{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T02:52:59Z","timestamp":1776307979946,"version":"3.50.1"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319650142","type":"print"},{"value":"9783319650159","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-65015-9_5","type":"book-chapter","created":{"date-parts":[[2017,8,2]],"date-time":"2017-08-02T07:23:19Z","timestamp":1501658599000},"page":"71-87","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["A Taxonomy of Compliance Processes for Business Process Compliance"],"prefix":"10.1007","author":[{"given":"Tobias","family":"Seyffarth","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stephan","family":"K\u00fchnel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Sackmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,8,3]]},"reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Fdhila, W., Rinderle-Ma, S., Knuplesch, D., Reichert, M.: Change and compliance in collaborative processes. In: 12th IEEE International Conference on Services Computing (SCC 2015), pp. 162\u2013169 (2015)","DOI":"10.1109\/SCC.2015.31"},{"key":"5_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/978-3-540-75183-0_12","volume-title":"Business Process Management","author":"S Sadiq","year":"2007","unstructured":"Sadiq, S., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149\u2013164. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-75183-0_12"},{"key":"5_CR3","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1007\/s11576-008-0081-6","volume":"50","author":"A Teubner","year":"2008","unstructured":"Teubner, A., Feller, T.: Informationstechnologie, governance und compliance. Wirtsch. Inform. 50, 400\u2013407 (2008)","journal-title":"Wirtsch. Inform."},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/978-3-642-16985-4_29","volume-title":"Current Trends in Web Engineering","author":"D Schumm","year":"2010","unstructured":"Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., Heuvel, W.-J.: Business process compliance through reusable units of compliant processes. In: Daniel, F., Facca, F.M. (eds.) ICWE 2010. LNCS, vol. 6385, pp. 325\u2013337. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-16985-4_29"},{"key":"5_CR5","unstructured":"Turetken, O., Elgammal, A., van den Heuvel, W.-J., Papazoglou, M.: Enforcing compliance on business processes through the use of patterns. In: 19th ECIS 2011 (2011)"},{"key":"5_CR6","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1365\/s40702-014-0049-5","volume":"51","author":"K Bagban","year":"2014","unstructured":"Bagban, K., Nebot, R.: Governance und compliance im cloud computing. HMD 51, 267\u2013283 (2014)","journal-title":"HMD"},{"key":"5_CR7","first-page":"185","volume":"25","author":"L Wallace","year":"2011","unstructured":"Wallace, L., Lin, H., Cefaratti, M.A.: Information security and sarbanes-oxley compliance: an exploratory study. J. Inf. Syst. 25, 185\u2013211 (2011)","journal-title":"J. Inf. Syst."},{"key":"5_CR8","unstructured":"Committee of Sponsoring Organizations of the Treadway Commission (COSO): Internal Control - Integrated Framework. Framework and Appendices (2012)"},{"key":"5_CR9","unstructured":"IT Governance Institute (ITGI): IT Control Objectives for Sarbanes-Oxley, 2nd Edn. (2006)"},{"key":"5_CR10","unstructured":"Beeck, V., Wischermann, B.: Kontrolle. http:\/\/wirtschaftslexikon.gabler.de\/Definition\/kontrolle.html"},{"key":"5_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-540-74409-2_11","volume-title":"Trust, Privacy and Security in Digital Business","author":"A Pretschner","year":"2007","unstructured":"Pretschner, A., Massacci, F., Hilty, M.: Usage control in service-oriented architectures. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus 2007. LNCS, vol. 4657, pp. 83\u201393. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-74409-2_11"},{"key":"5_CR12","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/MS.2012.45","volume":"29","author":"O Turetken","year":"2012","unstructured":"Turetken, O., Elgammal, A., van den Heuvel, W.-J., Papazoglou, M.P.: Capturing compliance requirements: a pattern-based approach. IEEE Softw. 29, 28\u201336 (2012)","journal-title":"IEEE Softw."},{"key":"5_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-319-10172-9_12","volume-title":"Business Process Management","author":"M Schultz","year":"2014","unstructured":"Schultz, M., Radloff, M.: Modeling concepts for internal controls in business processes \u2013 an empirically grounded extension of BPMN. In: Sadiq, S., Soffer, P., V\u00f6lzer, H. (eds.) BPM 2014. LNCS, vol. 8659, pp. 184\u2013199. Springer, Cham (2014). doi:10.1007\/978-3-319-10172-9_12"},{"key":"5_CR14","unstructured":"Kittel, K., Sackmann, S., G\u00f6ser, K.: Flexibility and compliance in workflow systems: the KitCom prototype. In: CAiSE Forum - 25th International Conference on Advanced Information Systems Engineering, pp. 154\u2013160 (2013)"},{"key":"5_CR15","series-title":"Management for Professionals","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-319-14430-6_16","volume-title":"BPM - Driving Innovation in a Digital World","author":"S