Publications on Business Process Modelling
- Guido Governatori.
-
Law, logic and
business processes.
In Third International Workshop on Requirements Engineering and Law.
IEEE, 2010, Copyrigth © 2010 IEEE.
Abstract: Since its inception one of the aims of legal
informatics has been to provide tools to support and improve the day to day
activities of legal and normative practice and a better understanding of
legal reasoning. The internet revolutions, where more and more daily
activities are routinely performed with the support of ITC tools, offers new
opportunities to legal informatics. We argue that the current technology
begins to be mature enough to embrace in the challenge to make intelligent
ICT support widespread in the legal and normative domain. In this paper we
examine a logical model to encode norms and we use the formalisation of
relevant law and regulations for regulatory compliance for business
processes.
 
- Guido Governatori, Jörg Hoffmann, Shazia Sadiq, and Ingo
Weber.
-
Detecting
regulatory compliance for business process models through semantic
annotations.
In 4th International Workshop on Business Process Design,
Milan, 1 September 2008 2008.
Abstract: A given business process may face a large number of
regulatory obligations the process may or comply with. Providing tools and
techniques through which an evaluation of the compliance degree of a given
process can be undertaken is seen as a key objective in emerging business
process platforms. We address this problem through a diagnostic framework
that provides the ability to assess the compliance gaps present in a given
process. Checking whether a process is compliant with the rules involves
enumerating all reachable states and is hence, in general, a hard search
problem. The approach taken here allows to provide useful diagnostic
information in polynomial time. The approach is based on two underlying
techniques. A conceptually faithful representation for regulatory obligations
is firstly provided by a formal rule language based on a non-monotonic
deontic logic of violations. Secondly, processes are formalized through
semantic annotations that allow a logical state space to be created. The
intersection of the two allows us to devise an efficient method to detect
compliance gaps; the method guarantees to detect all obligations that will
necessarily arise during execution, but that will not necessarily be
fulfilled.
 
-
Guido Governatori, Zoran Milosevic and Shazia Sadiq.
-
Compliance checking between business processes and business contracts.
In Patrick C. K. Hung, editor,
10th International Enterprise Distributed Object Computing
Conference (EDOC 2006),
Hong Kong, 16-20 October.
pages 221-232. IEEE Computing Society, 2006.
Copyright © IEEE
Abstract: It is a typical scenario that many organisations have
their business processes specified independently of their business
contracts. This is because of the lack of guidelines and tools that
facilitate derivation of processes from contracts but also because of
the traditional mindset of treating contracts separately from business
processes. This paper provides a solution to one specific problem that
arises from this situation, namely the lack of mechanisms to check
whether business processes are compliant with business contracts. The
central part of the paper are logic based formalism for describing
both the semantics of contract and the semantics of compliance
checking procedures.
- Guido Governatori, Zoran Milosevic, Shazia Sadiq and Maria Orlowska.
- On Compliance of business processes with business
contracts
Technical Report, School of Information Technology and
Electrical Engineering, The University of Queensland.
2006.
Abstract:
This paper addresses the problem of ensuring compliance of business
processes, implemented within and across organisational boundaries,
with the constraints stated in related business contracts. In order
to deal with the complexity of this problem we propose two solutions
that allow for a systematic and increasingly automated support for
addressing two specific compliance issues. One solution provides a
set of guidelines for progressively transforming contract conditions
into business processes that are consistent with contract conditions
thus avoiding violation of the rules in contract. Another solution
compares rules in business contracts and rules in business processes
to check for possible inconsistencies. Both approaches rely on a
computer interpretable representation of contract conditions that
embodies contract semantics. This semantics is described in terms of
a logic based formalism allowing for the description of obligations,
prohibitions, permissions and violations conditions in
contracts. This semantics was based on an analysis of typical
building blocks of many commercial, financial and government
contracts. The study proved that our contract formalism
provides a good foundation for describing key types of conditions in
contracts, and has also given several insights into valuable
transformation techniques and formalisms needed to establish better
alignment between these two, traditionally separate areas of
research and endeavour. The study also revealed a number of new
areas of research, some of which we intend to address in near
future.
- Guido Governatori and Antonino Rotolo.
-
An
algorithm for business process compliance.
In Enrico Francesconi, Giovani Sartor, and Daniela Tiscornia, editors,
Legal Knowledge and Information Systems (Jurix 2008),
Frontieres in Artificial Intelligence and Applications 189, pages
186-191. IOS Press, 2008.
Abstract: This paper provides a novel mechanism to check whether
business processes are compliant with business rules regulating them. The key
point is that compliance is a relationship between two sets of
specifications: the specifications for executing a business process and the
specifications regulating it.
 
