WRITTEN DESCRIPTION OF THE GOAL AND CONSULTATION WITH EMPLOYEES OF EACH GOVERNMENT INSTITUTION

4 Data collection and analysis

Data for this study is collected over a period of six months, through three rounds of focus groups (round 1, 2 and 3: experts focus group) and a three-round Delphi study (round 4, 5 and 6 Delphi study), see Figure 1. Between each individual round of the focus group and Delphi Study, researchers consolidated the results (round 1, 2, 3, 4, 5, 6 and 7: research team). Both methods of data collection are further discussed in the remainder of this section.

Figure 1: Visualization of the research approach

4.1 Focus groups

Before a focus group is conducted, a number of key issues need to be considered: 1) the goal of the focus group, 2) the selection of participants, 3) the number of participants, 4) the selection of the facilitator, 5) the information recording facilities, and 6) the protocol of the focus group. The goal of the focus group was to identify compliance principles for decision management solutions. The selection of the participants should be based on the group of individuals, organizations, information technology, or community that best represents the phenomenon studied (Strauss & Corbin, 1990). In this study, organizations and individuals that deal with a lot of business rules represent the phenomenon studied. Such organizations are often financial and government institutions. During this research, five Dutch government institutions participated. Based on the written description of the goal and consultation with employees of each government institution, participants were selected to take part in the three focus group meetings. In total, twelve participants took part who fulfilled the following positions: three enterprise architects, two business rules architects, three business rules analysts, one project manager, one IT architect, and two policy advisors. Each of the participants had, at least, five years of experience with business rules. Delbecq and van de Ven (1971) and Glaser (1978) state that the facilitator should be an expert on the topic and familiar with group meeting processes. The selected facilitator has a Ph.D. in Decision Management, has conducted 7 years of research on the topic, and has facilitated many (similar) focus group meetings before. Besides the facilitator, five additional researchers were present during the focus group meetings. One researcher participated as ‘back-up’ facilitator, who monitored if each participant provided equal input, and if necessary, involved specific participants by asking for more in- depth elaboration on the subject. The remaining four researchers acted as a minute’s secretary taking field notes. They did not intervene in the process; they operated from the sideline. All focus groups were video and audio recorded. A focus group meeting took on average two hours. Each focus group meeting followed the same overall protocol, each starting with an introduction and explanation of the purpose and procedures of the meeting, after which ideas were generated, shared, discussed and/or refined

In an earlier study (Zoet & Smit, 2016) we discussed the identification of general design principles for decision management in more detail. In this study, we refer to the results of these round after which we discuss the identification of the compliance principles. The first round of data collection of this previous

5

study yielded 343 general principles. Consolidation of these results eventually led to the deletion of 321 principles, presenting a grand total of 22 consolidated and validated general principles for the design of decision management solutions.

The 22 general principles are the starting point for this study, the identification and analysis of the compliance principles. Prior to the first round, participants were informed about the purpose of the focus group meeting and were invited to submit their current compliance principles applicable regarding the decision management problem space. Each of the participants submitted the principles who, according to them, affect their compliance demands, in advance to the first focus group meeting. During the first focus group participants got the opportunity to elaborate upon their submitted compliance principles. After the individual presentations, participants discussed the usefulness of each compliance principle. For each proposed compliance principle, the principle ID, label, rationale, classification, and instantiations were discussed and noted, see table 1 for an example. Because these characteristics have been discussed before the main focus was on the rationale for compliance. The first round resulted in 1) the refinement of the principle labels, descriptions, examples, rationale and classification, and 2) the deletion of 11 principles.

Table 1 – Example compliance principle result: Decisions, business rules, and data are recorded according to two time dimensions.

After the first focus group, the researchers consolidated the results. Consolidation of the results comprised the detection of double principles and incomplete principles. This process is executed as follows. All compliance principles have been transformed into columns and rows in an (ordinal) comparison table. An example snapshot that was utilized has been added in Table 2.

Table 2: Snapshot Meta-Model Comparison Table

For each compliance principle the description, example, rationale, classification, and goal were compared by three researchers, which comprised the back-up facilitator and two ‘minutes’ researchers from the focus groups. When double principles or incomplete principles were discovered a note was

6

made and was added to the results of the consolidation. In situations where the three researchers didn’t agree on the comparison, the fourth researcher, the facilitator of the focus groups, compared the principles and discussed the results with the first three researchers until consensus was reached.

The results of the consolidation were sent to the participants of the focus group two weeks in advance for the second focus group meeting. During these two weeks, the participants assessed the consolidated results in relationship to four questions: 1) “Does the principle affect compliance of the decision management solution?”, 2) “Are all compliance principles described correctly?” (in terms of the principle label, accompanied examples, and its rationale), 3)”Do I want to remove a compliance principle?”, and 4) “Do we need additional compliance principles?“. During the second focus group, the participants discussed the 11 principles. Again, the researchers consolidated the results and send them to the participants two weeks in advance. During the third focus group, the participants discussed the refined 11 compliance principles. The discussion did not lead to new compliance principles and focused on further refinement of the existing compliance principles in terms of descriptions, rationale, classification, and goals of each of the 11 compliance principles.

