بررسی تطابق مبتنی بر قانون جامع و مدیریت ریسک با روند کاوی
|کد مقاله||سال انتشار||مقاله انگلیسی||ترجمه فارسی||تعداد کلمات|
|798||2012||37 صفحه PDF||سفارش دهید||محاسبه نشده|
Publisher : Elsevier - Science Direct (الزویر - ساینس دایرکت)
Journal : Decision Support Systems, Available online 20 December 2012
Process mining researchers have primarily focused on developing and improving process discovery techniques, while attention for the applicability of process mining has been below par. As a result, there only exists a partial fit with the traditional requirements for compliance checking and risk management. This paper proposes a comprehensive rule-based process mining approach for a timely investigation of a complete set of enriched process event data. Additionally, the contribution elaborates a two-dimensional business rule taxonomy that serves as a source of business rules for the comprehensive rule-based compliance checking approach. Finally, the study provides a formal grounding for and an evaluation of the comprehensive rule-based compliance checking approach.
While the value creation abilities of an organization are increasingly determined by the flexibility of their information systems and business processes, this flexibility may also pose significant risks that could have an enormous negative impact on achieving the corporate objectives (such as regulatory compliance and profitability) . Consequently, the organization's management performs a risk assessment and implements appropriate risk responses, such as (internal) control procedures for authorization rules and approval activities. Shareholders and other stakeholders of the organizations are likely to demand an independent assessment of the effectiveness of these risk responses, which is typically performed by auditors. Both risk and control effectiveness assessments make use of (similar) compliance checking techniques. Process mining is a promising new research area that focuses on the development of innovative techniques for analyzing event logs of process-aware information systems  and  that execute and manage business processes. The resulting event logs contain an untapped reservoir of detailed and structured information on the business operations, for example time indicators and originator identifiers for the performed activities. While (audit) compliance checking has been suggested as a potential application for multiple process mining techniques ,  and , there does not exist a precise fit with the specific needs of contemporary risk and compliance activities. This paper contributes to the applied process mining research by: • Proposing comprehensive rule-based compliance checking as a process mining technique for a timely assessment of the complete set of enriched process data. • Introducing a two-dimensional business rule taxonomy, which serves as a source of configurable rule patterns used for specifying (internal) controls and other risk management activities. • Providing both a formal grounding for and concrete applications of the comprehensive rule-based compliance checking approach. The outline of the paper is as follows: Section 2 provides an overview of compliance checking with process mining and describes the partial fit. Section 3 discusses the details of the comprehensive rule-based compliance checking approach as well as its formal grounding, followed by the introduction of the running example (Section 4) and the elaboration of the business rule taxonomy (Section 5). Section 6 discusses the potential applications, opportunities, assumptions and challenges of the proposed compliance checking approach. The final section concludes the paper and presents an outlook for future research in this area.
نتیجه گیری انگلیسی
Process mining research has been characterized by a narrow research focus on theoretical improvements, resulting in a partial fit between compliance checking and risk management and the existing process mining techniques. Aspects of this rather limited fit include: the ignorance of case and event data, the reasonable doubt about the correctness of designed process models and the need for balance between precision and generality potentially whipping out suspicious behavior (for process discovery). In this paper we proposed a comprehensive rule-based compliance checking approach as a possible solution to eliminate the limited fit. The approach enables analysts to uncover compliance failures as well as to identify and assess potential risks. Improvements can be found in the ability to take additional data into account, the reduction of possible distortions (including over specification) and no need for generalization. Additionally, the comprehensive rule-based compliance checking approach provides information on a potential compliance risk, whereas recall/precision metrics only provide a process-wide indicator. This contribution proposed an extensive set of rule patterns that is fit to be used in a common business setting. Whereas the comprehensibility of the rule patterns is high due to the use of native English, the formal grounding removes any ambiguity. Finally, an evaluation containing the major opportunities (effectiveness, persuasive evidence and audit independence), assumption (data quality) and challenges (distortions in interpretation and pattern design and continuous monitoring/auditing) was presented. A logical future step in our research is to further test this approach and to tackle the identified challenges. Focus will be placed on the development of a continuous monitoring/auditing approach based on process mining techniques.