The challenges of automatically detecting compliance failures in partially managed processes are addressed and a solution is proposed. Detecting compliance failures by creating internal controls is a requirement of enterprise risk management framework. In case of unmanaged or partially managed processes, lack of full process visibility and the dependence on in depth knowledge of IT system and business application code are the main challenges of generating internal controls. Integration of business provenance management system with a business rule management system is proposed to overcome these challenges. © 2011 IEEE.