Publication
IBM J. Res. Dev
Paper

Indra: An integrated quantitative system for compliance management for IT service delivery

View publication

Abstract

The explosive growth of business process implementations in various industries has brought into sharp focus the need for process compliance with regulatory policies. This has raised the need for business process compliance solutions requiring an automated and quantitative approach. Quantification of compliance enables an organization to accurately determine its compliance posture and take steps to improve process noncompliances in the future. To that end, in this paper, we propose Indra, our system for integrated compliance management. Indra takes a holistic approach toward compliance, focusing on a compliance life cycle comprising process modeling for maximal compliance at minimal cost, measuring noncompliance at runtime, analyzing the results of the measurement, and suggesting corrective actions to continuously improve process compliance in the future. The scope of this paper covers the analytic models and formulations for compliance maximization, along with a demonstration on a simplified version of a real-life example drawn from the IBM IT (information technology) service delivery units. We also describe ongoing piloting of our analytic models on real audit data from the IBM India Business Controls department. To the best of our knowledge, Indra is the first of its kind in providing integrated and quantitative compliance management. © 2009 IBM.