4.2 Delphi Study

Before a Delphi study is conducted, also a number of key issues need to be considered: 1) the goal of the Delphi study, 2) the selection of participants, 3) the number of participants, and 4) the protocol of the Delphi study. The goal of the Delphi study was twofold. The first goal was to validate and refine existing principles identified in the focus group meetings, and the second goal was to identify new principles. Based on the written description of the goal and consultation with employees of each organization, participants were selected to take part in the Delphi study. In total, 44 participants took part. thirty-two experts, in addition to the twelve experts that participated in the focus group meetings, were involved in the Delphi Study. The reason for involving the twelve experts from the focus groups was to decrease the likelihood of peer-pressure amongst group members as could have been the case in the focus group meetings. This is achieved by exploiting the advantage of a Delphi Study which is characterized by a non- face-to-face approach. The non-face-to-face approach was achieved by the use of online questionnaires that the participants had to return via mail. The thirty-two additional participants involved in the Delphi Study had the following positions: three project managers, one enterprise architect, ten business rules analyst, four policy advisors, one IT-architect, five business rules architects, two business consultants, one functional designer, one tax advisor, one legal advisor, one software engineer, one knowledge management advisor, and one legislative author. Each of the participants had, at least, two years of experience with business rules. Each round (4, 5, and 6) of the Delphi Study followed the same overall protocol, whereby each participant was asked to assess the principles in relationship to five questions:

1) “Are all compliance principles described correctly?”, “2) Do I want to remove a compliance principle?” 3) “Do we need additional compliance principles?“, 4) “Does the principle contribute to compliance?” and 5) “How does the principle affect the decision management problem space?”

Additionally, to guard consistency of the selection of compliance principles by the participants, both the physical introduction at the start of the focus group meetings and the written introduction for the Delphi study contained literature regarding compliance and principles. This ensures a consistent interpretation of the concepts compliance and principles. The literature utilized regarding compliance and principles is identical to the definitions provided in the literature section of this paper.

5 Results

In this section, the identified principles are presented and the reduction of freedom they realize is described. The principles have been categorized along the dimensions of the ontological foundations of the extended information systems framework (Strong and Volkoff, 2010). A visualization of the classification is shown Figure 2. Table 1 contains the description of a principle taken from the derived list of principles. The example includes: 1) the principle’s ID, 2) its label, 3) a description, 4) a short practical example, 5) a rationale, and 6) the classification of the principle. Due to space limitations, the remaining 10 principles are presented per category or a combination of categories by a shorter representation, only describing 1) the principle’s ID, 2) the principle’s label, and 3) (a short) the description of the principle.

7

Figure 2: Classification of compliance principles

5.1 Compliance principles

In this sub-section, the derived compliance principles are presented. The possible overlap of each principle with regards to their classification is depicted in figure 2.

Principle 1: IT does not formulate business rules

The first principle prescribes that decisions and underlying business rules should always be specified by an employee from the business domain (non-IT-professional). Examples of roles from the business are: tax specialist, risk specialist or compliance specialist. Employees from the IT department are not allowed to formulate or change the business rule. The rationale behind this choice is the expertise needed to 1) read and interpret laws and regulation and be able to 2) transform the source documents into a decision architecture and business rule (sets) is expertise which differs from IT expertise.

Principle 2: Authorization for decision-making

The second principle prescribes that organizations should implement authorization mechanisms for decision-making so that only authorized employees can make decisions. The rationale behind this principle is that employees which are not allowed to make a specific decision are not able to do so. An example from one specific government agency is that the law prescribes who should take a specific decision. If the decision is taken by another role the application is unlawful.

Principle 3: Ownership of a decision is defined

The third principle focuses on the explicitation of ownership and/or accountability per decision. It can be regarded an extended version of principle 2. Organizations often do not define the roles and responsibilities of employees, functions or departments with respect to a specific decision. Blenko and Roger (2010) identified this problem and addressed this problem by creating RAPID. RAPID is a framework which is used to define which role each department, team or person has with regards to a specific decision. According to their research, ambiguity regarding accountability of decisions could originate from the following four bottlenecks: 1) global versus local, 2) center versus business unit, 3) function versus function, and 4) inside versus outside partners. Furthermore, Blenko and Roger showed that defining roles for decisions increases organizations effectiveness.

Take for example the collaboration between two government institutions concerning the calculation of child benefits. In this particular case both the Dutch Tax and Customs Administration and the Dutch Social Security Agency execute decisions to decide whether a family is eligible for receiving child benefits, the height of the child benefits, and for how long the family will receive child benefits. The Dutch Social Security Agency actually makes this decision to grant child benefits while the Dutch Tax and Customs Administration makes this decision to calculate other benefits.