- Guido Governatori and Antonino Rotolo.
-
A
conceptually rich model of business process compliance.
In Sebastian Link and Aditya Ghose, editors, 7th Asia-Pacific Conference
on Conceptual Modelling (APCCM 2010), CRPIT. ACS, 2010.
Abstract: In this paper we extend the preliminary work developed
elsewhere and investigate how to characterise many aspects of the compliance
problem in business process modeling. We first define a formal and
conceptually rich language able to represent, and reason about, chains of
reparational obligations of various types. Second, we devise a mechanism for
normalising a system of legal norms. Third, we specify a suitable language
for business process modeling able to automate and optimise business
procedures and to embed normative constraints. Fourth, we develop an
algorithm for compliance checking and discuss some computational issues
regarding the possibility of checking compliance runtime or of enforcing it
at design time.
 
- Guido Governatori and Antonino Rotolo.
-
Norm
compliance in business process modeling.
In Mike Dean, John Hall, Antonino Rotolo, and Said Tabet, editors, RuleML
2010: 4th International Web Rule Symposium, number 6403 in LNCS, pages
194-209, Berlin, 2010. Springer. Copyrigth © 2010 Springer.
Abstract: We investigate the concept of norm compliance in
business process modeling. In particular we propose an extension of Formal
Contract Logic (FCL), a combination of defeasible logic and a logic of
violation, with a richer deontic language capable of capture many different
facets of normative requirements. The resulting logic, called Process
Compliance Logic (PCL), is able to capture both semantic compliance and
structural compliance. This paper focuses on structural compliance, that is
we show how PCL can capture obligations concerning the structure of a
business process.
 
-
Guido Governatori, Antonino Rotolo and Shazia Sadiq.
-
A Model of Dynamic Resource Allocation in Workflow Systems.
In Klaus-Dieter Schewe and Hugh E. Williams, editors,
Database Technology 2004,
Dunedin, New Zealand, 19-21 January.
pages 197-206.
Conference Research and Practice of Information Technology 27. ACS, 2004.
Copyright © ACS
Abstract: Current collaborative work environments are
characterized by dynamically changing organizational
structures. Although there have been several efforts to refine work
distribution, especially in workflow management, most literature
assumes a static database approach which captures organizational
roles, groups and hierarchies and implements a dynamic roles based
agent assignment protocol. However, in practice only partial
information may be available for organizational models, and in turn a
large number of exceptions may emerge at the time of work
assignment. In this paper we present an organizational model based on
a policy based normative system. The model is based on a combination
of an intensional logic of agency and a flexible, but computationally
feasible, non-monotonic formalism (Defeasible Logic). Although this
paper focuses on the model specification, the proposed approach to
modelling agent societies provides a means of reasoning with partial
and unpredictable information as is typical of organizational agents
in workflow systems.
- Guido Governatori and Shazia Sadiq.
-
The journey to business process
compliance.
In Jorge Cardoso and Wil van der Aalst, editors, Handbook of Research on
BPM, IGI Global, 2009.
Abstract: It is a typical scenario that many organisations have
their business processes specified independently of their business
obligations (which includes contractual obligations to business partners, as
well as obligations a business has to fulfil against regulations and industry
standards). This is because of the lack of guidelines and tools that
facilitate derivation of processes from contracts but also because of the
traditional mindset of treating contracts separately from business processes.
This chapter will provide a solution to one specific problem that arises from
this situation, namely the lack of mechanisms to check whether business
processes are compliant with business contracts. The chapter begins by
defining the space for business process compliance and the eco-system for
ensuring that process are compliant. The key point is that compliance is a
relationship between two sets of specifications: the specifications for
executing a business process and the specifications regulating a business.
The central part of the chapter focuses on a logic based formalism for
describing both the semantics of normative specifications and the semantics
of compliance checking procedures.
 
