Method and system for managing risks
First Claim
1. A computer-implemented method for determining compliance with organizational business policies associated with a business risk, said method comprising:
- a. a computer receiving a user selection of a business risk element from a business risk element list which is displayed to the user, said business risk element list being retrieved from a database coupled to said computer;
b. in response to the selection of said business risk element, the computer retrieving one or more predetermined control procedures, the control procedures identified by an administrator as a means for complying with business policies associated with said selected business risk element;
c. the computer associating said one or more predetermined control procedures with said selected business risk element, said predetermined control procedures being stored in said database;
d. in response to the retrieving of the control procedures, the computer retrieving a weight assigned to each one of said predetermined control procedures, said weight being stored in said database;
e. the computer receiving a user selection of a compliance rating for each said predetermined control procedure, the rating selected by the user indicating a level of compliance with each one of said predetermined control procedures, for each of said predetermined control procedures the level of compliance is a subjective rating selected from a rigid set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures; and
f. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance ratings of said predetermined control procedures.
2 Assignments
0 Petitions
Accused Products
Abstract
A data processing system and method of using said data processing system for assessing and managing risk is disclosed. The preferred embodiment of the method includes the steps of identifying a set of risk elements; determining an importance for each said risk element; identifying any subrisks associated with said risk elements; identifying one or more control procedures for each said subrisk element; assigning weights to each said control procedure; rating compliance with each said control procedure and calculating an overall weighed compliance score. The method may further include the steps of for each non-fully compliant subrisk, allowing the user to determine whether to accept the risk or generate an action plan addressing the risk. The method may further preferably include calculating future compliance scores based on said action plans. The system further provides for sorting and displaying compliance scores by a number of parameters.
-
Citations
7 Claims
-
1. A computer-implemented method for determining compliance with organizational business policies associated with a business risk, said method comprising:
-
a. a computer receiving a user selection of a business risk element from a business risk element list which is displayed to the user, said business risk element list being retrieved from a database coupled to said computer; b. in response to the selection of said business risk element, the computer retrieving one or more predetermined control procedures, the control procedures identified by an administrator as a means for complying with business policies associated with said selected business risk element; c. the computer associating said one or more predetermined control procedures with said selected business risk element, said predetermined control procedures being stored in said database; d. in response to the retrieving of the control procedures, the computer retrieving a weight assigned to each one of said predetermined control procedures, said weight being stored in said database; e. the computer receiving a user selection of a compliance rating for each said predetermined control procedure, the rating selected by the user indicating a level of compliance with each one of said predetermined control procedures, for each of said predetermined control procedures the level of compliance is a subjective rating selected from a rigid set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures; and f. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance ratings of said predetermined control procedures. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data processing system for determining compliance with organizational business policies associated with a business risk, said system comprising:
-
a. a database; b. a processor coupled to said database, said processor being programmed to perform the steps comprising; i. the computer receiving a first signal identifying a user selection of a set of business risk elements from a business risk element list which is displayed to a user, said business risk elements being stored in said database; ii. the computer receiving a second signal identifying a user selection of one or more control procedures associated with each said business risk element, said control procedure comprising a means for complying with business policies associated with said risk elements, said control procedures being stored in said database; iii. the computer receiving a third signal assigning a weight to each said control procedure, said weight being stored said database; iv. the computer receiving a fourth signal identifying a user selection of a compliance rating for each said control procedure, for each of said predetermined control procedures the compliance rating is selected from a rigid set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures; and v. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance ratings of said control procedures. - View Dependent Claims (7)
-
Specification