A Decision Approach to Select the Best

Framework to Treat an IT Problem by Using

Multi-Agent System and Expert Systems

A. Chakir, M. Chergui, S. Elhasnaou, H. Medromi and A. Sayouti

Abstract This work is registered in two disciplinary axes that are the decision
making system, and the practices of the IT GRC. Many organizations deployed
integrated the practices of the IT GRC, the problem that arises it is how to choose
the good one practices to satisfy a precise need. Our work is motivated by the need
to make decisions by understanding and by incorporating perceptions, decisions
and actions to make the best choice. The objective of the research is to build a
decision-making model to satisfy a precise need IT. The proposed approach bases
on three main stages to set up a decision-making model. The model takes in en-
trance the strategic needs, the first stage consists in reducing the size of the prob-
lem by dividing it into many problems, by basing itself on the mapping between
all the reference tables and methods of the GRC and also this stage is going to
allow us to assure the sequencing of these under problems according to the varia-
bles of the environment as for example the type of the organization. In the second
stage, it is a question of formalizing every under problems according to the criteria
stored in the datawarehouse to generate the best choice of the good practice by
using methods of aggregation multi criterion to satisfy the need IT. The third stage
consists in estimating the satisfaction IT and helps to make decisions at the level
of every chosen reference table.

Keywords Expert system · IT governance · Decision method · Data warehouse *

1 Introduction

Three axes of the IT, Governance, Risk, and Compliance (GRC), assures the
alignment of the objectives of company with regard to the needs for stakeholder,

A. Chakir() · M. Chergui · S. Elhasnaou · H. Medromi · A. Sayouti

EAS Team, LISER Laboratory, ENSEM, Casablanca, Morocco
e-mail: {aziza1chakir,chergui.meriyem,elhasnaoui.soukaina,sayouti}@gmail.com,
h.medromi@ensem.ac.ma
© Springer Science+Business Media Singapore 2016 499
E. Sabir et al. (eds.), The International Symposium on Ubiquitous Networking,
Lecture Notes in Electrical Engineering 366,
DOI: 10.1007/978-981-287-990-5_40
500 A. Chakir et al.

conditions and options putting the management. This is shown by the strategic
progress of a given organization and also by the taken decisions [1].
The variety of methodologies, standards, and best practice of the IT GRC [2] puts
the persons in charge of Information system in front of a problem of joint of these
reference tables to reach precise goals, especially as there are practices of the IT
GRC which aim to be global and which handle all the fields of activity of the IT
without being detailed enough and those who handle a domain in particular in detail
without a global view. The diversity of the practices of the IT GRC puts difficulties
for companies to make the adequate choice of the practices of the IT GRC. It’s
necessary to implement a decision-making model which assures the selection of
the best solution of the GRC.
The request expressed by nature strongly qualitative, subjective and rich in
thought of the users will be translated into quantitative and formal data to be ex-
ploited by the decision-making system with the supreme purpose to improve the
learning and the communication by endowing our system by a system multi-agent
and an expert system.
To exploit well, and to increase the utility of the GRC, especially for the not
experts, the decision-making system is going to allow the end users to see the
relevance of the chosen reference table.

2 State of the Art

2.1 GRC IT
The approach Governance, Risk and Compliance (GRC) allows to master an or-
ganization with the minimum of effort by staying in compliance with its internal
politics and with the external regulations by assuring one strategic alignment and
an effective improvement of its processes and its projects [3][10].
Three aspects GRC allows the companies to check well their activities. What
translates by:

 A good control of their processes and their projects

 An effective governance of their organization
 A good management of risks associated to their activities

The internal control and the external statutory requirements of an organization,

recently, are the object of an increasing attention where from the necessity of inte-
grating three aspects IT (GRC). The following plan shows the collaboration
of three pillars of the GRC within an organization to assure that it respects its
objectives.[9]
A Decision Approach to Select the Best Framework to Treat 501

3 Decision-making Systems

The decision-making systems give to the decision-makers, in a transparent way,

the possibility of reflecting about their practices, of binding explicitly actions and
effects and of seeing the reasoning behind applied practices. This improves the
perspectives for the learning, the negotiation, the implementation of new politics
and to proceed has collective actions [16].

