The purpose of this page is to list terms used in the conceptual model, define their meaning within the COMPAS project, and thereby make the project and its results more easily accessible for the public. The terms are listed alphabetically. For each term a description is provided, and if available, also a reference to where the term comes from and examples are given. The terms listed below serve to reach a better common understanding and they undergo continuous change during the COMPAS project (see column last revision).
| Term | Description | Examples | References | Last revision |
| Actor | A human or non human entity that performs a piece of work. The actor is someone/something that can have a role and execute a task. | Bank, Clerk, Department of an organization, Web service | | 2009-07-20 |
| Annotation Business Process Fragment | A representation of one or more compliance rules in form of a business process fragment. | Annotation of a loan approval business process with an annotation business process fragment specifying the execution order of the activities: risk assessment before loan approval. | cf. definition of compliance annotation | 2009-07-20 |
| Auditor | The person who is authorized to examine and verify whether business processes are compliant. | | | 2009-07-20 |
| Behavioral Model | A description of how an actor acts or interacts with other actors. | Abstract BPEL, BPMN |
| 2009-07-20 |
| Behavior Violation | The difference detected during the comparison between the compliance target and the discovered behavioral model. | 1.)If the sequence Login-Pay-Deliver-Logout in the compliance target is found to be executed as Login-Deliver-Logout 2.) If the designed finite-state machine of the business protocol and the inferred one are not equivalent. | | 2009-07-29 |
| Business Data | The data that is needed and understood by actors to perform their job. This is the data processed and transformed by the business process. | An invoice amount is a business data, the start time of a task in a BPEL process or the header of a SOAP message is technical data. |
| 2009-07-20 |
| Business Event | The event that occurs during the execution of a business process and that has relevance from a business standpoint. | The receipt of an invoice. | | 2009-07-20 |
| Business Process | A composition of activities into a structured order that implements the procedure to be followed in order to achieve a business goal. Synonym: Process | | | 2009-07-20 |
| Business Process Activity | A unit of work performed automatically or manually by actors in a business process. | Approve a business trip. |
| 2009-07-20 |
| Business Process Fragment | A process fragment is a (parameterized and/or constrained) set of process parts that represent a reusable solution (pattern) to achieve compliance requirements. It is implied that the process parts within the fragment are somehow related. | |
| 2009-07-20 |
| Business Process Logic Fragment | An implementation of one or more technical controls. | Activities customer solvency check before charge of the customer’s credit card and delivery of ordered goods afterwards. | cf. definition of technical control
| 2009-09-30 |
| Business Process Owner | The person who is responsible for the implementation of the compliance requirements in business process. | | | 2009-07-20 |
| Business Protocol | It is a specification of all possible message sequences accepted by a web service. | All the sequences of operations to be carried for ordering an enterprise product or solution via a web service. | | 2009-07-20 |
| Compliance | Conformity in fulfilling compliance requirements. | |
| 2009-07-20 |
| Compliance Annotation | A representation of compliance rules in textual form or specified as process fragment, which is connected to one or more technical controls e.g., a business process logic fragment, or one or more compliance targets. | 1.) Annotation defining the different roles for two different actors of two activities of a business process logic fragment therefore specifying segregation of duty. 2.) Annotation of a loan approval business process with an annotation business process fragment specifying the execution order of the activities: risk assessment before loan approval. | | 2009-09-30 |
| Compliance Expert | The person who has understanding of a specific area (regulations, standards) and defines and translates in compliance requirements. | |
| 2009-07-20 |
| Compliance Officer | The person who monitors and reports compliance results. | | | 2009-07-20 |
| Compliance Request | A request to: i) check whether a set of compliance targets conforms to a set of applicable compliance requirements, and ii) identify how a process can/should be changed to make it (more) compliant. | |
| 2009-07-20 |
