Risk Management System for Calculating Residual Risk of an Entity

US 20140257918A1
Filed: 03/11/2013
Published: 09/11/2014
Est. Priority Date: 03/11/2013
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

a memory operable to store a plurality of calculation rules; and

a processor communicatively coupled to the memory and operable to;

determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity;

determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;

determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;

for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;

for each of the risks;

calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;

calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and

for each of the processes;

calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and

determine a process weight associated with the process; and

calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and

an interface communicatively coupled to the processor and operable to communicate for display an indication of the residual risk score for the entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a system includes a processor and an interface. The processor determines a plurality of processes associated with an entity, a plurality of risks associated with the entity, and a plurality of controls associated with the entity. For each of the controls, the processor calculates one or more weighted control scores for the control. For each of the risks, the processor calculates an inherent risk score and a residual risk score. For each of the processes, the processor calculates a residual risk score for the process and determines a process weight associated with the process. The processor further calculates a residual risk score for the entity based on each of the residual risk scores of the processes and each of the process weights associated with the processes. The interface communicates for display an indication of the residual risk score for the entity.

43 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory operable to store a plurality of calculation rules; and
  
  a processor communicatively coupled to the memory and operable to;
  
  determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity;
  
  determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and
  
  for each of the processes;
  
  calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  determine a process weight associated with the process; and
  
  calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and
  
  an interface communicatively coupled to the processor and operable to communicate for display an indication of the residual risk score for the entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the indication of the residual risk score for the entity comprises one or more of:
    - a numerical indication of the residual risk score for the entity; and
      
      a color-based indication of the residual risk score for the entity.
  - 3. The system of claim 1, wherein:
    - the processor is further operable to calculate, based on the calculation rules, a level of the residual risk score for the entity, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the entity comprises a color-based indication of the residual risk score for the entity; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 4. The system of claim 1, wherein the processor is further operable to:
    - for each of the risks;
      
      determine an impact score for the risk, the impact score comprising an indication of a result associated with an occurrence of the risk;
      
      determine a probability score for the risk, the probability score comprising an indication of probability associated with the occurrence of the risk; and
      
      calculate, based on the calculation rules, the inherent risk score for the risk using the impact score for the risk and the probability score for the risk.
  - 5. The system of claim 4, wherein the processor is further operable to:
    - receive a selection of the impact score for the risk; and
      
      receive a selection of the probability score for the risk; and
      
      wherein the impact score for the risk and the probability score for the risk are determined using the received selections.
  - 6. The system of claim 1, wherein the processor is further operable to:
    - for each of the controls;
      
      determine a design rating score for the control, the design rating score comprising an indication of how well the control is designed;
      
      determine a performance rating score for the control, the performance rating score comprising an indication of how well the control is performing;
      
      calculate, based on the calculation rules, a rating score for the control;
      
      determine a control weight for the control; and
      
      calculate, based on the calculation rules, the one or more weighted control scores for the control using the rating score for the control and the control weight for the control.
  - 7. The system of claim 6, wherein the processor is further operable to:
    - receive a selection of the design rating score for the control; and
      
      receive a selection of the performance rating score for the control; and
      
      wherein the design rating score for the control and the performance rating score for the control are determined using the received selections.

8. A non-transitory computer readable medium comprising logic, the logic, when executed by a processor, operable to:
- store a plurality of calculation rules;
  
  determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity;
  
  determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk;
  
  for each of the processes;
  
  calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  determine a process weight associated with the process; and
  
  calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and
  
  communicate for display an indication of the residual risk score for the entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, wherein the indication of the residual risk score for the entity comprises one or more of:
    - a numerical indication of the residual risk score for the entity; and
      
      a color-based indication of the residual risk score for the entity.
  - 10. The computer readable medium of claim 8, wherein:
    - the logic, when executed by the processor, is further operable to calculate, based on the calculation rules, a level of the residual risk score for the entity, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the entity comprises a color-based indication of the residual risk score for the entity; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 11. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - for each of the risks;
      
      determine an impact score for the risk, the impact score comprising an indication of a result associated with an occurrence of the risk;
      
      determine a probability score for the risk, the probability score comprising an indication of probability associated with the occurrence of the risk; and
      
