Internal audit operations for Sarbanes Oxley compliance

US 7,523,053 B2
Filed: 04/25/2005
Issued: 04/21/2009
Est. Priority Date: 04/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer system for auditing an enterprise, the method comprising:

producing by the computer system an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks;

producing by the computer system an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes;

producing by the computer system an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and

producing by the computer system an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides audit opinions on an enterprise'"'"'s organizations, processes, risks, and risk controls. The system first evaluates the enterprise'"'"'s set of risk controls. The audit opinions of the set of risk controls are used to evaluate the set of risks associated with the set of risk controls. The audit opinions of the set of risks and of the set of risk controls are in turn used to evaluate the set of processes associated with the set of risks. Finally, all of these audit opinions are used to evaluate the set of organizations associated with the set of processes. The system streamlines the evaluation of risk by determining suggested audit opinions. Suggested audit opinions for a given item can be determined from audit opinions previously determined and associated with the given item. Rules can be defined for a given item to specify how to determine the suggested audit result.

398 Citations

24 Claims

1. A method performed by a computer system for auditing an enterprise, the method comprising:
- producing by the computer system an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks;
  
  producing by the computer system an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes;
  
  producing by the computer system an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and
  
  producing by the computer system an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein producing an audit opinion for each risk in the set of risks comprises determining, for each risk, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the risk'"'"'s associated risk controls.
  - 3. The method of claim 2, wherein determining the suggested audit opinion includes applying a rule to the selection of audit opinions.
  - 4. The method of claim 3, wherein the rule includes a weighted combination of a set of risk mitigation values associated with the selection of audit opinions.
  - 5. The method of claim 1, wherein producing an audit opinion for each business process in the set of business processes comprises determining, for each business process, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the business process'"'"' associated risks.
  - 6. The method of claim 5, wherein determining the suggested audit opinion includes applying a rule to the selection of audit opinions.
  - 7. The method of claim 6, wherein the rule includes a weighted combination of a set of risk severity values associated with at least a portion of the selection of audit opinions.
  - 8. The method of claim 5, further comprising receiving an audit decision from a user, the audit decision indicating either the acceptance of the suggested audit opinion or the rejection of the suggested audit opinion.
  - 9. The method of claim 8, further comprising storing the suggested audit opinion and the audit decision.
  - 10. The method of claim 1, wherein producing an audit opinion for each organization in the set of organizations comprises determining, for each organization, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the organization'"'"'s associated business processes.
  - 11. The method of claim 2, further comprising receiving an audit decision from a user, the audit decision indicating either the acceptance of the suggested audit opinion or the rejection of the suggested audit opinion.
  - 12. The method of claim 11, further comprising storing the suggested audit opinion and the audit decision.

13. An information storage medium having a plurality of instructions adapted to direct an information processing device to perform a set of steps including:
- producing an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks;
  
  producing an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes;
  
  producing an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and
  
  producing an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The information storage medium of claim 13, wherein producing an audit opinion for each risk in the set of risks comprises determining, for each risk, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the risk'"'"'s associated risk controls.
  - 15. The information storage medium of claim 14, wherein determining the suggested audit opinion includes applying a rule to the selection of audit opinions.
  - 16. The information storage medium of claim 15, wherein the rule includes a weighted combination of a set of risk mitigation values associated with the selection of audit opinions.
  - 17. The information storage medium of claim 14, further comprising receiving an audit decision from a user, the audit decision indicating either the acceptance of the suggested audit opinion or the rejection of the suggested audit opinion.
  - 18. The information storage medium of claim 17, further comprising storing the suggested audit opinion and the audit decision.
  - 19. The information storage medium of claim 13, wherein producing an audit opinion for each business process in the set of business processes comprises determining, for each business process, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the business process'"'"' associated risks.
  - 20. The information storage medium of claim 19, wherein determining the suggested audit opinion includes applying a rule to the selection of audit opinions.
  - 21. The information storage medium of claim 20, wherein the rule includes a weighted combination of a set of risk severity values associated with at least a portion of the selection of audit opinions.
  - 22. The information storage medium of claim 19, further comprising receiving an audit decision from a user, the audit decision indicating either the acceptance of the suggested audit opinion or the rejection of the suggested audit opinion.
  - 23. The information storage medium of claim 22, further comprising storing the suggested audit opinion and the audit decision.
  - 24. The information storage medium of claim 13, wherein producing an audit opinion for each organization in the set of organizations comprises determining, for each organization, a suggested audit opinion from a selection of audit opinions, the selection of audit opinions including one or more audit opinions for the organization'"'"'s associated business processes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Malhotra, Anisha, Gerald, Bastin, Pudhukottai, Sampathkumar, Arumugam, Sayekumar, Liu, Qingdi, King, Nigel
Primary Examiner(s)
Cheung; Mary
Assistant Examiner(s)
FERTIG, BRIAN E

Application Number

US11/114,978
Publication Number

US 20060241991A1
Time in Patent Office

1,457 Days
Field of Search

705/1, 705 30- 45, 702/108, 714/25, 714/1, 714/26, 726/1, 708/105, 708/110, 708130-131, 708/184, 283/57, 283/66.1, 283/66.2
US Class Current

705/30
CPC Class Codes

G06Q 40/02 Banking, e.g. interest calc...

G06Q 40/12 Accounting

Internal audit operations for Sarbanes Oxley compliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

398 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Internal audit operations for Sarbanes Oxley compliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

398 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links