Organization and governance of business rules management capabilities

Koen Smit

Research output: ThesisDoctoral ThesisInternal (IDIP)

10 Downloads (Pure)

Abstract

Properly managed business decisions and business logic are important assets for or-ganizations. Organizations in general, and government agencies in particular, increas-ingly utilize (semi-)automated decision making in products and services delivery. Or-ganizations obtain grip on regulatory compliance by well managing decision making processes. Organizations must secure adequate translation of legal sources into their products and services delivery. An approach to do so is through Business Rules Man-agement (BRM).Most research performed on BRM can be classified as technical (taking an information technology perspective), while research on the organizational implementation (taking an information systems perspective), considering organizational topics, is mainly un-accounted for. Furthermore, current research into BRM does not always adequately take into account the practical application of research results. Can an organization actually use the theory or artefact proposed?The above may well explain why professional practice experiences challenges when adopting BRM in their organizations. We see that 1) BRM-tooling is immature, 2) col-laboration between vendors is lacking, and 3) there is insufficient knowledge on how to apply BRM. As a consequence 4) organizations do not strategically and structurally embed BRM, and 5) rather few successful BRM-Systems (BRMS) are known.With the aim to seize these observations and to add to the scientific body of knowledge on BRM's information systems perspective this thesis focuses on so called BRM capabilities10 by proposing theory and delivering artefacts that could guide or-ganizations adopting BRM. The following main research question is addressed in this thesis: How can business rules management be organized and governed?To answer this question, multiple subquestions are posed and addressed, utilizing a multimethod approach, taking into account the limited body of knowledge on the or-ganizational aspects of BRM. The thesis describes the application of literature reviews, grounded theory coding, focus groups, Delphi studies and case studies. This research mainly focuses on the Dutch government, including several large Dutch government agencies. The results of the research are presented in three interrelated parts: 1) concepts and principles for business rules management, 2) business rules manage-ment implementation challenges, and 3) business rules management governance.Regarding the first part: in the second chapter of this thesis, a BRM reference process is presented with seven main processes: 'elicitation', 'design', 'acceptation', 'deploy-ment', 'execution', 'governance' and 'evaluation', together with underlying subpro-cesses. In the third chapter, 11 compliance principles are identified and described. Examples are 'all business rules refer to a (legal) source', and 'transparency concern-ing decision-making for clients and users'. In the fourth chapter, a verification frame-work is presented that comprises 28 types of verification that organizations could implement to ensure proper (automated) execution of their business decisions and business logic. Examples are 'circularity verification' (checking whether a conclusion fact of a parent business rule is used as a condition fact in the underlying business rule, while at the same time the conclusion fact of the underlying decision is used as a condition fact in the parent business rule), 'equivalence verification' (checking for business rules which are expressed differently, yet with the same outcome), and 'con-flict conclusion verification' (checking whether conclusions exist that are established using different business rules and facts). This part closes with the fifth chapter, which presents 34 functional requirement themes for BRMS of which examples are (in this case related to the 'elicitation' of business rules): the ability to 'import sources', 'anno-tate sources', 'generate overviews' and 'perform