3.1 Data Warehouse

The data warehouse is a collection of sent, integrated, not volatile subject of data and
historized, organized for the support of a process of decision-making [11] [12] [17].
The data warehouse it is only simple copied by the data of production, making
a reference to the definition given by Ralph Kimball ‘‘A datawarehouse is a copy
of transaction data specifically structured for query and analysis.’’ [14][15]

3.2 The Stages of a Methodology of Decision-making Support

The Formulation Multi criterion of a Problem of Decision

The formulation of the problem is a very important stage because she involves of
identifying the problem in a explicit way, there partitioning the problem in many
together restricts that possible to choose the best reference table (problem of
choice) [20] and to tidy up the actions to be made according to the type of activity
of an organization, the most important for the least important. According to the
terminology introduced by Vansnick (1990) [20] the formulation multi criterion of
a problem of decision can be defined as the model "A, A/F, E" where:

 A is the set of the potential actions. This group can be explicitly defined (fin-
ished), the constraints being implicit, or implicitly (generally infinity), the
constraints being explicit. In this second case, we resort to the mathematical
programming with multiple objectives (PMOM) and we often indicate all the
acceptable actions by the symbol X;
 A/F is the set finished by the attributes or the criteria, generally conflicting,
from which the actions will be estimated;
 and E is all the benchmarking of the actions according to each of the attributes
or the criteria, that is all the vectors of performances, a vector by action.

Generally, this formulation allows to simplify the problem but she does not allow
to handle the problem of decision, what requires the call to the methods multi
criteria to release the preferences of an organization.
502 A. Chakir et al.

Types of the Problem in Multi Criterion to the Decision

There are four types of problem in help multi criterion to the decision problems of
choices, problems of sorting, problems of arrangement and problems of descrip-
tion. [20][21]

 Problems of choice P.ࢻ

This type of problem consists in selecting a subset so restricted as possible of bet-

ter solutions by eliminating the other solutions by basing itself on procedure of
selection of the operational research.

Fig. 1 Problems of choice

 Problems of sorting P. ß

This type of problem consists in allocating the actions to predefined categories by

comparing the actions of the set with the reference actions, by basing itself on the
procedures of affectation in categories.

Fig. 2 Problems of sorting

 Problems of arrangement P.઻

In this type of problem, we order all the actions of the best the least good, it is a kind
of affectation in classes of equivalence led by this preorder, orderly categories.
A Decision Approach to Select the Best Framework to Treat 503

Fig. 3 Problems of arrangement

 Problems of description P.ࢾ

This type of problem consists in determining all the potential actions by taking
into account a set of parameters such as threshold of indifference and rather, level
of pursuit … Generally this type of problem became an adequate type when the
decision-maker does not manage to define the problem, or to express the type of
result whom he would like to obtain. This type of problem is implemented by
cognitive procedures.
Comparing with our problem which consists in turning the best reference table
or the best reference tables, we opted in the procedures of selection.

Methods Multi Criteria

There are several types of methods multi criteria, the most known type it is the
mathematical programming with multiple objectives PMOM. Most of its methods
base themselves on the previous formalization especially if all the actions, defined
by a set of the explicit constraints, is implicit to release or the best actions (in our
case or the best reference) [19].
To answer the problem of the GRC IT and propose the best reference table or
the best reference tables, it is necessary to apply the procedure or the adequate
procedures.

 Example of method:[22]

ELECTRA I (Problems of choice P.α):This method has for objective to split a set
of the actions, the reference tables, which contains the best alternatives among
which the one is that the decision-maker will choose.

4 Expert Systems

It is the system which is capable of reproducing a reasoning by trying to analyze a

problem as a human expert in a precise domain would make it. For example the
failure detection, the medical diagnosis.
504 A. Chakir et al.

An expert system consists by:

 A knowledge base:

○ Base of Rules: model the knowledge of the considered domain.

○ Base of Facts: contains the information concerning the handled problem.

 An interference engine:

○ Argue from the information contained in the base of facts and in the base
of rules
○ Capable of making deductions or inferences

 A user interface (and an interface with the expert)

○ Possibility of evolution of the expert system during the execution

5 Multi Agent System

 What is an agent?

An agent is an autonomous, real or abstract entity, which is capable of acting on

herself and on its environment, which, in a universe multi-agents, can communi-
cate with other agents, and whose behavior is the consequence of its observations,
its knowledge and the interactions with the other agents [7] [8]. Experts multi-
agent systems have classified agents into three major categories according to
essential criteria that is the representation of its environment, and are therefore:
Reagent agents, Cognitive agents and Hybrid agents.

 What is a multi agent system

A system multi-agents is a compound distributed system of a set of agents.

A SMA is so characterized:

 Every agent has information or capacities of resolution of limited problems (so,

every agent has a partial point of view);
 There is no global control of the system multi-agents;
 The data are decentralized;
 The calculation is asynchronous.

