Showing that business processes comply with regulatory requirements is not easy. We investigate this compliance problem in the case that the requirements are expressed as a directed, acyclic graph, with high-level requirements (called control objectives) at the top and with low-level requirements (called control activities) at the bottom. These control activities are then implemented by control processes. We introduce two algorithms: the first identifies whether a given set of control activities is sufficient to satisfy the top-level control objectives; the second identifies those steps of control processes that contribute to the satisfaction of top-level control objectives. We illustrate these concepts and the algorithms by examples taken from a large healthcare provider. © 2009 Springer-Verlag Berlin Heidelberg.
Satisfaction of control objectives by control processes
Massacci, Fabio;Neuhaus, Stephan
2009-01-01
Abstract
Showing that business processes comply with regulatory requirements is not easy. We investigate this compliance problem in the case that the requirements are expressed as a directed, acyclic graph, with high-level requirements (called control objectives) at the top and with low-level requirements (called control activities) at the bottom. These control activities are then implemented by control processes. We introduce two algorithms: the first identifies whether a given set of control activities is sufficient to satisfy the top-level control objectives; the second identifies those steps of control processes that contribute to the satisfaction of top-level control objectives. We illustrate these concepts and the algorithms by examples taken from a large healthcare provider. © 2009 Springer-Verlag Berlin Heidelberg.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
