Skip to Main Content
Organizations respond to opportunities and risks by strategic decisions. Strategic decisions ensure the sustainable existence of organizations, but require continuous organizational change. Organizational change includes the redesign of business processes. Processes are subject to internal and external requirements. Requirements include the alignment to strategic goals, the effective and efficient use of resources and the compliance with applicable laws and regulations. Their achievement is assured by embedding internal controls into processes. Many controls can be incorporated into supporting systems, as their access control functions allow the modeling of authorization and segregation of duties. A model for the annotation of processes with controls, permissions and roles based on BPMN, COSO and XACML is presented. Additionally, a Service Oriented Architecture for the automated monitoring of controls and the timely communication of thereby detected control exceptions is proposed. The benefits of the approach are demonstrated in a prototype implementation and a corresponding case study.