 Why Multi-agent system?

The SMA presents a common point by report the governance IT which is the man-
agement by process, indeed this way of managing prepares perfectly with the gov-
ernance IT which is nothing else than of a set of process which interact between
them for a better management of information technologies.[11]
A Decision Approach to Select the Best Framework to Treat 505

Fig. 4 Multi agent system

6 The Proposed Approach

6.1 Decision-making Model

The proposed approach consists in setting up a decision-making model which is
going to assure the selection of the best reference table or the best reference tables
according to the need or the strategic needs asked by an organization.
The decision-making model has two levels, the first level assures the choice of
the best reference table or the best reference tables according to need IT and the
second level is going to allow us to handle any kind of decision after the treatment
of the need IT by basing itself on the chosen reference table, and it is going to
allow us to assure the satisfaction of the applicant by basing itself on performance
indicators communicated after every made treatment.
The following plan illustrates the proposed decision-making model:

 Level 1:

The first level sets up two layers, every layer has a precise feature has to assure.
The first layer “SMA sequencing” arranges two under layer “Categorization
decision 1.1” and “Categorization decision 1.2”.
The first one under layer “Categorization decision 1.1” has for objective to re-
peat the strategic needs according to a matrix of priority, which translates the
mapping of the objectives IT expressed by Cobit [4] [6] and the other reference
tables (ITIL[5], ISO 270001, ISO 270002, ISO 270005, PMBOK, CMMI) and the
methods of the GRC (MEHARI, EBIOS…) And which arranges as information
the classification of the reference tables of less detailed in the most detailed, this
under layer allows us to make a joint between the matrix of the strategic needs IT
and the matrix of the priority to produce a reduced matrix which will be handled
by the second under layer of the decision-making model.
506 A. Chakir et al.

Fig. 5 Decision-making Model

The following plan illustrates the size of the matrix of the priority

Fig. 6 Matrix of the priority

A Decision Approach to Select the Best Framework to Treat 507

The second under layer “Categorization decision 1.2” takes in entrance the ma-
trix produced by the first one under layer, the type of activity of an organization
and the data stored in one dated warehouse to attribute an order number to needs
IT to assure the sequencing of their execution by basing itself on the algorithms of
the sequencing of the operational research.
The second layer “SMA Evaluates collective” takes in entrance the matrix pro-
duced by the first layer and treats every objective IT as one under problem. This
layer formalizes every under problem by taking in entrance the set up reference
tables, their versions, the certification or not employers the organization and it also
takes the dimensions and the indicators stored in data warehouse IT as criteria to
exploit any kind of information, to generate the best choice of the good practice IT
GRC, by using methods of aggregation multi criterion to satisfy the need IT
expressed in entrance and by setting up an expert system.
The following plan illustrates performance indicators proposed by date ware-
house IT:

Fig. 7 The star schema data warehouse

The following plan illustrates the functioning of our expert system which is go-
ing to assure the collective expertise of the decision-making model.
508 A. Chakir et al.

Fig. 8 The functioning of our expert system

 Level 2:

The second level assures the satisfaction or the not satisfaction of the choice by
basing itself for example on the success rate, if the success rate is upper to a
threshold thus it is OK for the choice and if it is not the case we have to see again
the reformulation of the strategic need, or regenerate the second choice by basing
itself on of other one criteria.

6.2 Simulation of the Proposed Approach

The following plan shows a simulation of our decision-making model which is
going to take in entrance the following objectives IT:

 Objective 1: define a strategic IT plan

 Objective 2: make sure of the conformity with the obligations extern
 Objective 3: assure the safety of the System
A Decision Approach to Select the Best Framework to Treat 509

The first objective can be handled by the reference ITIL which is a part of the
axis governance (G) or by the reference CMMI which is a part of the axis govern-
ance (G).
The second objective can be handled by the reference ISO27002 which is a part
of the axis risk (R) or by the reference ISO27005 which is a part of the axis
Compliance (C).

Fig. 9 Simulation of decision making system

510 A. Chakir et al.

The third objective can be handled by the reference ISO27001qui been a part of
the axis risk (R) or by the reference ISO27002 which is a part of the axis (R) or by
the reference ITIL which is a part of the axis governance (G).
The first level produced got out of it the best reference by objective IT, for the
first objective gives as result ITIL and for the second objective gives as result
ISO27002 and for the third objective give ISO 27001.
And the second level assures the satisfaction or the not satisfaction of the
choice by basing itself for example on the success rate, if the success rate is upper
to a threshold thus it is OK for the choice and if it is not the case we have to see
again the reformulation of the strategic need, or regenerate the second choice by
basing itself on of other one criteria.

