in related business contracts. In order to deal with the complexity of this problem we propose two solutions that allow for a systematic and increasingly automated support for addressing two specific compliance issues. One solution provides a set of guidelines for progressively transforming contract conditions into business processes that are consistent with contract conditions thus avoiding violation of the rules in contract. Another solution compares rules in business contracts and rules in business processes to check for possible inconsistencies. Both approaches rely on a computer interpretable representation of contract conditions that embodies contract semantics. This semantics is described in terms of a logic based formalism allowing for the description of obligations, prohibitions, permissions and violations conditions in contracts. This semantics was based on an analysis of typical building blocks of many commercial, financial and government contracts. The study proved that our contract formalism provides a good foundation for describing key types of conditions in contracts, and has also given several insights into valuable transformation techniques and formalisms needed to establish better alignment between these two, traditionally separate areas of research and endeavour. The study also revealed a number of new areas of research, some of which we intend to address in near future.
 

Guido Governatori, Antonino Rotolo and Shazia Sadiq.

A Model of Dynamic Resource Allocation in Workflow Systems. In Klaus-Dieter Schewe and Hugh E. Williams, editors, Database Technology 2004, Dunedin, New Zealand, 19-21 January. pages 197-206. Conference Research and Practice of Information Technology 27. ACS, 2004. Copyright © ACS
Abstract: Current collaborative work environments are characterized by dynamically changing organizational structures. Although there have been several efforts to refine work distribution, especially in workflow management, most literature assumes a static database approach which captures organizational roles, groups and hierarchies and implements a dynamic roles based agent assignment protocol. However, in practice only partial information may be available for organizational models, and in turn a large number of exceptions may emerge at the time of work assignment. In this paper we present an organizational model based on a policy based normative system. The model is based on a combination of an intensional logic of agency and a flexible, but computationally feasible, non-monotonic formalism (Defeasible Logic). Although this paper focuses on the model specification, the proposed approach to modelling agent societies provides a means of reasoning with partial and unpredictable information as is typical of organizational agents in workflow systems.
 

Ruopeng Lu, Shazia Sadiq, and Guido Governatori.

A framework for utilizing preferred work practice for business process evolution. In Witold Abramowicz and Heinrich C. Mayr, editors, Technologies for Business Information Systems, pages 39-50. Springer, Dordrecht, 2007, Copyrigth © 2007 Springer.
Abstract: Many Business Process Management (BPM) systems provide best practice process models, both generic as well as for specific industry sectors. However, it is often the variance from template solutions that provide organizations with intellectual capital and competitive differentiation. Although variance must comply with various contractual, regulatory and operational constraints, it is still an important information resource, representing preferred work practices. In this paper, we present a framework that utilizes desired work practice to support business process evolution. The framework on one hand provides the ability to use domain expert knowledge and experience to tailor individual process instances according to case specific requirements; and on the other, provides a means of using this knowledge through learning techniques to guide subsequent process refinements.
 

Ruopeng Lu, Shazia Sadiq, and Guido Governatori.

Compliance aware business process design. In Arthur H.M. ter Hofstede, Boualem Benatallah, and Hye-Young Paik, editors, 3rd International Workshop on Business Process Design (BPD'07), LNCS 4928, pages 120-131. Springer, 2007. Copyrigth © 2007 Springer.
Abstract: Historically, business process design has been driven by business objectives, specifically process improvement. However this cannot come at the price of control objectives which stem from various legislative, standard and business partnership sources. Ensuring the compliance to regulations and industrial standards is an increasingly important issue in the design of business processes. In this paper, we advocate that control objectives should be addressed at an early stage, i.e., design time, so as to minimize the problems of runtime compliance checking and consequent violations and penalties. To this aim, we propose supporting mechanisms for business process designers. This paper specifically presents a support method which allows the process designer to quantitatively measure the compliance degree of a given process model against a set of control objectives. This will allow process designers to comparatively assess the compliance degree of their design as well as be better informed on the cost of non-compliance.
 

Ruopeng Lu, Shazia Sadiq and Guido Governatori.

Utilizing Successful Work Practice for Business Process Evolution. In Witold Abramowicz and Heinrich C. Mayr, editors, Business Information Systems (BIS 2006), Klagenfurt, Austria, May 31-June 2. pages 58-76. LNI 85. Bonner Köllen Verlag, Berlin, 2006. Copyright © GI.
Abstract: Business process management (BPM) has emerged as a dominant technology in current enterprise systems and business solutions. However, business processes are always evolving in current dynamic business environments where requirements and goals are constantly changing. Whereas literature reports on the importance of domain experts in process modelling and adaptations, current solutions have not addressed this issue effectively. In this paper, we present a framework that utilizes successful work practice to support business process evolution. The framework on one hand provides the ability to use domain expert knowledge and experience to tailor individual process instances according to case specific requirements; and on the other, provides a means of using this knowledge through learning techniques to guide subsequent process changes.
 

