Introducing Regulatory Compliance Requirements Engineering

Business process management (BPM) as a paradigm for enterprise planning and governance is nowadays a core discipline of information systems management. Growing up from the first process re-engineering initiatives in the 1980’s, BPM technologies now seek to span all of the organizational silos of enterprises, and also expand vertically from the strategy layers where visions and goals are defined to the lower data transaction layers. Ensuring the compliance of processes to the guidance and control provided to the business by regulations is an obligation to every enterprise. In this work, we motivate the need for automation in compliance management and propose the use of policies as a modeling concept for regulations. We introduce the CASE model for structuring regulatory compliance requirements as policies. Policies shall allow to model regulations at abstraction levels adequate to implementing platform independent mechanisms for policy verification. We describe the CASE model and explain how it can be used to structure and model policies extracted from regulations. This chapter also defines a policy modeling ontology that we propose as a language for formally modeling CASE policies. The basic CASE model and the corresponding policy modeling ontology support compliance of enterprise processes to regulations by enabling automation to compliance checking (verification). The utilization of the CASE method as well as the policy ontology is showcased using an example of resource access control in business processes.

Download Full-text

The Compliance of IT Control and Governance

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2016010102 ◽

2016 ◽

Vol 10 (1) ◽

pp. 28-44

Author(s):

Colin Lai ◽

Hung-Lian Tang ◽

J. Michael Tarn ◽

Sock Chung

Keyword(s):

Regulatory Compliance ◽

Future Research ◽

Gaming Industry ◽

Case Study Methodology ◽

Stage Of Development ◽

Casino Gaming ◽

Initial Stage ◽

The Status ◽

Compliance Requirements ◽

Multiple Case

This study used a multiple-case study methodology in exploring the status of IT control in the casino gaming industry. The observations of this research should very much represent the overall status of the concerned issues regarding the casino gaming industry of Macao. Having attained a more complete level of IT control not only helps the company in satisfying the concerned regulatory compliance requirements, but also makes IT works more effectively for the companies in helping them to gain the competitive advantage in the fierce competitive environment in the gaming industry. The findings of this research can help the gaming companies to identify the potential enhancement areas of IT control. This study has captured the IT control status of the gaming industry at an initial stage of development in Macao. Further, the results can serve as a solid foundation for future research on the casino gaming industry and extending similar research to be conducted on other industries and government agencies, which are promoting the awareness of the importance of IT control.

Download Full-text

Evaluating SMEs Growth Strategies: The Case Study of A Medium-sized UK Specialty Chemical Distributor

Case Studies in Business and Management ◽

10.5296/csbm.v3i2.9944 ◽

2016 ◽

Vol 3 (2) ◽

pp. 122

Author(s):

Hendrik Frentzen ◽

Evripidis Lampadarios

Keyword(s):

Regulatory Compliance ◽

Future Research ◽

Growth Strategies ◽

Organic Growth ◽

Compliance Requirements ◽

Small Business Growth ◽

Chemical Distribution ◽

The Uk ◽

Past Experiences

The UK chemical distribution industry, a well-established, highly fragmented, subject to strong consolidation and significant part of the chemical industry, is a major contributor to the UK economy and employment. The ever increasing regulatory compliance requirements pose a significant challenge to all companies in general but more so to SMEs which have a strong presence in this industry. Even though there has been considerable research in the area of small business growth, best practices for SMEs in the chemical distribution industry are scarce. This is one of the few research papers that address this gap in knowledge in a case study context in the specific industry, arguing that a mix of inorganic and organic growth is the best way to achieve growth. Findings suggest that the strategy depends on the vision of the owner/manager, strategies in place, access to human resources and finance, past experiences, industry characteristics and company structure. Despite the methodological limitations of this study, this can be used as the basis for future research and to inform key stakeholders and policy makers.

