Workshop on Economics of Compliance Control and Automation (ECCA)

Venue: Andrzej Frycz Modrzewski Cracow College

Location: Krakow, Poland

Event Date/Time: Feb 15, 2010 End Date/Time: Feb 18, 2010
Registration Date: Nov 14, 2009
Paper Submission Date: Oct 14, 2009
Report as Spam


Achieving compliance to an ever growing number of regulatory requirements, such as reporting practices and treatment of personal information, poses a grand challenge to enterprises of all sizes. Such requirements stipulate the reliable deployment of a number of accountable activities which must be periodically validated by means of third-party audits. To conduct adequate validation in a timely, cost-effective and reliable manner, enterprises are advancing the automation of business process and the corresponding controls.
Controls subsume organizational measures and security mechanisms for enforcing regulatory laws and detecting regulation deviations, opening up the chance to react timely. However, deploying such controls is a challenging task yet not completely understood: Unexpected interactions between controls and business processes might arise, leading to inconsistencies, compliance violations and conflicts with the operative goals of business processes and, thereby, opening up risks. Also, a too restrictive, risk-averse enforcement of regulations is not optimal with regard to the operational use of upcoming technologies, such as service-oriented architectures or cloud computing, since it may hinder the harvesting of their full potential. Addressing these issues is of primary relevance and requires well-founded, cross-disciplinary approaches to reason about and bridge the technical and economical perspectives of the deployment of controls.
The goal of this workshop is to bring together researchers and practitioners working on innovative methods for managing compliance, risk and security. The focus of the workshop is primarily on the integration of economical and technical research, yet it encourages papers with a cross-disciplinary character, encompassing for instance legal and sociological aspects, as well as papers more purely focused on information technology.