4 Steps to Prevent Compliance Violations

This blog is brought to you by D.Sc. Teemu Lehto, Vice President, Process Mining at QPR Software. Teemu provides a detailed and technical explanation of how process mining helps in preventing compliance violations.

Intelligent process mining helps compliance officers, internal auditors, business leaders, process analysts, and business controllers to detect, understand, predict and prevent compliance violations. Typical use cases include:

• Internal Audit - Provide assurance that internal control processes are operating effectively
• Anomaly Detection - Identify suspicious cases that differ significantly from the majority
• Trade Compliance - Ensure that operations comply with international export, trade, and financial laws
• Process Owners - Enforce compliance with agreed processes
  
  
  

4 steps to Prevent Compliance Violations

The four steps for preventing compliance violations using intelligent process mining are:

1. Detect Compliance Violations automatically 
2. Find Root Causes for Compliance Violations
3. Predict Future Compliance Violations
4. Recommend Actions to Prevent Future Compliance Violations

The approach uses the framework presented in my previous blog about intelligent process mining using Machine Learning.  

• Descriptive Process Mining – How to detect compliance violations
• Diagnostic Process Mining - How to understand root causes for compliance violations
• Predictive Process Mining - How to predict future compliance violations
• Prescriptive Process Mining -  How to recommend actions to prevent future compliance violations

Step 1 - Detect Compliance Violations

Intelligent process mining detects compliance violations automatically as soon as they appear. As soon as new data is loaded into the process mining system, for example on a daily basis, the system will check all business rules to find if any new violations exist. Typical patterns for compliance rules include:

• Mandatory: Process Step A should always be executed before Step B
• Illegal: Step A should never be executed before Step B
• Time: Step A should always occur within 10 days after Step B
• Exclusive Choice: Either Step A or Step B must occur, but not both
• Block: Whenever A occurs, B cannot occur afterward
• Temporal Block: Whenever A occurs, C must occur afterward, and B is forbidden in between
• Resource: Step A can be performed only by users having role R
• Segregation: A and B must be performed by different users
• Attribute Check: Property X in system A must match the property X in system B for each case
• Illegal Change: Property X must not be changed after Step A
• Empty: Property X must be given

• Global: Rule is valid for all cases - no exceptions
• Exception: Rule is valid for all other cases except those with Property X having value in (v1, v2, ..., vn)
• Special: Rule is valid only for those cases with Property X having value in (v1, v2, ..., vn)
• Regional: Rule is valid only for cases with Region in (r1, r2, ..., rn)
• Customer: Rule is valid only for cases where Region is in (c1, c2, ..., cn) 

When these patterns and definitions are put together we get some examples of compliance rules, such as:

• Purchase Order Approval: First-level approval is needed for each PO with a value above 100 €. Second-level approval is needed for POs with a value > 10 000 €. Third-level approval is needed for POs with a value > 1 000 000 €. One employee may give only one approval.
• Trade Compliance: Each sales order must be checked against the US sanction and embargo lists before the actual shipment takes place.
• Process Audit: All mandatory activities must be performed (and recorded) in a specific order for each surgery operation in a hospital

Now the good news! The process mining system is capable of evaluating all possible compliance rules and thus detects all compliance violations as soon as source data is available!

Step 2 - Find Root Causes for Compliance Violations

Why did something happen in the past?

After detecting a compliance violation, you may want to know why it happened. Intelligent process mining helps you find the answer by looking at the full process mining data available in the model.

Root Cause analysis detects process steps and case attribute values that cause the compliance violations. The analysis is based on the statistical correlation and shows root causes for both problem areas (highlighted with red color) as well as the best practice areas (highlighted with blue color). 

The example above shows the root causes for Maverick Purchasing violations. From the flowchart we see that maverick purchases are more likely to visit the process step "Review Man.":  56% of violating cases compared to 27% of non-violating cases. On the other hand, only 6% of violating cases visit "Review Top Man." compared to the 14% of non-violating cases. The case attribute analysis in the right-side chart shows that if PO: Material Group is "twezzers" then 300 out of 1.1K cases (27%) violate the maverick purchasing compliance rule.

The capability of finding root causes for compliance violations forms the basis for improving business operations systematically. 

