Risk Management System for Calculating Residual Risk of a Process

US 20140257917A1
Filed: 03/11/2013
Published: 09/11/2014
Est. Priority Date: 03/11/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

a memory operable to store a plurality of calculation rules;

a processor communicatively coupled to the memory and operable to;

determine an entity;

determine a plurality of process groupings associated with the entity;

determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity;

determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;

determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;

for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;

for each of the risks;

calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;

calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and

for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and

an interface communicatively coupled to the processor and operable to communicate for display;

for each of the process groupings, an image representing the process grouping;

for each of the processes;

an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and

an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a system includes a processor and an interface. The processor determines an entity, a plurality of process groupings associated with the entity, a plurality of processes associated with the entity, a plurality of risks associated with the entity, and a plurality of controls associated with the entity. For each of the controls, the processor calculates one or more weighted control scores for the control. For each of the risks, the processor calculates an inherent risk score for the risk and a residual risk score for the risk. For each of the processes, the processor calculates a residual risk score for the process. The interface communicates for display, for each of the process groupings, an image representing the process grouping. The interface further communicates for display, for each of the processes, an image representing the process and an indication of the residual risk score for the process.

Citations

20 Claims

1. A system, comprising:
- a memory operable to store a plurality of calculation rules;
  
  a processor communicatively coupled to the memory and operable to;
  
  determine an entity;
  
  determine a plurality of process groupings associated with the entity;
  
  determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity;
  
  determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and
  
  for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  an interface communicatively coupled to the processor and operable to communicate for display;
  
  for each of the process groupings, an image representing the process grouping;
  
  for each of the processes;
  
  an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and
  
  an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the indication of the residual risk score for the process comprises one or more of:
    - a numerical indication of the residual risk score for the process; and
      
      a color-based indication of the residual risk score for the process.
  - 3. The system of claim 1, wherein:
    - the processor is further operable to calculate, based on the calculation rules, a level of the residual risk score for the process, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the process comprises a color-based indication of the residual risk score for the process; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 4. The system of claim 1, wherein:
    - the processor is further operable to calculate, based on the calculation rules, a trend direction of the residual risk score for the process using the residual risk score for the process and at least one previous residual risk score for the process, the trend direction comprising a selected one of;
      
      increasing;
      
      decreasing; and
      
      consistent; and
      
      the interface is further operable to communicate for display an indication of the trend direction of the residual risk score for the process, wherein the indication of the trend direction of the residual risk score for the process is arranged within the image representing the process, wherein the indication of the trend direction of the residual risk score for the process comprises a selected one of;
      
      a first graphical representation in response to the calculated increasing trend direction;
      
      a second graphical representation in response to the calculated decreasing trend direction; and
      
      a third graphical representation in response to the calculated consistent trend direction.
  - 5. The system of claim 1, wherein the processor is further operable to:
    - for each of one or more of the controls;
      
      determine a plurality of regions associated with the control;
      
      for each of the regions associated with the control;
      
      determine a control region weighting score for the control in the region;
      
      calculate, based on the calculation rules, a rating score for the control in the region; and
      
      calculate, based on the calculation rules, a region score for the control in the region using the control region weighting score for the control in the region, the rating score for the control in the region, and a control weight for the control, wherein the one or more weighted control scores for the control comprises each of the region scores for the control;
      
      for each of one or more of the risks;
      
      determine a plurality of regions associated with the risk;
      
      for each of the regions associated with the risk;
      
      determine a risk region weighting score for the risk in the region;
      
      calculate, based on the calculation rules, an inherent risk score for the risk in the region;
      
      calculate, based on the calculation rules, a residual risk score for the risk in the region using at least the inherent risk score for the risk in the region and the region score for the region for each of the controls associated with the risk; and
      
      calculate, based on the calculation rules, the residual risk score for the risk using the residual risk score for the risk in each of the regions and the risk region weighting scores for each of the regions.
  - 6. The system of claim 1, wherein:
    - for each of the controls associated with each of the risks;
      
