Computer-implemented change risk assessment

US 8,260,653 B1
Filed: 07/23/2009
Issued: 09/04/2012
Est. Priority Date: 07/23/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:

receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the financial services project;

identifying, by a computing device processor, one or more inherent risks associated with a corresponding risk category based on the responses to the questions and a mitigation plan for each identified risk;

receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk;

receiving, at a computing device, a mitigation plan for each identified inherent risk;

identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk;

receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan;

determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings;

calculating, by a computing device processor, a risk level for each identified inherent and residual risk based at least in part on the RPN, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability;

aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories;

comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and

displaying, on a display device, an escalation flag for each identified inherent and residual risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A change risk assessment system is disclosed. A question-and-answer approach is used to generate a risk assessment that can be broken down by various business categories. Scoring in example embodiments generates a risk level for each identified that takes into account high severity and low detectability characteristics of specific risks associated with a change or new project. The highest average risk priority number (RPN) from any category can be used to facilitate cross-project comparison of risk and reward balance. A risk level can be calculated for both an inherent risk, and a residual risk. The residual risk is calculated taking a mitigation plan into account. A color indication can be displayed for each identified risk, where the color indication is indicative of the risk level. The scoring for an identified risk can also be made to programmatically prompt escalation of the identified issue.

44 Citations

View as Search Results

13 Claims

1. A computer-implemented method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:
- receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the financial services project;
  
  identifying, by a computing device processor, one or more inherent risks associated with a corresponding risk category based on the responses to the questions and a mitigation plan for each identified risk;
  
  receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk;
  
  receiving, at a computing device, a mitigation plan for each identified inherent risk;
  
  identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk;
  
  receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan;
  
  determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings;
  
  calculating, by a computing device processor, a risk level for each identified inherent and residual risk based at least in part on the RPN, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability;
  
  aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories;
  
  comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and
  
  displaying, on a display device, an escalation flag for each identified inherent and residual risk.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - receiving, at the computing device, a financial metric for the project; and
      
      displaying, on the display device, the highest average inherent RPN for the project against the financial metric to facilitate the cross-project comparison of risk and reward balance.
  - 3. The method of claim 2 further comprising:
    - determining, by a computing device processor, whether the project is a high-risk project based at least in part on the risk level; and
      
      prompting a high-risk analysis when the project is a high-risk project.
  - 4. The method of claim 2 further comprising displaying a color indication for each identified inherent and residual risk on a display device, wherein the color indication is indicative of the risk level.

5. A computer program product comprising non-transitory computer-readable program code embodied on a computer-readable storage medium, the computer-readable program code executable by a computer system to implement a method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:
- receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the project;
  
  identifying, by a computing device processor, one or more inherent risks and associated with a corresponding risk category based on the responses to the questions;
  
  receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk;
  
  receiving, at a computing device processor, a mitigation plan for each identified inherent risk;
  
  identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk;
  
  receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan;
  
  determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings;
  
  calculating, by a computing device processor, a risk level for each identified inherent and residual risk based on the RPN and the mitigation plan, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability;
  
  aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories;
  
  comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and
  
  displaying an escalation flag for each identified inherent and residual risk.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product of claim 5 wherein the method further comprises:
    - receiving a financial metric for the project; and
      
      displaying the highest average inherent RPN for the project against the financial metric to facilitate the cross-project comparison of risk and reward balance.
  - 7. The computer program product of claim 6 wherein the method further comprises:
    - determining whether the project is a high-risk project based at least in part on the risk level; and
      
      prompting a high-risk analysis when the project is a high-risk project.
  - 8. The computer program product of claim 6 wherein the method further comprises displaying a color indication for each identified inherent and residual risk wherein the color indication is indicative of the risk level.

9. A system for determining a level of risk in undertaking a financial services project to implement a change, the system comprising:
- a computing device operable to (1) receive a plurality of responses to questions related to one of a plurality of risk categories associated with the project, (2) receive numeric risk ratings for each inherent risk identified by the responses to the questions, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk, (3) receive a mitigation plan for each identified inherent risk and (4) receive numeric risk ratings for each residual risk identified based on the mitigation plan for each identified inherent risk, wherein the risk ratings for each residual risk incorporates the risk rating for each identified inherent risk and the mitigation plan and (5) display an escalation flag for each identified inherent and residual risk;
  
  an instruction execution platform enabled by executable computer program code to determine a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings, calculate a risk level for each identified inherent and residual risk based at least in part on the RPN, the risk level reflecting whether the identified risk exhibits a combination of high severity and low detectability, aggregate each risk priority number associated with an inherent risk related to a risk category calculate an average inherent risk priority number (RPN) for each of the plurality of risk categories and compare a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance;
  
  an instruction execution platform enabled by executable computer program code to receive and store, in a storage device, approval status of the risk level;
  
  a storage medium comprising a database for storing answers to the questions and the highest average inherent RPN; and
  
  a network interconnecting the instruction execution platform and the storage medium.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9 wherein the computing device is connected to the instruction execution platform by the network.
  - 11. The system of claim 10 wherein the database is an SQL database and the plurality of responses are collected using a web browser.
  - 12. The system of claim 11 wherein the computing device is further operable to receive a financial metric for the project and display the highest average inherent RPN for the project against the financial metric to facilitate the cross-project comparison of risk and reward balance.
  - 13. The system of claim 12 wherein the computing device is further operable to display a color indication for each identified inherent and residual risk wherein the color indication is indicative of the risk level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Osterfelt, Susan, Lappert, Steven, Jones, Christopher S.
Primary Examiner(s)
Sterrett, Jonathan G

Application Number

US12/508,230
Time in Patent Office

1,139 Days
Field of Search

705/7.28, 705/7.36
US Class Current

705/7.28
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

Computer-implemented change risk assessment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Computer-implemented change risk assessment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others