Internal audit operations for Sarbanes Oxley compliance
First Claim
1. A method performed by a computer system for auditing an enterprise, the method comprising:
- producing by the computer system an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks;
producing by the computer system an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes;
producing by the computer system an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and
producing by the computer system an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes.
1 Assignment
0 Petitions
Accused Products
Abstract
A system provides audit opinions on an enterprise'"'"'s organizations, processes, risks, and risk controls. The system first evaluates the enterprise'"'"'s set of risk controls. The audit opinions of the set of risk controls are used to evaluate the set of risks associated with the set of risk controls. The audit opinions of the set of risks and of the set of risk controls are in turn used to evaluate the set of processes associated with the set of risks. Finally, all of these audit opinions are used to evaluate the set of organizations associated with the set of processes. The system streamlines the evaluation of risk by determining suggested audit opinions. Suggested audit opinions for a given item can be determined from audit opinions previously determined and associated with the given item. Rules can be defined for a given item to specify how to determine the suggested audit result.
-
Citations
24 Claims
-
1. A method performed by a computer system for auditing an enterprise, the method comprising:
-
producing by the computer system an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks; producing by the computer system an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes; producing by the computer system an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and producing by the computer system an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An information storage medium having a plurality of instructions adapted to direct an information processing device to perform a set of steps including:
-
producing an audit opinion for each risk control in a set of risk controls, each risk control being associated with a risk in a set of risks; producing an audit opinion for each risk in the set of risks, the audit opinion for each risk being based, at least in part, on the audit opinions for its associated risk controls, each risk being associated with a business process in a set of business processes; producing an audit opinion for each business process in the set of business processes, the audit opinion for each business process being based, at least in part, on the audit opinions for its associated risks, each business process being associated with an organization in a set of organizations; and producing an audit opinion for each organization in the set of organizations, the audit opinion for each organization being based, at least in part, on the audit opinions for its associated business processes. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification