Computer-implemented change risk assessment
First Claim
1. A computer-implemented method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:
- receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the financial services project;
identifying, by a computing device processor, one or more inherent risks associated with a corresponding risk category based on the responses to the questions and a mitigation plan for each identified risk;
receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk;
receiving, at a computing device, a mitigation plan for each identified inherent risk;
identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk;
receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan;
determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings;
calculating, by a computing device processor, a risk level for each identified inherent and residual risk based at least in part on the RPN, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability;
aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories;
comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and
displaying, on a display device, an escalation flag for each identified inherent and residual risk.
1 Assignment
0 Petitions
Accused Products
Abstract
A change risk assessment system is disclosed. A question-and-answer approach is used to generate a risk assessment that can be broken down by various business categories. Scoring in example embodiments generates a risk level for each identified that takes into account high severity and low detectability characteristics of specific risks associated with a change or new project. The highest average risk priority number (RPN) from any category can be used to facilitate cross-project comparison of risk and reward balance. A risk level can be calculated for both an inherent risk, and a residual risk. The residual risk is calculated taking a mitigation plan into account. A color indication can be displayed for each identified risk, where the color indication is indicative of the risk level. The scoring for an identified risk can also be made to programmatically prompt escalation of the identified issue.
44 Citations
13 Claims
-
1. A computer-implemented method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:
-
receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the financial services project; identifying, by a computing device processor, one or more inherent risks associated with a corresponding risk category based on the responses to the questions and a mitigation plan for each identified risk; receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk; receiving, at a computing device, a mitigation plan for each identified inherent risk; identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk; receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan; determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings; calculating, by a computing device processor, a risk level for each identified inherent and residual risk based at least in part on the RPN, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability; aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories; comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and displaying, on a display device, an escalation flag for each identified inherent and residual risk. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product comprising non-transitory computer-readable program code embodied on a computer-readable storage medium, the computer-readable program code executable by a computer system to implement a method of determining a level of risk in undertaking a financial services project to implement a change, the method comprising:
-
receiving, at a computing device, a plurality of responses to questions, each question related to one of a plurality of risk categories associated with the project; identifying, by a computing device processor, one or more inherent risks and associated with a corresponding risk category based on the responses to the questions; receiving, at a computing device, numeric risk ratings for each of the identified inherent risks, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk; receiving, at a computing device processor, a mitigation plan for each identified inherent risk; identifying, by a computing device processor, one or more residual risks associated with a corresponding risk category based on the mitigation plan for each identified inherent risk; receiving, at a computing device, numeric risk ratings for each of the identified residual risks, wherein the risk rating incorporates the risk rating for each identified inherent risk and the mitigation plan; determining, by a computing device processor, a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings; calculating, by a computing device processor, a risk level for each identified inherent and residual risk based on the RPN and the mitigation plan, wherein the risk level reflects whether the identified risk exhibits a combination of high severity and low detectability; aggregating, by a computing device processor, each risk priority number (RPN) associated with an inherent risk related to a risk category and calculating an average inherent RPN for each of the plurality of risk categories; comparing, by a computing device processor, a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; and displaying an escalation flag for each identified inherent and residual risk. - View Dependent Claims (6, 7, 8)
-
-
9. A system for determining a level of risk in undertaking a financial services project to implement a change, the system comprising:
-
a computing device operable to (1) receive a plurality of responses to questions related to one of a plurality of risk categories associated with the project, (2) receive numeric risk ratings for each inherent risk identified by the responses to the questions, wherein the risk ratings include severity of risk, probability of risk occurrence and ability to detect risk, (3) receive a mitigation plan for each identified inherent risk and (4) receive numeric risk ratings for each residual risk identified based on the mitigation plan for each identified inherent risk, wherein the risk ratings for each residual risk incorporates the risk rating for each identified inherent risk and the mitigation plan and (5) display an escalation flag for each identified inherent and residual risk; an instruction execution platform enabled by executable computer program code to determine a risk priority number (RPN) for each of the identified inherent and residual risks based on the numeric risk ratings, calculate a risk level for each identified inherent and residual risk based at least in part on the RPN, the risk level reflecting whether the identified risk exhibits a combination of high severity and low detectability, aggregate each risk priority number associated with an inherent risk related to a risk category calculate an average inherent risk priority number (RPN) for each of the plurality of risk categories and compare a highest average inherent RPN for the project to highest average inherent RPNs of other projects to facilitate cross-project comparison of risk and reward balance; an instruction execution platform enabled by executable computer program code to receive and store, in a storage device, approval status of the risk level; a storage medium comprising a database for storing answers to the questions and the highest average inherent RPN; and a network interconnecting the instruction execution platform and the storage medium. - View Dependent Claims (10, 11, 12, 13)
-
Specification