Details
| Original language | English |
|---|---|
| Title of host publication | ARES 2010 |
| Subtitle of host publication | 5th International Conference on Availability, Reliability, and Security |
| Pages | 468-474 |
| Number of pages | 7 |
| Publication status | Published - 2010 |
| Event | 5th International Conference on Availability, Reliability, and Security, ARES 2010 - Krakow, Poland Duration: 15 Feb 2010 → 18 Feb 2010 |
Abstract
Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
Keywords
- Business process management, IS security, IT compliance, IT risk management
ASJC Scopus subject areas
- Computer Science(all)
- Computational Theory and Mathematics
- Engineering(all)
- Safety, Risk, Reliability and Quality
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
ARES 2010: 5th International Conference on Availability, Reliability, and Security. 2010. p. 468-474 5438054.
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - Application and economic implications of an automated requirement-oriented and standard-based compliance monitoring and reporting prototype
AU - Kehlenbeck, Matthias
AU - Sandner, Thorben
AU - Breitner, Michael H.
N1 - Copyright: Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
AB - Compliance management is a challenging task affected by continuously increasing legal requirements. Compliance with legal requirements can be assured by the incorporation of control activities into business processes. But the maintenance and monitoring of these control activities is a complex, time-consuming and often manual task. However, the timely communication of control exceptions is an important factor for the success of compliance management. The present paper presents an innovative prototypical implementation of an automated compliance monitoring and reporting system. This system is based on established standards and existing technologies. In particular, business processes are notated in BPMN and modeled in XPDL, control activities are linked to risks using COSO, control exceptions are defined using SWRL and access control data is transformed from proprietary models to XACML. The development of the prototype was aligned with common design-science research. The application of the developed prototype and its economic implications are concisely discussed with respect to different business requirements and information needs.
KW - Business process management
KW - IS security
KW - IT compliance
KW - IT risk management
UR - http://www.scopus.com/inward/record.url?scp=77952411445&partnerID=8YFLogxK
U2 - 10.1109/ARES.2010.88
DO - 10.1109/ARES.2010.88
M3 - Conference contribution
AN - SCOPUS:77952411445
SN - 9780769539652
SP - 468
EP - 474
BT - ARES 2010
T2 - 5th International Conference on Availability, Reliability, and Security, ARES 2010
Y2 - 15 February 2010 through 18 February 2010
ER -