- Jörg Hoffmann, Ingo Weber, and Guido
Governatori.
-
On compliance checking for clausal constraints in annotated process
models.
Information Systems Frontieres, 2009.
Abstract: Compliance management is important in several industry
sectors where there is a high incidence of regulatory control. It must be
ensured that business practices, as reflected in business processes, comply
with the rules. Such compliance checks are challenging due to (1) the
different life cycles of rules and processes, and (2) their dis parate
representations. (1) requires retrospective checking of process models. To
address (2), we herein devise a framework where processes are annotated to
capture the semantics of task execution, and compliance is checked against a
set of constraints posing restrictions on the desirable process states. Each
constraint is a clause, i.e., a disjunction of literals. If a process can
reach a state that falsifies all literals of one of the constraints, then
that constraint is violated in that state, and indicates non-compliance.
Naively, such compliance can be checked by enumerating all reachable states.
Since long waiting times are undesirable, it is important to develop
efficient (low-order polynomial time) algorithms that (a) perform exact
compliance checking for restricted cases, or (b) perform approximate
compliance checking for more general cases. Herein, we observe that methods
of both kinds can be defined as a natural extension of our earlier work on
semantic business process validation. We devise one method of type (a), and
we devise two methods of type (b); both are based on similar restrictions to
the processes, where the restrictions made by methods (b) are a subset of
those made by method (a). The approximate methods each guarantee either of
soundness (finding only non-compliance instances) or completeness (finding
all non-compiant states). We describe how one can trace the state evolution
back to the process activities which caused the (potential) non-compliant
states, and hence provide the user with an error diagnosis.
 
- Aqueo Kamada, Guido Governatori, and Shazia Sadiq.
-
Transformation of SBVR compliant business rules to executable FCL rules.
In Mike Dean, John Hall, Antonino Rotolo, and Said Tabet, editors, RuleML
2010: 4th International Web Rule Symposium, number 6403 in LNCS, pages
151-159, Berlin, 2010. Springer. © 2010 Springer.
Abstract: The main source of changing requirements of the dynamic
business environment is response to changes in regulations and contracts
towards which businesses are obligated to comply. At the same time, many
organizations have their business processes specified independently of their
business obligations (which include adherence to contracts laws and
regulations). Thus, the problem of mapping business changes into
computational systems becomes much more complicated. In this paper we address
the problem by providing an automated transformation of business rules into a
formal language capable of directly mapping onto executable specifications.
The model transformation is consistent with MDA/MOF/QVT concepts using ATL to
perform the mapping. Business rules are compliant to SBVR metamodel, and are
transformed into FCL, a logic based formalism, known to have a direct mapping
onto executable specifications. Both, source and target rules are based on
principles of deontic logic, the core of which are obligations, permissions
and prohibitions.
 
- Ruopeng Lu, Shazia Sadiq, and Guido Governatori.
-
Measurement of compliance distance in business processes.
Information Systems Management, 25 no. 4 pp. 344-355, 2008.,
Copyright © 2008 Taylor &
Francis.
Abstract: Ensuring that work practice is compliant to regulations
and industrial standards is an increasingly important issue in business
systems. Whereas as an understanding of control objectives that stem from
various legislative, standard and contractual sources may be found at
strategic or tactical levels, an assessment of their effective adoption in
operational practices is extremely hard. In this paper, we propose a method
for assessing the level of compliance in business work practice. The method
builds upon business process management platforms, and provides the ability
to objectively measure the compliance distance of existing processes within
the organization. This in turn empowers process designers and business
analysts to quantify the effort required to achieve a compliant process.
 