impact-analyses'.The second part aims to identify challenges that organizations face implementing BRM-solutions. The identification of challenges was performed for the 'elicitation', 'design', 'specification', 'verification', 'validation' and 'governance' capabilities of BRM, resulting in a total of 53 challenges. In the sixth chapter, 28 implementation challeng-es are identified with regards to specifically the 'elicitation', 'design' and 'specification' BRM-capabilities. Examples are the 'lack or low quality of governance of a fact vo-cabulary' and the 'unwanted dependency on external parties to translate law and reg-ulations into business decisions and business logic'. In the seventh chapter, 17 imple-mentation challenges are identified with regards to the 'verification' and 'validation' BRM capabilities. Examples are 'the trade-offs between precision, expressiveness, naturalness and simplicity of business rules', and 'the lack of (proper) validation re-garding the business logic that is communicated with stakeholders' (i.e. Dutch citi-zens). Lastly, in the eighth chapter, eight implementation challenges are identified with regards to the 'governance' BRM capability. Examples are 'the lack of knowledge regarding existing governance standards' and 'the poor meta-data quality that ham-pers adequate governance'.The third part focuses on the organization of BRM-governance, which is subdivided in two studies. In the ninth chapter a business control system is presented, with 14 performance indicators that can be used to evaluate the implementation of BRM capabili-ties. Examples of performance indicators are 'the amount of business rules that can-not be automated' and 'the time required to define, verify, and validate a single busi-ness rule'. Then, in the tenth chapter, a traceability framework for BRM is proposed that presents three traceability domains, being the source domain, the implementa-tion-independent domain (which functions as a single point of truth) and the imple-mentation-dependent domain (which encompasses the implemented 'pieces of law' across different information systems). Each of the domains comprise several (layered) elements that represent the different levels of abstraction for which a piece of law can be traced. A piece of law can, for example, be traced on five levels of abstraction: on law level, article level, paragraph level, sentence level, or word level. Organizations could utilize these domains and the layered elements as these make explicit the de-sign choices that must be made to properly implement traceability.The results of the research contribute to the body of knowledge on how to organize and govern BRM in organizations. Notably, results consist of the identification and elaboration of (sub)processes, design principles, capabilities and challenges. New insight are provided on, and mature, the information systems perspective in BRM re-search. Other scholars can take the research further, e.g. in further evaluation of the results and building on its outcomes.Based on the outcomes of the various studies included in this thesis, it is summarized that organizations can define strategies from the research outcomes to design and implement their BRM capabilities, while avoiding or mitigating the challenges identi-fied. At the time of writing, the results already affect organizations: some Dutch gov-ernment agencies are utilizing the results for the (re)design of their BRM capabilities. Also, the process of making explicit the implementation challenges at the participating organizations resulted in these organizations actively investing resources to mitigate these challenges. Future research should aim to measure the effectiveness of the results and proposed artefacts in similar or dissimilar contexts.
Original languageEnglish
QualificationPhD
Awarding Institution
  • Open University of the Netherlands
Supervisors/Advisors
  • Versendaal, Johan, Supervisor
  • Slot, R. G. , Co-supervisor, External person
  • Zoet, M.M., Co-supervisor, External person
Award date1 Jun 2018
Publisher
Print ISBNs978-94-6299-972-5
Publication statusPublished - 1 Jun 2018