| Compliance Request Language | It is a declarative language to specify compliance requests. | A typical scenario works like this: 1.) I want to verify if a certain process is compliant with compliance requirement CR1. 2.) I express this statement with a language 3.) a tool interprets this language. 4.) looks at a process library. 5.) analyzes the process definition and the constraints within the process. 6.) compares this process with some kind of formal definition of CR1, and determines whether the process is in fact compliant with it. 7.) if yes, great. If not, the tool also provides as output, in some language/formalism how the process can be changed to become compliant with CR1. |
| 2009-07-20 |
| Compliance Requirement | A constraint or assertion that results from the interpretation of the compliance sources. It may be defined in various levels of abstraction. | Whenever you enter a room you have to say hello; The person who processes a loan request cannot be the one who approves it. | | 2009-07-20 |
| Compliance Risk | The risk of impairment to the organization’s business model, reputation and financial condition (resulting) from failure to meet compliance requirements. | |
| 2009-07-20 |
| Compliance Rule | An operative definition of a compliance requirement. | G (Action = PostCreditWorthinessCheck? ? G(Action = PostCreditWorthinessCheck? & paralist = {PostProcessingClerk?})) (Description: Post CWC should be performed by Post Processing Clerk) |
| 2009-07-20 |
| Compliance Rule Violation | A dissatisfaction of a compliance rule with respect to a compliance target or compliance target instance. | A loan processed and approved by the same person. This is a violation referring to the following compliance rule: G (Action = PostCreditWorthinessCheck? ? G(Action = PostCreditWorthinessCheck? & paralist = {PostProcessingClerk?})) (Description: Post CWC should be performed by Post Processing Clerk) |
| 2009-07-20 |
| Compliance Source | A document that is the origin of compliance requirements. | SOX, HIPAA, License |
| 2009-07-20 |
| Compliance Target | The generic target of compliance requirement. | Business processes, Business process activities, Web services |
| 2009-07-20 |
| Compliance Target Instance | A single execution of a compliance target. | Business Process and Activity: one concrete instance; Web Service: one concrete conversation | | 2009-07-20 |
| Control | A statement that describes the restraining or directing influence to check, verify, or enforce rules to satisfy one or more compliance requirement -- at the business level. | 1.) Customer's initial credit worthiness check (by credit broker) are segregated from post credit worthiness check (by Post-processing clerk). 2.) If a credit exceeds 1 M Euro, the post-processing supervisor check whether the operation is profitable after 2nd check. | | 2009-09-30 |
| Discovered Behavioral Model | A visual and schematic representation of the typical behavior of a Compliance Target in the form of a structured model inferred from a set of Compliance Target Instances. | Any structure (Finite-State Machine, Petri net…) that visualizes the inferred behavior model/logic. | | 2009-07-29 |
| Risk | The possibility of injury or loss. Usually, it is quantified as probability times consequence. | A possibility of a damage or loss due to a loan granted with inadequate level of assurance. | | 2009-07-20 |
| Role | A description of a set of responsibilities in a business environment played by an actor. | Compliance Expert, Process Manager / Compliance Officer, Technical Specialist, Process Analyst, Internal and External Auditors |
| 2009-07-20 |
| Technical Control | A logical part of the business process that exercises the restraining or directing influence to check, verify, or enforce rules to implement a control. | 1.) A processs fragment checking that for customer's initial credit worthiness check (by credit broker) are segregated from post credit worthiness check (by Post-processing clerk). 2.) An online monitoring directive that checks: If a credit exceeds 1 M Euro, the post-processing supervisor check whether the operation is profitable after 2nd check. |
| 2009-09-30 |
| Technical Specialist | IT specialist that does the implementation of the compliance requirements in the business process. | |
| 2009-07-20 |
| Textual Annotation | A representation of one or more compliance rules in textual form. | Execution data storage of every plane manufacturing business process instance for 20 years after delivery to the airline. | cf. definition of compliance annotation | 2009-07-20 |
| Web Service | “A Web service is a software system designed to support interoperable machine-to-machine interaction over a network” [W3C]. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards. In addition, it is important to highlight that Web services represent an important approach to realize SOA. | | G. Alonso, F. Casati, H. Kuno and V. Machiraju, Web Services: Concepts, Architectures and Applications, Data-Centric Systems and Applications SE, Springer-Verlag, New York, 2003; M. Gudgin, M. Hadley, N. Mendelsohn, J. Moreau, H. Nielsen, A. Karmarkar. SOAP Version 1.2 Part 2: Adjuncts (Second Edition). December 2008. http://www.w3.org/TR/soap12-part2/; WC3 World Wide Web Consortium. Glossary. http://www.w3.org/ | 2009-07-20 |
