Keywords
Business Process Management
ISO/IEC 42001
Algorithmic Governance
Explainability
How to Cite
Abstract
Purpose: This study aims to analyze the main challenges, opportunities, and strategies for aligning Artificial Intelligence (AI)-based Business Process Management (BPM) practices with the ISO/IEC 42001 standard. It seeks to understand how organizations can integrate principles of AI governance, risk management, and explainability into BPM to ensure responsible, transparent, and auditable automation of business processes.
Methodology: The research adopts a qualitative approach through an integrative literature review structured according to the PRISMA protocol. Searches were conducted in the Scopus and Web of Science databases, covering the period from 2015 to 2025, resulting in a final corpus of 22 articles. The analyzed studies address topics such as Explainable AI (XAI), process mining, algorithmic governance, compliance, and semantic data management. The content analysis followed Bardin’s (2008) method, organizing the findings into three dimensions: challenges, opportunities, and strategies.
Findings: The results indicate that the alignment between BPM and ISO/IEC 42001 involves three main axes: (i) governance and transparency, (ii) data and semantic infrastructure, and (iii) sociotechnical adoption factors. The concept of “dual transparency” (technical and operational) and a layered compliance architecture (design-time, run-time, and post-hoc) are highlighted, supported by process mining, human oversight, and explainable interfaces.
Theoretical And Practical Implications: The study presents a theoretical and operational framework that connects BPM to ISO/IEC 42001, guiding organizations on how to embed AI governance principles in process design, monitoring, and continuous improvement. For practitioners, it provides practical guidance to strengthen auditability, reduce algorithmic risks, and enhance corporate responsibility in digital environments.
Originality And Value: This paper is among the first to integrate BPM and the ISO/IEC 42001 standard, proposing a systematic interpretation of AI management requirements within organizational contexts. It advances the debate on algorithmic governance by showing how process-oriented methodologies can operationalize ethical, transparent, and compliant AI systems.
References
Banerjee, A., Kabadi, S., & Karimov, D. (2023). The Transformative Power of AI: Projected Impacts on the Global Economy by 2030. Review of Artificial Intelligence in Education, 4(00), e020. https://doi.org/10.37497/rev.artif.intell.educ.v4i00.20
Bardin, L. (2008). Análise De Conteúdo. Edições, 70.
Benraouane, S. A. (2024). AI Management System Certification According to the ISO/IEC 42001 Standard: How to Audit, Certify, and Build Responsible AI Systems. Em AI Management System Certification According to the ISO/IEC 42001 Standard: How to Audit, Certify, and Build Responsible AI Systems. Taylor and Francis. https://doi.org/10.4324/9781003463979
Berti, A., Herforth, J., Qafari, M. S., & van der Aalst, W. M. P. (2024). Graph-based feature extraction on object-centric event logs. Em INTERNATIONAL JOURNAL OF DATA SCIENCE AND ANALYTICS (V. 18, Número 2, p. 139–155). SPRINGERNATURE. https://doi.org/10.1007/s41060-023-00428-2
Biroğul, S., Şahin, Ö., & Əsgərli, H. (2025). Exploring the Impact of ISO/IEC 42001:2023 AI Management Standard on Organizational Practices. Advances in Artificial Intelligence Research, 5(1), 14–22. https://doi.org/10.54569/aair.1709628
Bliznak, K., Munk, M., & Pilkova, A. (2024). A Systematic Review of Recent Literature on Data Governance (2017-2023). Em IEEE ACCESS (V. 12, p. 149875–149888). IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. https://doi.org/10.1109/ACCESS.2024.3476373
Bogucka, E., Constantinides, M., Scepanovic, S., & Quercia, D. (2024). Co-designing an AI Impact Assessment Report Template with AI Practitioners and AI Compliance Experts. PROCEEDINGS OF THE SEVENTH AAAI/ACM CONFERENCE ON AI, ETHICS, AND SOCIETY, AIES 2024, 168–180.
Botunac, I., Parlov, N., & Bosna, J. (2024). Opportunities of Gen AI in the Banking Industry with regards to the AI Act, GDPR, Data Act and DORA. Em 2024 13th Mediterranean Conference on Embedded Computing, MECO 2024. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/MECO62516.2024.10577936
Campos, D., & Carreiro, F. D. R. (2024). Compliance e gestão de riscos em tempos de inovação e disrupção digital. Revista de Gestão e Secretariado, 15(4), e3743. https://doi.org/10.7769/gesec.v15i4.3743
Cicu, G. C. (2024). Bridging Traditional Corporate Governance and Technology: The ‘AI Corporate Design’ Framework to Computational Corporate Governance Model. Em Italian Law Journal (V. 10, Números 1–2, p. 345–362). Edizioni Scientifiche Italiane SpA.