Fingerprint

Industry
Information systems
Decision making
Specifications
Metadata

Cite this

Smit, Koen. / Organization and governance of business rules management capabilities. Open Universiteit, 2018. 228 p.
@phdthesis{68aa8973a22a4e16aab9f7548d4d13b5,
title = "Organization and governance of business rules management capabilities",
abstract = "Properly managed business decisions and business logic are important assets for or-ganizations. Organizations in general, and government agencies in particular, increas-ingly utilize (semi-)automated decision making in products and services delivery. Or-ganizations obtain grip on regulatory compliance by well managing decision making processes. Organizations must secure adequate translation of legal sources into their products and services delivery. An approach to do so is through Business Rules Man-agement (BRM).Most research performed on BRM can be classified as technical (taking an information technology perspective), while research on the organizational implementation (taking an information systems perspective), considering organizational topics, is mainly un-accounted for. Furthermore, current research into BRM does not always adequately take into account the practical application of research results. Can an organization actually use the theory or artefact proposed?The above may well explain why professional practice experiences challenges when adopting BRM in their organizations. We see that 1) BRM-tooling is immature, 2) col-laboration between vendors is lacking, and 3) there is insufficient knowledge on how to apply BRM. As a consequence 4) organizations do not strategically and structurally embed BRM, and 5) rather few successful BRM-Systems (BRMS) are known.With the aim to seize these observations and to add to the scientific body of knowledge on BRM's information systems perspective this thesis focuses on so called BRM capabilities10 by proposing theory and delivering artefacts that could guide or-ganizations adopting BRM. The following main research question is addressed in this thesis: How can business rules management be organized and governed?To answer this question, multiple subquestions are posed and addressed, utilizing a multimethod approach, taking into account the limited body of knowledge on the or-ganizational aspects of BRM. The thesis describes the application of literature reviews, grounded theory coding, focus groups, Delphi studies and case studies. This research mainly focuses on the Dutch government, including several large Dutch government agencies. The results of the research are presented in three interrelated parts: 1) concepts and principles for business rules management, 2) business rules manage-ment implementation challenges, and 3) business rules management governance.Regarding the first part: in the second chapter of this thesis, a BRM reference process is presented with seven main processes: 'elicitation', 'design', 'acceptation', 'deploy-ment', 'execution', 'governance' and 'evaluation', together with underlying subpro-cesses. In the third chapter, 11 compliance principles are identified and described. Examples are 'all business rules refer to a (legal) source', and 'transparency concern-ing decision-making for clients and users'. In the fourth chapter, a verification frame-work is presented that comprises 28 types of verification that organizations could implement to ensure proper (automated) execution of their business decisions and business logic. Examples are 'circularity verification' (checking whether a conclusion fact of a parent business rule is used as a condition fact in the underlying business rule, while at the same time the conclusion fact of the underlying decision is used as a condition fact in the parent business rule), 'equivalence verification' (checking for business rules which are expressed differently, yet with the same outcome), and 'con-flict conclusion verification' (checking whether conclusions exist that are established using different business rules and facts). This part closes with the fifth chapter, which presents 34 functional requirement themes for BRMS of which examples are (in this case related to the 'elicitation' of business