System and method for compliance management

US 6,912,502 B1
Filed: 12/30/1999
Issued: 06/28/2005
Est. Priority Date: 12/30/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer implemented method for use in compliance management in a business wherein the computer implemented method is conducted at a server, the method comprising the steps of:

(a) identifying a plurality of business processes subject to compliance requirements by a server identifying means;

(b) determining compliance ownership of each of said plurality of business processes by identifying an individual or entity responsible for compliance requirements for a particular business by a server determining means;

(c) determining compliance requirements for each of said plurality of business processes by a server compliance requirement determining means;

(d) identifying compliance issues based on said compliance requirements wherein the compliance issues are identified by a self-assessment questionnaire wherein at least some answers to the self-assessment questionnaire are translated into a risk score which is computed by multiplying a severity score, an occurrence score and a detection score for identifying at least one area of concern, by a server compliance issue identifying means;

(e) creating at least one action plan based on identified compliance issues by a server creating means; and

(f) forwarding said at least one action plan to an appropriate identified individual or entity based on determined compliance ownership by a server forwarding means.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for use in compliance management is disclosed. Various compliance requirements and issues may be identified for business process and products. The individuals or entities responsible for the business processes and products are identified. Action plans based on compliance requirements and issues may be created. The action plans may be forward to the appropriate individuals or entities, and the results of the action plans monitored to determine whether compliance requirements and issues are being appropriately addressed.

230 Citations

34 Claims

1. A computer implemented method for use in compliance management in a business wherein the computer implemented method is conducted at a server, the method comprising the steps of:
- (a) identifying a plurality of business processes subject to compliance requirements by a server identifying means;
  
  (b) determining compliance ownership of each of said plurality of business processes by identifying an individual or entity responsible for compliance requirements for a particular business by a server determining means;
  
  (c) determining compliance requirements for each of said plurality of business processes by a server compliance requirement determining means;
  
  (d) identifying compliance issues based on said compliance requirements wherein the compliance issues are identified by a self-assessment questionnaire wherein at least some answers to the self-assessment questionnaire are translated into a risk score which is computed by multiplying a severity score, an occurrence score and a detection score for identifying at least one area of concern, by a server compliance issue identifying means;
  
  (e) creating at least one action plan based on identified compliance issues by a server creating means; and
  
  (f) forwarding said at least one action plan to an appropriate identified individual or entity based on determined compliance ownership by a server forwarding means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein identifying compliance issues includes using internal and external inputs where the external inputs comprise at least one of customer complaints, customer surveys, and litigations.
  - 3. The method according to claim 1, further comprising the step of consolidating identified compliance issues;
    - andwherein creating said at least one action plan is based on said consolidated identified compliance issues.
  - 4. The method according to claim 1 further comprising the step of tracking the results of said at least one action plan to determine if compliance has improved.
  - 5. The method according to claim 1, further comprising the step of ranking compliance issues based on importance to said business;
    - andwherein forwarding said at least one action includes forwarding the most important action plan first as a priority.
  - 6. The method according to claim 5, wherein the step of ranking compliance issues is based on the severity of the compliance issue, the frequency of the compliance issue, and the detection of the compliance issue.
  - 7. The method according to claim 1, wherein the step identifying compliance issues further comprises identifying compliance issues common to a plurality of business processes.
  - 8. The method according to claim 1, wherein the business is providing financial services, and wherein compliance requirements are federal and state regulations.

9. A system for use in compliance management in a business comprising:
- (a) a means for identifying a plurality of business processes subject to compliance requirements;
  
  (b) a means for determining compliance ownership of each of said plurality of business processes by identifying an individual or entity responsible for compliance requirements for a particular business;
  
  (c) a means for determining compliance requirements for each of said plurality of business processes;
  
  (d) a means for identifying compliance issues based on said compliance requirements wherein the compliance issues are identified by a self-assessment questionnaire wherein at least some answers to the self-assessment questionnaire are translated into a risk score which is computed by multiplying a severity score, an occurrence score and a detection score for identifying at least one area of concern, by a server compliance issue identification means;
  
  (e) a means for creating at least one action plan based on identified compliance issues; and
  
  (f) a means for forwarding said at least one action plan to an appropriate identified individual or entity based on determined compliance ownership.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system according to claim 9, wherein identifying compliance issues includes using internal and external inputs where the external inputs comprise at least one of customer complaints, customer surveys, and litigation results.
  - 11. The system according to claim 9, further comprising a means for consolidating identified compliance issues;
    - andwherein creating said at least one action plan is based on said consolidated identified compliance issues.
  - 12. The system according to claim 9 further comprising a means for tracking the results of said at least one action plan to determine if compliance has improved.
  - 13. The system according to claim 9, further comprising a means for ranking compliance issues based on importance to said business;
    - andwherein forwarding said at least one action includes forwarding the most important action plan first as a priority.
  - 14. The system according to claim 13, wherein ranking compliance issues is based on the severity of the compliance issue, the frequency of the compliance issue, and the detection of the compliance issue.
  - 15. The system according to claim 9, wherein a means for identifying compliance issues further comprises identifying compliance issues common to a plurality of business processes.
  - 16. The system according to claim 9, wherein the business is providing financial services, and wherein compliance requirements are federal and state regulations.

