System for managing risk
First Claim
1. A system for use in managing risk by providing estimates for risk in a new project or process based on corresponding values for risk determined in completed projects or processes, comprising:
- a) a knowledge base, for maintaining a generic risk record including a plurality of fields at least some of which have subjective or quantitative values for risk, with the subjective values synchronized to numerical values, and at least some of which have been determined as an average of corresponding subjective or quantitative risk values in completed projects or processes;
b) a data store of profiles, for maintaining a profile risk record associated with a particular profile for a particular project or process, and including the same plurality of fields as the generic risk record, the profile risk record for use in providing a risk assessment in the associated profile for the particular project or process; and
c) a risk processor, for updating at least one of the subjective or quantitative values of the generic risk record based on a corresponding field value in the profile risk record in the data store of profiles, by averaging into the at least one value of the generic risk record the corresponding field value in the profile risk record;
whereby at least some of the subjective or quantitative values of the generic risk record are refined over time based on values of the corresponding fields of the profile risk record for the particular project or process;
and wherein at least some of the subjective or quantitative values are values of calculated fields calculated by the system, and the system allows different modes of analysis including a controls self-assessment mode, in which a user selects inherent values of likelihood and consequence for a risk, as well as residual values of likelihood and consequence for the risk, and the system then calculates the effectiveness of predetermined controls needed to either prevent the risk or to reduce the consequence of the risk.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for use in managing risk, including: a knowledge base, for maintaining generic risk records each including a plurality of different fields; a data store of profiles, for maintaining profile risk records associated with a particular profile, each profile risk record including the same plurality of fields as a generic risk record; and a risk processor, for updating generic risk records based on profile risk records in the data store of profiles. The knowledge base includes generic risk records with field values that can be refined over time so as to be useful in providing a more accurate risk assessment in any particular profile. Some of the risk record fields are measuring fields input by the user, and some are calculated fields calculated by the system, and the system allows different modes of analysis in which the fields that are the measuring fields differ.
81 Citations
20 Claims
-
1. A system for use in managing risk by providing estimates for risk in a new project or process based on corresponding values for risk determined in completed projects or processes, comprising:
-
a) a knowledge base, for maintaining a generic risk record including a plurality of fields at least some of which have subjective or quantitative values for risk, with the subjective values synchronized to numerical values, and at least some of which have been determined as an average of corresponding subjective or quantitative risk values in completed projects or processes;
b) a data store of profiles, for maintaining a profile risk record associated with a particular profile for a particular project or process, and including the same plurality of fields as the generic risk record, the profile risk record for use in providing a risk assessment in the associated profile for the particular project or process; and
c) a risk processor, for updating at least one of the subjective or quantitative values of the generic risk record based on a corresponding field value in the profile risk record in the data store of profiles, by averaging into the at least one value of the generic risk record the corresponding field value in the profile risk record;
whereby at least some of the subjective or quantitative values of the generic risk record are refined over time based on values of the corresponding fields of the profile risk record for the particular project or process;
and wherein at least some of the subjective or quantitative values are values of calculated fields calculated by the system, and the system allows different modes of analysis including a controls self-assessment mode, in which a user selects inherent values of likelihood and consequence for a risk, as well as residual values of likelihood and consequence for the risk, and the system then calculates the effectiveness of predetermined controls needed to either prevent the risk or to reduce the consequence of the risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
a) a step of maintaining in a knowledge base a generic risk record including a plurality of fields at least some of which have subjective or quantitative values for risk, with the subjective values synchronized to numerical values, and at least some of which have been determined as an average of corresponding subjective or quantitative risk values in completed projects or processes;
b) a step of maintaining in a data store of profiles a profile risk record associated with a particular profile for a particular project or process, and including the same plurality of fields as the generic risk record, the profile risk record for use in providing a risk assessment in the associated profile for the particular project or process; and
c) a step of updating at least one of the subjective or quantitative values of the generic risk record based on a corresponding field value in the profile risk record in the data store of profiles, by averaging into the at least one value of the generic risk record the corresponding field value in the profile risk record;
whereby at least some of the subjective or quantitative values of the generic risk record are refined over time based on values of the corresponding fields of the profile risk record for the particular project or process;
and wherein at least some of the subjective or quantitative values are values of calculated fields calculated by the system, and the system allows different modes of analysis including a controls self-assessment mode, in which a user selects inherent values of likelihood and consequence for a risk, as well as residual values of likelihood and consequence for the risk, and the system then calculates the effectiveness of predetermined controls needed to either prevent the risk or to reduce the consequence of the risk. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification