System and method for managing controls within a heterogeneous enterprise environment
First Claim
1. A computer-implemented system for managing controls within a heterogeneous enterprise environment using a service-oriented open controls architecture, the system comprising:
- one or more processors;
an integration component implemented on the one or more processors configured to;
import, from a plurality of heterogeneous enterprise applications, user role information that describes authorizations or permissions assigned to one or more users in the plurality of heterogeneous enterprise applications;
import, from the plurality of heterogeneous enterprise applications, business transaction information that describes one or more business process activity instances in the plurality of heterogeneous enterprise applications;
import, from the plurality of heterogeneous enterprise applications, configuration information that describes one or more internal control settings that govern usage in the plurality of heterogeneous enterprise applications and indicate what the plurality of heterogeneous enterprise applications are allowed to do; and
normalize the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications into a predetermined format;
a foundation services component configured to store the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications in the predetermined format and provide one or more services to manage and process the user role information, the business transaction information, and the configuration information;
a controls authoring suite implemented on the one or more processors, wherein the controls authoring suite includes one or more studios configured to;
receive one or more inputs to the one or more studios to author a role management rule, a business transaction rule, and a configuration rule;
load the role management rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more access controls;
load the business transaction rule into the service-oriented open controls architecture to test normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more process or operational controls; and
load the configuration rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more application controls; and
an enterprise controls component implemented on the one or more processors and configured to;
apply the role management rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the authorizations or permissions assigned to the one or more users violate the role management rule or comply with the one or more access controls;
apply the business transaction rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the business process activity instances violate the business transaction rule or comply with the one or more process or operational controls; and
apply the configuration rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the internal control settings violate the configuration rule or comply with the one or more application controls.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing internal controls within a heterogeneous enterprise environment is provided. The invention may include an open and extensible standards-based architecture that may be used to create, monitor, test, or otherwise manage internal controls by capturing, organizing, translating, and exchanging controls data, tests, and test results across organizational boundaries and between an enterprise and its external auditors. By providing an automated software solution for managing internal controls, business, finance, information technology, audit, or other professionals may automate on-demand testing, or perform closed-loop remediation and continuous exception-based monitoring of controls within and across enterprise systems.
-
Citations
10 Claims
-
1. A computer-implemented system for managing controls within a heterogeneous enterprise environment using a service-oriented open controls architecture, the system comprising:
-
one or more processors; an integration component implemented on the one or more processors configured to; import, from a plurality of heterogeneous enterprise applications, user role information that describes authorizations or permissions assigned to one or more users in the plurality of heterogeneous enterprise applications; import, from the plurality of heterogeneous enterprise applications, business transaction information that describes one or more business process activity instances in the plurality of heterogeneous enterprise applications; import, from the plurality of heterogeneous enterprise applications, configuration information that describes one or more internal control settings that govern usage in the plurality of heterogeneous enterprise applications and indicate what the plurality of heterogeneous enterprise applications are allowed to do; and normalize the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications into a predetermined format; a foundation services component configured to store the user role information, the business transaction information, and the configuration information imported from the plurality of heterogeneous enterprise applications in the predetermined format and provide one or more services to manage and process the user role information, the business transaction information, and the configuration information; a controls authoring suite implemented on the one or more processors, wherein the controls authoring suite includes one or more studios configured to; receive one or more inputs to the one or more studios to author a role management rule, a business transaction rule, and a configuration rule; load the role management rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more access controls; load the business transaction rule into the service-oriented open controls architecture to test normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more process or operational controls; and load the configuration rule into the service-oriented open controls architecture to test the normalized user role information, the normalized business transaction information, and the normalized configuration information for compliance with one or more application controls; and an enterprise controls component implemented on the one or more processors and configured to; apply the role management rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the authorizations or permissions assigned to the one or more users violate the role management rule or comply with the one or more access controls; apply the business transaction rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the business process activity instances violate the business transaction rule or comply with the one or more process or operational controls; and apply the configuration rule to the normalized user role information, the normalized business transaction information, and the normalized configuration information to test whether the internal control settings violate the configuration rule or comply with the one or more application controls. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification