Analyzing Compliance of Service-Based Business Processes for Root-Cause Analysis and Prediction Carlos Rodríguez, Patrícia Silveira, Florian Daniel, Fabio Casati University of Trento, Via Sommarive 14 38123 Povo, Trento, Italy {crodriguez, silveira, daniel, casati}@disi.unitn.it Abstract. Automatically monitoring and enforcing compliance of service-based business processes with laws, regulations, standards, contracts, or policies is a hot issue in both industry and research. Little attention has however been paid to the problem of understanding non-compliance and improving business prac- tices to prevent non-compliance in the future, a task that typically still requires human interpretation and intervention. Building upon work on automated detec- tion of non-compliant situations, in this paper we propose a technique for the root-cause analysis of encountered problems and for the prediction of likely compliance states of running processes that leverages (i) on event-based service infrastructures, in order to collect execution evidence, and (ii) on the concept of key compliance indicator, in order to focus the analysis on the right data. We validate our ideas and algorithms on real data from an internal process of a hos- pital. Keywords: Compliance, Decision Trees, SOA, Root-Cause Analysis. 1 Introduction Compliance means conformance with laws, regulations, standards, contracts, policies, or similar sources of requirements on how to run business. Effective compliance management, i.e., the practice of assuring compliance, is an increasingly more impor- tant concern in today’s companies, since the set of compliance requirements a com- pany has to implement grows fast and their effect on the “traditional” business prac- tices in a company may be considerable. Despite its increasing importance, compli- ance is however to a large extent still managed in rather ad-hoc ways and with little or no IT support. As a result, today it is very hard for any CFO or CIO to answer ques- tions like: Which requirements does my company have to comply with? Which proc- esses should obey which requirements? Which processes are following a given regu- lation? Where do violations occur? Which processes do we have under control? And so on. While IT has been supporting (in more or less automated fashions) the execution of business processes for long time now, in the past the adoption of ad-hoc and mono- lithic software solutions did not provide the necessary insight into how processes were executed and into their runtime state, preventing the adoption of IT also for compliance assessment. The advent of workflow management systems and, especially today, of web service-based business interactions and the service-oriented architecture