7 Conclusion

This paper handles the problems of selection of a better reference table or the best
reference tables of IT GRC by basing itself on methods for decision-making sup-
port multi criteria.
Our approach is based on expert systems, systems multi-agents and methods of
aggregation multi criterion by exploiting any kind of available information by the
organization to satisfy their strategic need.

References
1. Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk,
and compliance management databases and information systems. In: Proceedings of
the Ninth International Baltic Conference, Baltic DB&IS 2010, pp. 155–170. Universi-
ty of Latvia Press, Riga (2010)
2. Kooper, M.N., Maes, R., Roos Lindgreen, E.E.O.: On the governance of information:
introducing a new concept of governance to support the management of information.
International Journal of Information Management: The Journal for Information Profes-
sionals 31(3), 195–200 (2011)
3. Racz, N., Panitz, J.C., Amberg, M., Weippl, E., Seufert, A.: Governance, risk & com-
pliance (GRC) status quo and software use: results from a survey among large enter-
prises. In: ACIS 2010 Proceedings, paper 21 (2010). http://aisel.aisnet.org/acis2010/21
(retrieved 13 December 2010)
4. Stachtchenko, P.: COBIT 5, ses apports pour management et la gouvernance du SI,
Janvier 25, 2013
5. Delbrayelle, Introduction à ITIL V3 et au cycle de vie des services, juillet 2011. ISO
office, Information technology— Security techniques— Code of practice for infor-
mation security management (2005)
6. ITGI and OGC, Aligning CobiT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business
Benefit (2008)
7. Ferber, J.: Les systèmes multi-agents, vers une intelligence collective. InterEditions,
63–144 (1995)
A Decision Approach to Select the Best Framework to Treat 511

8. Shoham, Y.: Agent-oriented programming. Artificiel Intelligence. Stanford, USA,

February 1992
9. Racz, N., Weippl, E., Bonazzi, R.: IT governance, risk & compliance (GRC) status quo
and integration. an explorative industry case study. In: Proceedings of the 1st Interna-
tional Workshop on IT GRC, ITGRC 2011. IEEE, Washington (2011)
10. Chakir, A., Medromi, H., Sayouti, A.: La gouvernance du système d’information à
base des bonnes pratiques d’ITIL V3. JDTIC, Novembre 2012
11. Chakir, A., Medromi, H., Sayouti, A.: Une approche multi-agents pour la gouvernance
d’un data warehouse à base des bonnes pratiques d’ITIL. JDSIRT (2013)
12. Chakir, A., Medromi, H., Sayouti, A.: Actions for data warehouse success. Journal -
IJACSA 2013 4(8), August 2013
13. Sayouti, A., Medromi, H.: Book Chapter in the book, Multi-AgentSystems - Modeling,
Control, Programming, Simulations and Applications. InTech, April 4, 2011. ISBN
978-953-307-174-9
14. Kimball, R.: Concevoir et déployer un data warehouse. Edition Eyrolles (2000)
15. Chakir, A., Medromi, H., Sayouti, A.: An approach multi-agent with the best practice
of ITIL, to maintain the operability of a data warehouse. IJAIS 6(7), February 2014
16. Elsawah, S., Guillaume, J.H.A., Filatova, T., Rook, J., Jakeman, A.J.: A methodology
for eliciting, representing, and analysing stakeholder knowledge for decision making
on complex socio-ecological systems: From cognitive maps to agent-based models
17. AChakir, A., Medromi, H., Sayouti, A.: Actions for data warehouse success. Journal -
IJACSA 2013 4(8), August 2013
18. Martel, J.-M.: L’aide multicritère à la décision: méthodes et applications. In: CORS -
SCRO 1999 Annual Conference, Windsor, Ontario, June 7–9, 1999
19. Evans, G.: An overview of techniques for solving multiobjective mathematical
programs. Management Sciences 30(11), 1268–1282 (1984)
20. Roy, B.: Méthodologie multicritère d’aide à la décision. Ed. Economica (1985)
21. Henriet, L.: Systèmes d’évaluation et de classification multicritères pour l’aide à la
décision: Construction de modèles et procédures d’affectation. Computer Science,
Université Paris Dauphine, Paris IX, French (2000)
22. Roy, B.: ELECTRE III : Un algorithme de classements fondé sur une représentation
floue des préférences en présence de critères multiples. Cahiers du CERO 20(1), 3–24
(1978)