Survey based risk assessment for processes, entities and enterprise

US 20060089861A1
Filed: 10/22/2004
Published: 04/27/2006
Est. Priority Date: 10/22/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system for assessing risk, the system comprising:

a set of business processes describing the operations of an enterprise;

a set of risks associated with the set of business processes and describing the exposure of the enterprise to danger from the set of business processes;

a set of risk controls associated with the set of risks and describing measures intended to mitigate the effects of the set of risks;

a set of survey questions, each survey question adapted to assess the risk of at least one associated context; and

an audit manager including an assessment manager adapted to associate a context with a risk assessment, to generate a survey questionnaire including at least a portion of the set of survey questions, to distribute the survey questionnaire to a set of survey recipients, to receive a set of survey results from the set of survey recipients, and to aggregate the set of survey results to generate a risk assessment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An audit system creates, deploys, and analyzes surveys to perform risk assessment. Surveys can be associated with one or more contexts, which include an enterprise, an organization, a business process, a risk, a control, or any combination thereof. The audit system generates survey questionnaires for a context automatically using a question library that associates questions with one or more contexts. Using the process library and the associated sets of process risks and process controls, the audit system can automatically determine the set of individuals that should participate in the survey. The audit system can then distribute survey questionnaires to the set of individuals and collect the survey results. Survey results can be aggregated to create risk assessments detailing the perceived risks to the survey context. Additionally, survey results and risk assessments can be saved for future reference or to document an enterprise'"'"'s good-faith efforts to comply with its legal obligations.

Citations

27 Claims

1. A system for assessing risk, the system comprising:
- a set of business processes describing the operations of an enterprise;
  
  a set of risks associated with the set of business processes and describing the exposure of the enterprise to danger from the set of business processes;
  
  a set of risk controls associated with the set of risks and describing measures intended to mitigate the effects of the set of risks;
  
  a set of survey questions, each survey question adapted to assess the risk of at least one associated context; and
  
  an audit manager including an assessment manager adapted to associate a context with a risk assessment, to generate a survey questionnaire including at least a portion of the set of survey questions, to distribute the survey questionnaire to a set of survey recipients, to receive a set of survey results from the set of survey recipients, and to aggregate the set of survey results to generate a risk assessment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system of claim 1, wherein a context includes an enterprise.
  - 3. The system of claim 1, wherein a context includes an organization.
  - 4. The system of claim 1, wherein a context includes a business process.
  - 5. The system of claim 1, wherein a context includes a risk.
  - 6. The system of claim 1, wherein a context includes a risk control.
  - 7. The system of claim 1, wherein the assessment manager is adapted to identify the set of survey recipients from the context.
  - 8. The system of claim 1, wherein the assessment manager is adapted to generate the survey questionnaire by selecting a subset of the set of survey questions, each one of the subset having an associated context matching the context associated with the risk assessment.
  - 9. The system of claim 1, wherein the risk assessment includes at least one of a plurality of components.
  - 10. The system of claim 9, wherein the component of the risk assessment is specified by a user.
  - 11. The system of claim 1, wherein the context to be associated with the risk assessment is specified by a user.
  - 12. The system of claim 1, wherein the assessment manager is adapted to distribute the survey questionnaire to the set of survey recipients at multiple intervals.
  - 13. The system of claim 1, wherein each survey question includes at least one reliability value associating a probability of failure with the context of the survey question.
  - 14. The system of claim 13, wherein the assessment manager is further adapted to determine a reliability value of a context from a result of at least one associated survey question.
  - 15. The system of claim 14, wherein the assessment manager is further adapted to determine the reliability value of the context from a set of results of at least one associated survey question.
  - 16. The system of claim 15, wherein the assessment manager is adapted to the determine the reliability value of the context using an exponentially weighted moving average function.
  - 17. The system of claim 14, wherein the audit system is adapted to initiate an audit in response to the reliability value of the context.
  - 18. The system of claim 14, wherein the audit system is adapted send an alert to an audit system user in response to the reliability value of the context.
  - 19. The system of claim 13, wherein the assessment manager is adapted to update at least one reliability value of the survey question in response to the result of an audit.

20. A method of generating a risk assessment, the method comprising:
- associating a context with a risk assessment;
  
  generating a survey questionnaire including at least a portion of a set of survey questions;
  
  distributing the survey questionnaire to a set of survey recipients;
  
  receiving a set of survey results from the set of survey recipients; and
  
  aggregating the set of survey results to generate a risk assessment.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The method of claim 20, wherein a context includes an enterprise.
  - 22. The method of claim 20, wherein a context includes an organization.
  - 23. The method of claim 20, wherein a context includes a business process.
  - 24. The method of claim 20, wherein a context includes a risk.
  - 25. The method of claim 20, wherein a context includes a risk control.
  - 26. The method of claim 20, further comprising:
    - generating the survey questionnaire by selecting a subset of the set of survey questions, each one of the subset having an associated context matching the context associated with risk assessment.
  - 27. The method of claim 20, wherein the context is associated with a set of survey recipients via a set of business processes describing the operations of an enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
King, Nigel, Gerald, Bastin

Application Number

US10/971,973
Publication Number

US 20060089861A1
Time in Patent Office

Days
Field of Search
US Class Current

705/4
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 40/08 Insurance

Survey based risk assessment for processes, entities and enterprise

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Survey based risk assessment for processes, entities and enterprise

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links