AUDITING CLIENT - SERVICE PROVIDER RELATIONSHIPS WITH REFERENCE TO INTERNAL CONTROLS ASSESSMENTS

US 20110276362A1
Filed: 04/27/2011
Published: 11/10/2011
Est. Priority Date: 05/05/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for auditing a client-service provider relationship, the method comprising:

determining a scope of an audit with reference to an audit plan;

ascertaining one or more business entities or processes that are subject to audit based on the scope; and

retrieving one or more business controls associated with the one or more business entities or processes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for facilitating auditing a client-service provider relationship. An example method includes determining a scope of an audit with reference to an audit plan; ascertaining one or more business entities or processes that are subject to audit based on the scope; and automatically retrieving one or more business controls associated with the one or more business entities or processes. In an illustrative embodiment, the example method further includes electronically accessing one or more Service Level Agreements (SLAs) associated with the one or more business entities to extract one or more descriptions of controls. A description of each control is electronically stored in association with one or more descriptions of one or more risks associated with each control. A description of each control is stored, in a library of risks and controls, in association with one or more risks.

53 Citations

View as Search Results

20 Claims

1. A method for auditing a client-service provider relationship, the method comprising:
- determining a scope of an audit with reference to an audit plan;
  
  ascertaining one or more business entities or processes that are subject to audit based on the scope; and
  
  retrieving one or more business controls associated with the one or more business entities or processes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18)
- - 2. The method of claim 1, wherein retrieving further includes electronically accessing one or more Service Level Agreements (SLAs) associated with the one or more business entities to extract one or more descriptions of controls.
  - 3. The method of claim 2, wherein a description of each control is stored, in a library of risks and controls, in association with one or more descriptions of one or more risks associated with each control.
  - 4. The method of claim 1, wherein determining further includes accessing an electronically stored audit plan to determine one or more business entities, relationships, and accompanying processes subject to audit.
  - 5. The method of claim 4, further including accessing a Service Level Agreement (SLA) module to determine business risks associated with each business entity, relationship, and process subject to an accessed SLA.
  - 6. The method of claim 5, further including accessing the SLA module to determine each control implemented to address each business risk.
  - 7. The method of claim 5, further including selectively referencing a library of risks and controls to confirm that one or more preapproved controls are assigned to each risk that is associated with a process that is to be performed in accordance with a business relationship that is subject of the SLA.
  - 8. The method of claim 1, further including determining whether the audit specified in the audit plan is to be an SAS-70 type I audit.
  - 9. The method of claim 8, further including determining whether a valid SAS-70 type I certificate exists with reference to a reports repository.
  - 10. The method of claim 8, further including automatically determining, with reference to a library of risks and controls and an SLA governing a business relationship whether one or more acceptable controls are in place for each risk associated with a process that is performed in accordance with the SLA.
  - 11. The method of claim 1, further including determining whether the audit specified in the audit plan is to be an SAS-70 type II audit.
  - 12. The method of claim 11, further including determining whether a valid SAS-70 Type II certificate exists with reference to a reports repository.
  - 13. The method of claim 11, further including automatically determining, with reference to a library of risks and controls and an SLA governing a business relationship within the scope of the audit, whether one or more preapproved controls are in place for each risk associated with a process performed in accordance with the SLA, and providing a signal in response thereto.
  - 14. The method of claim 13, further including initiating adjustment of an SLA to include a specification or description of one or more additional controls not already specified in the SLA, in response to the signal, if one or more risks are not addressed by one or more preapproved controls.
  - 16. The method of claim 13, further including determining if one or more controls have not been tested and flagging a description of a control for testing if the control has not been tested.
  - 17. The method of claim 1, further including selectively adjusting a specification of a risk or a specification of a control of the library of risks and controls in response to results obtained from a risk assessment.
  - 18. The method of claim 1, further including selectively augmenting a specification of a risk or a specification of a control of a library of risks and controls in response to addition of a specification of a business process to the library of risks and controls.

15. The method of claim 15, wherein initiating adjustment includes sending an electronic message instructing management of a business entity to renegotiate the SLA.

19. An apparatus comprising:
- one or more processors; and
  
  logic encoded in one or more tangible media for execution by the one or more processors and when executed operable to;
  
  determining a scope of an audit with reference to an audit plan;
  
  ascertaining one or more business entities or processes that are subject to audit based on the scope; and
  
  automatically retrieving one or more business controls associated with the one or more business entities or processes.

20. A processor-readable storage device including instructions executable by a digital processor, the processor-readable storage device including one or more instructions for:
- determining a scope of an audit with reference to an audit plan;
  
  ascertaining one or more business entities or processes that are subject to audit based on the scope; and
  
  automatically retrieving one or more business controls associated with the one or more business entities or processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
King, Nigel

Application Number

US13/095,066
Publication Number

US 20110276362A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7.28
CPC Class Codes

G06Q 10/00   Administration; Management

G06Q 10/063   Operations research, analys...

G06Q 10/0635   Risk analysis of enterprise...

AUDITING CLIENT - SERVICE PROVIDER RELATIONSHIPS WITH REFERENCE TO INTERNAL CONTROLS ASSESSMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUDITING CLIENT - SERVICE PROVIDER RELATIONSHIPS WITH REFERENCE TO INTERNAL CONTROLS ASSESSMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links