Download Full-text

An Iterative and Incremental Approach to Address Regulatory Compliance Concerns in Requirements Engineering

Communications in Computer and Information Science - Advanced Computing ◽

10.1007/978-981-16-0404-1_24 ◽

2021 ◽

pp. 323-335

Author(s):

Deepti Balaji Raykar ◽

L. T. JayPrakash ◽

K. V. Dinesha

Keyword(s):

Requirements Engineering ◽

Regulatory Compliance ◽

Incremental Approach

Download Full-text

Governance and performance in compliance versus non-compliance Chinese listed companies

Corporate Board role duties and composition ◽

10.22495/cbv6i3art3 ◽

2010 ◽

Vol 6 (3) ◽

pp. 31-41

Author(s):

On Kit Tam ◽

Monica Guo-Sze Tan ◽

Helen Wei Hu

Keyword(s):

Listed Companies ◽

Regulatory Compliance ◽

Systematic Research ◽

Factors Affecting ◽

Corporate Scandals ◽

Chinese Listed Companies ◽

Governance Practices ◽

Compliance Requirements ◽

And Performance ◽

Compliance Versus

Cases of corporate scandals and the misconduct of publicly listed companies (PLCs) are growing amid rapid economic development in China. Systematic research on governance factors affecting these corporate misconducts and their consequences is however scant. This study compares the key governance characteristics of Chinese PLCs that were found to have contravened regulatory compliance requirements (i.e., “non-compliance” PLCs) to those that were not (i.e., “compliance” PLCs). Based on a comparison between 53 pairs of compliance - and non-compliance-PLCs over the period from 2001 to 2006, our results show that there are significant differences between the two. We found that ownership concentration is higher in compliance firms that also compensate their directors and executives at higher levels. Furthermore, the results suggest that sound governance practices benefit firms socially and financially, and an effective internal monitoring mechanism can further differentiate good companies from bad companies such that the good companies perform better.

Download Full-text

Database Vault: Enforcing Separation of Duties to Meet Regulatory Compliance Requirements

2008 12th International IEEE Enterprise Distributed Object Computing Conference ◽

10.1109/edoc.2008.63 ◽

2008 ◽

Author(s):

Heinz-Wilhelm Fabry

Keyword(s):

Regulatory Compliance ◽

Compliance Requirements

Download Full-text

Towards socio-technical requirements engineering for regulatory compliance

2020 IEEE 28th International Requirements Engineering Conference (RE) ◽

10.1109/re48521.2020.00067 ◽

2020 ◽

Author(s):

Oleksandr Kosenkov

Keyword(s):

Requirements Engineering ◽

Regulatory Compliance ◽

Technical Requirements

Download Full-text

Modeling Regulatory Compliance in Requirements Engineering

Lecture Notes in Computer Science - Advances in Conceptual Modeling ◽

10.1007/978-3-319-12256-4_13 ◽

2014 ◽

pp. 127-132 ◽

Cited By ~ 2

Author(s):

Silvia Ingolfo ◽

Alberto Siena ◽

John Mylopoulos

Keyword(s):

Requirements Engineering ◽

Regulatory Compliance

Download Full-text

Regulatory compliance requirements of CCAR and DFAST testing of minimum capital ratios

Banking and Effective Capital Regulation in Practice ◽

10.4324/9781003057581-11 ◽

2020 ◽

pp. 32-35

Author(s):

Sophia Velez

Keyword(s):

Regulatory Compliance ◽

Minimum Capital ◽

Compliance Requirements ◽

Capital Ratios

Download Full-text

Compliance with Environmental Regulations through Complex Geo-Event Processing

CLEI electronic journal ◽

10.19153/cleiej.20.2.2 ◽

2017 ◽

Vol 20 (2) ◽

Author(s):

Federico Herrera ◽

Laura González ◽

Daniel Calegari ◽

Bruno Rienzi

Keyword(s):

Geographic Location ◽

Regulatory Compliance ◽

Event Processing ◽

Environmental Laws ◽

Model Driven ◽

Compliance Requirements ◽

Environmental Requirements ◽

Model Driven Approach ◽

Different Sources

In a context of e-government, there are usually regulatory compliance requirements that support systems must monitor, control and enforce. These requirements may come from environmental laws and regulations that aim to protect the natural environment and mitigate the effects of pollution on human health and ecosystems. Monitoring compliance with these requirements involves processing a large volume of data from different sources, which is a major challenge. This volume is also increased with data coming from autonomous sensors (e.g. reporting carbon emission in protected areas) and from citizens providing information (e.g. illegal dumping) in a voluntary way. Complex Event Processing (CEP) technologies allow processing large amount of event data and detecting patterns from them. However, they do not provide native support for the geographic dimension of events which is essential for monitoring requirements which apply to specific geographic areas. This paper proposes a geospatial extension for CEP that allows monitoring environmental requirements considering the geographic location of the processed data. We extend an existing platform-independent, model-driven approach for CEP adding the geographic location to events and specifying patterns using geographic operators. The use and technical feasibility of the proposal is shown through the development of a case study and the implementation of a prototype.

Download Full-text