rules): the ability to 'import sources', 'anno-tate sources', 'generate overviews' and 'perform impact-analyses'.The second part aims to identify challenges that organizations face implementing BRM-solutions. The identification of challenges was performed for the 'elicitation', 'design', 'specification', 'verification', 'validation' and 'governance' capabilities of BRM, resulting in a total of 53 challenges. In the sixth chapter, 28 implementation challeng-es are identified with regards to specifically the 'elicitation', 'design' and 'specification' BRM-capabilities. Examples are the 'lack or low quality of governance of a fact vo-cabulary' and the 'unwanted dependency on external parties to translate law and reg-ulations into business decisions and business logic'. In the seventh chapter, 17 imple-mentation challenges are identified with regards to the 'verification' and 'validation' BRM capabilities. Examples are 'the trade-offs between precision, expressiveness, naturalness and simplicity of business rules', and 'the lack of (proper) validation re-garding the business logic that is communicated with stakeholders' (i.e. Dutch citi-zens). Lastly, in the eighth chapter, eight implementation challenges are identified with regards to the 'governance' BRM capability. Examples are 'the lack of knowledge regarding existing governance standards' and 'the poor meta-data quality that ham-pers adequate governance'.The third part focuses on the organization of BRM-governance, which is subdivided in two studies. In the ninth chapter a business control system is presented, with 14 performance indicators that can be used to evaluate the implementation of BRM capabili-ties. Examples of performance indicators are 'the amount of business rules that can-not be automated' and 'the time required to define, verify, and validate a single busi-ness rule'. Then, in the tenth chapter, a traceability framework for BRM is proposed that presents three traceability domains, being the source domain, the implementa-tion-independent domain (which functions as a single point of truth) and the imple-mentation-dependent domain (which encompasses the implemented 'pieces of law' across different information systems). Each of the domains comprise several (layered) elements that represent the different levels of abstraction for which a piece of law can be traced. A piece of law can, for example, be traced on five levels of abstraction: on law level, article level, paragraph level, sentence level, or word level. Organizations could utilize these domains and the layered elements as these make explicit the de-sign choices that must be made to properly implement traceability.The results of the research contribute to the body of knowledge on how to organize and govern BRM in organizations. Notably, results consist of the identification and elaboration of (sub)processes, design principles, capabilities and challenges. New insight are provided on, and mature, the information systems perspective in BRM re-search. Other scholars can take the research further, e.g. in further evaluation of the results and building on its outcomes.Based on the outcomes of the various studies included in this thesis, it is summarized that organizations can define strategies from the research outcomes to design and implement their BRM capabilities, while avoiding or mitigating the challenges identi-fied. At the time of writing, the results already affect organizations: some Dutch gov-ernment agencies are utilizing the results for the (re)design of their BRM capabilities. Also, the process of making explicit the implementation challenges at the participating organizations resulted in these organizations actively investing resources to mitigate these challenges. Future research should aim to measure the effectiveness of the results and proposed artefacts in similar or dissimilar contexts.",
author = "Koen Smit",
year = "2018",
month = "6",
day = "1",
language = "English",
isbn = "978-94-6299-972-5",
publisher = "Open Universiteit",
school = "Open University of the Netherlands",

}

Smit, K 2018, 'Organization and governance of business rules management capabilities', PhD, Open University of the Netherlands.