      the processor is further operable to determine whether the control is associated with a key control indicator; and
      
      in response to the determination that the control is associated with the key control indicator, the interface is further operable to communicate for display an indication of the key control indicator, wherein the indication of the key control indicator is arranged within the image representing the process that the associated risk is associated with.
  - 7. The system of claim 1, wherein:
    - for each of the controls associated with each of the risks;
      
      the processor is further operable to determine whether the control is associated with an issue; and
      
      in response to the determination that the control is associated with the issue, the interface is further operable to communicate for display an indication of the issue, wherein the indication of the issue is arranged within the image representing the process that the associated risk is associated with.

8. A non-transitory computer readable medium comprising logic, the logic, when executed by a processor, operable to:
- store a plurality of calculation rules;
  
  determine an entity;
  
  determine a plurality of process groupings associated with the entity;
  
  determine a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity;
  
  determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk;
  
  for each of the processes, calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  communicate for display;
  
  for each of the process groupings, an image representing the process grouping;
  
  for each of the processes;
  
  an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and
  
  an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, wherein the indication of the residual risk score for the process comprises one or more of:
    - a numerical indication of the residual risk score for the process; and
      
      a color-based indication of the residual risk score for the process.
  - 10. The computer readable medium of claim 8, wherein:
    - the logic, when executed by the processor, is further operable to calculate, based on the calculation rules, a level of the residual risk score for the process, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the process comprises a color-based indication of the residual risk score for the process; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 11. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - calculate, based on the calculation rules, a trend direction of the residual risk score for the process using the residual risk score for the process and at least one previous residual risk score for the process, the trend direction comprising a selected one of;
      
      increasing;
      
      decreasing; and
      
      consistent; and
      
      communicate for display an indication of the trend direction of the residual risk score for the process, wherein the indication of the trend direction of the residual risk score for the process is arranged within the image representing the process, wherein the indication of the trend direction of the residual risk score for the process comprises a selected one of;
      
      a first graphical representation in response to the calculated increasing trend direction;
      
      a second graphical representation in response to the calculated decreasing trend direction; and
      
      a third graphical representation in response to the calculated consistent trend direction.
  - 12. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - for each of one or more of the controls;
      
      determine a plurality of regions associated with the control;
      
      for each of the regions associated with the control;
      
      determine a control region weighting score for the control in the region;
      
      calculate, based on the calculation rules, a rating score for the control in the region; and
      
      calculate, based on the calculation rules, a region score for the control in the region using the control region weighting score for the control in the region, the rating score for the control in the region, and a control weight for the control, wherein the one or more weighted control scores for the control comprises each of the region scores for the control;
      
      for each of one or more of the risks;
      
      determine a plurality of regions associated with the risk;
      
      for each of the regions associated with the risk;
      
      determine a risk region weighting score for the risk in the region;
      
      calculate, based on the calculation rules, an inherent risk score for the risk in the region;
      
      calculate, based on the calculation rules, a residual risk score for the risk in the region using at least the inherent risk score for the risk in the region and the region score for the region for each of the controls associated with the risk; and
      
      calculate, based on the calculation rules, the residual risk score for the risk using the residual risk score for the risk in each of the regions and the risk region weighting scores for each of the regions.
  - 13. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - for each of the controls associated with each of the risks;
      
      determine whether the control is associated with a key control indicator; and
      
      in response to the determination that the control is associated with the key control indicator, communicate for display an indication of the key control indicator, wherein the indication of the key control indicator is arranged within the image representing the process that the associated risk is associated with.
  - 14. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - for each of the controls associated with each of the risks;
      
      determine whether the control is associated with an issue; and
      
      in response to the determination that the control is associated with the issue, communicate for display an indication of the issue, wherein the indication of the issue is arranged within the image representing the process that the associated risk is associated with.