- Ruopeng Lu, Shazia Sadiq, and Guido Governatori.
-
On
managing business processes variants.
Data and Knowledge Engineering, 2009.
Abstract: Variance in business process execution can be the
result of several situations, such as disconnection between documented models
and business operations, workarounds in spite of process execution engines,
dynamic change and exception handling, flexible and ad-hoc requirements, and
collaborative and/or knowledge intensive work. It is imperative that
effective support for managing process variances be extended to organizations
mature in their BPM (Business Process Management) uptake so that they can
ensure organization wide consistency, promote reuse and capitalize on their
BPM investments. This paper presents an approach for managing business
processes that is conducive to dynamic change and the need for flexibility in
execution. The approach is based on the notion of process constraints. It
further provides a technique for effective utilization of the adaptations
manifested in process variants. In particular, we will present a facility for
discovery of preferred variants through effective search and retrieval based
on the notion of process similarity, where multiple aspects of the process
variants are compared according to specific query requirements. The advantage
of this approach is the ability to provide a quantitative measure for the
similarity between process variants, which further facilitates various BPM
activities such as process reuse, analysis and discovery.
 
- Ruopeng Lu, Shazia Sadiq, and Guido
Governatori.
-
A framework for utilizing preferred work practice for business process
evolution.
In Witold Abramowicz and Heinrich C. Mayr, editors, Technologies for
Business Information Systems, pages 39-50. Springer, Dordrecht, 2007, Copyright © 2007 Springer.
Abstract: Many Business Process Management (BPM) systems provide
best practice process models, both generic as well as for specific industry
sectors. However, it is often the variance from template solutions that
provide organizations with intellectual capital and competitive
differentiation. Although variance must comply with various contractual,
regulatory and operational constraints, it is still an important information
resource, representing preferred work practices. In this paper, we present a
framework that utilizes desired work practice to support business process
evolution. The framework on one hand provides the ability to use domain
expert knowledge and experience to tailor individual process instances
according to case specific requirements; and on the other, provides a means
of using this knowledge through learning techniques to guide subsequent
process refinements.
 
- Ruopeng Lu, Shazia Sadiq, and Guido Governatori.
-
Compliance aware business process design.
In Arthur H.M. ter Hofstede, Boualem Benatallah, and Hye-Young Paik,
editors, 3rd International Workshop on Business Process Design
(BPD'07), LNCS 4928,
pages 120-131. Springer, 2007.
Copyright © 2007 Springer.
Abstract: Historically, business process design has been driven
by business objectives, specifically process improvement. However this cannot
come at the price of control objectives which stem from various legislative,
standard and business partnership sources. Ensuring the compliance to
regulations and industrial standards is an increasingly important issue in
the design of business processes. In this paper, we advocate that control
objectives should be addressed at an early stage, i.e., design time, so as to
minimize the problems of runtime compliance checking and consequent
violations and penalties. To this aim, we propose supporting mechanisms for
business process designers. This paper specifically presents a support method
which allows the process designer to quantitatively measure the compliance
degree of a given process model against a set of control objectives. This
will allow process designers to comparatively assess the compliance degree of
their design as well as be better informed on the cost of non-compliance.
-
Ruopeng Lu, Shazia Sadiq and Guido Governatori.
-
Utilizing Successful Work Practice for Business Process Evolution.
In Witold Abramowicz and Heinrich C. Mayr, editors,
Business Information Systems (BIS 2006),
Klagenfurt, Austria, May 31-June 2. pages 58-76.
LNI 85. Bonner Köllen Verlag, Berlin, 2006.
Copyright © GI.
Abstract: Business process management (BPM) has emerged as a
dominant technology in current enterprise systems and business
solutions. However, business processes are always evolving in current
dynamic business environments where requirements and goals are
constantly changing. Whereas literature reports on the importance of
domain experts in process modelling and adaptations, current solutions
have not addressed this issue effectively. In this paper, we present a
framework that utilizes successful work practice to support business
process evolution. The framework on one hand provides the ability to
use domain expert knowledge and experience to tailor individual
process instances according to case specific requirements; and on the
other, provides a means of using this knowledge through learning
techniques to guide subsequent process changes.
- Ruopeng Lu, Shazia Sadiq, and Guido Governatori.
-
Measurement of compliance distance in business processes.
Information Systems Management, 25(4): 344-355, 2008.
Copyright ©
2008 Taylor & Francis.
Abstract: Ensuring that work practice is compliant to
regulations and industrial standards is an increasingly important issue in
business systems. Whereas as an understanding of control objectives that
stem from various legislative, standard and contractual sources may be found
at strategic or tactical levels, an assessment of their effective adoption
in operational practices is extremely hard. In this paper, we propose a
method for assessing the level of compliance in business work practice. The
method builds upon business process management platforms, and provides the
ability to objectively measure the compliance distance of existing processes
within the organization. This in turn empowers process designers and
business analysts to quantify the effort required to achieve a compliant
process.
 
