System and method for managing global risk

US 7,433,829 B2
Filed: 12/10/2001
Issued: 10/07/2008
Est. Priority Date: 12/12/2000
Status: Expired due to Term

First Claim

Patent Images

1. A compliance tracking system, comprising:

a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information;

a second dataset storage device containing a second dataset of data related to a state of an operation activity;

a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets;

a user interface device coupled to said processor and operable to receive user input and provide instructions to said processor for accessing and manipulating said first and second datasets, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity;

said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison;

first determination means for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets;

second determination means for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation;

risk assessment means for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation;

third determination means for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and

plan selection means for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for tracking compliance to risk management policies for a given enterprise that provides risk status feedback on hierarchical managerial levels. The system notifies users of potential problems with non-compliance of enterprise policies set on a high level of enterprise management, and prompts the users to take steps to achieve compliance. The enterprise policies are designed to protect the enterprise from various forms of risk associated with enterprise activities. Accordingly, minimizing risk across enterprise operations, subdivisions, projects and applications produces an overall benefit of reduced liability or exposure to liability for the entire enterprise. A compliance status is provided by business groups at all levels of the enterprise, and consolidated for each management level to which the risk status is promoted. Higher level managers can view summaries of risk management status for the business divisions, and select particular statuses to view compliance among various business groups under the manager'"'"'s responsibility.

532 Citations

15 Claims

1. A compliance tracking system, comprising:
- a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information;
  
  a second dataset storage device containing a second dataset of data related to a state of an operation activity;
  
  a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets;
  
  a user interface device coupled to said processor and operable to receive user input and provide instructions to said processor for accessing and manipulating said first and second datasets, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity;
  
  said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison;
  
  first determination means for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets;
  
  second determination means for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation;
  
  risk assessment means for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation;
  
  third determination means for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and
  
  plan selection means for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A compliance tracking system according to claim 1 wherein said processor further comprises a reporting engine processing device;
    - andsaid reporting engine processing device can operate on said indicia of compliance to produce a compilation of compliance indicia in a summary format.
  - 3. A compliance tracking system according to claim 1, wherein said indicia of compliance pertains to a plurality of portions of said operation activity.
  - 4. A compliance tracking system according to claim 1, wherein said processor further comprises a registration engine processing device;
    - andsaid registration engine processing device being operable to accept requests for registration from said user interface device, provide a notification to at least another user interface device for approval of said registration request, and provide a notification to said user interface device indicative of approval or refusal of registration.
  - 5. A compliance tracking system according to claim 1, wherein said instructions include answers to a questionnaire related to assessing a level of compliance.
  - 6. A compliance tracking system according to claim 1, wherein said instructions include information related to at least one of a sensitivity and a criticality of said operation activity with respect to a level of compliance.
  - 7. A compliance tracking system according to claim 2, further comprising:
    - a management structure having a plurality of management levels; and
      
      said compilation of compliance indicia is accessible to a management level above at least another management level.
  - 8. A compliance tracking system according to claim 7, wherein said instructions include information related to at least one of a sensitivity and a criticality of said operation activity with respect to a level of compliance.
  - 9. A compliance tracking system according to claim 8, wherein said compilation of compliance indicia is accessible to said management level based on said information related to said at least one of a sensitivity and a criticality.
  - 10. A compliance tracking system according to claim 1, wherein said processor further comprises an administration engine processing device;
    - said administration engine processing device is operable to at least one of input data received from said user interface device into said second dataset and provide authorized access to said processor through said user interface device.

11. A method for tracking status and providing status feedback using a computer, comprising:
- accessing a set of rules in a database, the rules being related to an enterprise operation wherein said rules provide conformance standards for regulatory or enterprise procedural policies;
  
  accessing a set of data related to compliance with said set of rules;
  
  comparing, by a processing engine, said set of data against said set of rules to produce a compliance status;
  
  providing a computer-generated indication of said compliance status to a user interface; and
  
  accepting user input comprising instructions through said user interface whereby a condition of said set of data is modified, thereby improving said compliance status, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity;
  
  determining, by a processor engine, whether an enterprise operation is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets;
  
  determining, by a processor engine, whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation;
  
  receiving at least one survey generating, deleting, modifying or revising data related to the enterprise operation; and
  
  determining, by a processor engine, if a risk acknowledgement associated with the enterprise operation has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and
  
  developing or implementing, by a processor engine, a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.

12. A compliance tracking system, comprising:
- a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information;
  
  a second storage device containing a second dataset of data related to a state of an operation activity;
  
  a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets;
  
  a user interface device coupled to said processor and operable to receive user input and provide instructions to said processing engine processor for accessing and manipulating said first and second datasets, wherein said instructions include answers to a questionnaire related to assessing a level of compliance and information related to at least one of a sensitivity and a criticality of said operation activity with respect to a level of compliance, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity;
  
  said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison, wherein said indicia of compliance pertains to a plurality of portions of said operation activity, and wherein said device further comprises a reporting engine processing device, and wherein said reporting engine processing device can operate on said indicia of compliance to produce a compilation of compliance indicia in a summary format;
  
  a first determination processor or interface device for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets;
  
  a second determination processor or interface device for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation;
  
  a risk assessment processor or interface device for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation;
  
  a third determination processor or interface device for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and
  
  a plan selection processor or interface device for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.
- View Dependent Claims (13, 14, 15)
- - 13. A compliance tracking system according to claim 12, further comprising:
    - a management structure having a plurality of management levels; and
      
      said compilation of compliance indicia is accessible to a management level above at least another management level.
  - 14. A compliance tracking system according to claim 12, wherein said compilation of compliance indicia is accessible to said management level based on said information related to said at least one of a sensitivity and a criticality.
  - 15. A compliance tracking system according to claim 12, wherein said processor further comprises an administration engine processing device;
    - said administration engine processing device is operable to at least one of input data received from said user interface device into said second dataset and provide authorized access to said processor through said user interface device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Borgia, Evelyn, O'Connor, Christine, Miller, Jodi, De Gottal, Graham
Primary Examiner(s)
Diaz; Susanna M

Application Number

US10/012,934
Publication Number

US 20020129221A1
Time in Patent Office

2,493 Days
Field of Search

705/10, 705/1, 705/7
US Class Current

705/7.13
CPC Class Codes

G06Q 10/06311   Scheduling, planning or tas...

G06Q 10/0639   Performance analysis of emp...

G06Q 10/10   Office automation; Time man...

System and method for managing global risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

532 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing global risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

532 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links