Why the Automation of Regulation Can Obstruct Business Processes

AbstractThe growing regulatory pressure on increasingly digitized businesses, for example to combat the growing number of corporate fraud cases, can have an obstructive effect on the execution of automated business processes. Such security-related obstructions occur when the implementation of regulations, that is, the enforcement of so-called safety properties, blocks the execution of business processes – in particular, the so-called liveness property of process completion. Those obstructions exemplify the conflicting goals between business processes and classic IT security.Automation is no panacea against regulation acting obstructive. Adequate and effective application of regulation builds the basis against fraud. However, there is no way to avoid automation when IT methods are used to generate competitive advantages. An obstruction results from introducing IT security on business processes, particularly authorization and further security policies such as separation of duties. This chapter leads to this problem and describes how to widen this restricted behavior of business processes resulting from security controls to the broader scope that compliance provides as part of corporate governance. By handling obstructions, security in business processes is supposed to be improved. For this purpose, an indicator-based view of security that extends the classic IT security controls will be introduced.