Risk Management System for Calculating Residual Risk of an Entity
First Claim
1. A system, comprising:
- a memory operable to store a plurality of calculation rules; and
a processor communicatively coupled to the memory and operable to;
determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity;
determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes;
determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk;
for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control;
for each of the risks;
calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk;
calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and
for each of the processes;
calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and
determine a process weight associated with the process; and
calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and
an interface communicatively coupled to the processor and operable to communicate for display an indication of the residual risk score for the entity.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, a system includes a processor and an interface. The processor determines a plurality of processes associated with an entity, a plurality of risks associated with the entity, and a plurality of controls associated with the entity. For each of the controls, the processor calculates one or more weighted control scores for the control. For each of the risks, the processor calculates an inherent risk score and a residual risk score. For each of the processes, the processor calculates a residual risk score for the process and determines a process weight associated with the process. The processor further calculates a residual risk score for the entity based on each of the residual risk scores of the processes and each of the process weights associated with the processes. The interface communicates for display an indication of the residual risk score for the entity.
43 Citations
20 Claims
-
1. A system, comprising:
-
a memory operable to store a plurality of calculation rules; and a processor communicatively coupled to the memory and operable to; determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity; determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; and for each of the processes; calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and determine a process weight associated with the process; and calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and an interface communicatively coupled to the processor and operable to communicate for display an indication of the residual risk score for the entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium comprising logic, the logic, when executed by a processor, operable to:
-
store a plurality of calculation rules; determine a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity; determine a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determine a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculate, based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculate, based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculate, based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; for each of the processes; calculate, based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and determine a process weight associated with the process; and calculate, based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and communicate for display an indication of the residual risk score for the entity. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
storing, using one or more processors, a plurality of calculation rules; determining, using the one or more processors, a plurality of processes associated with an entity, a process comprising an activity of a portion of the entity; determining, using the one or more processors, a plurality of risks associated with the entity, a risk being associated with at least one of the processes; determining, using the one or more processors, a plurality of controls associated with the entity, a control being associated with at least one of the risks and configured to mitigate a portion of the associated risk; for each of the controls, calculating, using the one or more processors and based on the calculation rules, one or more weighted control scores for the control; for each of the risks; calculating, using the one or more processors and based on the calculation rules, an inherent risk score for the risk, the inherent risk score comprising an indication of a first severity of the risk absent any of the controls associated with the risk; calculating, using the one or more processors and based on the calculation rules, a residual risk score for the risk using at least the inherent risk score for the risk and the weighted control scores for each of the controls associated with the risk, the residual risk score comprising an indication of a second severity of the risk including each of the controls associated with the risk; for each of the processes; calculating, using the one or more processors and based on the calculation rules, a residual risk score for the process using each of the residual risk scores of the risks associated with the process; and determining, using the one or more processors, a process weight associated with the process; and calculating, using the one or more processors and based on the calculation rules, a residual risk score for the entity based on each of the residual risk scores of the processes associated with the entity and each of the process weights associated with the processes associated with the entity; and communicating, using the one or more processors, for display an indication of the residual risk score for the entity. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification