一个正式的方法遵从行为的内部控制的业务流程外文翻译.doc

外文翻译 原文 A Formal Approach for Internal Controls Compliance in Business Processes MaterialSource:. Author: Kioumars Namiri , Nenad Stojanovic Abstract. Regulatory compliance requirements in the area of Internal Controls such as Sarbanes Oxley Act force enterprises to identify, shape and document their business processes. In this context enterprises require mechanisms to ensure that their business processes implement and fulfill compliance requirements independently from business level requirements. In this paper we present a novel approach for the modeling and implementation of Internal Controls in business processes. The approach is based on the formal modeling of Internal Controls, thus it can serve as the basis for usage of logic mechanisms in the compliance verification process. The main idea is the introduction of a semantic layer in which the process instances are interpreted according to given control statements, without changing the original business processes. Keywords: BPM, Regulatory Compliance, Formal Verification, Semantic The advent of regulatory compliance requirements in the area of Internal Controls such as Sarbanes Oxley Act 2002 (SOX) requires the implementation of an effective Internal Controls system in enterprises as a management responsibility. In this context COSO (Committee of Sponsoring Organizations of the Treadway Commission) has proposed an integrated framework,which is recognized by regulation bodies and auditors as a de facto standard for realizing the Internal Controls System. COSO defines the Internal Controls as a “process” designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting and compliance withapplicable laws and regulations. Following is a summary of the Internal Controls process: Identify all the significant accounts in the company. Identify for those accounts all relevant business processes affecting them. Define