Step 3 - Predict Future Compliance Violations

The previous two steps have shown how to detect compliance violations (descriptive process mining) and understand why did they happen (diagnostic process mining).

In this third step, we want to predict violations before they even happen. This is possible by using the current as-is knowledge in our process mining model with the latest extracted data from the ERP systems.

Predictive process mining is a method to predict what will happen next in any given ongoing case. It is possible to make these predictions since the process morning model already includes full details of each completed case. By using this information the machine learning system can predict - in a very similar way as a human expert would predict - the outcome of each case. The more data there is, the better the accuracy of the prediction will be.

Example: Predict a Compliance Violation

It is easy to configure the QPR ProcessAnalyzer system to make future predictions and show them in a dashboard using the approach:

• Extract data from ERP systems and build the process mining model
• Define the KPI for Compliance Violation (Step 1 above)
• Run root cause analysis to find Case Attributes and Events that cause violations (Step 2 above)
• Configure QPR ProcessAnalyzer machine learning model
  • Define Training Cases. Use completed cases as training cases. These training cases should include both cases where the compliance violation occurred and cases where the violation did not occur.
  • Select Case Attributes and Event Types to be included for making predictions
  • Validate the accuracy of predictions - refine the source data if needed.
• Now with the configured ML model, a prediction will be made for each new case, giving a prediction about the compliance violation.
• This allows you to react in time to cases that seem to fail their promise and fix the issue even before the violation takes place.
  
  

The picture above shows a dashboard with predictions for Compliance Violation. 7.9% of the currently ongoing cases are predicted to experience compliance violations, according to the machine learning model that is trained using the already completed customer orders. Further analysis is available using the trend and benchmarking charts. 

Step 4 - Recommend Actions to Prevent Future Violations

How to recommend actions to prevent future compliance violations?

The previous three steps of intelligent process mining have shown how to 1. detect compliance violations (descriptive process mining), 2. understand why they happened (diagnostic process mining) and 3. predict future violations. As soon as we have the prediction, we can start the work to affect the actual outcome of each case: mitigate already occurred violations and prevent the predicted future violations before they even occur.  

Typical jobs for an Intelligent Orchestrator to prevent violations include:

• Send email notifications - notify business people about compliance violations when an existing business rule is violated
• Start RPA bots
• Start new business workflows
• Update data in ERP systems

The screenshot above shows an email message containing some recent violations for those cases where Material has been changed Shipment has already been created. The ERP link is a direct link to open the corresponding case in an ERP system, such as SAP.

The QPR Link is the direct link to the QPR process mining model that allows easy analysis of all end-to-end process activities that have taken place during the excution of this item.

The above picture shows a detailed case view for one individual process case. By using this view, it is easy to see all occurred events and details about any compliance violation. 

The screenshot above from QPR ProcessAnalyzer shows an example of Intelligent Orechestrator for Compliance: Violations in action.

Each ongoing case is shown in one row with the customer name, order number, and other details. The last column shows the violation: Material changed after Shipment Created. The column OTD Prediction shows the machine learning model-based prediction for on-time delivery. The last event shows the latest event that has taken occurred for the case. The last column - Next Orchestrated Action - shows the suggested next action with a hyperlink to perform the action itself. Some actions, such as "Email Payment Reminder", launch email systems to send an email to customers. "Manage order" is a link to the ERP system for manually making changes to the customer order. the "Start RPA - Remove Delivery Block" starts an RPA bot to remove the delivery block from SAP. 

Prescriptive process mining introduces an intelligent orchestrator to help you to succeed in your business operations. You may listen to the intelligent orchestrator's advice, follow the advice if it sounds good, ignore the advice if you know more background information than the system, and train the machine learning-based orchestrator to become an even better companion for running your operations.

Intelligent Orchestrator is a key component in the QPR Predict and Prevent system, where AI and business rules are used to make the predictions and discover business rule violations, and the orchestrator then prevents and mitigates the emerging problems in time:  

QPR integrates with the ERP systems, AI frameworks, and RPA/Workflow systems to orchestrate the whole process.  

What do you think? Do you want to learn more about Intelligent Process mining?

Join our webinar to learn more about this topic - Preventing Compliance Violations using Intelligent Process Mining

I am personally super happy to talk more about intelligent process mining so feel free to book a 30-minutes meeting using this link.