Abstract
Business process compliance management is an important part of corporate governance as it helps meet objectives while avoiding consequences and penalties. Although there is much research in this area, we believe goal-oriented compliance management using Key Performance Indicators (KPIs) to measure the compliance level of organizations is an area that can be further developed. To investigate this hypothesis, we undertook a systematic literature review, querying four major search engines and performing manual searches in related workshops and citations. From a research body consisting of 198 articles and their references, we have systematically selected 32 papers. We grouped these papers into five categories and highlighted their main contributions. The results show that all selected papers were written in the last five years, and that few effectively represent compliance results using dashboards or similar tools. Although all individual pieces are available, no existing solution yet combines goals with KPIs for measuring the overall compliance level of an organization.
Chapter PDF
Similar content being viewed by others
References
Abdullah, S., Hikmi, S., Indulska, M., Sadiq, S.: A study of compliance management in information systems research. In: 17th ECIS, Verona, Italy, pp. 1–10 (2009)
Awad, A., Smirnov, S., Weske, M.: Towards Resolving Compliance Violations in Business Process Models. In: GRCIS 2009, Netherlands. CEUR-WS.org, vol. 459 (2009)
Behnam, S.A., Amyot, D., Forster, A.J., Peyton, L., Shamsaei, A.: Goal-driven development of a patient surveillance application for improving patient safety. In: Babin, G., Kropf, P., Weiss, M. (eds.) E-Technologies: Innovation in an Open World. LNCS, vol. 26, pp. 65–76. Springer, Heidelberg (2009)
Boehmer, W.: Cost-Benefits Trade-Off Analysis of an ISM Based on ISO 27001. In: ARES 2009, Fukuoka, Japan, pp. 392–399 (2009)
Cleven, A., Winter, R.: Regulatory compliance in information systems research – literature analysis and research agenda. In: Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Ukor, R. (eds.) Enterprise, Business-Process and Information Systems Modeling. LNBIP, vol. 29, pp. 174–186. Springer, Heidelberg (2009)
Dang, J., Hedayati, A., Hampel, K., Toklu, C.: An ontological knowledge framework for adaptive medical workflow. In: JBI, vol. 41, pp. 829–836. Elsevier Science, Amsterdam (2008)
Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 218–232. Springer, Heidelberg (2007)
Ghanavati, S.: A Compliance Framework for Business Processes Based on URN, M.Sc. thesis, University of Ottawa, Canada (2007)
Illinois Banker Association, IBA Survey on Impact of Dodd-Frank Act (2010), http://www.ilbanker.com/Adobe/GR/Washington_Visit_ExecSummary_2010.pdf
ITU-T: Recommendation Z.151 (11/08), User Requirements Notation (URN) – Language definition (2008), http://www.itu.int/rec/T-REC-Z.151/en
Karagiannis, D., Mylopoulos, J., Schwab, M.: Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act. In: RE 2007, pp. 315–321. IEEE, India (2007)
Karagiannis, D.: A Business Process-Based Modelling Extension for Regulatory Compliance. In: MKWI 2008, pp. 1159–1173. GITO-Verlag, Berlin (2008)
Kharbili, M.E., Stein, S.: Policy-Based Semantic Compliance Checking for Business Process Management. In: MobIS 2008, Germany. CEUR-WS.org, pp. 178–192 (2008)
Kharbili, M.E., Stein, S., Markovic, I., Pulvermuller, E.: Towards a Framework for Semantic Business Process Compliance Management. In: GRCIS 2008, France, pp. 1–15 (2008)
Kitchenham, B.: Procedures for performing systematic reviews. Technical Report, Keele University and NICTA, Staffordshire, UK (2004)
Koliads, G., Ghose, A.: Service Compliance: Towards Electronic Compliance Programs. Technical Report, Decision Systems Lab, University of Wollongong, Australia (2008)
Ly, L.T., Göser, K., Rinderle-Ma, S., Dadam, P.: Compliance of Semantic Constraints A Requirements Analysis for Process Management Systems. In: GRCIS 2008, Montpellier, France. CEUR-WS.org, pp. 31–45 (2008)
Lu, R., Sadiq, S., Governatori, G.: Measurement of Compliance Distance in Business Processes. Info. Sys. Management 25, 344–355 (2008)