Ruopeng Lu, Shazia Sadiq, Vineet Padmanabhan and Guido Governatori.

Using a Temporal Constraint Network for Business Process Execution. In Gillian Dobbie and James Bailey, editors, Seventeenth Australasian Database Conference (ADC2006), Hobart, Australia, 16-19 January. pages 157-166. CRPIT 49. ACS, Sydney, 2006. Copyright © ACS
Abstract: Business process management (BPM) has emerged as a dominant technology in current enterprise systems and business solutions. However, the technology continues to face challenges in coping with dynamic business environments where requirements and goals are constantly changing. In this paper, we present a modelling framework for business processes that is conducive to dynamic change and the need for flexibility in execution. This framework is based on the notion of process constraints. Process constraints may be specified for any aspect of the process, such as task selection, control flow, resource allocation, etc. Our focus in this paper is on a set of scheduling constraints that are specified through a temporal constraint network. We will demonstrate how this specification can lead to increased flexibility in process execution, while maintaining a desired level of control. A key feature and strength of the approach is to use the power of constraints, while still preserving the intuition and visual appeal of graphical languages for process modelling.
 

Vineet Padmanabhan, Guido Governatori, Shazia Sadiq, Robert M. Colomb and Antonino Rotolo.

Process Modelling: The Deontic Way. In Markus Stumptner, Sven Hartmann and Yasushi Kiyoki, editors, Conceptual Modelling 2006. Proceedings of the Thirds Asia-Pacific Conference on Conceptual Modelling (APCCM2006), Hobart, 16-19 January. pages 75-84. CRPIT 53. Australian Computer Science Communications, Sydney, 2006. Copyright © ACS
Abstract: Current enterprise systems rely heavily on the modelling and enactment of business processes. One of the key criteria for a business process is to represent not just the behaviours of the participants but also how the contractual relationships among them evolve over the course of an interaction. In this paper we provide a framework in which one can define policies/business rules using deontic assignments to represent the contractual relationships. To achieve this end we use a combination of deontic/normative concepts like proclamation, directed obligation and direct action to account for a deontic theory of commitment which in turn can be used to model business processes in their organisational settings. In this way we view a business process as a social interaction process for the purpose of doing business. Further, we show how to extend the $i*$ framework, a well known organisational modelling technique, so as to accommodate our notion of deontic dependency.
 

Shazia Sadiq, Guido Governatori and Kioumars Niamiri.

Modeling Control Objectives for Business Process Compliance. In 4th International Conference on Business Process Management. LNCS. Springer-Verlag, Berlin 2007. Copyrihgt © Springer-Verlag 2007.
Abstract: Business process design is primarily driven by process improvement objectives. However, the role of control objectives stemming from regulations and standards is becoming increasingly important for businesses in light of recent events that led to some of the largest scandals in corporate history. As organizations strive to meet compliance agendas, there is an evident need to provide systematic approaches that assist in the understanding of the interplay between (often conflicting) business and control objectives during business process design. In this paper, our objective is twofold. We will firstly present a research agenda in the space of business process compliance, identifying major technical and organizational challenges. We then tackle a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models. Control objective modeling is proposed through a specialized modal logic based on normative systems theory, and the visualization of control objectives on business process models is achieved procedurally. The proposed approach is demonstrated in the context of a purchase-to-pay scenario.
 

Ingo Weber, Guido Governatori, and Jörg Hoffmann.

Approximate compliance checking for annotated process models. In Marta Indulska, Shazia Sadiq, and Michael zur Muehlen, editors, Proceedings of CAiSE 2008 Workshop on Governance, Risk and Compliance in Information Systems (GRCIS 2008), Montpellier, 17 June 2008.
Abstract: We describe a method for validating whether the states reached by a process are compliant with a set of constraints. This serves to (i) check the compliance of a new or altered process against the constraints base, and (ii) check the whole process repository against a changed constraints base, e.g., when new regulations come into being. For these purposes we formalize a particular class of compliance rules as well as annotated process models, the latter by combining a notion from the workflow literature with a notion from the AI actions and change literature. The compliance rules in turn pose restrictions on the desirable states. Each rule takes the form of a clausal constraint, i.e., a disjunction of literals. If for a given state there is a grounded clause none of whose literals are true, then the constraint is violated and indicates non-compliance. Checking whether a process is compliant with the rules involves enumerating all reachable states and is in general a hard search problem. Since long waiting times undesirable, it is important to explore restricted classes and approximate methods. We present a polynomial-time algorithm that, for a particular class of processes, computes the sets of literals that are necessarily true at particular points during process execution. Based on this information, we devise two approximate compliance checking methods. One of these is sound but not complete (it guarantees to find only non-compliance instances, but not to find all non-compliance instances); the other method is complete but not sound. We sketch how one can trace the state evolution back to the process activities which caused the (potential) non-compliance, and hence provide the user with some error diagnosis.