Systems and methods for providing operational risk management and control

US 20060047561A1
Filed: 08/27/2004
Published: 03/02/2006
Est. Priority Date: 08/27/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing operational risk management and control, the method comprising:

defining roles and responsibilities for at least one function of an enterprise;

defining at least one control objective identifying at least one operation risk associated with at least one of the roles and responsibilities;

defining at least one control standard describing a measure to be taken to achieve the at least one control objective; and

certifying adherence to the at least one control standard to meet the at least one control objective for the at least one role and responsibility.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for providing a framework for operational risk management and control. In the disclosed systems and methods, roles and responsibilities may be defined for at least one function of an enterprise, and at least one control objective may be defined to identify at least one operational risk associated with at least one of the roles and responsibilities. Further, at least one control standard may be defined to describe an activity to be taken to achieve the at least one control objective. Finally, certification may be performed to certify adherence to the at least one control standard. In one embodiment, a periodic certification process may be implemented to determine compliance with the at least one control standard by a person responsible for the performance of the control standard.

85 Citations

View as Search Results

75 Claims

1. A method for providing operational risk management and control, the method comprising:
- defining roles and responsibilities for at least one function of an enterprise;
  
  defining at least one control objective identifying at least one operation risk associated with at least one of the roles and responsibilities;
  
  defining at least one control standard describing a measure to be taken to achieve the at least one control objective; and
  
  certifying adherence to the at least one control standard to meet the at least one control objective for the at least one role and responsibility.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein defining the roles and responsibilities comprises creating a set of non-overlapping elements, each of the non-overlapping elements respectively describing an individual role and responsibility.
  - 3. The method of claim 1, wherein defining the roles and responsibilities comprises indicating a cross-functional dependency describing how the at least one function relies on another function within the enterprise.
  - 4. The method of claim 1, wherein defining the at least one control objective comprises providing at least one explanatory note with information regarding the at least one control objective to facilitate certification.
  - 5. The method of claim 1, wherein defining the at least one control standard comprises indicating an expectation to be met in the performance of an activity related to the at least one function.
  - 6. The method of claim 1, wherein defining the at least one control standard comprises defining the at least one control standard in the form of a question.
  - 7. The method of claim 6, wherein certifying adherence to the at least one control standard comprises performing, on a periodic basis, a self-certification process that includes prompting a certifier of the enterprise to respond to the at least one control standard question.
  - 8. The method of claim 7, wherein the certifier may respond to the prompting by indicating whether compliance with the at least one control standard has been met.
  - 9. The method of claim 8, wherein certifying further comprises performing a review of a response from a certifier for purposes of quality measurement and risk assessment.
  - 10. The method of claim 7, further comprising defining at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 11. The method of claim 10, wherein the at least one quality metric is one of quantitative and qualitative.
  - 12. The method of claim 10, further comprising collecting internal and external operational risk event data and performing a risk assessment that includes a review of the results of the periodic certification and the at least one quality metric.
  - 13. The method of claim 12, wherein the risk assessment is performed by a cross-function governance structure for the enterprise.
  - 14. The method of claim 12, further comprising using the risk assessment to generate a report to senior management of the enterprise.
  - 15. The method of claim 1, wherein defining the at least one control standard comprises linking the at least one control standard to one or more categories to facilitate an assessment of control over financial reporting mandated by at least one of the Sarbanes-Oxley Act of 2002 Section 404 (“
    - SOX 404”
      
      ) and the Basel II accord.
  - 16. The method of claim 1, further comprising linking the at least one control standard to a standard financial statement assertion, the standard financial statement assertion comprising one from the group of:
    - existence/occurrence, valuation/measurement, completeness, rights and obligations, and presentation and disclosure.
  - 17. The method of claim 1, wherein defining the at least one control standard comprises linking the at least one control standard to a financial statement assertion.
  - 18. The method of claim 1, wherein certifying adherence to the at least one control standard comprises assigning the at least one control standard to an individual responsible for complying with the control standard.
  - 19. The method of claim 1, wherein certifying adherence to the at least one control standard comprises receiving, on a periodic basis, an answer to the at least one control standard from an individual associated with the enterprise.
  - 20. The method of claim 19, wherein receiving an answer comprises receiving an answer indicating that the individual is compliant or non-compliant with the at least one control standard.
  - 21. The method of claim 1, wherein certifying adherence to the at least one control standard comprises:
    - receiving a self-certification response to the at least one control standard from an individual associated with the enterprise; and
      
      reviewing the results of the self-certification response, the review being performed by a manager of the individual to assess the performance of the at least one control standard.
  - 22. The method of claim 1, further comprising defining at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 23. The method of claim 22, wherein the at least one quality metric comprises a trackable event that provides an indication of a potential risk level.
  - 24. The method of claim 22, wherein the at least one quality metric is one of quantitative and qualitative.
  - 25. The method of claim 22, further comprising measuring quality using the at least one quality metric to provide a cross-check on certifying adherence to the at least one control standard.