Principle 4: Each decision and related data need to be traced

8

The fourth principle stresses the importance of being able to trace how decisions were taken. To be able to do so, the activity’s input, applied business rules, and output must be stored. The rationale behind this principle is the ability to check how a specific decision was taken. Take for example a situation where student benefits are wrongfully rejected based on the data and documents delivered by the student. A law in the Netherlands states that students have the possibility to appeal against the decision of a governmental agency. If they choose to file for appeal the governmental agency responsible for providing student benefits needs to evaluate if an error was made and in the case an error was made, correct the error.

Principle 5: Communication with the same standards wherever possible, communication with different standards where desirable

The fifth principle focuses on the utilization of communication standards (BR-related languages). Communication between stakeholders which are involved in the business rules management processes must be aligned. Where possible, the same terms, in different situations should have the exact same definitions. This can be supported by means of a centralized list with definitions that can be utilized by different stakeholders. Where desirable, the same terms have different definitions in different situations. For this, a translation has to be made for each ‘different’ translation of the definition and added to the definition list.

For example, the Dutch Tax and Customs Administration forces all employees and partners to work with standard communication protocols. As the size of the organization expands, communication regarding business rules and decisions will get more complex. As standards are applied as much as possible, common languages will be adopted, potentially lowering communication issues and improving collaboration between stakeholders regarding business rules and decisions. However, the principle states that for some (critical) instances organizations should be able to utilize different standards (other than the acceptable ones). It goes without saying that this should be avoided as much as possible.

Principle 6: Decisions, business rules, and data are recorded according to two time dimensions

The sixth principle dictates that decisions, business rules, and data are recorded according to two time dimensions, which is described in detail in our example in table 1.

Principle 7: All business rules refer to a source

Decisions and underlying business rules are based on one or more sources. By referring the actual business rules to a source, organizations can more easy argue why a specific decision has been made. In addition, it also makes impact analysis of changing laws easier. Take for example laws and regulations regarding taxation of income. In the Netherlands alone, this particular law affects over nine million Dutch citizens. When business rules are utilized in (automated or partly automated) decision services, its design should be based upon sources in all relevant and valid legal documentation. This is important so that none of the business rules utilized in the decision services can be questioned regarding legality by the people affected by the decisions it takes.

Principle 8: Gaming only allowed by gamers

The eight principle prescribes that, where necessary, ’playing’ with business rules should be limited.

When Organizations are unable to do so clients possibly start to experiment in order to achieve the optimal results for them. An argument that some participants made is that employees should be allowed to game. The argument they list for this is that sometimes, when applying law reasonableness and fairness, is more important than applying the law by the actual letter.

For example, when clients are able to experiment while applying for disability allowances, decisions regarding the eligibility, duration, and the height of the allowances could be changed (‘played’) to realize more positive outcomes. As stated in the previous paragraph an employee must be allowed to do so.

Principle 9: Transparency concerning decision making for clients and users

The ninth principle stresses that governmental agencies design its services in a client-oriented manner. It is important that clients recognize the services provided and understand the decision-making progress (minimally high-level).

Take for example the process of a request for unemployment benefits. Usually, this process is complex and can run for multiple weeks or months depending on the difficulty of the given situation. A request for unemployment benefits is processed in multiple process activities by multiple departments, employing multiple specialists. To reduce concerns or impatience of clients and users that submitted the request, a portal is available where the progression of the request is shown.

9

Principle 10: Sharing knowledge concerning the execution of laws, regulations, and policies with employees, partners, and clients

The tenth principle states that organizations should share their knowledge regarding the design and execution of laws, regulations, and policies with employees and clients. With regards to government institutions, this means that they should provide the decision models to third parties as well as the decision services. In the first case, third parties can assess how the actual decision is made while in the second case they can actually use the decision service to make the decision. This would solve the problem that is addressed in principle three. The Dutch Tax and Customs Administration can review the decision service of the Dutch Social Security Agency. If they agree with the model the Dutch Social Security

Agency created they can use the decision service. If they don’t agree they can discuss the model with the

Dutch Social Security Agency and try to come to a consolidated decision model.

Principle 11: Utilize government-wide standards

The eleventh and last principle prescribes the use of government-wide standards. Government standards describe a structured way in which data and business rules should be handled or how processes should be performed. For example, the Dutch government utilizes multiple standards regarding Enterprise architecture, communication, ICT, etc. These standards focus on standardization of activities concerning data management, process management, and rule management. An example of this is the Dutch Governmental Reference Architecture (NORA). It is built on top of a set of basic principles for digital services delivered by the whole Dutch government. Utilizing such widely applied standards potentially results in more efficient and effective collaboration regarding decision management.