Diagnostic information in compliance checking

Compliance checking is gaining importance as today's organizations need to show that operational processes are executed in a controlled manner while satisfying predefined (legal) requirements. Deviations may be costly and expose the organization to severe risks. Compliance checking is of growing importance for the business process management and auditing communities. This paper presents a comprehensive compliance checking approach based on Petri-net fragments and alignments. 55 control flow oriented compliance rules, distributed over 15 categories. We formalize them in terms of Petri-net fragments describing the compliant behavior. To check compliance with respect to a rule, the event log describing the observed behavior is aligned with the corresponding fragment. The approach is flexible (easy to add new patterns), robust (the selected alignment between log and fragment is guaranteed to be optimal), and allows for both a quantification of compliance and intuitive diagnostics explaining deviations at the level of alignments. The approach can also handle resource-based and data-based compliance rules and is supported by ProM plug-ins.