System and method for managing global risk
First Claim
1. A compliance tracking system, comprising:
- a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information;
a second dataset storage device containing a second dataset of data related to a state of an operation activity;
a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets;
a user interface device coupled to said processor and operable to receive user input and provide instructions to said processor for accessing and manipulating said first and second datasets, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity;
said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison;
first determination means for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets;
second determination means for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation;
risk assessment means for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation;
third determination means for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and
plan selection means for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for tracking compliance to risk management policies for a given enterprise that provides risk status feedback on hierarchical managerial levels. The system notifies users of potential problems with non-compliance of enterprise policies set on a high level of enterprise management, and prompts the users to take steps to achieve compliance. The enterprise policies are designed to protect the enterprise from various forms of risk associated with enterprise activities. Accordingly, minimizing risk across enterprise operations, subdivisions, projects and applications produces an overall benefit of reduced liability or exposure to liability for the entire enterprise. A compliance status is provided by business groups at all levels of the enterprise, and consolidated for each management level to which the risk status is promoted. Higher level managers can view summaries of risk management status for the business divisions, and select particular statuses to view compliance among various business groups under the manager'"'"'s responsibility.
-
Citations
15 Claims
-
1. A compliance tracking system, comprising:
-
a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information; a second dataset storage device containing a second dataset of data related to a state of an operation activity; a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets; a user interface device coupled to said processor and operable to receive user input and provide instructions to said processor for accessing and manipulating said first and second datasets, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity; said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison; first determination means for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets; second determination means for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation; risk assessment means for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation; third determination means for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and plan selection means for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for tracking status and providing status feedback using a computer, comprising:
-
accessing a set of rules in a database, the rules being related to an enterprise operation wherein said rules provide conformance standards for regulatory or enterprise procedural policies; accessing a set of data related to compliance with said set of rules; comparing, by a processing engine, said set of data against said set of rules to produce a compliance status; providing a computer-generated indication of said compliance status to a user interface; and accepting user input comprising instructions through said user interface whereby a condition of said set of data is modified, thereby improving said compliance status, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity; determining, by a processor engine, whether an enterprise operation is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets; determining, by a processor engine, whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation; receiving at least one survey generating, deleting, modifying or revising data related to the enterprise operation; and determining, by a processor engine, if a risk acknowledgement associated with the enterprise operation has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and developing or implementing, by a processor engine, a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures.
-
-
12. A compliance tracking system, comprising:
-
a first storage device containing a first dataset of data related to regulatory and enterprise procedural policy information; a second storage device containing a second dataset of data related to a state of an operation activity; a processor coupled to said first and second datasets, and operable to access and manipulate data in said first and second datasets; a user interface device coupled to said processor and operable to receive user input and provide instructions to said processing engine processor for accessing and manipulating said first and second datasets, wherein said instructions include answers to a questionnaire related to assessing a level of compliance and information related to at least one of a sensitivity and a criticality of said operation activity with respect to a level of compliance, wherein said user input is based on a compliance response structure comprising a set of role definitions including a plurality of respective responsibilities, wherein said responsibilities being related to respective portions of said state of said operation activity, and wherein said instructions being related to said responsibilities whereby a level of compliance is modified based upon a combination of said responsibilities and respective portions of said state of operation activity; said processor being further operable to compare data contained in said first and second datasets and provide processor-generated indicia of compliance to said user interface device based on a result of said comparison, wherein said indicia of compliance pertains to a plurality of portions of said operation activity, and wherein said device further comprises a reporting engine processing device, and wherein said reporting engine processing device can operate on said indicia of compliance to produce a compilation of compliance indicia in a summary format; a first determination processor or interface device for determining whether an operation activity is in compliance or non-compliance based on a comparison of the data contained in the first and second datasets; a second determination processor or interface device for determining whether non-compliance is the result of a new policy or regulation or amendment to a policy or regulation; a risk assessment processor or interface device for assessing risk and identifying risk factors associated with the state of the operation activity and the new policy or regulation or amendment to a policy or regulation; a third determination processor or interface device for determining whether a risk acknowledgement has been approved, wherein risk acknowledgement approval comprises accepting the risk or developing or implementing a plan to achieve compliance; and a plan selection processor or interface device for developing or implementing a plan to achieve compliance, wherein the plan is based on a sensitivity rating, an impact rating, a probability rating, and compensation and control procedures. - View Dependent Claims (13, 14, 15)
-
Specification