- Ruopeng Lu, Shazia Sadiq, Guido Governatori, and
Xiaoping Yang.
-
Defining
adaptation constraints for business process variants.
In 12th International Conference on Business Information Systems,
Lecture Notes in Business Information Processing 7.
Springer, 2009, Copyright
© 2009 Springer.
Abstract: In current dynamic business environment, it has been
argued that certain characteristics of ad-hocism in business processes are
desirable. Such business processes typically have a very large number of
instances, where design decisions for each process instance may be made at
runtime. In these cases, predictability and repetitiveness cannot be counted
upon, as the complete process knowledge used to define the process model only
becomes available at the time after a specific process instance has been
instantiated. The basic premise is that for a class of business processes it
is possible to specify a small number of essential constraints at design
time, but allow for a large number of execution possibilities at runtime. The
objective of this paper is to conceptualise a set of constraints for process
adaptation at instance level. Based on a comprehensive modelling framework,
business requirements can be transformed to a set of minimal constraints, and
the support for specification of process constraints and techniques to ensure
constraint quality are developed.
 
-
Ruopeng Lu, Shazia Sadiq, Vineet Padmanabhan and Guido Governatori.
-
Using a Temporal Constraint Network for Business Process Execution.
In Gillian Dobbie and James Bailey, editors,
Seventeenth Australasian Database Conference (ADC2006),
Hobart, Australia, 16-19 January. pages 157-166.
CRPIT 49. ACS, Sydney, 2006.
Copyright © ACS
Abstract: Business process management (BPM) has emerged as a
dominant technology in current enterprise systems and business
solutions. However, the technology continues to face challenges in
coping with dynamic business environments where requirements and goals
are constantly changing. In this paper, we present a modelling
framework for business processes that is conducive to dynamic change
and the need for flexibility in execution. This framework is based on
the notion of process constraints. Process constraints may be
specified for any aspect of the process, such as task selection,
control flow, resource allocation, etc. Our focus in this paper is on
a set of scheduling constraints that are specified through a temporal
constraint network. We will demonstrate how this specification can
lead to increased flexibility in process execution, while maintaining
a desired level of control. A key feature and strength of the approach
is to use the power of constraints, while still preserving the
intuition and visual appeal of graphical languages for process
modelling.
-
Vineet Padmanabhan, Guido Governatori, Shazia Sadiq, Robert M. Colomb
and Antonino Rotolo.
-
Process Modelling: The Deontic Way.
In Markus Stumptner, Sven Hartmann and Yasushi Kiyoki, editors,
Conceptual Modelling 2006. Proceedings of the Thirds
Asia-Pacific Conference on Conceptual Modelling (APCCM2006),
Hobart, 16-19 January. pages 75-84.
CRPIT 53. Australian Computer Science Communications,
Sydney, 2006.
Copyright © ACS
Abstract: Current enterprise systems rely heavily on the
modelling and enactment of business processes. One of the key criteria
for a business process is to represent not just the behaviours of the
participants but also how the contractual relationships among them
evolve over the course of an interaction. In this paper we provide a
framework in which one can define policies/business rules using
deontic assignments to represent the contractual relationships. To
achieve this end we use a combination of deontic/normative concepts
like proclamation, directed obligation and
direct action to account for a deontic theory of commitment
which in turn can be used to model business processes in their
organisational settings. In this way we view a business process as a
social interaction process for the purpose of doing
business. Further, we show how to extend the $i*$ framework, a well
known organisational modelling technique, so as to accommodate our
notion of deontic dependency.
- Shazia Sadiq and Guido Governatori.
-
A methodological framework for
aligning business processes and regulatory compliance.
In Jan van Brocke and Michael Rosemann, editors, Handbook of Business
Process Management, Springer, 2009.
Abstract: The ever increasing obligations of regulatory
compliance are presenting a new breed of challenges for organizations across
several industry sectors. Aligning control objectives that stem from
regulations and legislation, with business objectives devised for improved
business performance, is a foremost challenge. The organizational as well as
IT structures for the two classes of objectives are often distinct and
potentially in conflict. In this chapter, we present an overarching
methodology for aligning business and control objectives. The various phases
of the methodology are then used as a basis for discussing state of the art
in compliance management. Contributions from research and academia as well as
industry solutions are discussed. The chapter concludes with a discussion on
the role of BPM as a driver for regulatory compliance and a presentation of
open questions and challenges.
 