Sackmann","year":"2015","unstructured":"Sackmann, S., Kittel, K.: Flexible workflows and compliance: a solvable contradiction?! In: vom Brocke, J., Schmiedel, T. (eds.) BPM - Driving Innovation in a Digital World. MP, pp. 247\u2013258. Springer, Cham (2015). doi:10.1007\/978-3-319-14430-6_16"},{"key":"5_CR16","unstructured":"Kharbili, M., Medeiros, A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS (2008)"},{"key":"5_CR17","doi-asserted-by":"publisher","first-page":"636","DOI":"10.1016\/j.dss.2010.08.014","volume":"50","author":"W van der Aalst","year":"2011","unstructured":"van der Aalst, W., van Hee, K., van der Werf, J.M., Kumar, A., Verdonk, M.: Conceptual model for online auditing. Decis. Supp. Syst. 50, 636\u2013647 (2011)","journal-title":"Decis. Supp. Syst."},{"key":"5_CR18","unstructured":"Schonenberg, M.H., Mans, R.S., Russell, N., Mulyar, N., van der Aalst, W.M.P.: Towards a taxonomy of process flexibility (extended version). BPM reports (2007)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Gehrke, N.: The ERP auditlab: a prototypical framework for evaluating enterprise resource planning system assurance. In: 43rd Hawaii International Conference on System Sciences (HICSS) (2010)","DOI":"10.1109\/HICSS.2010.377"},{"key":"5_CR20","unstructured":"IT Governance Institute (ITGI): COBIT 4.1. Frameworks, Control Objectives, Management Guidlines, Maturity Models. Rolling Meadows (2007)"},{"key":"5_CR21","unstructured":"Riesner, M., Pernul, G.: Supporting compliance through enhancing internal control systems by conceptual business process security modeling. In: ACIS 2010 Proceedings (2010)"},{"key":"5_CR22","unstructured":"Seyffarth, T., K\u00fchnel, S., Sackmann, S.: ConFlex: an ontology-based approach for the flexible integration of controls into business processes. In: Multikonferenz Wirtschaftsinformatik (MKWI) 2016, pp. 1341\u20131352 (2016)"},{"key":"5_CR23","unstructured":"K\u00fchnel, S.: Toward a conceptual model for cost-effective business process compliance. In: Proceedings of the Informatik 2017. Lecture Notes in Informatics (LNI) (2017)"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Panko, R.R.: Spreadsheets and Sarbanes-Oxley. Regulations, Risks, and Control Frameworks. Communications of the Association for Information Systems (2006)","DOI":"10.17705\/1CAIS.01729"},{"key":"5_CR25","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1057\/ejis.2012.26","volume":"22","author":"RC Nickerson","year":"2013","unstructured":"Nickerson, R.C., Varshney, U., Muntermann, J.: A method for taxonomy development and its product service in information systems. Eur. J. Inf. Syst. 22, 336\u2013359 (2013)","journal-title":"Eur. J. Inf. Syst."},{"key":"5_CR26","unstructured":"Vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., Cleven, A.: Reconstructing the giant: on the importance of rigour in documenting the literature search process. In: 17th European Conference on Information Systems, pp. 2206\u20132217 (2009)"},{"key":"5_CR27","first-page":"12","volume":"26","author":"J Webster","year":"2002","unstructured":"Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Quarterly 26, 12\u201324 (2002)","journal-title":"MIS Quarterly"},{"key":"5_CR28","doi-asserted-by":"crossref","first-page":"611","DOI":"10.2307\/25148742","volume":"30","author":"S Gregor","year":"2006","unstructured":"Gregor, S.: The nature of theory in information systems. MIS Q. 30, 611\u2013642 (2006)","journal-title":"MIS Q."},{"key":"5_CR29","unstructured":"The Institut der Wirtschaftspr\u00fcfer in Deutschland e.V. [Institute of Public Auditors in Germany, Incorporated Association] (IDW) (ed.): Principles of Proper Accounting When Using Information Technology. IDW AcP FAIT 1 (2002)"},{"key":"5_CR30","unstructured":"The Institut der Wirtschaftspr\u00fcfer in Deutschland e.V. [Institute of Public Auditors in Germany, Incorporated Association] (IDW) (ed.): The Audit of Financial Statements in an Information Technology Environment. IDW AuS 330 (2002)"},{"key":"5_CR31","unstructured":"Tilburg University (ed.): COMPAS. Compliance-driven Models, Languages, and Architectures for Services. http:\/\/cordis.europa.eu\/docs\/projects\/cnect\/5\/215175\/080\/deliverables\/D2-1-State-of-the-art-for-compliance-languages.pdf"},{"key":"5_CR32","unstructured":"German Federal Ministry of Justice and Consumer Protection: Federal Data Protection Act (2009)"},{"key":"5_CR33","doi-asserted-by":"publisher","first-page":"570","DOI":"10.1108\/ICS-08-2014-0056","volume":"23","author":"M Silic","year":"2015","unstructured":"Silic, M., Back, A., Silic, D.: Taxonomy of technological risks of open source software in the enterprise adoption context. Inf. Comput. Secur. 23, 570\u2013583 (2015)","journal-title":"Inf. Comput. Secur."},{"key":"5_CR34","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"AR Hevner","year":"2004","unstructured":"Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75\u2013105 (2004)","journal-title":"MIS Q."