Organization and governance of business rules management capabilities. / Smit, Koen.

Open Universiteit, 2018. 228 p.

Research output: ThesisDoctoral ThesisInternal (IDIP)

TY - THES

T1 - Organization and governance of business rules management capabilities

AU - Smit, Koen

PY - 2018/6/1

Y1 - 2018/6/1

N2 - Properly managed business decisions and business logic are important assets for or-ganizations. Organizations in general, and government agencies in particular, increas-ingly utilize (semi-)automated decision making in products and services delivery. Or-ganizations obtain grip on regulatory compliance by well managing decision making processes. Organizations must secure adequate translation of legal sources into their products and services delivery. An approach to do so is through Business Rules Man-agement (BRM).Most research performed on BRM can be classified as technical (taking an information technology perspective), while research on the organizational implementation (taking an information systems perspective), considering organizational topics, is mainly un-accounted for. Furthermore, current research into BRM does not always adequately take into account the practical application of research results. Can an organization actually use the theory or artefact proposed?The above may well explain why professional practice experiences challenges when adopting BRM in their organizations. We see that 1) BRM-tooling is immature, 2) col-laboration between vendors is lacking, and 3) there is insufficient knowledge on how to apply BRM. As a consequence 4) organizations do not strategically and structurally embed BRM, and 5) rather few successful BRM-Systems (BRMS) are known.With the aim to seize these observations and to add to the scientific body of knowledge on BRM's information systems perspective this thesis focuses on so called BRM capabilities10 by proposing theory and delivering artefacts that could guide or-ganizations adopting BRM. The following main research question is addressed in this thesis: How can business rules management be organized and governed?To answer this question, multiple subquestions are posed and addressed, utilizing a multimethod approach, taking into account the limited body of knowledge on the or-ganizational aspects of BRM. The thesis describes the application of literature reviews, grounded theory coding, focus groups, Delphi studies and case studies. This research mainly focuses on the Dutch government, including several large Dutch government agencies. The results of the research are presented in three interrelated parts: 1) concepts and principles for business rules management, 2) business rules manage-ment implementation challenges, and 3) business rules management governance.Regarding the first part: in the second chapter of this thesis, a BRM reference process is presented with seven main processes: 'elicitation', 'design', 'acceptation', 'deploy-ment', 'execution', 'governance' and 'evaluation', together with underlying subpro-cesses. In the third chapter, 11 compliance principles are identified and described. Examples are 'all business rules refer to a (legal) source', and 'transparency concern-ing decision-making for clients and users'. In the fourth chapter, a verification frame-work is presented that comprises 28 types of verification that organizations could implement to ensure proper (automated) execution of their business decisions and business logic. Examples are 'circularity verification' (checking whether a conclusion fact of a parent business rule is used as a condition fact in the underlying business rule, while at the same time the conclusion fact of the underlying decision is used as a condition fact in the parent business rule), 'equivalence verification' (checking for business rules which are expressed differently, yet with the same outcome), and 'con-flict conclusion verification' (checking whether conclusions exist that are established using different business rules and facts). This part closes with the fifth chapter, which presents 34 functional requirement themes for BRMS of which examples are (in this case related to the 'elicitation' of business rules): the ability to 'import sources', 'anno-tate sources', 'generate overviews' and 'perform impact-analyses'.The second part aims to identify challenges that organizations face implementing BRM-solutions. The identification of challenges was performed for the 'elicitation', 'design', 'specification', 'verification', 'validation' and 'governance' capabilities of BRM, resulting in a total of 53 challenges. In the sixth chapter, 28 implementation challeng-es are identified with regards to specifically the 'elicitation', 'design' and 'specification' BRM-capabilities. Examples are the 'lack or low quality of governance of a fact vo-cabulary' and the 'unwanted dependency on external parties to translate law and reg-ulations into business decisions and business logic'. In the seventh chapter, 17 imple-mentation challenges are identified with regards to the 'verification' and 'validation' BRM capabilities. Examples are 'the trade-offs between precision, expressiveness, naturalness and simplicity of business rules', and 'the lack of (proper) validation re-garding the business logic that is communicated with stakeholders' (i.e. Dutch citi-zens). Lastly, in the eighth chapter, eight implementation challenges are identified with regards to the 'governance' BRM capability. Examples are 'the lack of knowledge regarding existing governance standards' and 'the poor meta-data quality that ham-pers adequate governance'.The third part focuses on the organization of BRM-governance, which is subdivided in two studies. In the ninth chapter a business control system is presented, with 14 performance indicators that can be used to evaluate the implementation of BRM capabili-ties. Examples of performance indicators are 'the amount of business rules that can-not be automated' and 'the time required to define, verify, and validate a single busi-ness rule'. Then, in the tenth chapter, a traceability framework for BRM is proposed that presents three traceability domains, being the source domain, the implementa-tion-independent domain (which functions as a single point of truth) and the imple-mentation-dependent domain (which encompasses the implemented 'pieces of law' across different information systems). Each of the domains comprise several (layered) elements that represent the different levels of abstraction for which a piece of law can be traced. A piece of law can, for example, be traced on five levels of abstraction: on law level, article level, paragraph level, sentence level, or word level. Organizations could utilize these domains and the layered elements as these make explicit the de-sign choices that must be made to properly implement traceability.The results of the research contribute to the body of knowledge on how to organize and govern BRM in organizations. Notably, results consist of the identification and elaboration of (sub)processes, design principles, capabilities and challenges. New insight are provided on, and mature, the information systems perspective in BRM re-search. Other scholars can take the research further, e.g. in further evaluation of the results and building on its outcomes.Based on the outcomes of the various studies included in this thesis, it is summarized that organizations can define strategies from the research outcomes to design and implement their BRM capabilities, while avoiding or mitigating the challenges identi-fied. At the time of writing, the results already affect organizations: some Dutch gov-ernment agencies are utilizing the results for the (re)design of their BRM capabilities. Also, the process of making explicit the implementation challenges at the participating organizations resulted in these organizations actively investing resources to mitigate these challenges. Future research should aim to measure the effectiveness of the results and proposed artefacts in similar or dissimilar contexts.