26. A system for providing operational risk management and control, the system comprising:
- a memory storage for maintaining a database; and
  
  a processing unit coupled to the memory storage, wherein the processing unit is operative to;
  
  set roles and responsibilities for at least one function of an enterprise;
  
  set at least one control objective identifying at least one operation risk associated with at least one of the roles and responsibilities;
  
  set at least one control standard describing a measure to be taken to achieve the at least one control objective; and
  
  certify adherence to the at least one control standard to meet the at least one control objective for the at least one role and responsibility.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 27. The system of claim 26, wherein to set the roles and responsibilities the processing unit is further operative to create a set of non-overlapping elements, each of the non-overlapping elements respectively describing an individual role and responsibility.
  - 28. The system of claim 26, wherein to set the roles and responsibilities the processing unit is further operative to indicate a cross-functional dependency describing how the at least one function relies on another function within the enterprise.
  - 29. The system of claim 26, wherein to set the at least one control objective the processing unit is further operative to provide at least one explanatory note with information regarding the at least one control objective to facilitate certification.
  - 30. The system of claim 26, wherein to set the at least one control standard the processing unit is further operative to indicate an expectation to be met in the performance of an activity related to the at least one function.
  - 31. The system of claim 26, wherein to set the at least one control standard the processing unit is further operative to set the at least one control standard in the form of a question.
  - 32. The system of claim 31, wherein to certify adherence to the at least one control standard the processing unit is further operative to perform, on a periodic basis, a self-certification process that includes prompting a certifier of the enterprise to respond to the at least one control standard question.
  - 33. The system of claim 32, wherein the certifier may respond to the prompting by indicating whether compliance with the at least one control standard has been met.
  - 34. The system of claim 33, wherein to certify the processing unit is further operative to facilitate a review of a response from a certifier for purposes of quality measurement and risk assessment.
  - 35. The system of claim 32, wherein the processing unit is further operative to set at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 36. The system of claim 35, wherein the at least one quality metric is one of quantitative and qualitative.
  - 37. The system of claim 35, the processing unit is further operative to collect internal and external operational risk event data and facilitate a risk assessment that includes a review of the results of the periodic certification and the at least one quality metric.
  - 38. The system of claim 37, wherein the risk assessment is performed by a cross-function governance structure for the enterprise.
  - 39. The system of claim 37, wherein the processing unit is further operative to generate a report for senior management of the enterprise based on the risk assessment.
  - 40. The system of claim 26, wherein to set the at least one control standard the processing unit is further operative to link the risk assessment the at least one control standard to one or more categories to provide an assessment of control over financial reporting mandated by at least one of the Sarbanes-Oxley Act of 2002 Section 404 (“
    - SOX 404”
      
      ) and the Basel II accord.
  - 41. The system of claim 26, wherein the processing unit is further operative to link the at least one control standard to a standard financial statement assertion, the standard financial statement assertion comprising one from the group of:
    - existence/occurrence, valuation/measurement, completeness, rights and obligations, and presentation and disclosure.
  - 42. The system of claim 26, wherein to set the at least one control standard the processing unit is further operative to link the at least one control standard to a financial statement assertion.
  - 43. The system of claim 26, wherein to certify adherence to the at least one control standard the processing unit is further operative to assign the at least one control standard to an individual responsible for complying with the control standard.
  - 44. The system of claim 26, wherein to certify adherence to the at least one control standard the processing unit is further operative to receive, on a periodic basis, an answer to the at least one control standard from an individual associated with the enterprise, the answer being submitted by the individual using a graphical user interface.
  - 45. The system of claim 44, wherein receiving an answer comprises receiving an answer indicating that the individual is compliant or non-compliant with the at least one control standard.
  - 46. The system of claim 26, wherein to certify adherence to the at least one control standard the processing unit is further operative to:
    - receive a self-certification response to the at least one control standard from an individual associated with the enterprise; and
      
      facilitate a review of the results of the self-certification response, the review being performed by a manager of the individual to assess the performance of the at least one control standard.
  - 47. The system of claim 26, wherein the processing unit is further operative to set at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 48. The system of claim 47, wherein the at least one quality metric comprises a trackable event that provides an indication of a potential risk level.
  - 49. The system of claim 47, wherein the at least one quality metric is one of quantitative and qualitative.
  - 50. The system of claim 47, wherein the processing unit is further operative to measure quality using the at least one quality metric to provide a cross-check on the certification of adherence to the at least one control standard.

