Hae
Book a demo
en

4 Steps to Prevent Compliance Violations

Intelligent Process Mining helps compliance officers, internal auditors, business leaders, process analysts and business controllers to detect, understand, predict and prevent compliance violations. Typical use cases include:

  • Internal Audit - Provide assurance that internal control processes are operating effectively
  • Anomaly Detection - Identify suspicious cases that differ significantly from the majority.
  • Trade Compliance - Ensure that operations comply with international export, trade, and financial laws.
  • Process Owners - Enforce compliance with agreed processes

4 steps to Prevent Compliance Violations

The four steps for preventing compliance violations using Intelligent Process Mining are:

  1. Detect Compliance Violations automatically 
  2. Find Root Causes for Compliance Violations
  3. Predict Future Compliance Violations
  4. Recommend Actions to Prevent Future Compliance Violations

The approach uses the framework presented in my previous blog. 

  • Descriptive Process Mining – How to detect compliance violations.
  • Diagnostic Process Mining - How to understand root causes for compliance violations.
  • Predictive Process Mining - How to predict future compliance violations.
  • Prescriptive Process Mining -  How to recommend actions to prevent future compliance violations.

 

Join our webinar to learn more about this topic - Preventing Compliance Violations using Intelligent Process Mining

Step 1 - Detect Compliance Violations

Intelligent Process Mining detects compliance violations automatically as soon as they appear. As soon as new data is loaded into the process mining system, for example on a weekly or daily basis, the system will check all business rules to find if any new violations exist. Typical patterns for compliance rules include

  • Mandatory: Process Step A should always be executed before Step B
  • Illegal: Step A should never be executed before Step B
  • Time: Step A should always occur within 10 days after Step B
  • Exclusive Choice: Either Step A or Step B must occur, but not both
  • Block: Whenever A occurs, B cannot occur afterward
  • Temporal Block: Whenever A occurs, C must occur afterward, and B is forbidden in between
  • Resource: Step A can be performed only by users having role R
  • Segregation: A and B must be performed by different users
  • Attribute Check: Property X in system A must match the property X in system B for each case
  • Illegal Change: Property X must not be changed after Step A
  • Empty: Property X must be given

Each rule may also have a set of limitations, for example:

  • Global: Rule is valid for all cases - no exceptions
  • Exception: Rule is valid for all other cases except those with Property X having value in (v1, v2, ..., vn)
  • Special: Rule is valid only for those cases with Property X having value in (v1, v2, ..., vn)
  • Regional: Rule is valid only for cases with Region in (r1, r2, ..., rn)
  • Customer: Rule is valid only for cases where Region is in (c1, c2, ..., cn) 

When these patterns and definitions are put together we get some examples of compliance rules such as:

  • Purchase Order Approval: First-level approval needed for each PO with a value above 100 €. Second-level approval needed for POs with a value > 10 000 €. Third-level approval needed for POs with a value > 1 000 000 €. One employee may give only one approval.
  • Trade Compliance: Each sales order must be checked against the US sanction and embargo lists before the actual shipment takes place.
  • Process Audit: All mandatory activities must be performed (and recorded) in a specific order for each surgery operation in a hospital

Now the Good news! The process mining system is capable of evaluating all possible compliance rules and thus detects all compliance violations as soon as source data is available!

Maveric Buying-2

Step 2 - Find Root Causes for Compliance Violations

Why did something happen in the past?

After detecting a compliance violation you want to know why it happened. Intelligent Process Mining helps to find the answer by looking at the full process mining data available in the model.

Root Cause analysis detects process steps and case attribute values that cause the compliance violations. Analysis is based on statistical correlation and shows root causes for both problem areas (highlighted with red color) as well as the best practice areas (highlöighted with blue color). 

Maveric Buying-root causes

The example above shows the root causes for Maverick Purchasing violations. From the flowchart we see that maverick purchase are more likely to visit the process step "Review Man.":  56% of violating cases compared to 27% of non-violating cases. On the other hand, only 6% of violating cases visit "Review Top Man." compared to the 14% of non-violating cases. The case attribute analysis in the right-side chart shows that if PO: Material Group is "twezzers" then 300 out of 1.1K cases (27%) violate the maverick purchasing compliance rule.

The capability of finding root causes for compliance violations forms the basis for improving business operations systematically. 

Step 3 - Predict Future Compliance Violations

The previous two steps have shown how to detect compliance violations (descriptive process mining) and understand why did they happen (diagnostic process mining). In this third step, we want to predict violations before they even happen. This is possible by using the current as-is knowledge in our process mining model with the latest extracted data from the ERP systems.