15. A method, comprising:
- storing, using one or more processors, a plurality of calculation rules;
  
  determining, using the one or more processors, an entity;
  
  determining, using the one or more processors, a plurality of process groupings associated with the entity;
  
  determining, using the one or more processors, a plurality of processes associated with the entity, a process being associated with at least one of the process groupings and comprising an activity of a portion of the entity;
  
  determining, using the one or more processors, a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determining, using the one or more processors, a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculating, using the one or more processors and based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculating, using the one or more processors and based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculating, using the one or more processors and based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and
  
  for each of the processes, calculating, using the one or more processors and based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  communicating, using the one or more processors, for display;
  
  for each of the process groupings, an image representing the process grouping;
  
  for each of the processes;
  
  an image representing the process, wherein the image representing the process is arranged within the image representing the process grouping that the process is associated with; and
  
  an indication of the residual risk score for the process, wherein the indication of the residual risk score for the process is arranged within the image representing the process.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the indication of the residual risk score for the process comprises one or more of:
    - a numerical indication of the residual risk score for the process; and
      
      a color-based indication of the residual risk score for the process.
  - 17. The method of claim 15, wherein:
    - the method further comprises calculating, using the one or more processors and based on the calculation rules, a level of the residual risk score for the process, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the process comprises a color-based indication of the residual risk score for the process; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 18. The method of claim 15, further comprising:
    - calculating, using the one or more processors and based on the calculation rules, a trend direction of the residual risk score for the process using the residual risk score for the process and at least one previous residual risk score for the process, the trend direction comprising a selected one of;
      
      increasing;
      
      decreasing; and
      
      consistent; and
      
      communicating, using the one or more processors, for display an indication of the trend direction of the residual risk score for the process, wherein the indication of the trend direction of the residual risk score for the process is arranged within the image representing the process, wherein the indication of the trend direction of the residual risk score for the process comprises a selected one of;
      
      a first graphical representation in response to the calculated increasing trend direction;
      
      a second graphical representation in response to the calculated decreasing trend direction; and
      
      a third graphical representation in response to the calculated consistent trend direction.
  - 19. The method of claim 15, further comprising:
    - for each of one or more of the controls;
      
      determining, using the one or more processors, a plurality of regions associated with the control;
      
      for each of the regions associated with the control;
      
      determining, using the one or more processors, a control region weighting score for the control in the region;
      
      calculating, using the one or more processors and based on the calculation rules, a rating score for the control in the region; and
      
      calculating, using the one or more processors and based on the calculation rules, a region score for the control in the region using the control region weighting score for the control in the region, the rating score for the control in the region, and a control weight for the control, wherein the one or more weighted control scores for the control comprises each of the region scores for the control;
      
      for each of one or more of the risks;
      
      determining, using the one or more processors, a plurality of regions associated with the risk;
      
      for each of the regions associated with the risk;
      
      determining, using the one or more processors, a risk region weighting score for the risk in the region;
      
      calculating, using the one or more processors and based on the calculation rules, an inherent risk score for the risk in the region;
      
      calculating, using the one or more processors and based on the calculation rules, a residual risk score for the risk in the region using at least the inherent risk score for the risk in the region and the region score for the region for each of the controls associated with the risk; and
      
      calculating, using the one or more processors and based on the calculation rules, the residual risk score for the risk using the residual risk score for the risk in each of the regions and the risk region weighting scores for each of the regions.
  - 20. The method of claim 15, further comprising:
    - for each of the controls associated with each of the risks;
      
      determining, using the one or more processors, whether the control is associated with a key control indicator; and
      
      in response to the determination that the control is associated with the key control indicator, communicating, using the one or more processors, for display an indication of the key control indicator, wherein the indication of the key control indicator is arranged within the image representing the process that the associated risk is associated with.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Spencer, Frederick, Bhatia, Kashyap P., Gribble, Glenn E., Jerome-Paillant, Sabine, Macchio, Peter

Application Number

US13/793,652
Publication Number

US 20140257917A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7.28
CPC Class Codes

G06Q 10/0635 Risk analysis of enterprise...

Risk Management System for Calculating Residual Risk of a Process

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk Management System for Calculating Residual Risk of a Process

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links