« If SOA is Lego then decision services are Mindstorms | Main | 5 Business Reasons to Service-Orient and 3 to decision-automate »

I saw an interesting article by Jim Coleman of Appian in Business Integration Journal today - the article is not online yet but here's a link to the magazine - called "Making the Case for Process-Based, Sarbanes-Oxley Compliance". Jim outlines how you can use a BPMS to support a robust SOX compliance approach. I think he understates the potential for a business rules management system or BRMS to also be part of the solution. Let's consider some scenarios:

• If I have a decision, say pricing a product, that is covered by the compliance rules why take it manually and then automate the process of checking it was taken consistently? Instead you could automate the pricing engine using business rules and a BRMS and then compliance would consist of showing the rules used for most decisions and manually tracking just those exceptions referred to people.
• If I have a service in my process that has to be reviewed for compliance but which needs to change often, I could use a business rules approach to automate that service and then it would be much easier to show compliance (thanks to the declarative and business-friendly approach supported by a BRMS) and, because changes to rules are more manageable and trackable, easier to show ongoing compliance even as the service changed.
• If I have multiple systems being checked for compliance of the same action, perhaps I should use a decision service approach to automate the decision once, using a BRMS, and sharing that service across my architecture. Then I would only need to show that the service was compliant, not every application, and this would be easier thanks to rules compliance-friendly nature.

Automating decisions, especially using a BRMS, can be very beneficial when worrying about compliance. A BPMS can too, but the combination might be most effective. There's a great book called "The Joy of SOX" that I reviewed here by Hugh Taylor. Hugh and I also did a webinar on agile compliance with CMP. I have also written an article about how to use BPMS and BRMS together for compliance here and there is a section on compliance on my other blog.

Additional note - The Joy of SOX was excerpted by ebizQ a little while ago and you can read the excerpt here

Technorati Tags: BPMS, BRE, BRMS, business rules, compliance, decision automation, decision service, SOA, SOX, Sarbanes-Oxley

Posted by jtaylor in Business Agility • Business Rules • Compliance • SOA |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1089

Listed below are links to weblogs that reference Making the case for rules in compliance:

» Why optimize decisions - a nice list from Enterprise Decision Management - a Weblog
John over at Big Sky Thinking had a nice post today on the reasons for optimizing decisions. It's a good list and worth checking out. I had a few comments: Business model innovation, like outsourcing and "smartsourcing", really repay (and [Read More]

Tracked on February 19, 2007 02:02 PM