System and method for managing controls within a heterogeneous enterprise environment

US 8,671,013 B2
Filed: 05/01/2007
Issued: 03/11/2014
Est. Priority Date: 05/01/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented system for managing controls within a heterogeneous enterprise environment using a service-oriented open controls architecture, the system comprising:

one or more processors;

an integration component implemented on the one or more processors configured to;

import, from a plurality of heterogeneous enterprise applications, user role information that describes authorizations or permissions assigned to one or more users in the plurality of heterogeneous enterprise applications;

import, from the plurality of heterogeneous enterprise applications, business transaction information that describes one or more business process activity instances in the plurality of heterogeneous enterprise applications;

import, from the plurality of heterogeneous enterprise applications, configuration information that describes one or more internal control settings that govern usage in the plurality of heterogeneous enterprise applications and indicate what the plurality of heterogeneous enterprise applications are allowed to do; and

normalize the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications into a predetermined format;

a foundation services component configured to store the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications in the predetermined format and provide one or more services to manage and process the user role information, the business transaction information, and the configuration information;

a controls authoring suite implemented on the one or more processors, wherein the controls authoring suite includes one or more studios configured to;

receive one or more inputs to the one or more studios to author a role management rule, a business transaction rule, and a configuration rule;

load the role management rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more access controls;

load the business transaction rule into the service-oriented open controls architecture to test normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more process or operational controls; and

load the configuration rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more application controls; and

an enterprise controls component implemented on the one or more processors and configured to;

apply the role management rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the authorizations or permissions assigned to the one or more users violate the role management rule or comply with the one or more access controls;

apply the business transaction rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the business process activity instances violate the business transaction rule or comply with the one or more process or operational controls; and

apply the configuration rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the internal control settings violate the configuration rule or comply with the one or more application controls.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing internal controls within a heterogeneous enterprise environment is provided. The invention may include an open and extensible standards-based architecture that may be used to create, monitor, test, or otherwise manage internal controls by capturing, organizing, translating, and exchanging controls data, tests, and test results across organizational boundaries and between an enterprise and its external auditors. By providing an automated software solution for managing internal controls, business, finance, information technology, audit, or other professionals may automate on-demand testing, or perform closed-loop remediation and continuous exception-based monitoring of controls within and across enterprise systems.

Citations

10 Claims

1. A computer-implemented system for managing controls within a heterogeneous enterprise environment using a service-oriented open controls architecture, the system comprising:
- one or more processors;
  
  an integration component implemented on the one or more processors configured to;
  
  import, from a plurality of heterogeneous enterprise applications, user role information that describes authorizations or permissions assigned to one or more users in the plurality of heterogeneous enterprise applications;
  
  import, from the plurality of heterogeneous enterprise applications, business transaction information that describes one or more business process activity instances in the plurality of heterogeneous enterprise applications;
  
  import, from the plurality of heterogeneous enterprise applications, configuration information that describes one or more internal control settings that govern usage in the plurality of heterogeneous enterprise applications and indicate what the plurality of heterogeneous enterprise applications are allowed to do; and
  
  normalize the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications into a predetermined format;
  
  a foundation services component configured to store the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications in the predetermined format and provide one or more services to manage and process the user role information, the business transaction information, and the configuration information;
  
  a controls authoring suite implemented on the one or more processors, wherein the controls authoring suite includes one or more studios configured to;
  
  receive one or more inputs to the one or more studios to author a role management rule, a business transaction rule, and a configuration rule;
  
  load the role management rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more access controls;
  
  load the business transaction rule into the service-oriented open controls architecture to test normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more process or operational controls; and
  
  load the configuration rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more application controls; and
  
  an enterprise controls component implemented on the one or more processors and configured to;
  
  apply the role management rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the authorizations or permissions assigned to the one or more users violate the role management rule or comply with the one or more access controls;
  
  apply the business transaction rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the business process activity instances violate the business transaction rule or comply with the one or more process or operational controls; and
  
