A method of calculating the cost of reducing the risk exposure of non-compliant process instances

Authors:
Yurdaer N. Doganata;Francisco Curbera
Affiliations:
IBM Research, Hawthorne, NY, USA;IBM Research, Hawthorne, NY, USA
Venue:
Proceedings of the first ACM workshop on Information security governance
Year:
2009

Citing 3
Cited 0

The eXtensible Rule Markup Language

Communications of the ACM - Wireless networking security
On Design and Implementation of a Contract Monitoring Facility

WEC '04 Proceedings of the First IEEE International Workshop on Electronic Contracting
Compliance checking between business processes and business contracts

EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference

Quantified Score

Hi-index	0.08

Visualization

Abstract

A method is introduced to measure the risk of being non-compliant and the cost of reducing the risk by performing internal audits with the help of automated audit tools. Risk exposure of a business process is defined in terms of the prevalence of non-compliant process instances that are subject to penalty. The risk exposure can be reduced by detecting the non-compliant process instances in advance with the help of manual audits and automated auditing tools. The cost of this hybrid approach, however, should be kept less than the reduction amount of risk exposure.