Compliance is often achieved ‘by design’ through a coherent system of controls consisting of information systems and procedures . This system-based control requires a new approach to auditing in which companies must demonstrate to the regulator that they are ‘in control’. They must determine the relevance of a regulation for their business, justify which set of control measures they have taken to comply with it, and demonstrate that the control measures are operationally effective. In this paper we show how value-based argumentation theory can be applied to the compliance domain. Corporate values motivate the selection of control measures (actions) which aim to fulfill control objectives, i.e. adopted norms (goals). In particular, we show how to formalize the dialogue in which companies justify their compliance decisions to regulators using value-based argumentation. The approach is illustrated by a case study of the safety and security measures adopted in the context of EU customs regulation.
|Name||Lecture Notes in Computer Science|
|Conference||10th International Conference on Deontic Logic in Computer Science |
|Abbreviated title||DEON 2010|
|Period||7/07/10 → 9/07/10|
- regulatory compliance
- internal control
- risk management