Predictive process mining is a method to predict what will happen next in any given ongoing case. It is possible to make these predictions since the process morning model already includes full details of each completed case. By using this information the machine learning system can predict - in a very similar way as a human expert would predict - the outcome of each case. The more data there is, the better the accuracy of the prediction will be.

Example: Predict a Compliance Violation

It is easy to configure the QPR ProcessAnalyzer system to make future predictions and show them in a dashboard using the approach:

  • Extract data from ERP systems and build he process mining model
  • Define the KPI for Compliance Violation (Step 1 abode)
  • Run root cause analysis to find Case Attributes and Events that cause violations (Step 2 above)
  • Configure QPR ProcessAnalyzer machine learning model
    • Define Training Cases. Use completed cases as training cases. These training cases should include both cases were the compliance violation occurred and cases where violation did not occur.correlate with the Identify the training data for the machine learning.
    • Select Case Attributes and Event Types to be included for making predictions
    • Validate the accuracy of predictions - refine the source data if needed.
  • Now with the configured ML model a prediction will be made for each new case giving a prediction about the compliance violation.
  • React in time to cases that seem to fail their promise and fix the issue even before the violation takes place.

Compliance-predictions-2-1

The picture above shows a dashboard with predictions for Compliance Violation. 7.9% of the currently ongoing cases are predicted to experience the compliance violation, according to the machine learning model that is trained using the already completed customer orders. Further analysis is available using the trend and benchmarking charts. 

Step 4 - Recommend Actions to Prevent Future Violations

How to recommend actions to prevent future compliance violations?

The previous three steps of intelligent process mining have shown how to 1. detect compliance violations (descriptive process mining), 2. understand why did they happen (diagnostic process mining) and 3. predict future violations. As soon as we have the prediction, we can start the work to affect the actual outcome of each case: mitigate to already occurred violations and prevent the predicted future violations before they even occure.  

Typical jobs for an Intelligent Orchestrator to prevent violations include:

  • Send email notifications - notify business people about compliance violations when an existing business rule is violated
  • Start RPA bots
  • Start new business workflows
  • Update data in ERP systems

ComplianceViolationReport

The screenshot above shows an email message containing some recent violations for those cases where Material has been changed Shipment has already been created. ERP link is a direct link to open the corresponding case in ERP system such as SAP. QPR Link is the direct link to QPR process mining model that allows he easy analysis of all end-to-end process activities that have taken place during the excution of this item.

ComplianceViolation-CaseDetails

The above picture shows detailed case view for one individual process case. Using this view it is easy to see all occurred events and details about any compliance violation. 

Compliance Violations - Intelligent Orchestrator

The screenshot above from QPR ProcessAnalyzer shows an example of Intelligent Orechestrator for Compliance  Violations in action. Each ongoing case is shown in one row with customer name, order number and other details. The last column shows the violation: Material changed after Shipment Created. The column OTD Prediction shows the machine learning model based prediction for on-time delivery. Last event is showin the latest event that has taken occurred for the case. The last column - Next Orchestrated Action - show the suggested next action with a hyperlink to perform the action itself. Some actions, such as "Email Payment Reminder", launch email system to send an email to customer. "Manage order" is a link to the ERP system for manually making changes to the customer order. the "Start RPA - Remove Delivery Block" starts an RPA bot to remove the delivery block from SAP. 

Prescriptive process mining introduces an intelligent orchestrator to help you to succeed in your business operations. You may listen to the intelligent orchestrator's advice, follow the advice if it sounds good, ignore the advice if you know more background information than the system, and train the machine learning-based orchestrator to become an even better companion for running your operations.

Intelligent Orchestrator is a key component in QPR Predict and Prevent system where AI and business rules are used to make the predictions and discover business rule violations, and orchestrator then prevents and mitigates the emerging problems in time:  

Predict & Prevent

 

QPR integrates with the ERP systems, AI frameworks and RPA/Workflow systems to orchestrate the whole process.  

How to Predict & Prevent

 

 

What do you think? Want to learn more about Intelligent Process mining?

Join our webinar to learn more about this topic - Preventing Compliance Violations using Intelligent Process Mining

I am personally super happy to talk more about intelligent process mining so feel free to book a 30-minutes meeting using this link.

Written by

Teemu Lehto

Doctor of Science (Technology) and Process Mining evangelist active in marketing, sales, consulting, product development and research. Teemu has been involved in 200+ end customer process mining project from order-to-cash, purchase-to-pay, plant maintenance, auditing and service. Teemu is also an active speaker delivering the process mining message as well as writer for several process mining and machine learning scientific articles. Book a meeting with Teemu using the link: https://outlook.office365.com/owa/calendar/TeemuLehtoQPR@QPR.onmicrosoft.com/bookings/

Share Online