},{"key":"5_CR35","unstructured":"Mwilu, O.S., Prat, N., Comyn-Wattiau, I.: Taxonomy development for complex emerging technologies. The case of business intelligence and analytics on the cloud. In: 19th Pacific Asia Conference on Information Systems (PACIS 2015), pp. 1\u201316 (2015)"},{"key":"5_CR36","unstructured":"Glaser, F., Bezzenberger, L.: Beyond cryptocurrencies: a taxonomy of decentralized consensus systems. In: Proceedings of the ECIS (2015)"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/978-3-540-76848-7_6","volume-title":"On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS","author":"K Namiri","year":"2007","unstructured":"Namiri, K., Stojanovic, N.: Pattern-based design and validation of business process compliance. In: Meersman, R., Tari, Z. (eds.) OTM 2007. LNCS, vol. 4803, pp. 59\u201376. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-76848-7_6"},{"key":"5_CR38","unstructured":"ISACA (ed.): COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, Rolling Meadows (2012)"},{"key":"5_CR39","unstructured":"The Institute of Internal Auditors (IIA): SARBANES-OXLEY SECTION\u00a0404. A Guide for Management by Internal Controls Practitioners (2008)"},{"key":"5_CR40","unstructured":"The Institute of Internal Auditors (IIA): Global Technology Audit Guide (GTAG) 1. Information Technology Risk and Controls (2012)"},{"key":"5_CR41","unstructured":"The International Federation of Accountants (IFAC): ISA 315. Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (2009)"},{"key":"5_CR42","unstructured":"Public Company Accounting Oversight Board (PCAOB): Auditing Standard No. 5. An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements (2007)"},{"key":"5_CR43","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1016\/j.is.2010.12.005","volume":"36","author":"H Weigand","year":"2011","unstructured":"Weigand, H., van den Heuvel, W.-J., Hiel, M.: Business policy compliance in service-oriented systems. Inf. Syst. 36, 791\u2013807 (2011)","journal-title":"Inf. Syst."},{"key":"5_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-642-32885-5_21","volume-title":"Business Process Management","author":"E Ramezani","year":"2012","unstructured":"Ramezani, E., Fahland, D., Aalst, W.M.P.: Where did i misbehave? Diagnostic information in compliance checking. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 262\u2013278. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-32885-5_21"},{"key":"5_CR45","unstructured":"Sch\u00e4fer, T., Fettke, P., Loos, P.: Control patterns: bridging the gap between is controls and BPM. In: Proceedings of the 21st European Conference on Information Systems (ECIS), pp. 88\u2013100 (2013)"},{"key":"5_CR46","volume-title":"Auditing Application Controls","author":"C Bellino","year":"2007","unstructured":"Bellino, C., Wells, J., Hunt, S.: Auditing Application Controls. IIA, Altamonte Springs (2007)"},{"key":"5_CR47","unstructured":"German Federal Financial Supervisory Authority: Banking Act of the Federal Republic of Germany (Kreditwesengesetz, KWG). KWG (2016)"},{"key":"5_CR48","unstructured":"Pries-Heje, J., Baskerville, R., Venable, J.R.: Strategies for design science research evaluation. In: ECIS 2008 Proceedings (2008)"},{"key":"5_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1007\/978-3-642-29863-9_28","volume-title":"Design Science Research in Information Systems. Advances in Theory and Practice","author":"C Sonnenberg","year":"2012","unstructured":"Sonnenberg, C., Brocke, J.: Evaluations in the science of the artificial \u2013 reconsidering the build-evaluate pattern in design science research. In: Peffers, K., Rothenberger, M., Kuechler, B. (eds.) DESRIST 2012. LNCS, vol. 7286, pp. 381\u2013397. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-29863-9_28"},{"key":"5_CR50","doi-asserted-by":"crossref","unstructured":"Tremblay, M.C., Hevner, A.R., Berndt, D.J.: Focus Groups for Artifact Refinement and Evaluation in Design Research. Communications of the Association for Information Systems 26 (2010)","DOI":"10.17705\/1CAIS.02627"},{"key":"5_CR51","unstructured":"Namiri, K.: Model-Driven Management of Internal Controls for Business Process Compliance. Karlsruhe (2008)"},{"key":"5_CR52","unstructured":"OMG (ed.): Business Process Model and Notation (BPMN). http:\/\/www.omg.org\/spec\/BPMN\/2.0\/PDF\/"}],"container-title":["Lecture Notes in Business Information Processing","Business Process Management Forum"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-65015-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T18:43:02Z","timestamp":1710355382000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-65015-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319650142","9783319650159"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-65015-9_5","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"3 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"BPM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Business Process Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 September 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 September 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"bpm2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/bpm2017.cs.upc.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}