-
Shazia Sadiq, Guido Governatori and Kioumars Niamiri.
-
Modeling Control Objectives for Business Process Compliance.
In 4th International Conference on Business Process Management. LNCS. Springer-Verlag, Berlin 2007.
Copyrihgt © Springer-Verlag 2007.
Abstract: Business process design is primarily driven by process
improvement objectives. However, the role of control objectives stemming
from regulations and standards is becoming increasingly important for
businesses in light of recent events that led to some of the largest
scandals in corporate history. As organizations strive to meet compliance
agendas, there is an evident need to provide systematic approaches that
assist in the understanding of the interplay between (often conflicting)
business and control objectives during business process design. In this
paper, our objective is twofold. We will firstly present a research agenda
in the space of business process compliance, identifying major technical and
organizational challenges. We then tackle a part of the overall problem
space, which deals with the effective modeling of control objectives and
subsequently their propagation onto business process models. Control
objective modeling is proposed through a specialized modal logic based on
normative systems theory, and the visualization of control objectives on
business process models is achieved procedurally. The proposed approach is
demonstrated in the context of a purchase-to-pay scenario.
- Ingo Weber, Guido Governatori, and Jörg Hoffmann.
-
Approximate compliance checking for annotated process models.
In Marta Indulska, Shazia Sadiq, and Michael zur Muehlen, editors,
Proceedings of CAiSE 2008 Workshop on Governance, Risk and Compliance in
Information Systems (GRCIS 2008), Montpellier, 17 June 2008.
Abstract: We describe a method for validating whether the states
reached by a process are compliant with a set of constraints. This serves to
(i) check the compliance of a new or altered process against the constraints
base, and (ii) check the whole process repository against a changed
constraints base, e.g., when new regulations come into being. For these
purposes we formalize a particular class of compliance rules as well as
annotated process models, the latter by combining a notion from the workflow
literature with a notion from the AI actions and change literature. The
compliance rules in turn pose restrictions on the desirable states. Each rule
takes the form of a clausal constraint, i.e., a disjunction of literals. If
for a given state there is a grounded clause none of whose literals are true,
then the constraint is violated and indicates non-compliance. Checking
whether a process is compliant with the rules involves enumerating all
reachable states and is in general a hard search problem. Since long waiting
times undesirable, it is important to explore restricted classes and
approximate methods. We present a polynomial-time algorithm that, for a
particular class of processes, computes the sets of literals that are
necessarily true at particular points during process execution. Based on this
information, we devise two approximate compliance checking methods. One of
these is sound but not complete (it guarantees to find only non-compliance
instances, but not to find all non-compliance instances); the other method is
complete but not sound. We sketch how one can trace the state evolution back
to the process activities which caused the (potential) non-compliance, and
hence provide the user with some error diagnosis.