Risk Management System for Calculating Residual Risk of a Process
First Claim
1. A system, comprising:
- a memory operable to store a plurality of calculation rules;
a processor communicatively coupled to the memory and operable to;
determine an entity;
determine a plurality of process groupings associated with the entity;
determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity;
determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
for each of the risks;
calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and
for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
an interface communicatively coupled to the processor and operable to communicate for display;
for each of the process groupings, an image representing the process grouping;
for each of the processes;
an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and
an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, a system includes a processor and an interface. The processor determines an entity, a plurality of process groupings associated with the entity, a plurality of processes associated with the entity, a plurality of risks associated with the entity, and a plurality of controls associated with the entity. For each of the controls, the processor calculates one or more weighted control scores for the control. For each of the risks, the processor calculates an inherent risk score for the risk and a residual risk score for the risk. For each of the processes, the processor calculates a residual risk score for the process. The interface communicates for display, for each of the process groupings, an image representing the process grouping. The interface further communicates for display, for each of the processes, an image representing the process and an indication of the residual risk score for the process.
-
Citations
20 Claims
-
1. A system, comprising:
-
a memory operable to store a plurality of calculation rules; a processor communicatively coupled to the memory and operable to; determine an entity; determine a plurality of process groupings associated with the entity; determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity; determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and an interface communicatively coupled to the processor and operable to communicate for display; for each of the process groupings, an image representing the process grouping; for each of the processes; an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium comprising logic, the logic, when executed by a processor, operable to:
-
store a plurality of calculation rules; determine an entity; determine a plurality of process groupings associated with the entity; determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity; determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and communicate for display; for each of the process groupings, an image representing the process grouping; for each of the processes; an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
storing, using one or more processors, a plurality of calculation rules; determining, using the one or more processors, an entity; determining, using the one or more processors, a plurality of process groupings associated with the entity; determining, using the one or more processors, a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity; determining, using the one or more processors, a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determining, using the one or more processors, a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculating, using the one or more processors and based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculating, using the one or more processors and based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculating, using the one or more processors and based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and for each of the processes, calculating, using the one or more processors and based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and communicating, using the one or more processors, for display; for each of the process groupings, an image representing the process grouping; for each of the processes; an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification