@TechReport{	  muller.ea:dynamic:2006,
  abstract	= {The necessity of complying with an evolving set of
		  regulatory requirements is a growing concern to
		  enterprises. Responsible decision makers must continuously
		  decide whichmeasures are appropriate and must be
		  implemented with which priority in order to reach the
		  optimal compliance level. To proactively address external
		  audits, management must also decide on the optimal way to
		  internally inspect whether the taken measures are effective
		  and being followed. In this paper, we propose a
		  quantitative risk-based compliance management approach,
		  which allows management to optimally and dynamically select
		  feasible measures to attain an adequate compliance level
		  and to inspect compliance with a given set of regulatory
		  requirements. We strive to minimizethe expected total cost
		  of compliance including the costs of individual measures
		  and inspections, and the audit outcome cost for varying
		  compliance levels. Our approach is based on dynamic
		  programming and naturally accounts for the dynamic
		  evolution of the enterprise with respect to the regulatory
		  landscape governing it. The main merit of our method lies
		  in its use as a scenario-based management support system.
		  Depending on the availability and accuracy of input data,
		  it can even be used as a comprehensive tool to optimally
		  select the desired compliance measures and controls
		  policies. Moreover, our tool lends itself as a policy
		  instrument and may provide valuable guidance to effective
		  rule making.},
  author	= {Samuel M\"uller and Chonawee Supatgiat},
  institution	= {IBM Research},
  language	= {USenglish},
  month		= {August},
  number	= {RZ 3656},
  title		= {Dynamic and Risk-based Compliance Management},
  year		= 2006,
  user		= {sml}
}