System and methods for integrated compliance monitoring
First Claim
1. A computer-implemented method of monitoring compliance for an organization, the computer-implemented method comprising the steps of:
- providing, using a central processing unit (CPU), a plurality of compliance-related questions to participants of compliance monitoring for an organization, wherein the participants include at least one question designer and at least one assessor;
assigning by the at least one question designer, in a data processing system, a probability of occurrence value to each of the plurality of compliance-related questions, wherein the probability of occurrence value is a rating for a probability of occurrence for a threat posed by a compliance-related question;
collecting from the at least one assessor, in the data processing system, a plurality of responses to the plurality of compliance-related questions, wherein the plurality of responses include assigning a residual risk value and an impact value to each of the plurality of compliance-related questions, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized;
establishing, using the CPU, a risk rating for each of the compliance-related questions, the risk rating determined from averaging together the values for residual risk, probability of occurrence, and impact, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value for each of the plurality of compliance-related questions; and
producing, using the CPU, an assessment including at least some of the plurality of responses and the risk rating for at least some of the plurality of compliance-related questions.
1 Assignment
0 Petitions
Accused Products
Abstract
System and methods for integrated compliance monitoring. Various application modules work together to accomplish risk assessment and compliance monitoring. A risk assessment module facilitates the development of risk ratings based on responses to a plurality of compliance-related questions. The system can also include an action tracking module, and can further include a training module and a self-assessment module to determine individual compliance gaps. A common database is operatively connected to the modules to monitor the completion of assessments and to track actions based on remediation plans. In some embodiments, the invention is implemented via a computing platform or a collection of computing platforms interconnected by a network, such as a corporate intranet, in which case a web browser can facilitate use of the invention.
311 Citations
41 Claims
-
1. A computer-implemented method of monitoring compliance for an organization, the computer-implemented method comprising the steps of:
-
providing, using a central processing unit (CPU), a plurality of compliance-related questions to participants of compliance monitoring for an organization, wherein the participants include at least one question designer and at least one assessor; assigning by the at least one question designer, in a data processing system, a probability of occurrence value to each of the plurality of compliance-related questions, wherein the probability of occurrence value is a rating for a probability of occurrence for a threat posed by a compliance-related question; collecting from the at least one assessor, in the data processing system, a plurality of responses to the plurality of compliance-related questions, wherein the plurality of responses include assigning a residual risk value and an impact value to each of the plurality of compliance-related questions, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized; establishing, using the CPU, a risk rating for each of the compliance-related questions, the risk rating determined from averaging together the values for residual risk, probability of occurrence, and impact, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value for each of the plurality of compliance-related questions; and producing, using the CPU, an assessment including at least some of the plurality of responses and the risk rating for at least some of the plurality of compliance-related questions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium having stored thereon a computer program code, the computer program code including instructions which, when executed by a processor, cause the processor to perform the method comprising:
-
providing a plurality of compliance-related questions to participants of compliance monitoring for an organization, wherein the participants include at least one question designer and at least one assessor; assigning by the at least one question designer a probability of occurrence value to each of the plurality of compliance-related questions, wherein the probability of occurrence value is a rating for a probability of occurrence for a threat posed by a compliance-related question; collecting from the at least one assessor a plurality of responses to the plurality of compliance-related questions; assigning by the at least one assessor a residual risk value and an impact value to each of the plurality of compliance-related questions, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized; establishing risk ratings comprising at least a risk rating for each of the plurality of compliance-related questions based on the responses, the risk rating determined from averaging together the values provided for residual risk, probability of occurrence, and impact, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value for each of the plurality of compliance-related questions; and producing an assessment including at least some of the plurality of responses and at least some of the risk rating for each of the plurality of compliance-related questions. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. Apparatus for facilitating compliance monitoring, the apparatus comprising:
-
means for providing a plurality of compliance-related questions to participants of compliance monitoring for an organization, wherein the participants include at least one question designer and at least one assessor; means for assigning by the at least one question designer a probability of occurrence value to each of the plurality of compliance-related questions, wherein the robabilit of occurrence value is a ratin for a ,robabilit of occurrence for a threat posed by a compliance-related question; means for collecting from the at least one assessor a plurality of responses to a plurality of compliance-related questions; means for assigning by the at least one assessor a residual risk value and an impact value to each of the plurality of compliance-related questions, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized; means for establishing risk ratings comprising at least a risk rating for each of the plurality of compliance-related questions based on the responses, the risk rating determined from averaging together the values for residual risk, probability of occurrence, and impact, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value for each of the plurality of compliance-related questions; and means for producing an assessment including at least some of the responses and at least some of the risk ratings. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A system for facilitating compliance monitoring, the system comprising:
-
an instruction execution platform further comprising a memory device and a processing device operatively coupled to the memory device, wherein the processing device is configured to execute computer-readable program code of at least one application module, wherein the at least one application module comprises at least; a risk assessment module, the risk assessment module operable to produce an assessment by; providing a plurality of compliance-related questions to participants of compliance monitoring for an organization, wherein the participants include at least one question designer and at least one assessor; assigning by the at least one question designer a probability of occurrence value to each of the plurality of compliance-related questions, wherein the probability of occurrence value is a rating for a probability of occurrence for a threat posed by a compliance-related question, collecting responses from the at least one assessor wherein the responses include assigning a residual risk value and an impact value to each of the plurality of compliance-related questions, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized, determining risk ratings from averaging together the values provided for residual risk, probability of occurrence, and impact, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value, and producing the assessment including at least some of the responses and at least some of the risk ratings; and a database operatively coupled to the instruction execution platform for storing and retrieving data produced by the at least one application module and operable to facilitate review, approval and action tracking related to the assessment. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 40)
-
-
35. A computer-implemented method of achieving and monitoring compliance for an organization, the computer-implemented method comprising:
-
selecting, from a database, participants for achieving and monitoring compliance for an organization, wherein the participants include at least one question designer and at least one assessor; designing by the at least one question designer, in a data processing system, a plurality of compliance-related questions, wherein the at least one question designer assigns a probability of occurrence value to each of the plurality of compliance-related questions, wherein the probability of occurrence value is a rating for a probability of occurrence for a threat posed by a compliance-related question; collecting from the at least one assessor, in the data processing system, a plurality of responses to the plurality of compliance-related questions; assigning, in the data processing system, a residual risk value and an impact value to each of the plurality of compliance-related questions by the at least one assessor, wherein the residual risk value is a value of the threat posed by the compliance-related question, and wherein the impact value is a value of how critical is a result of the threat posed by the compliance-related question if the threat is realized; determining, using a central processing unit (CPU), a risk rating for each of the plurality of compliance-related questions, the risk rating determined from averaging together the value assigned for probability of occurrence by the question designer and the values assigned for residual risk and impact by the assessor, so as to express the risk rating as a function of the residual risk value, probability of occurrence value, and impact value for each of the plurality of compliance related questions; and producing, using the CPU, an assessment including at least some of the plurality of responses and the risk rating for at least some of the plurality of compliance-related questions. - View Dependent Claims (36, 37, 38, 39, 41)
-
Specification