Survey based risk assessment for processes, entities and enterprise
First Claim
1. A system for assessing risk, the system comprising:
- a set of business processes describing the operations of an enterprise;
a set of risks associated with the set of business processes and describing the exposure of the enterprise to danger from the set of business processes;
a set of risk controls associated with the set of risks and describing measures intended to mitigate the effects of the set of risks;
a set of survey questions, each survey question adapted to assess the risk of at least one associated context; and
an audit manager including an assessment manager adapted to associate a context with a risk assessment, to generate a survey questionnaire including at least a portion of the set of survey questions, to distribute the survey questionnaire to a set of survey recipients, to receive a set of survey results from the set of survey recipients, and to aggregate the set of survey results to generate a risk assessment.
1 Assignment
0 Petitions
Accused Products
Abstract
An audit system creates, deploys, and analyzes surveys to perform risk assessment. Surveys can be associated with one or more contexts, which include an enterprise, an organization, a business process, a risk, a control, or any combination thereof. The audit system generates survey questionnaires for a context automatically using a question library that associates questions with one or more contexts. Using the process library and the associated sets of process risks and process controls, the audit system can automatically determine the set of individuals that should participate in the survey. The audit system can then distribute survey questionnaires to the set of individuals and collect the survey results. Survey results can be aggregated to create risk assessments detailing the perceived risks to the survey context. Additionally, survey results and risk assessments can be saved for future reference or to document an enterprise'"'"'s good-faith efforts to comply with its legal obligations.
-
Citations
27 Claims
-
1. A system for assessing risk, the system comprising:
-
a set of business processes describing the operations of an enterprise;
a set of risks associated with the set of business processes and describing the exposure of the enterprise to danger from the set of business processes;
a set of risk controls associated with the set of risks and describing measures intended to mitigate the effects of the set of risks;
a set of survey questions, each survey question adapted to assess the risk of at least one associated context; and
an audit manager including an assessment manager adapted to associate a context with a risk assessment, to generate a survey questionnaire including at least a portion of the set of survey questions, to distribute the survey questionnaire to a set of survey recipients, to receive a set of survey results from the set of survey recipients, and to aggregate the set of survey results to generate a risk assessment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of generating a risk assessment, the method comprising:
-
associating a context with a risk assessment;
generating a survey questionnaire including at least a portion of a set of survey questions;
distributing the survey questionnaire to a set of survey recipients;
receiving a set of survey results from the set of survey recipients; and
aggregating the set of survey results to generate a risk assessment. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification