Standardized Technology and Operations Risk Management (STORM)
First Claim
1. A computer-assisted method comprising:
- obtaining, by a risk management computer system, risk information for an identified risk, the risk information including a first risk framework;
mapping, by the risk management computer system, a risk category of the identified risk from the first risk framework to a second risk framework; and
reporting, by the risk management computer system, a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a targeted audience of the risk analysis report, the risk analysis report including the identified risk.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system analyzing a risk by identifying and assessing the risks, determining the disposition of the risks, monitoring and mitigating the risks, and reporting the risk items across an information technology system. A risk assessment tool may map known risk items into a risk framework as well as map risk categories between different risk frameworks. The risk management tool may also identify a root cause through a defined root cause dictionary based on an identified risk or the associated risk category of the identified risk. This capability may enable a user to analyze end-to-end operations, particularly where the main areas of risk are and where new controls or modified existing controls should be implemented. The risk management tool may also provide risk assessment reports that that are expressed in a common risk language with operations associates, with internal auditors, external auditors and regulatory bodies, and with government agencies.
-
Citations
27 Claims
-
1. A computer-assisted method comprising:
-
obtaining, by a risk management computer system, risk information for an identified risk, the risk information including a first risk framework; mapping, by the risk management computer system, a risk category of the identified risk from the first risk framework to a second risk framework; and reporting, by the risk management computer system, a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a targeted audience of the risk analysis report, the risk analysis report including the identified risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
at least one memory; and at least one processor coupled to the at least one memory and configured to perform, based on instructions stored in the at least one memory; obtaining risk information for an identified risk, the risk information including a first risk framework; determining a risk score of the identified risk, the risk score encompassing a risk priority number and at least one additional risk factor; determining at least one mitigation milestone; adjusting the risk score to obtain a residual score based on the at least one mitigation milestone; and reporting a risk analysis report that is indicative of the residual score for the identified risk. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable storage medium storing computer-executable instructions that, when executed, cause a processor to perform a method comprising:
-
obtaining risk information for an identified risk, the risk information including a first risk framework; mapping a risk category of the identified risk from the first risk framework to a second risk framework; and reporting a risk analysis report based on one risk framework selected from the first risk framework and the second risk framework according to a target audience of the risk analysis report, the risk analysis report including the identified risk. - View Dependent Claims (24, 25, 26, 27)
-
Specification