  apply the configuration rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the internal control settings violate the configuration rule or comply with the one or more application controls.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the one or more services that the foundation services component provides to manage and process the user role information, the business transaction information, and the configuration information include security and user management services to authenticate, provide role-based access, protect data levels, and alert the one or more users in the plurality of heterogeneous enterprise applications, data analysis and correlation services to apply analytics against the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications, request services to handle workflow requests and change controls in the plurality of heterogeneous enterprise applications, scheduling and task management services to automatically execute tasks in the service-oriented open controls architecture, data management or access services to request, store, and archive the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications, reporting services to create and render reports that relate to compliance with the role management rule, the business transaction rule, and the configuration rule, and publishing services to publish information to one or more sources external to the heterogeneous enterprise environment.
  - 3. The system of claim 1, wherein the enterprise controls component is further configured to test the normalized user role information, the normalized business transaction information, and the normalized configuration information to determine whether the internal control settings violate or comply with one or more information technology controls that define requirements associated with an information technology infrastructure in the heterogeneous enterprise environment.
  - 4. The system of claim 1, further comprising a portal that provides an application program interface to connect the service-oriented open controls architecture with one or more applications external to the heterogeneous enterprise environment and share data relating to the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications with the one or more external applications.
  - 5. The system of claim 4, wherein the enterprise controls component is further configured to apply one or more external auditor controls received from the one or more external applications to the one or more access controls, the one or more process or operational controls, and the one or more application controls to facilitate an external audit on the heterogeneous enterprise environment, wherein the one or more external auditor controls, the one or more access controls, the one or more process or operational controls, and the one or more application controls have a common XML-based Controls Definition Language format.
  - 6. The system of claim 5, wherein the foundation services component is further configured to:
    - encapsulate a report that documents and proves compliance or violations associated with the one or more access controls, the one or more process or operational controls, and the one or more application controls using a common XML-based Controls Reporting Language format; and
      
      publish the encapsulated report to the one or more external applications to facilitate the external audit.
  - 7. The system of claim 1, wherein the one or more studios associated with the controls authoring suite include a rule studio configured to receive the one or more inputs to author the role management rule, the business transaction rule, and the configuration rule.
  - 8. The system of claim 7, wherein the one or more studios associated with the controls authoring suite further include an insight studio configured to:
    - deploy a custom data schema into the service-oriented open controls architecture to define the predetermined format used to normalize the imported user role information, the imported business transaction information, and the imported configuration information; and
      
      deploy a custom analysis schema into the rule studio to use in authoring the role management rule, the business transaction rule, and the configuration rule.
  - 9. The system of claim 8, wherein the one or more studios associated with the controls authoring suite further include an integration studio configured to map source data associated with the plurality of heterogeneous enterprise applications to a control data model used in the service-oriented open controls architecture, wherein the control data model includes the custom data schema and the custom analysis schema that the insight studio deploys into the service-oriented open controls architecture.
  - 10. The system of claim 9, wherein the one or more studios associated with the controls authoring suite further include a report studio configured to provide a common data dictionary and XML-based taxonomy to develop custom reports that document whether the imported user role information, the imported business transaction information, and the imported configuration information comply with or violate the one or more access controls, the one or more process or operational controls, and the one or more application controls.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infor Incorporated
Original Assignee
Infor (US) Incorporated (Infor Incorporated)
Inventors
Cobb, Richard M., Elliott, Steven J., Garrity, Thomas III, Boccasam, Prashanth V., Matteson, Silas S.
Primary Examiner(s)
Sterrett, Jonathan G
Assistant Examiner(s)
Anderson, Folashade

Application Number

US11/742,950
Publication Number

US 20070288253A1
Time in Patent Office

2,506 Days
Field of Search

705/7.11, 705/7.38
US Class Current

705/7.38
CPC Class Codes

G06Q 10/00   Administration; Management

G06Q 10/063   Operations research, analys...

G06Q 10/0639   Performance analysis of emp...

G06Q 30/018   Certifying business or prod...

System and method for managing controls within a heterogeneous enterprise environment

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing controls within a heterogeneous enterprise environment

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links