17. A computer implemented method for assessing risk in compliance management wherein the computer implemented method is conducted at a server, the method comprising the steps of:
- (a) forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business by a server forming means;
  
  (b) identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire by a server identifying means;
  
  (c) conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire by a server conducting means;
  
  (d) translating the answers to the questionnaire into a numeric risk score for each section by a server translation means;
  
  (e) interpreting the results and highlighting high risk areas relative to each other by a server interpreting means; and
  
  (f) reporting the results of the questionnaire by a server reporting means;
  
  wherein the numeric risk score comprises a combination of a severity score, an occurrence score, and a detection score.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein the self-assessment questionnaire is administered at a predetermined interval.
  - 19. The method of claim 17 wherein step (e) further includes utilizing a risk assessment matrix.

20. A computer implemented method for assessing risk in compliance management wherein the computer implemented method is conducted at a server, the method comprising the steps of:
- (a) forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business by a server forming means;
  
  (b) identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire by a server identifying means;
  
  (c) conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire by a server conducting means;
  
  (d) translating the answers to the questionnaire into a numeric risk score for each section by a server translating means;
  
  (e) interpreting the results and highlighting high risk areas relative to each other by a server interpreting means; and
  
  (f) reporting the results of the questionnaire by a server reporting means;
  
  wherein the numeric risk score is computed by multiplying a severity score, an occurrence score, and a detection score.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20 wherein the severity score is a fixed value which is based on the industry potential for exposures to high risk activities.
  - 22. The method of claim 20 wherein the detection score is a variable value which is based on the industry potential for exposures to high risk activities.
  - 23. The method of claim 20 wherein the occurrence score is a measure of how frequently the risk occurs.
  - 24. The method of claim 20 wherein the detection score is a measure of responses to the self-assessment questionnaire.

25. A computer implemented method for assessing risk in compliance management wherein the computer implemented method is conducted at a server, the method comprising the steps of:
- (a) forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business by a server forming means;
  
  (b) identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire by a server identifying means;
  
  (c) conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire by a server conducting means;
  
  (d) translating the answers to the questionnaire into a numeric risk score for each section by a server translating means;
  
  (e) interpreting the results and highlighting high risk areas relative to each other by a server interpreting means; and
  
  (f) reporting the results of the questionnaire by a server reporting means;
  
  wherein a high risk score relative to other risk scores is an indication of further analysis and resolution and wherein the numeric risk score comprises a combination of a severity score, an occurrence score and a detection score.

26. A system for assessing risk associated with compliance management comprising:
- (a) a means for forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business;
  
  (b) a means for identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire;
  
  (c) a means for conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire;
  
  (d) a means for translating the answers into a numeric risk score for each section;
  
  (e) a means for interpreting the results and highlighting high risk areas relative to each other; and
  
  (f) a means for reporting the results of the questionnaire wherein the numeric risk score comprises a combination of a severity score, an occurrence score, and a detection score.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26 wherein the self-assessment questionnaire is administered at a predetermined interval.
  - 28. The system of claim 26 wherein means (e) further includes utilizing a risk assessment matrix.

29. A system for assessing risk associated with compliance management comprising:
- (a) a means for forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business;
  
  (b) a means for identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire;
  
  (c) a means for conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire;
  
  (d) a means for translating the answers into a numeric risk score for each section;
  
  (e) a means for interpreting the results and highlighting high risk areas relative to each other; and
  
  (f) a means for reporting the results of the questionnaire;
  
  wherein the numeric risk score is computed by multiplying a severity score, an occurrence score, and a detection score.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The system of claim 29 wherein the severity score is a fixed value which is based on the industry potential for exposures to high risk activities.
  - 31. The system of claim 29 wherein the detection score is a variable value which is based on the industry potential for exposures to high risk activities.
  - 32. The system of claim 29 wherein the occurrence score is a measure of how frequently the risk occurs.
  - 33. The system of claim 29 wherein the detection score is a measure of responses to the self-assessment questionnaire.

34. A system for assessing risk associated with compliance management comprising:
- (a) a means for forming a self-assessment questionnaire for identifying potential high risk areas within a business wherein the self-assessment questionnaire comprises sections addressing different aspects of a business;
  
  (b) a means for identifying a leadership team or a functional leader to answer appropriate sections of the self-assessment questionnaire;
  
  (c) a means for conducting one or more interviews with the identified leadership team or functional leader to gather answers to the questionnaire;
  
  (d) a means for translating the answers into a numeric risk score for each section;
  
  (e) a means for interpreting the results and highlighting high risk areas relative to each other; and
  
  (f) a means for reporting the results of the questionnaire;
  
  wherein a high risk score relative to other risk scores is an indication of further analysis and resolution and wherein the numeric risk score comprises a combination of a severity score, an occurrence score and a detection score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genworth Holdings, Inc. (Genworth Financial Incorporated)
Original Assignee
Genworth Financial Incorporated
Inventors
Roday, Leon Ellis, Perkins, Rodney Albert, Tartaglia, Renee, Buddle, James Joseph, Burke, Brenda Sue, Vermiglio, Ivan Antonio
Primary Examiner(s)
Weiss, John G.
Assistant Examiner(s)
BORISSOV, IGOR N

Application Number

US09/474,775
Time in Patent Office

2,007 Days
Field of Search

705/1, 705/4, 705/7, 705/8, 705/9, 705/10, 705/28, 705/35, 705/54, 707/10, 707/102, 707/104.1, 707/200, 707/201, 700/95, 713/1
US Class Current

705/7.41
CPC Class Codes

G06Q 10/06395 Quality analysis or management

G06Q 10/10 Office automation; Time man...

System and method for compliance management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for compliance management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links