Standardized Technology and Operations Risk Management (STORM)

US 20120053982A1
Filed: 09/01/2010
Published: 03/01/2012
Est. Priority Date: 09/01/2010
Status: Abandoned Application

First Claim

Patent Images

1. A computer-assisted method comprising:

obtaining, by a risk management computer system, risk information for an identified risk, the risk information including a first risk framework;

mapping, by the risk management computer system, a risk category of the identified risk from the first risk framework to a second risk framework; and

reporting, by the risk management computer system, a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a targeted audience of the risk analysis report, the risk analysis report including the identified risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system analyzing a risk by identifying and assessing the risks, determining the disposition of the risks, monitoring and mitigating the risks, and reporting the risk items across an information technology system. A risk assessment tool may map known risk items into a risk framework as well as map risk categories between different risk frameworks. The risk management tool may also identify a root cause through a defined root cause dictionary based on an identified risk or the associated risk category of the identified risk. This capability may enable a user to analyze end-to-end operations, particularly where the main areas of risk are and where new controls or modified existing controls should be implemented. The risk management tool may also provide risk assessment reports that that are expressed in a common risk language with operations associates, with internal auditors, external auditors and regulatory bodies, and with government agencies.

Citations

27 Claims

1. A computer-assisted method comprising:
- obtaining, by a risk management computer system, risk information for an identified risk, the risk information including a first risk framework;
  
  mapping, by the risk management computer system, a risk category of the identified risk from the first risk framework to a second risk framework; and
  
  reporting, by the risk management computer system, a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a targeted audience of the risk analysis report, the risk analysis report including the identified risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - revising the risk analysis report according to a different risk framework; and
      
      displaying the revised risk assessment report.
  - 3. The method of claim 1, further comprising:
    - determining a risk score encompassing a risk priority number and at least one additional risk factor.
  - 4. The method of claim 3, further comprising:
    - determining at least one mitigation milestone; and
      
      adjusting the risk score to obtain a residual score based on the at least one mitigation milestone.
  - 5. The method of claim 4, wherein the adjusting comprises:
    - when one of the at least one mitigation factor is completed, reducing the residual score according to a weighing factor associated with said one of the at least one mitigation milestone.
  - 6. The method of claim 1, further comprising:
    - determining a risk disposition for the identified risk from the risk information.
  - 7. The method of claim 1, further comprising:
    - mapping the identified risk to a root cause based on the risk category of the identified risk.
  - 8. The method of claim 7, further comprising:
    - modifying an existing control based on the root cause.
  - 9. The method of claim 7, further comprising:
    - identifying a new control based on the root cause.
  - 10. The method of claim 8, further comprising:
    - correlating the existing control to another control; and
      
      determining an impact on the other control when modifying the existing control.
  - 11. The method of claim 1, further comprising:
    - providing a hierarchical view of the report based on a hierarchy of an organization.
  - 12. The method of claim 1, further comprising:
    - drilling down into the risk analysis report based on a selected risk attribute.
  - 13. The method of claim 1, further comprising:
    - mapping the identified risk to a component of the architectural framework.

14. An apparatus comprising:
- at least one memory; and
  
  at least one processor coupled to the at least one memory and configured to perform, based on instructions stored in the at least one memory;
  
  obtaining risk information for an identified risk, the risk information including a first risk framework;
  
  determining a risk score of the identified risk, the risk score encompassing a risk priority number and at least one additional risk factor;
  
  determining at least one mitigation milestone;
  
  adjusting the risk score to obtain a residual score based on the at least one mitigation milestone; and
  
  reporting a risk analysis report that is indicative of the residual score for the identified risk.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The apparatus of claim 14, wherein the at least one processor is further configured to perform:
    - mapping a risk category of the identified risk from the first risk framework to a second risk framework; and
      
      reporting the risk analysis report based on the first risk framework.
  - 16. The apparatus of claim 15, wherein the at least one processor is further configured to perform:
    - revising the risk analysis report according to a different risk framework; and
      
      displaying the revised risk assessment report.
  - 17. The apparatus of claim 14, wherein the at least one processor is further configured to perform:
    - when one of the at least one mitigation factor is completed, reducing the residual score according to a weighing factor associated with said one of the at least one mitigation milestone.
  - 18. The apparatus of claim 14, wherein the at least one processor is further configured to perform:
    - determining a risk disposition for the identified risk from the risk information.
  - 19. The apparatus of claim 14, wherein the at least one processor is further configured to perform:
    - mapping the identified risk to a root cause based on a risk category of the identified risk.
  - 20. The apparatus of claim 19, wherein the at least one processor is further configured to perform:
    - modifying an existing control based on the root cause.
  - 21. The apparatus of claim 19, wherein the at least one processor is further configured to perform:
    - identifying a new control based on the root cause.
  - 22. The apparatus of claim 20, wherein the at least one processor is further configured to perform:
    - correlating the existing control to another control; and
      
      determining an impact on the other control when modifying the existing control.

23. A computer-readable storage medium storing computer-executable instructions that, when executed, cause a processor to perform a method comprising:
- obtaining risk information for an identified risk, the risk information including a first risk framework;
  
  mapping a risk category of the identified risk from the first risk framework to a second risk framework; and
  
  reporting a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a target audience of the risk analysis report, the risk analysis report including the identified risk.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The computer-readable medium of claim 23, said method further comprising:
    - revising the risk analysis report according to the other risk framework; and
      
      displaying the revised risk assessment report.
  - 25. The computer-readable medium of claim 23, said method further comprising:
    - determining a risk score encompassing a risk priority number and at least one additional risk factor.
  - 26. The computer-readable medium of claim 25, said method further comprising:
    - determining at least one mitigation milestone; and
      
      adjusting the risk score to obtain a residual score based on the at least one mitigation milestone.
  - 27. The computer-readable medium of claim 26, said method further comprising:
    - when one of the at least one mitigation factor is completed, reducing the residual score according to a weighing factor associated with said one of the at least one mitigation milestone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Treacey, Robert, O'Donnell, Lisa Christine

Application Number

US12/873,921
Publication Number

US 20120053982A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7.28
CPC Class Codes

G06Q 10/0635 Risk analysis of enterprise...

Standardized Technology and Operations Risk Management (STORM)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Standardized Technology and Operations Risk Management (STORM)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links