Abstract

Companies increasingly have to pay attention to compliance concerns addressing business processes. Flexibly reacting to changing requirements coming from laws, regulations, and internal guidelines becomes a necessary part of business process management. Compliance refers therein to the entirety of all measures that need to be taken in order to adhere to laws, regulations and guidelines within the company, subsumed as compliance sources (Daniel et al., 2009, p. 1). In order to comply, companies need to perform profound changes in their organizational structure, business processes, IT systems and applications that drive their business. At this, process-awareness is basic prerequisite for ascertaining whether existing business processes are set up to operate in a compliant manner (Caprasse et al., 2008, p. 14). Among other steps, a compliance office can be installed, role-management is being established, and controls are integrated into particular processes. Consequently, compliance also has an impact on IT systems, applications and supporting infra-structure, as they have to support the execution, monitoring and checking of com-pliance issues. Yet, in the field of Business Process Management (BPM) there is currently no agreed upon solution for enabling a flexible management of compliance require-ments resulting from the interpretation of various compliance sources. There is no ultimate solution that allows to integrate compliance into processes or IT systems, and which specifies, how the execution of processes can be monitored to validate a compliant execution. The integration of compliance thus often results in hard-wired changes and tangled code. Another shortcoming of current solutions is that they do not address the whole compliance management life cycle (Daniel et al.,