AB - Properly managed business decisions and business logic are important assets for or-ganizations. Organizations in general, and government agencies in particular, increas-ingly utilize (semi-)automated decision making in products and services delivery. Or-ganizations obtain grip on regulatory compliance by well managing decision making processes. Organizations must secure adequate translation of legal sources into their products and services delivery. An approach to do so is through Business Rules Man-agement (BRM).Most research performed on BRM can be classified as technical (taking an information technology perspective), while research on the organizational implementation (taking an information systems perspective), considering organizational topics, is mainly un-accounted for. Furthermore, current research into BRM does not always adequately take into account the practical application of research results. Can an organization actually use the theory or artefact proposed?The above may well explain why professional practice experiences challenges when adopting BRM in their organizations. We see that 1) BRM-tooling is immature, 2) col-laboration between vendors is lacking, and 3) there is insufficient knowledge on how to apply BRM. As a consequence 4) organizations do not strategically and structurally embed BRM, and 5) rather few successful BRM-Systems (BRMS) are known.With the aim to seize these observations and to add to the scientific body of knowledge on BRM's information systems perspective this thesis focuses on so called BRM capabilities10 by proposing theory and delivering artefacts that could guide or-ganizations adopting BRM. The following main research question is addressed in this thesis: How can business rules management be organized and governed?To answer this question, multiple subquestions are posed and addressed, utilizing a multimethod approach, taking into account the limited body of knowledge on the or-ganizational aspects of BRM. The thesis describes the application of literature reviews, grounded theory coding, focus groups, Delphi studies and case studies. This research mainly focuses on the Dutch government, including several large Dutch government agencies. The results of the research are presented in three interrelated parts: 1) concepts and principles for business rules management, 2) business rules manage-ment implementation challenges, and 3) business rules management governance.Regarding the first part: in the second chapter of this thesis, a BRM reference process is presented with seven main processes: 'elicitation', 'design', 'acceptation', 'deploy-ment', 'execution', 'governance' and 'evaluation', together with underlying subpro-cesses. In the third chapter, 11 compliance principles are identified and described. Examples are 'all business rules refer to a (legal) source', and 'transparency concern-ing decision-making for clients and users'. In the fourth chapter, a verification frame-work is presented that comprises 28 types of verification that organizations could implement to ensure proper (automated) execution of their business decisions and business logic. Examples are 'circularity verification' (checking whether a conclusion fact of a parent business rule is used as a condition fact in the underlying business rule, while at the same time the conclusion fact of the underlying decision is used as a condition fact in the parent business rule), 'equivalence verification' (checking for business rules which are expressed differently, yet with the same outcome), and 'con-flict conclusion verification' (checking whether conclusions exist that are established using different business rules and facts). This part closes with the fifth chapter, which presents 34 functional requirement themes for BRMS of which examples are (in this case related to the 'elicitation' of business rules): the ability to 'import sources', 'anno-tate sources', 'generate overviews' and 'perform impact-analyses'.The second part aims to identify challenges that organizations face implementing BRM-solutions. The identification of challenges was performed for the 'elicitation', 'design', 'specification', 'verification', 'validation' and 'governance' capabilities of BRM, resulting in a total of 53 challenges. In the sixth chapter, 28 implementation challeng-es are identified with regards to specifically the 'elicitation', 'design' and 'specification' BRM-capabilities. Examples are the 'lack or low quality of governance of a fact vo-cabulary' and the 'unwanted dependency on external parties to translate law and reg-ulations into business decisions and business logic'. In the seventh chapter, 17 imple-mentation challenges are identified with regards to the 'verification' and 'validation' BRM capabilities. Examples are 'the trade-offs between precision, expressiveness, naturalness and simplicity of business rules', and 'the lack of (proper) validation re-garding the business logic that is communicated with stakeholders' (i.e. Dutch citi-zens). Lastly, in the eighth chapter, eight implementation challenges are identified with regards to the 'governance' BRM capability. Examples are 'the lack of knowledge regarding existing governance standards' and 'the poor meta-data quality that ham-pers adequate governance'.The third part focuses on the organization of BRM-governance, which is subdivided in two studies. In the ninth chapter a business control system is presented, with 14 performance indicators that can be used to evaluate the implementation of BRM capabili-ties. Examples of performance indicators are 'the amount of business rules that can-not be automated' and 'the time required to define, verify, and validate a single busi-ness rule'. Then, in the tenth chapter, a traceability framework for BRM is proposed that presents three traceability domains, being the source domain, the implementa-tion-independent domain (which functions as a single point of truth) and the imple-mentation-dependent domain (which encompasses the implemented 'pieces of law' across different information systems). Each of the domains comprise several (layered) elements that represent the different levels of abstraction for which a piece of law can be traced. A piece of law can, for example, be traced on five levels of abstraction: on law level, article level, paragraph level, sentence level, or word level. Organizations could utilize these domains and the layered elements as these make explicit the de-sign choices that must be made to properly implement traceability.The results of the research contribute to the body of knowledge on how to organize and govern BRM in organizations. Notably, results consist of the identification and elaboration of (sub)processes, design principles, capabilities and challenges. New insight are provided on, and mature, the information systems perspective in BRM re-search. Other scholars can take the research further, e.g. in further evaluation of the results and building on its outcomes.Based on the outcomes of the various studies included in this thesis, it is summarized that organizations can define strategies from the research outcomes to design and implement their BRM capabilities, while avoiding or mitigating the challenges identi-fied. At the time of writing, the results already affect organizations: some Dutch gov-ernment agencies are utilizing the results for the (re)design of their BRM capabilities. Also, the process of making explicit the implementation challenges at the participating organizations resulted in these organizations actively investing resources to mitigate these challenges. Future research should aim to measure the effectiveness of the results and proposed artefacts in similar or dissimilar contexts.

M3 - Doctoral Thesis

SN - 978-94-6299-972-5

PB - Open Universiteit

ER -