• Algemene Rechtswetenschappen
  • Secretariaat
  • Sectie Rechtstheorie
  • Sectie Rechtspsychologie en Rechtssociologie
  • Sectie Rechtseconomie
  • Sectie Informatica & Recht
    • Jurix 2009
      • Call for Papers
      • Important Dates
      • Program Committee
      • Instructions for Authors
      • Accepted papers
      • Conference Program
      • Workshop AICOL 2009
      • Tutorials
      • Conference registration
      • Conference Venue
      • Hotels in Rotterdam
      • About
    • Medewerkers
  • Sectie Rechtsgeschiedenis

Tutorials

On Wednesday 16 December 2009, the day before the main JURIX 2009 conference, two Tutorials will be organized, one in the morning and one in the afternoon. Details are given below. Note that these Tutorials will be held on the same day as the AICOL Workshop, so please do not register for this Workshop as well as for a Tutorial.

Tutorial 1 - 16 December 2009, 9.30 - 12.30

Legal resources such as legislation, public notices, and case law are increasingly available on the internet. To be automatically processed by web services, the resources must be annotated using semantic web technologies such as XML, RDF, and ontologies. However, manual annotation is labour and knowledge intensive. Using natural language processing techniques and systems (NLP), a significant portion of these resources can be automatically annotated. In this tutorial, we outline the motivations and objectives of NLP, give an overview of several accessible systems (General Architecture on Text Engineering, C&C/Boxer, Attempto Controlled English), provide examples of processing legal resources, and discuss future directions in this area.

Tutorial 2 - 16 December 2009, 13.30 - 16.30

Recent high pro?le corporate scandals such as Enron (USA) and HIH (Australia) have created unprecedented pressures on compliance and risk management for practically allindustry sectors, but particularly in ?nancial services. Despite mandated deadlines, there is evidence that many organizations are still struggling with their compliance initiatives. Compliance essentially means ensuring that business processes, operations and practice are in accordance with a prescribed and/or agreed set of norms. Compliance requirements may stem from legislature and regulatory bodies (e.g. Sarbanes-Oxley, Basel II, HIPAA), standards and codes of practice (e.g. SCOR, ISO9000) and also business partner contracts.
Compliance directives are complex, vague and require interpretation. Often in legalese, these mandates need to be translated by experts in order to relate them to organizational contexts. Business will typically deal with a number of regulations/standards at one time which may have overlapping and even con?icting requirements.

Compliance is typically managed in conjunction with risk assessment, and is predominantly viewed as a burden, although there are indications that businesses have started tosee the regulations as an opportunity to improve their business processes and operations. Industry reports (BPM forum, 2006) indicate that up to 80% of companies said they expected to reap business bene?ts from improving their compliance regimens. In general, a compliance regimen must include three interrelated but at the same time rather distinct perspectives on compliance: corrective, detective and preventative procedures that collectively form a holistic approach to compliance management. Corrective measures can be undertaken due to a number of reasons, ranging from the introduction of a new regulation, to breech reporting, to the organization coming under surveillance and scrutiny by a control authority, or in the worst case an enforceable undertaking. Corrective measures undertaken in a proactive manner positions the organization favorably with regulators or other control authorities. Detective measures are typically based on reporting and traditional audits conducted for “after-the-fact” detection, often through manual checks.

Recent tools provide some level of automation wherein proposed solutions hook into variety of enterprise system components (e.g. SAP HR, LDAP Directory, Groupware etc.) and generate audit reports against hard-coded checks performed on the requisite system. Business intelligence (BI) and related technologies are complementary to this activity. However, this approach still resides in the space of “after-the-fact” detection. Although, the assessment time is reduced, and correspondingly the time to remediation and/or mitigation of control de?ciencies is also improved. This improvement is much sought after as is evident from the heavy investment in compliance software during the last few years (Hagerty, 2006). A major issue with these two approaches (in varying degrees of impact) is the lack of sustainability. Even with an automated detection facility, the hard coded check repositories can quickly grow out of control making it di?cult to evolve and maintain them for changing legislatures and compliance requirements. In addition to external pressures, there is often a company internal push towards quality of service initiatives for process improvement which have similar requirements. The complexity of the situation is exasperated by the presence of dynamically changing collaborative processes shared with business partners. The diversity, scale and complexity of compliance requirements warrant a highly systematic and well-grounded approach.

A sustainable approach for achieving compliance should fundamentally have a Preventative focus, thus achieving compliance by design. One can observe that business process management (BPM) platforms may provide an ideal vehicle for such a model-driven approach. However, research indicates that dealing with compliance may be a rather distinct activity within organizational structures from business process management (Sadiq, Governatori, & Naimiri, 2007). Historically, business process design has been driven by business ob jectives, speci?cally process improvement, whereas compliance is driven by control ob jectives. The source of objectives for the two will be distinct both from an ownership and governance perspective, as well as from a timeline perspective. Whereas businesses can be expected to have some form of business objectives, control objectives will be dictated by mostly external sources and at di?erent times. Furthermore, there is likelihood of con?icts, inconsistencies and redundancies within the two, and hence the intersection of the two needs to be carefully studied.

Structure of the Tutorial

The tutorial consists of three parts. Each part focuses on a particular aspect of the compliance workspace. The main theme of the ?rst part of the workshop is to establish a holistic ecosystem for compliance. In order to develop a successful framework for compliance of business processes, the right combinations of process modelling languagesand business rule modeling languages must be used. Accordingly, the second part of tutorial focuses on the current state of the art in business rule modeling and identi?es strengths and limitations of the current standards and languages. The third and ?nal part of the workshop presents frameworks that overcome some of the major limitations of the approaches discussed in the second part and concentrates on a system for (formal) modelling and monitoring compliance.

1 - BPM as a Driver for Regulatory Compliance (Marta Indulska)
The ever increasing obligations of regulatory compliance are presenting a new breed of challenges for organizations across several industry sectors. Aligning control objectives that stem from regulations and legislation, with business objectives devised for improved business performance, is a foremost challenge. The organizational as well as IT structures for the two classes of objectives are often distinct and potentially in con?ict. In this part, we present an overarching methodology for aligning business and control objectives. The various phases of the methodology are then used as a basis for discussing state of the art in compliance management.

2 - Languages for Compliance (Michael zur Muehlen)
Process modeling languages and business rule modeling languages are candidates for the documentation of organizational policies and procedures. While both types of languages are currently used to document organizational practices, little work has been done to understand their synergies and overlap. Accordingly, the aim of this part of the workshopis to present and discuss strengths and weaknesses of both types of languages. In particular, we will focus on four business rule speci?cations, viz. The Simple Rule Markup Language (SRML), the Semantic Web Rules Language (SWRL), the Production Rule Representation (PRR) and the Semantics of Business Vocabulary and Business Rules (SBVR) speci?cation.

3 - Modelling and Monitoring Compliance (Guido Governatori)
It is a typical scenario that many organisations have their business processes speci?ed independently of relevant normative speci?cations. This is because of the lack of guidelines and tools that facilitate derivation of processes from normative speci?cations but also because of the traditional mindset of treating contracts separately from business processes. In this part we provide a solution to one speci?c problem that arises from this situation, namely the lack of mechanisms to check whether business processes are compliant with business contracts. The central aspect of this part of the workshop focuses on a logic based formalism for describing both the semantics of contracts and the semantics of compliance checking procedures. We will also discuss frameworks to monitor the performance of processes against a set of normative speci?cations.