DATA MANAGEMENT FOR TOP-DOWN RISK BASED AUDIT APPROACH

US 20110251930A1
Filed: 07/08/2010
Published: 10/13/2011
Est. Priority Date: 04/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

linking a first risk to an account group assertion in a data structure;

linking a second risk to a control objective in the data structure;

granting, by a computing device, access to the first risk through the account group assertion;

granting, by the computing device, access to the second risk through the control objective; and

performing, by the computing device, risk management using the accessed first risk and the second risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments generally relate to providing risk management. In one embodiment, a first risk is linked to an account group assertion in a data structure. A second risk is linked to a control objective in the data structure. Access to the first risk is granted through the account group'"'"'s assertion. Access to the second risk is granted through the control objective. Risk management is then performed using the accessed first risk and second risk.

31 Citations

View as Search Results

20 Claims

1. A method comprising:
- linking a first risk to an account group assertion in a data structure;
  
  linking a second risk to a control objective in the data structure;
  
  granting, by a computing device, access to the first risk through the account group assertion;
  
  granting, by the computing device, access to the second risk through the control objective; and
  
  performing, by the computing device, risk management using the accessed first risk and the second risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - linking a third risk to a central sub-process; and
      
      granting access to the third risk through the central sub-process.
  - 3. The method of claim 1, further comprising:
    - linking the account group assertion to a central sub-process, wherein the first risk is inherited to the central sub-process.
  - 4. The method of claim 3, wherein accessing the first risk comprises:
    - determining an account group for the account group assertion from the central sub-process; and
      
      accessing the first risk using the determined account group.
  - 5. The method of claim 2, further comprising linking the control objective to the central sub-process, wherein the second risk is inherited to the central sub-process.
  - 6. The method of claim 5, wherein accessing the second risk comprises:
    - accessing the control objective from the central sub-process; and
      
      accessing the second risk using the determined control objective.
  - 7. The method of claim 2, further comprising copying the central sub-process to an organization to create a local sub-process, wherein the local sub-process inherits the first risk and the second risk from the central sub-process.
  - 8. The method of claim 7, further comprising storing a link in the data structure linking the central sub-process with the local sub-process.
  - 9. The method of claim 7, further comprising:
    - determining a request to remove one of the first risk or the second risk in the local sub-process; and
      
      storing information indicating the one of the first risk or the second risk that has been removed.
  - 10. The method of claim 9, wherein the removed one of the first risk or the second risk is not evaluated in risk management for the local sub-process.
  - 11. The method of claim 7, further comprising:
    - determining a request to remove one of the control objective or an account group for the account group assertion in the local sub-process; and
      
      storing information indicating the one of the control objective or an account group for the account group assertion that has been removed,wherein the removed one of the control objective or an account group for the account group assertion is not evaluated in risk management for the local sub-process.
  - 12. The method of claim 1, wherein performing risk management comprises performing risk assessment using data for the first risk and the second risk stored in the data structure.
  - 13. The method of claim 12, further comprising:
    - determining a first control for the first risk and a second control for the second risk; and
      
      performing risk evaluation using the first control and the second control.

14. A method comprising:
- uploading balance sheet information for a plurality of account groups;
  
  determining significant account groups from the plurality of account groups using uploaded balance sheet information, the significant account groups determined based on a threshold;
  
  determining significant sub-processes from the significant account groups;
  
  accessing, by a computing device, a risk for a significant sub-process from a data structure, the risk accessed through a link to the significant sub-process;
  
  determining a control linked to the risk in the data structure; and
  
  evaluating the control for the risk.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein accessing the risk comprises:
    - determining an assertion for a significant account group associated with the risk; and
      
      accessing the risk using a link of the risk to the assertion in the data structure.
  - 16. The method of claim 14, wherein a plurality of risks are associated with the significant sub-processes, the method further comprising:
    - determining a risk impact for each risk;
      
      determining a risk likelihood for each risk;
      
      determining a risk level based on the risk impact and the risk likelihood for each risk;
      
      determining a set of risks of the plurality of risks based on the determined risk level for each risk; and
      
      evaluating controls for the set of risks.
  - 17. The method of claim 14, wherein evaluating the control comprises:
    - determining a risk level associated with the risk; and
      
      determining a level of evidence for the control based on the risk level.
  - 18. The method of claim 14, further comprising:
    - linking risks to an account group assertion in the data structure;
      
      linking risks to a control objective in the data structure; and
      
      linking risks to a central sub-process,wherein accessing the risk is performed using a link to the account group assertion, the control objective or the central sub-process.
  - 19. The method of claim 18, further comprising:
    - storing information in a removed objects table, the information indicating a risk is removed from the linked risks to the account group assertion, the control objective, or the central sub-process,wherein the risk that is removed is not accessed for evaluation of a control.

20. A computer-readable storage medium containing instructions for controlling a computer system to perform a method, the method comprising:
- linking a first risk to an account group assertion in a data structure;
  
  linking a second risk to a control objective in the data structure;
  
  granting access to the first risk through the account group assertion;
  
  granting access to the second risk through the control objective; and
  
  performing risk management using the accessed first risk and the second risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Hu, Cheng, Choi, Richard, Zeng, Ying, Chiu, Chihhe, Orsag, Martin, Zhou, Donghua, DiMayuga, Agnes, Yu, Haiyang, Zhao, Xing

Granted Patent

US 9,292,808 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/30
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 40/12 Accounting

DATA MANAGEMENT FOR TOP-DOWN RISK BASED AUDIT APPROACH

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DATA MANAGEMENT FOR TOP-DOWN RISK BASED AUDIT APPROACH

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others