Dallagassa, M. R., Garcia, C. dos S., Scalabrin, E. E., Ioshii, S. O., & Carvalho, D. R. (2022). Opportunities and challenges for applying process mining in healthcare: A systematic mapping study. Em JOURNAL OF AMBIENT IN℡LIGENCE AND HUMANIZED COMPUTING (V. 13, Número 1, p. 165–182). SPRINGER HEIDELBERG. https://doi.org/10.1007/s12652-021-02894-7
Borba, D. (2021). Um framework para implementação da gestão do conhecimento em instituições bancárias públicas no Brasil [Pontif{’i}cia Universidade Católica do Rio Grande do Sul]. http://tede2.pucrs.br/tede2/handle/tede/10079
El-khawaga, G., Abu-Elkheir, M., & Reichert, M. (2022). XAI in the Context of Predictive Process Monitoring: An Empirical Analysis Framework. Em ALGORITHMS (V. 15, Número 6). MDPI. https://doi.org/10.3390/a15060199
Elkhawaga, G., Abu-Elkheir, M., & Reichert, M. (2022). Explainability of Predictive Process Monitoring Results: Can You See My Data Issues? Em APPLIED SCIENCES-BASEL (V. 12, Número 16). MDPI. https://doi.org/10.3390/app12168192
Elkhawaga, G., Elzeki, O. M., Abu-Elkheir, M., & Reichert, M. (2024). Why Should I Trust Your Explanation? An Evaluation Approach for XAI Methods Applied to Predictive Process Monitoring Results. Em IEEE Transactions on Artificial Intelligence (V. 5, Número 4, p. 1458–1472). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/TAI.2024.3357041
Fahland, D., Fournier, F., Limonad, L., Skarbovsky, I., & Swevels, A. J. E. (2025). How well can a large language model explain business processes as perceived by users? Em Data and Knowledge Engineering (V. 157). Elsevier B.V. https://doi.org/10.1016/j.datak.2025.102416
Grohs, M., Pfeiffer, P., & Rehse, J.-R. (2025). Proactive conformance checking: An approach for predicting deviations in business processes. Em INFORMATION SYSTEMS (V. 127). PERGAMON-ELSEVIER SCIENCE LTD. https://doi.org/10.1016/j.is.2024.102461
Gueorguiev, T. (2024). The Process Approach in Artificial Intelligence Management Systems. 2024 9th International Conference on Energy Efficiency and Agricultural Engineering (EE&AE), 1–4. https://doi.org/10.1109/eeae60309.2024.10600591
Gueorguiev, T. (2025). An approach to integrate Artificial Intelligence in ISO 9001-based quality management systems. Measurement: Sensors, 38, 101787. https://doi.org/10.1016/j.measen.2024.101787
Hanga, K. M., Kovalchuk, Y., & Gaber, M. M. (2020). A Graph-Based Approach to Interpreting Recurrent Neural Networks in Process Mining. Em IEEE ACCESS (V. 8, p. 172923–172938). IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. https://doi.org/10.1109/ACCESS.2020.3025999
Joska Junior, J., Bertoldi, W. J., Santos, R. C. D., & Belli, R. F. (2023). APLICAÇÃO DA INTELIGENCIA ARTIFICAL NUMA EMPRESA STARTUP DE TECNOLOGIA. Review of Artificial Intelligence in Education, 4(00), e019. https://doi.org/10.37497/rev.artif.intell.educ.v4i00.19
Khazieva, N., Paulikova, A., & Chovanova, H. H. (2024). Maximising Synergy: The Benefits of a Joint Implementation of Knowledge Management and Artificial Intelligence System Standards. MACHINE LEARNING AND KNOWLEDGE EXTRACTION, 6(4), 2282–2302. https://doi.org/10.3390/make6040112
Maita, A. R. C., Fantinato, M., Peres, S. M., & Maggi, F. M. (2025). Interpretability in Predictive Process Monitoring Using Process Models: An Expert Evaluation of the VisInter4PPM Framework. Em KUNSTLICHE IN℡LIGENZ. SPRINGER HEIDELBERG. https://doi.org/10.1007/s13218-024-00878-1
Martino, D., Perlangeli, C., Grottoli, B., La Rosa, L., & Pacella, M. (2025). A Knowledge-Driven Framework for AI-Augmented Business Process Management Systems: Bridging Explainability and Agile Knowledge Sharing. Em AI (V. 6, Número 6). MDPI. https://doi.org/10.3390/ai6060110
Mayr, A., Stahmann, P., Nebel, M., & Janiesch, C. (2024). Still doing it yourself? Investigating determinants for the adoption of intelligent process automation. Em ELECTRONIC MARKETS (V. 34, Número 1). SPRINGER HEIDELBERG. https://doi.org/10.1007/s12525-024-00737-9
McIntosh, T. R., Susnjak, T., Liu, T., Watters, P., Xu, D., Liu, D., Nowrozy, R., & Halgamuge, M. N. (2024). From COBIT to ISO 42001: Evaluating cybersecurity frameworks for opportunities, risks, and regulatory compliance in commercializing large language models. Em Computers and Security (V. 144). Elsevier Ltd. https://doi.org/10.1016/j.cose.2024.103964
