System and Method for Governance, Risk, and Compliance Management

US 20090265209A1
Filed: 04/17/2009
Published: 10/22/2009
Est. Priority Date: 04/21/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for governance, risk, and compliance management, comprising:

at a user interface, enabling a user to;

record a plurality of controls in a memory coupled to one or more processors, each control comprising a measure implemented by an organization to achieve one or more goals of the organization;

for each control of the plurality of controls, define a testing project configuration (“

TPC”

) file, each control'"'"'s TPC file including testing information specific to that control;

define a project template comprising a list of related controls to be tested as part of a testing project;

define one or more control templates, each comprising a list of one or more tasks to be performed to test a particular type of control;

record each control'"'"'s TPC file, the project template, and the one or more control templates in the memory; and

initiate the testing project to test the related controls by selecting the project template; and

at the one or more processors, in response to selection of the project template;

automatically generating a list of tasks to be performed to test the related controls; and

automatically outputting the list of tasks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for governance, risk, and compliance management may include at a user interface, enabling a user to define a project template including a list of related controls, one or more control templates, and a testing project configuration (“TPC”) file for each control of a plurality of controls. The user may initiate a testing project by selecting the project template. The method may further include, in response to selection of the project template, at the one or more processors, automatically generating a list of tasks to be performed to test the related controls and automatically outputting the list of tasks.

Citations

21 Claims

1. A method for governance, risk, and compliance management, comprising:
- at a user interface, enabling a user to;
  
  record a plurality of controls in a memory coupled to one or more processors, each control comprising a measure implemented by an organization to achieve one or more goals of the organization;
  
  for each control of the plurality of controls, define a testing project configuration (“
  
  TPC”
  
  ) file, each control'"'"'s TPC file including testing information specific to that control;
  
  define a project template comprising a list of related controls to be tested as part of a testing project;
  
  define one or more control templates, each comprising a list of one or more tasks to be performed to test a particular type of control;
  
  record each control'"'"'s TPC file, the project template, and the one or more control templates in the memory; and
  
  initiate the testing project to test the related controls by selecting the project template; and
  
  at the one or more processors, in response to selection of the project template;
  
  automatically generating a list of tasks to be performed to test the related controls; and
  
  automatically outputting the list of tasks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the testing information in each control'"'"'s TPC file comprises:
    - linking information that links that control to one of the one or more control templates; and
      
      an indication of an individual responsible for performing the one or more tasks to test that control.
  - 3. The method of claim 2, wherein the step of automatically generating comprises, at the one or more processors:
    - identifying from the project template, the related controls to be tested;
      
      identifying from each related control'"'"'s TPC file, the control template for each related control;
      
      identifying from the control template for each related control, the one or more tasks to be performed to test that particular type of control; and
      
      compiling the one or more tasks to be performed for each related control into the list of tasks.
  - 4. The method of claim 2, wherein automatically outputting the list of tasks comprises:
    - for each related control;
      
      identifying the individual responsible for performing the one or more tasks to test that control; and
      
      notifying the individual that they are responsible for performing the one or more tasks.
  - 5. The method of claim 2, further comprising:
    - at the user interface, enabling the individual to record test data in the memory, the test data comprising the one or more tasks performed by the individual and test results of the one or more tasks.
  - 6. The method of claim 5, wherein the related controls comprise controls implemented by the organization to achieve a particular one of the one or more goals;
    - and further comprising;
      
      at the user interface, enabling the user to generate a report comprising the related controls and the test data for each of the related controls by selecting the particular one of the one or more goals.
  - 7. The method of claim 6, wherein the particular one of the one or more goals comprises complying with a government regulation and each of the related controls comprises a measure implemented by the organization to comply with the government regulation.
  - 8. The method of claim 5, wherein the one or more tasks comprise a test to be performed on the each related control and the test results indicate whether the each related control passed the test;
    - and further comprising;
      
      at the user interface, enabling the individual to flag the each related control as a project for remediation if the each related control fails to pass the test.

9. A system for governance, risk, and compliance management, comprising a user interface and one or more processors coupled to a memory, wherein:
- the user interface, once accessed by a user, enables the user to;
  
  record a plurality of controls in the memory, each control comprising a measure implemented by an organization to achieve one or more goals of the organization;
  
  for each control of the plurality of controls, define a testing project configuration (“
  
  TPC”
  