51. A computer-readable medium which stores a set of instructions which when executed performs a method for providing operational risk management and control, the method executed by the set of instructions comprising:
- setting roles and responsibilities for at least one function of an enterprise;
  
  setting at least one control objective identifying at least one operation risk associated with at least one of the roles and responsibilities;
  
  setting at least one control standard describing a measure to be taken to achieve the at least one control objective; and
  
  certifying adherence to the at least one control standard to meet the at least one control objective for the at least one role and responsibility.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 52. The computer-readable medium of claim 51, wherein setting the roles and responsibilities comprises creating a set of non-overlapping elements, each of the non-overlapping elements respectively describing an individual role and responsibility.
  - 53. The computer-readable medium of claim 51, wherein setting the roles and comprises indicating a cross-functional dependency describing how the at least one function relies on another function within the enterprise.
  - 54. The computer-readable medium of claim 51, wherein setting the at least one control objective comprises providing at least one explanatory note with information regarding the at least one control objective.
  - 55. The computer-readable medium of claim 51, wherein setting the at least one control standard comprises indicating an expectation to be met in the performance of an activity related to the at least one function.
  - 56. The computer-readable medium of claim 51, wherein setting the at least one control standard comprises setting the at least one control standard in the form of a question.
  - 57. The computer-readable medium of claim 56, wherein certifying adherence to the at least one control standard comprises performing, on a periodic basis, a self-certification process that includes prompting a certifier of the enterprise to respond to the at least one control standard question.
  - 58. The computer-readable medium of claim 57, wherein the certifier may respond to the prompting by indicating whether compliance with the at least one control standard has been met.
  - 59. The computer-readable medium of claim 58, wherein certifying further comprise reviewing a response from a certifier for purposes of quality measurement and risk assessment.
  - 60. The computer-readable medium of claim 57, wherein the method further comprises setting at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 61. The computer-readable medium of claim 60, wherein the at least one quality metric is one of quantitative and qualitative.
  - 62. The computer-readable medium of claim 60, wherein the method further comprises collecting internal and external operational risk event data and performing a risk assessment that includes a review of the results of the periodic certification and the at least one quality metric.
  - 63. The computer-readable medium of claim 62, wherein the risk assessment is performed by a cross-function governance structure for the enterprise.
  - 64. The computer-readable medium of claim 62, wherein the method further comprises generating a report for senior management of the enterprise based on the risk assessment.
  - 65. The computer-readable medium of claim 51, wherein setting the at least one control standard comprises linking the risk assessment the at least one control standard to one or more categories to provide an assessment of control over financial reporting mandated by at least one of the Sarbanes-Oxley Act of 2002 Section 404 (“
    - SOX 404”
      
      ) and the Basel II accord.
  - 66. The computer-readable medium of claim 51, wherein the method further comprises linking the at least one control standard to a standard financial statement assertion, the standard financial statement assertion comprising one from the group of:
    - existence/occurrence, valuation/measurement, completeness, rights and obligations, and presentation and disclosure.
  - 67. The computer-readable medium of claim 51, wherein the method further comprises linking the at least one control standard to a financial statement assertion.
  - 68. The computer-readable medium of claim 51, wherein certifying adherence to the at least one control standard comprises assigning the at least one control standard to an individual responsible for complying with the control standard.
  - 69. The computer-readable medium of claim 51, wherein certifying adherence to the at least one control standard comprises receiving, on a periodic basis, an answer to the at least one control standard from an individual associated with the enterprise.
  - 70. The computer-readable medium of claim 69, wherein receiving an answer comprises receiving an answer indicating that the individual is compliant or non-compliant with the at least one control standard.
  - 71. The computer-readable medium of claim 51, wherein certifying adherence to the at least one control standard comprises:
    - receiving a self-certification response to the at least one control standard from an individual associated with the enterprise; and
      
      reviewing the results of the self-certification response, the review being performed by a manager of the individual to assess the performance of the at least one control standard.
  - 72. The computer-readable medium of claim 51, wherein the method further comprises setting at least one quality metric to measure a quality of the performance of the at least one control standard.
  - 73. The computer-readable medium of claim 72, wherein the at least one quality metric comprises a trackable event that provides an indication of a potential risk level.
  - 74. The computer-readable medium of claim 72, wherein the at least one quality metric is one of quantitative and qualitative.
  - 75. The computer-readable medium of claim 72, wherein the method further comprises measuring quality using the at least one quality metric to provide a cross-check on the certification of adherence to the at least one control standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
UBS Ag
Original Assignee
UBS Ag
Inventors
Bolton, Charles Nicholas

Application Number

US10/927,035
Publication Number

US 20060047561A1
Time in Patent Office

Days
Field of Search
US Class Current

705/10
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/00   Administration; Management

G06Q 10/0635   Risk analysis of enterprise...

G06Q 40/00   Finance; Insurance; Tax str...

Systems and methods for providing operational risk management and control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

85 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing operational risk management and control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links