Mahnic, V., Zabkar, N.: Using cobit indicators for measuring scrum-based software development. WSEAS Trans. on Computers 7(10), 1605–1617 (2008)
Mahnic, V., Zabkar, N.: Assessing Scrum-based software development process measurement from COBIT perspective. In: ICCOMP 2008, 12th WSEAS International Conference on Computers, pp. 589–594. WSEAS, Stevens Point (2008)
Marino, D., Massacci, F., Micheletti, A., Rassadko, N., Neuhaus, S.: Satisfaction of control objectives by control processes. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 531–545. Springer, Heidelberg (2009)
Massacci, F., Yautsiukhin, A.: An algorithm for the appraisal of assurance indicators for complex business processes. In: QoP 2007, pp. 22–27. ACM, Chicago (2010)
Martin, C., Refai, M.: A Policy-Based Metrics Framework for Information Security Performance Measurement. In: 2nd IEEE/IFIP BDIM 2007, Munich, pp. 94–101 (2007)
Martinez, A., Gonzalez, N., Estrada, H.: A Goal-Oriented Approach for Workflow Monitoring. In: Fourth Int. i* Workshop, Tunisia. CEUR-WS.org, pp. 118–122 (2010)
Morandini, M., Sabatucci, L., Siena, A., Mylopouslos, S., Penserini, L., Perini, A., Susi, A.: On the use of the Goal-Oriented Paradigm for System Design and Law Compliance Reasoning. In: Fourth Int. i* Workshop, Tunisia. CEUR-WS.org, pp. 71–75 (2010)
Morrison, E., Ghose, A., Koliadis, G.: Dealing With Imprecise Compliance Requirements. In: EDOCW, pp. 6–14. IEEE CS, New Zealand (2009)
Namiri, K., Stojanovic, N.: Towards A Formal Framework for Business Process Compliance. In: MKWI 2008, pp. 1185–1196. GITO-Verlag, Berlin (2008)
Nigam, A., Jeng, J., Chao, T., Chang, H.: Managed Business Artifacts. In: 2008 IEEE International Conference on e-Business Engineering, China, pp. 390–395 (2008)
Pasic, A., Bareno, J., Gallego-Nicasio, B., Torres, R., Fernandez, D.: Trust and Compliance Management Models in Emerging Outsourcing Environments. In: SSeW. IFIP AICT, vol. 341, pp. 237–248. Springer, Boston (2010)
Popova, V., Sharpanskykh, A.: Formal modelling of organisational goals based on performance indicators. Data & Knowledge Engineering 70, 335–364 (2011)
Pourshahid, A., Mussbacher, G., Amyot, D., Weiss, M.: An aspect-oriented framework for business process improvement. In: Babin, G., Kropf, P., Weiss, M. (eds.) E-Technologies: Innovation in an Open World. LNBIP, vol. 26, pp. 290–305. Springer, Heidelberg (2009)
Pourshahid, A., Amyot, D., Peyton, L., Ghanavati, S., Chen, P., Weiss, M., Foster, A.: Business process management with the User Requirements Notation. In: ECR, vol. 9(4), pp. 269–316. Kluwer Academic Publishers, Norwell (2009)
Radovanovic, D., Radojevic, T., Lucic, D., Sarac, M.: IT audit in accordance with COBIT standard. In: Proceedings of the 33rd Convention, MIPRO 2010, Croatia, pp. 1137–1141 (2010)
Rifaut, A., Dubois, E.: Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks. In: 16th IEEE RE 2008, Barcelona, Catalunya, Spain, pp. 33–42 (2008)
Rodríguez, C., Silveira, P., Daniel, F., Casati, F.: Analyzing compliance of service-based business processes for root-cause analysis and prediction. In: Daniel, F., Facca, F.M. (eds.) ICWE 2010. LNCS, vol. 6385, pp. 277–288. Springer, Heidelberg (2010)
Sadiq, S.W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)
Silveira, P., Rodriguez, C., Casati, F., Daniel, F., D’Andrea, V., Worledge, C., Taheri, Z.: On the design of Compliance Governance Dashboards for Effective Compliance and Audit Management. In: ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 208–217. Springer, Stockholm (2009)
Weber, I., Governatori, G., Hoffmann, J.: Approximate compliance checking for annotated process models. In: GRCIS 2008, France. CEUR-WS.org, pp. 46–60 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shamsaei, A., Amyot, D., Pourshahid, A. (2011). A Systematic Review of Compliance Measurement Based on Goals and Indicators. In: Salinesi, C., Pastor, O. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2011. Lecture Notes in Business Information Processing, vol 83. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22056-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-22056-2_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22055-5
Online ISBN: 978-3-642-22056-2
eBook Packages: Computer ScienceComputer Science (R0)