AUTOMATING INTERNAL CONTROLS ASSESSMENTS FOR OUTSOURCED OPERATIONS

US 20110276912A1
Filed: 05/05/2010
Published: 11/10/2011
Est. Priority Date: 05/05/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for assessing business controls, the method comprising:

making one or more descriptions of one or more business controls accessible to a user via a user interface;

enabling a user to ascertain a business function characterizing a business relationship between a client and service provider, wherein the business function is associated with the one or more business controls; and

providing a user option to adjust the one or more business controls.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for facilitating assessing business controls. To facilitate ensuring that a client'"'"'s control objectives are met by a particular provider, the client may wish to ensure that the control objectives and applicable controls are specified in an SLA defining the relationship between the client and the service provider. In certain large enterprise applications, where a given client may contract with many providers, and the client itself may act as a provider to other clients, effective mechanisms for ensuring the existence of adequate functioning controls may become very complex and susceptible to failed oversight. In an example embodiment, the method includes making one or more descriptions of one or more business controls accessible to a user via a user interface; enabling a user to ascertain a business function characterizing a business relationship between a client and service provider, wherein the business function is associated with the one or more business controls; and providing a user option to adjust the one or more business controls.

Citations

21 Claims

1. A method for assessing business controls, the method comprising:
- making one or more descriptions of one or more business controls accessible to a user via a user interface;
  
  enabling a user to ascertain a business function characterizing a business relationship between a client and service provider, wherein the business function is associated with the one or more business controls; and
  
  providing a user option to adjust the one or more business controls.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein providing includes enabling a client user to generate a proposed Service Level Agreement (SLA) and to forward the proposed SLA to a service provider.
  - 3. The method of claim 2, wherein providing further includes providing an option to a client to electronically sign the SLA and an option to a service provider to electronically sign the SLA.
  - 4. The method of claim 2, wherein providing further includes providing an option to add one or more business controls to an SLA associated with the relationship between the client and the service provider.
  - 5. The method of claim 4, further including providing a user option to view an audit report associated with the service provider.
  - 6. The method of claim 5 further including providing a first user option to create an SAS-70 certificate and a second user option to store the SAS-70 certificate, wherein the audit report includes the SAS-70 certificate.

7. A system for assessing business controls associated with an existing or prospective outsourced business relationship, the system comprising:
- a computer-readable storage mechanism containing information pertaining to one or more risks and one or more corresponding mitigating controls;
  
  a Service Level Agreement (SLA) module adapted to facilitate construction of an SLA between a business and a service provider based on the information in the computer-readable storage mechanism; and
  
  an interface module adapted to coordinate information flow between the computer-readable storage mechanism and the SLA module in response to user input thereto.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 8. The system of claim 7, wherein the interface module further includes software adapted to facilitate producing one or more dialog boxes that are adapted to receive the user input.
  - 9. The system of claim 8, wherein the one or more dialog boxes include a first dialog box that is adapted to enable a user to select a business function to be outsourced to a service provider on behalf of a client.
  - 10. The system of claim 8, wherein the one or more dialog boxes include a second dialog box that is adapted to enable a user to search for a service provider to perform a particular business function.
  - 11. The system of claim 8, wherein the one or more dialog boxes include a third dialog box that is adapted to enable a user to select a service provider to perform a particular business function.
  - 12. The system of claim 8, wherein the one or more dialog boxes include a fourth dialog box that is adapted to enable a user to review an SLA associated with performance of a business function by a service provider.
  - 13. The system of claim 8, wherein the one or more dialog boxes include a fifth dialog box that is adapted to enable a user to edit an SLA associated with the performance or a business function by a service provider on behalf of a client.
  - 14. The system of claim 13, wherein the one or more dialog boxes include a sixth dialog box that is adapted to enable a user to add a specification of a business control to the SLA and to provide a proposed SLA in response thereto.
  - 15. The system of claim 7, wherein the computer-readable storage mechanism includes a process library that specifies one or more outsourced processes that have been outsourced by a client to a service provider.
  - 16. The system of claim 15, wherein the computer-readable storage mechanism includes a library module that includes information associating one or more outsourced processes with one or more controls.
  - 17. The system of claim 7, wherein the SLA module includes a mechanism for associating an SLA with one or more selected controls pertaining to a selected process.
  - 18. The system of claim 7, further including an audit module in communication with the interface module, wherein the audit module is adapted to store audit information pertaining to an audit of business controls.
  - 19. The system of claim 18, wherein the audit information is adapted to be accessible to a user via the interface module.
  - 20. The system of claim 7, wherein the computer-readable storage mechanism includes a control library that includes a specification of one or more controls included in the SLA, and wherein the one or more controls are associated with one or more SAS-70 certificates.

21. A method for assessing one or more business controls to facilitate configuring a business relationship between a client and a service provider, the method comprising:
- establishing a business function to be outsourced;
  
  assessing one or more risks associated with the business function and one or more controls that are adapted to mitigate the risks;
  
  indicating a service provider to perform the business function and providing an indication of a selected service provider in response thereto; and
  
  automatically generating a Service Level Agreement (SLA) based on the one or more controls and the selected service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
King, Nigel

Application Number

US12/774,466
Publication Number

US 20110276912A1
Time in Patent Office

Days
Field of Search
US Class Current

715/771
CPC Class Codes

G06Q 10/00 Administration; Management

AUTOMATING INTERNAL CONTROLS ASSESSMENTS FOR OUTSOURCED OPERATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATING INTERNAL CONTROLS ASSESSMENTS FOR OUTSOURCED OPERATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links