Conference Paper

Inter-organisational Controls as Value Objects in Network Organisations

DOI: 10.1007/11767138_23 Conference: Advanced Information Systems Engineering, 18th International Conference, CAiSE 2006, Luxembourg, Luxembourg, June 5-9, 2006, Proceedings
Source: DBLP


Inter-organizational controls are mechanisms used to ensure and monitor that networked enterprises do not commit a fraud and behave as agreed. Many of such controls have, apart from thei r control purpose, an inherent economic value component. This feature requires controls to pop-up into business value models, stating how actors crea te, trade and consume objects of economic value. In this paper, we provid e guidelines that can be used to decide whether organizational controls should be part of a value model or not. We demonstrate these guidelines by a case stud y on the Letter of Credit procedure.

Download full-text


Available from: Yao-Hua Tan,
  • Source
    • "An important example is the increased information exchange in closely cooperating value chains where information security is a major issue [6]. Current access-control modeling methodologies do not sufficiently consider interorganizational cooperations, which present new challenges for the control of economic value exchange [7] and for security [8][9]. Besides technological issues, many organizational and management challenges need to be resolved to establish a secure information flow where access is limited to authorized employees and partners . "
    [Show abstract] [Hide abstract]
    ABSTRACT: Information flow between organizations has increased tremendously in recent years, for example in information federations of closely cooperating partners in a value chain. With this intensified exchange, information security becomes a major issue. In particular, coordinated access control policies must be derived by multiple organizations in a systematic fashion. However, current access-control modeling methodologies do not sufficiently address interorganizational information flow. In order to close this gap, we provide a methodology for engineering access control policies between multiple organizations, which is motivated and exemplified by a case study on information federation in the industrial service sector. Furthermore, we present a tool-supported approach for semi-automatic generation of interorganizational role-based access control policies derived from graphical business process models.
    Workshops Proceedings of the 15th IEEE International Enterprise Distributed Object Computing Conference, EDOCW 2011, Helsinki, Finland, August 29 - September 2, 2011; 01/2011

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Business value models and process models describe the same subject from a different perspective. Therefore, it is important that both models are consistent with each other. To do consistency checking, we construct an intermediate model that captures the physical transfers in a value model, thereby reducing the conceptual gap between value and process models. This physical transfer model can then be checked for consistency with a process model via the already existing "reduced model" approach. A reduced model is a simplified representation of a value model or process model, where common concepts represent aspects from both the value and process model. We illustrate our approach using a small case study in the electricity sector.
Show more