  ) file, each control'"'"'s TPC file including testing information specific to that control;
  
  define a project template comprising a list of related controls to be tested as part of a testing project;
  
  define one or more control templates, each comprising a list of one or more tasks to be performed to test a particular type of control;
  
  record each control'"'"'s TPC file, the project template, and the one or more control templates in the memory; and
  
  initiate the testing project to test the related controls by selecting the project template; and
  
  the one or more processors are operable in response to selection of the project template to;
  
  automatically generate a list of tasks to be performed to test the related controls; and
  
  automatically output the list of tasks.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the testing information in each control'"'"'s TPC file comprises:
    - linking information that links that control to one of the one or more control templates; and
      
      an indication of an individual responsible for performing the one or more tasks to test that control.
  - 11. The system of claim 10, wherein the one or more processors are operable to automatically generate the list of tasks by:
    - identifying from the project template, the related controls to be tested;
      
      identifying from each related control'"'"'s TPC file, the control template for each related control;
      
      identifying from the control template for each related control, the one or more tasks to be performed to test that particular type of control; and
      
      compiling the one or more tasks to be performed for each related control into the list of tasks.
  - 12. The system of claim 10, wherein the one or more processors are operable to automatically output the list of tasks by:
    - for each related control;
      
      identifying the individual responsible for performing the one or more tasks to test that control; and
      
      notifying the individual that they are responsible for performing the one or more tasks.
  - 13. The system of claim 10, wherein the user interface is further operable to enable the individual to record test data in the memory, the test data comprising the one or more tasks performed by the individual and test results of the one or more tasks.
  - 14. The system of claim 13, wherein the related controls comprise controls implemented by the organization to achieve a particular one of the one or more goals;
    - and further comprising;
      
      at the user interface, enabling the user to generate a report comprising the related controls and the test data for each of the related controls by selecting the particular one of the one or more goals.
  - 15. The system of claim 14, wherein the particular one of the one or more goals comprises complying with a government regulation and each of the related controls comprises a measure implemented by the organization to comply with the government regulation.
  - 16. The system of claim 13, wherein:
    - the one or more tasks comprise a test to be performed on the each related control;
      
      the test results indicate whether the each related control passed the test; and
      
      ;
      
      the user interface is further operable to enable the individual to flag the each related control as a project for remediation if the each related control fails to pass the test.

17. Logic tangibly encoded on a computer readable medium executable by a computer system comprising a user interface and one or more processors coupled to a memory, the logic operable when executed by the computer system to:
- at the user interface, enable a user to;
  
  record a plurality of controls in the memory, each control comprising a measure implemented by an organization to achieve one or more goals of the organization;
  
  for each control of the plurality of controls, define a testing project configuration (“
  
  TPC”
  
  ) file, each control'"'"'s TPC file including testing information specific to that control;
  
  define a project template comprising a list of related controls to be tested as part of a testing project;
  
  define one or more control templates, each comprising a list of one or more tasks to be performed to test a particular type of control;
  
  record each control'"'"'s TPC file, the project template, and the one or more control templates in the memory; and
  
  initiate the testing project to test the related controls by selecting the project template; and
  
  enable the one or more processors to, in response to selection of the project template;
  
  automatically generate a list of tasks to be performed to test the related controls; and
  
  automatically output the list of tasks.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The logic of claim 17, wherein the testing information in each control'"'"'s TPC file comprises:
    - linking information that links that control to one of the one or more control templates; and
      
      an indication of an individual responsible for performing the one or more tasks to test that control.
  - 19. The logic of claim 18, wherein the logic is operable when executed to enable the one or more processors to automatically generate the list of tasks by, enabling the one or more processors to:
    - identify from the project template, the related controls to be tested;
      
      identify from each related control'"'"'s TPC file, the control template for each related control;
      
      identify from the control template for each related control, the one or more tasks to be performed to test that particular type of control; and
      
      compile the one or more tasks to be performed for each related control into the list of tasks.
  - 20. The logic of claim 18, wherein the logic is further operable when executed to, at the user interface, enable the individual to record test data in the memory, the test data comprising the one or more tasks performed by the individual and test results of the one or more tasks.
  - 21. The logic of claim 18, wherein:
    - the related controls comprise controls implemented by the organization to achieve a particular one of the one or more goals; and
      
      the logic is further operable when executed to, at the user interface, enable the user to generate a report comprising the related controls and the test data for each of the related controls by selecting the particular one of the one or more goals.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Israel, David, Swaminathan, Murali, Ramarao, Poornima T.

Application Number

US12/426,036
Publication Number

US 20090265209A1
Time in Patent Office

Days
Field of Search
US Class Current

705/9
CPC Class Codes

G06Q 10/00   Administration; Management

G06Q 10/06311   Scheduling, planning or tas...

G06Q 10/06316   Sequencing of tasks or work

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/0637   Strategic management or ana...

G06Q 10/06393   Score-carding, benchmarking...

System and Method for Governance, Risk, and Compliance Management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Governance, Risk, and Compliance Management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links