Sažetak | Inspekcija usklađenosti postupak je detaljne provjere s ciljem utvrđivanja pridržava li se određena osoba ili organizacija zadanog skupa odredaba (u propisima, standardima, poslovnim pravilima i sl.). Optimalan odabir osoba ili organizacija te odredaba nad kojima će se provesti inspekcija spada u ključne izazove inspekcije usklađenosti. Ovim istraživanjem razvijen je ICARUS – višeagentni model inspekcije usklađenosti primjenjiv na okruženja u kojima inspekcijsko tijelo putem centralno koordiniranih inspekcija, nadzire usklađenost više organizacija koje se moraju pridržavati više odredaba. Razvijeni model implementiran je u računalnu simulaciju u okruženju NetLogo te je verificiran, valjan, a provedena je i analiza osjetljivosti. Razvijeni model i simulaciju moguće je primijeniti na niz inspekcijskih problema. Računalnom simulacijom prikupljeni su podaci, testirane hipoteze, te je potvrđeno da strategija inspekcije usklađenosti entiteta koja se provodi razmjerno resursnoj zahtjevnosti odredaba ostvaruje manji broj neusklađenosti u sustavu od slučajne i od ciklične strategije. Odbačena je hipoteza da se primjenom inspektorovog vodstva na provođenje takovih inspekcija postiže manji broj neusklađenosti. Istraživanjem je empirijski provjerena i povezanost kršenja odredaba s resursnom zahtjevnošću njihova ispunjavanja na temelju empirijskog istraživanja o resursnoj zahtjevnosti ispunjavanja odredaba „Odluke o primjerenom upravljanju informacijskim sustavom“. Prihvaćena je hipoteza o postojanju barem srednje velike pozitivne korelacija između resursne zahtjevnosti ispunjavanja regulatornih odredaba i razine kršenja tih odredba. Rezultati istraživanja ukazuju na moguća unaprjeđenja u provođenju inspekcija usklađenosti, koja bi mogla dovesti do smanjenja ukupne neusklađenosti. |
Sažetak (engleski) | Compliance inspection is a detailed examination procedure for determining compliance of a particular person or organisation with the given set of provisions (in regulations, standards, business rules, etc.). The optimal selection of persons or organisations and provisions for inspection is one of the key compliance inspection challenges. Based on that problem, three research goals were stipulated. Firstly, to develop a multiagent model of centrally coordinated compliance inspections in a system with many organizations, which must comply with many provisions, based on findings in theoretical research and empirical data. Secondly, to explore, through simulation of the implemented model, whether and under what conditions, by applying different inspection strategies, is it possible to reduce the overall level of noncompliance in the system. Finally, to investigate the relationship between resources required to meet regulatory requirements (provisions) and the level of violation of those provisions. In line with the research goals and research questions, 4 hypotheses were posed. (H.1) By selecting the provisions for compliance inspection relative to the resources required for compliance with those provisions, the simulation results in a lower number of noncompliances, compared to the use of random selection. (H.2) By selecting the provisions for compliance inspection relative to the resources required for compliance with those provisions, the simulation results in a lower number of noncompliances, compared to the use of cyclic selection. (H.3) There is at least a medium-high, positive correlation between the resources required to meet the regulatory provisions and the level of violation of those provisions. And finally, (H.4) by applying the inspector's (Stackelberg's) leadership to inspections in which the selection of provisions for compliance inspection is performed relatively to the resources required for compliance with those provisions, the simulation results in a lower number of noncompliances, with respect to the inspection without application of the inspector's leadership.
ix
A multi-agent compliance inspection model (ICARUS - Inspecting Compliance to mAny RUleS) was developed. The model is applicable to environments where an inspection agency, via centrally coordinated inspections, examines compliance of organizations which must comply with multiple provisions. ICARUS is based on the concepts from the field of criminology; human rationality models, including the economic model of crime and game theory; and relevant human behaviour models. The model is described according to the ODD+D protocol and implemented in a computer simulation in the NetLogo environment. The initial parameter estimation/calibration of the model was performed, and the model was verified and validated. The validation was performed in 2 stages. The general validation assessed alignment between empirical data (macro-structures) and behaviour of the model, primarily by comparing the expected patterns and values with the results of a large number of computer simulations of the ICARUS model, for given ranges of parameter values. The specific validation aimed to find a valid combination of input parameters for which computer simulation of the ICARUS model could reproduce the expected quantitative results. The specific validation encompassed 3 case studies: environmental compliance inspection in Denmark, OSHA compliance inspection in the USA and bank supervision in Italy. Genetic algorithm was applied to the search of parameter space. A combination of input parameters was identified for each of the 3 specific validation tests and the ICARUS computer simulation produced quantitative results in line with the results identified in empirical research. Hypotheses H.1, H.2 and H.4 were tested based on performances of 6 defined inspection strategies: 2 random strategies, 2 cyclic strategies, Stohastic universal sampling (SUS) strategy and SUS strategy with Stackelberg leadership (SUS-Stackelberg). For each of the 3 combinations of input parameters, and for each inspection strategy, simulation of the ICARUS model was run 100 times and the resulting data was collected. The significance of differences between strategies’ effectiveness was tested via Kruskal-Wallis test and Nemenyi post-hoc test. Based on the results of those tests, H.1 and H.2 were accepted, and H.4 was rejected. The research also incorporated an empirical study of the resource requirements needed for compliance with 44 provisions of the „Decision on Appropriate Management of the Information System“ (Decision) and the compliance of credit institutions in the Republic of Croatia with those provisions. Relevant data was collected in 2012, for 31 banks, 1 savings bank and 5 housing savings banks. The data was collected via 2 questionnaires. Credit institutions filled out the questionnaire on resource requirements for compliance. Authorized external auditors, who are required to carry out yearly audits for the needs of the Croatian
x
National Bank, filled out the questionnaire on compliance of credit institutions with provisions of the Decision. Both questionnaires collected census data, via semantic ordinal scales. Correlation tests were performed on the collected empirical data, including polychoric correlation, Pearson r and Spearman ρ tests. Taking into account all results, the H.3 hypothesis was accepted.
Implemented computer simulation allows simple input of most parameters. Visualization of the simulation and its quantitative results as well as a graphical representation of the basic statistical indicators, facilitates understanding of the simulation and its results. These characteristics of the computer simulation, as well as extensive description of the ICARUS model should expedite their use and adaptation to other inspection problems. The research results identified areas for possible improvements in conduct of compliance inspections, which could lead to more effective and efficient inspection strategies, and a reduction in overall noncompliance. |