Moher, D., Shamseer, L., Clarke, M., Ghersi, D., Liberati, A., Petticrew, M., Shekelle, P., & Stewart, L. A. (2015). Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Systematic Reviews, 4(1), 1. https://doi.org/10.1186/2046-4053-4-1
Moreira, S. A. S., & Dallavalle, S. (2024). Unraveling the trends in business process management: A comprehensive bibliometric analysis of management and business literature. Em Business Process Management Journal (V. 30, Número 7, p. 2541–2563). Emerald Publishing. https://doi.org/10.1108/BPMJ-10-2023-0771
Nai, R., Sulis, E., Audrito, D., Trifiletti, V. M. S., Meo, R., & Genga, L. (2025). Leveraging process mining and event log enrichment in European public procurement analysis: A case study. Em COMPUTER LAW & SECURITY REVIEW (V. 57). ELSEVIER ADVANCED TECHNOLOGY. https://doi.org/10.1016/j.clsr.2025.106144
Nelson, J., & Lin, C. (2025). Responsible AI System Development in Automotive Applications: A Framework. Em SAE Technical Papers. SAE International. https://doi.org/10.4271/2025-01-8102
Qafari, M. S., & van der Aalst, W. M. P. (2022). Feature recommendation for structural equation model discovery in process mining. Em PROGRESS IN ARTIFICIAL IN℡LIGENCE. SPRINGERNATURE. https://doi.org/10.1007/s13748-022-00282-6
Ranjbar, A., Mork, E. W., Ravn, J., Brøgger, H., Myrseth, P., Østrem, H. P., & Hallock, H. (2024). Managing Risk and Quality of AI in Healthcare: Are Hospitals Ready for Implementation? Em Risk Management and Healthcare Policy (V. 17, p. 877–882). Dove Medical Press Ltd. https://doi.org/10.2147/RMHP.S452337
Ricciardi Celsi, L., & Zomaya, A. Y. (2025). Perspectives on Managing AI Ethics in the Digital Age. Em Information (Switzerland) (V. 16, Número 4). Multidisciplinary Digital Publishing Institute (MDPI). https://doi.org/10.3390/info16040318
Rybalko, P. (2024). The evolution of artificial intelligence: Problems and prospects of rational cognition. Review of Artificial Intelligence in Education, 5, e029. https://doi.org/10.37497/rev.artif.intell.educ.v5i00.29
Shafei, I., Karnon, J., & Crotty, M. (2024). Process mining and customer journey mapping in healthcare: Enhancing patient-centred care in stroke rehabilitation. Em DIGITAL HEALTH (V. 10). SAGE PUBLICATIONS LTD. https://doi.org/10.1177/20552076241249264
Silva, A. D. O., & Janes, D. D. S. (2023). Artificial Intelligence in education: What are the opportunities and challenges? Review of Artificial Intelligence in Education, 5(00), e018. https://doi.org/10.37497/rev.artif.intell.educ.v5i00.18
Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of Business Research, 104(July), 333–339. https://doi.org/10.1016/j.jbusres.2019.07.039
Sun, X., Yang, S., Zhao, C., & Yu, D. (2024). Design-time business process compliance assessment based on multi-granularity semantic information. Em JOURNAL OF SUPERCOMPUTING (V. 80, Número 4, p. 4943–4971). SPRINGER. https://doi.org/10.1007/s11227-023-05626-0
Verenich, I., Dumas, M., La Rosa, M., & Nguyen, H. (2019). Predicting process performance: A white-box approach based on process models. Em JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS (V. 31, Números 6, SI). WILEY. https://doi.org/10.1002/smr.2170
Wang, Y., Jiao, Y., & Wang, Q. (2025). Who’s the better mentor? How AI vs human supervisor developmental feedback influences feedback acceptance. Em BUSINESS PROCESS MANAGEMENT JOURNAL. EMERALD GROUP PUBLISHING LTD. https://doi.org/10.1108/BPMJ-12-2024-1217
Weimer, D., Gensch, A., & Koller, K. (2025). Scaling of End-To-End Governance Risk Assessments for AI Systems. Em G. R, H. E, H. E, P. M, P. M, & S. A (Org.), OpenAccess Series in Informatics (V. 126). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/OASIcs.SAIA.2024.4
Yatagha, R., Nebebe, B., Waedt, K., & Ruland, C. (2024). Towards a Zero-Day Anomaly Detector in Cyber Physical Systems Using a Hybrid VAE-LSTM-OCSVM Model. Em International Conference on Information and Knowledge Management, Proceedings (p. 5038–5045). Association for Computing Machinery. https://doi.org/10.1145/3627673.3680064
Zerbino, P., Aloini, D., Dulmin, R., & Mininno, V. (2018). Process-mining-enabled audit of information systems: Methodology and an application. Em EXPERT SYSTEMS WITH APPLICATIONS (V. 110, p. 80–92). PERGAMON-ELSEVIER SCIENCE LTD. https://doi.org/10.1016/j.eswa.2018.05.030
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2025 Darci de Borba, Rafael Brinkhues