Towards a compliance requirement management for SMSEs: a model and architecture

Today's business entities face an ever-growing number of laws and regulations due to recent high profile business scandals and failures. Small and medium scale enterprises (SMSE) in developing countries do not have an efficient compliance checking mechanism to make their business processes compliant with these regulatory standards. This checking mechanism is needed to give the enterprises full assurance of complete adherence to regulatory standards, bodies, or Service Level Agreements. Therefore, a structured and efficient compliance management model is needed to aid SMSE in launching their businesses safely and to ensure business processes fit into the classical regulatory standards. This paper presents a business rules compliance checking model and architecture for SMSEs in developing countries to verify and monitor their business process models at design time and at run time. It involves a systematic compliance requirements classification and analysis that employs a goal based requirement engineering approach prior to design time verification. It also introduces the idea and demonstration of network analysis for runtime business processes monitoring. The business process model will be verified at design time using a Simple PROMELA Interpreter model checker through Linear Temporal Logic rules. The approaches were tested on a financial institution in Nigeria, a developing nation in Africa at the time of this research. In order to ensure that the choice of the requirements analysis approach was efficient, a number of standard metrics for evaluating requirements engineering techniques were used and promising results were obtained. We also carried out a comparative analysis of the proposed approach in this paper with the approaches of previous research papers. This approach proved to be effective in terms of clarity, simplicity, flexibility and expressiveness while reducing incomplete adherence of business processes and enhancing the correctness of the business process.