Abstract
Due to pressure from regulatory authorities, the requirement to remain compliant has tremendously increased over the last decade. To support compliance-related activities, a plethora of compliance management frameworks (CMFs), compliance languages and systems have emerged, which is on one hand advantageous, but may cause confusion when deciding which CMF can be used to best fulfil the organisation’s internal requirements. This is due to the lack of acceptable compliance tools and methodologies in the compliance domain to uncover and compare the multidimensionality of capability between different frameworks and users’ needs, which give raise to the question of how to formally evaluate a CMF. In this paper, we propose methodologies to formally evaluate CMFs, compliance languages and systems, in particular the underlying formal language of a CMF; and present the formal evaluation of two prominent formal language-based CMFs, namely, PENELOPE and PCL, with a business contract using formal analysis approach. Our evaluations formally validate that the proposed methodologies are instrumental in deciding on the suitability of a CMF when is comes to evaluating the underlying formal logic of the framework to represent different types of norms.
Reference106 articles.
1. US Government (2002). Public Company Accountng Reforms and Investor Protection Act (Sarbanes-Oxley Act), Public Law 107-204, 116 Stat. 745; US Government.
2. Basel Committee on Banking Supervision (2013). Basel III: The Liquidity Coverage Ratio and Liquidity Risk Monitoring Tools, Banks for International Settlements.
3. Norms modeling constructs of business process compliance management frameworks: A conceptual evaluation;Artif. Intell. Law,2017
4. Compliance by Design for Artifact-centric Business Processes;Inf. Syst.,2012
5. Are We Done with Business Process Compliance: State-of-the-Art and Challenge Ahead;Knowl. Inf. Syst.,2018