      calculate, based on the calculation rules, the inherent risk score for the risk using the impact score for the risk and the probability score for the risk.
  - 12. The computer readable medium of claim 11, wherein the logic, when executed by the processor, is further operable to:
    - receive a selection of the impact score for the risk; and
      
      receive a selection of the probability score for the risk; and
      
      wherein the impact score for the risk and the probability score for the risk are determined using the received selections.
  - 13. The computer readable medium of claim 8, wherein the logic, when executed by the processor, is further operable to:
    - for each of the controls;
      
      determine a design rating score for the control, the design rating score comprising an indication of how well the control is designed;
      
      determine a performance rating score for the control, the performance rating score comprising an indication of how well the control is performing;
      
      calculate, based on the calculation rules, a rating score for the control;
      
      determine a control weight for the control; and
      
      calculate, based on the calculation rules, the one or more weighted control scores for the control using the rating score for the control and the control weight for the control.
  - 14. The computer readable medium of claim 13, wherein the logic, when executed by the processor, is further operable to:
    - receive a selection of the design rating score for the control; and
      
      receive a selection of the performance rating score for the control; and
      
      wherein the design rating score for the control and the performance rating score for the control are determined using the received selections.

15. A method, comprising:
- storing, using one or more processors, a plurality of calculation rules;
  
  determining, using the one or more processors, a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity;
  
  determining, using the one or more processors, a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
  
  determining, using the one or more processors, a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
  
  for each of the controls, calculating, using the one or more processors and based on the calculation rules, one or more weighted control scores for the control;
  
  for each of the risks;
  
  calculating, using the one or more processors and based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
  
  calculating, using the one or more processors and based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk;
  
  for each of the processes;
  
  calculating, using the one or more processors and based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
  
  determining, using the one or more processors, a process weight associated with the process; and
  
  calculating, using the one or more processors and based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and
  
  communicating, using the one or more processors, for display an indication of the residual risk score for the entity.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the indication of the residual risk score for the entity comprises one or more of:
    - a numerical indication of the residual risk score for the entity; and
      
      a color-based indication of the residual risk score for the entity.
  - 17. The method of claim 15, wherein:
    - the method further comprises calculating, using the one or more processors and based on the calculation rules, a level of the residual risk score for the entity, the level comprising a selected one of;
      
      high;
      
      moderate; and
      
      low;
      
      the indication of the residual risk score for the entity comprises a color-based indication of the residual risk score for the entity; and
      
      the color-based indication comprises a selected one of;
      
      a first color in response to the calculated high level;
      
      a second color in response to the calculated moderate level; and
      
      a third color in response to the calculated low level.
  - 18. The method of claim 15, further comprising:
    - for each of the risks;
      
      determining, using the one or more processors, an impact score for the risk, the impact score comprising an indication of a result associated with an occurrence of the risk;
      
      determining, using the one or more processors, a probability score for the risk, the probability score comprising an indication of probability associated with the occurrence of the risk; and
      
      calculating, using the one or more processors and based on the calculation rules, the inherent risk score for the risk using the impact score for the risk and the probability score for the risk.
  - 19. The method of claim 18, further comprising:
    - receiving, using the one or more processors, a selection of the impact score for the risk; and
      
      receiving, using the one or more processors, a selection of the probability score for the risk; and
      
      wherein the impact score for the risk and the probability score for the risk are determined using the received selections.
  - 20. The method of claim 15, further comprising:
    - for each of the controls;
      
      determining, using the one or more processors, a design rating score for the control, the design rating score comprising an indication of how well the control is designed;
      
      determining, using the one or more processors, a performance rating score for the control, the performance rating score comprising an indication of how well the control is performing;
      
      calculating, using the one or more processors and based on the calculation rules, a rating score for the control;
      
      determining, using the one or more processors, a control weight for the control; and
      
      calculating, using the one or more processors and based on the calculation rules, the one or more weighted control scores for the control using the rating score for the control and the control weight for the control.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Spencer, Frederick, Bhatia, Kashyap P., Gribble, Glenn E., Jerome-Paillant, Sabine, Macchio, Peter

Application Number

US13/794,139
Publication Number

US 20140257918A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7.28
CPC Class Codes

G06Q 10/0635 Risk analysis of enterprise...

Risk Management System for Calculating Residual Risk of an Entity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk Management System for Calculating Residual Risk of an Entity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links