Data management for top-down risk based audit approach

US 9,292,808 B2
Filed: 07/08/2010
Issued: 03/22/2016
Est. Priority Date: 04/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing a first link that links a first risk to an account group in a first table in a data structure of a database;

storing a second link that links a second risk to a control objective in a second table in the data structure, wherein the control objective is an objective of a control for managing risk; and

performing, by a computing device, risk management by accessing both the first risk through the account group and the second risk through the control objective, wherein the risk management requires that the first risk is accessible due to the account group being accessed first from the data structure before accessing the first risk and the second risk is accessible due to the control objective being accessed first from the data structure before accessing the second risk, wherein performing risk management comprises;

accessing the account group from the data structure;

accessing the first link in the first table, the first link accessible via accessing the account group;

accessing the first risk using the first link, wherein the first risk is accessible due to the account group being accessed first from the data structure and then the first link being accessed via the account group and used to access the first risk;

accessing the control objective from the data structure;

accessing the second link in the second table, the second link accessible via the control objective; and

accessing the second risk using the second link, wherein the second risk is accessible due to the control objective being accessed first from the data structure and then the second link being accessed via the control objective and used to access the second risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Particular embodiments generally relate to providing risk management. In one embodiment, a first risk is linked to an account group assertion in a data structure. A second risk is linked to a control objective in the data structure. Access to the first risk is granted through the account group'"'"'s assertion. Access to the second risk is granted through the control objective. Risk management is then performed using the accessed first risk and second risk.

28 Citations

View as Search Results

20 Claims

1. A method comprising:
- storing a first link that links a first risk to an account group in a first table in a data structure of a database;
  
  storing a second link that links a second risk to a control objective in a second table in the data structure, wherein the control objective is an objective of a control for managing risk; and
  
  performing, by a computing device, risk management by accessing both the first risk through the account group and the second risk through the control objective, wherein the risk management requires that the first risk is accessible due to the account group being accessed first from the data structure before accessing the first risk and the second risk is accessible due to the control objective being accessed first from the data structure before accessing the second risk, wherein performing risk management comprises;
  
  accessing the account group from the data structure;
  
  accessing the first link in the first table, the first link accessible via accessing the account group;
  
  accessing the first risk using the first link, wherein the first risk is accessible due to the account group being accessed first from the data structure and then the first link being accessed via the account group and used to access the first risk;
  
  accessing the control objective from the data structure;
  
  accessing the second link in the second table, the second link accessible via the control objective; and
  
  accessing the second risk using the second link, wherein the second risk is accessible due to the control objective being accessed first from the data structure and then the second link being accessed via the control objective and used to access the second risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - storing a third link that links a third risk to a central sub-process in a third table in the data structure; and
      
      accessing the central sub-process from the data structure;
      
      accessing the third link in the third table, the third link accessible via accessing the central sub-process;
      
      accessing the third risk using the third link, wherein the third risk is accessible due to the central sub-process being accessed first from the data structure and then the third link being accessed via the central sub-process and used to access the third risk.
  - 3. The method of claim 1, further comprising:
    - linking the account group to a central sub-process, wherein the first risk is inherited to the central sub-process.
  - 4. The method of claim 3, wherein accessing the first risk comprises:
    - determining an account group assertion for the account group from the central sub-process; and
      
      accessing the first risk for the account group assertion using the determined account group.
  - 5. The method of claim 2, further comprising linking the control objective to the central sub-process, wherein the second risk is inherited to the central sub-process.
  - 6. The method of claim 5, wherein accessing the second risk comprises:
    - accessing the control objective from the central sub-process; and
      
      accessing the second risk using the determined control objective.
  - 7. The method of claim 2, further comprising copying the central sub-process to an organization to create a local sub-process, wherein the local sub-process inherits the first risk and the second risk from the central sub-process.
  - 8. The method of claim 7, further comprising storing a fourth link in the data structure linking the central sub-process with the local sub-process.
  - 9. The method of claim 7, further comprising:
    - determining a request to remove one of the first risk or the second risk in the local sub-process; and
      
      storing information indicating the one of the first risk or the second risk that has been removed.
  - 10. The method of claim 9, wherein the removed one of the first risk or the second risk is not evaluated in risk management for the local sub-process.
  - 11. The method of claim 7, further comprising:
    - determining a request to remove one of the control objective or the account group in the local sub-process; and
      
      storing information indicating the one of the control objective or the account group that has been removed,wherein the removed one of the control objective or the account group is not evaluated in risk management for the local sub-process.
  - 12. The method of claim 1, wherein performing risk management comprises performing risk assessment using data for the first risk and the second risk stored in the data structure.
  - 13. The method of claim 12, further comprising:
    - determining a first control for the first risk and a second control for the second risk; and
      
      performing risk evaluation using the first control and the second control.

14. A non-transitory computer-readable storage medium containing instructions for controlling a computer system to perform a method, the method comprising:
- storing a first link that links a first risk to an account group in a first table in a data structure of a database;
  
  storing a second link that links a second risk to a control objective in a second table in the data structure, wherein the control objective is an objective of a control for managing risk; and
  
  performing risk management by accessing both the first risk through the account group and the second risk through the control objective, wherein the risk management requires that the first risk is accessible due to the account group being accessed first from the data structure before accessing the first risk and the second risk is accessible due to the control objective being accessed first from the data structure before accessing the second risk, wherein performing risk management comprises;
  
  accessing the account group from the data structure;
  
  accessing the first link in the first table, the first link accessible via accessing the account group;
  
  accessing the first risk using the first link, wherein the first risk is accessible due to the account group being accessed first from the data structure and then the first link being accessed via the account group and used to access the first risk;
  
  accessing the control objective from the data structure;
  
  accessing the second link in the second table, the second link accessible via the control objective; and
  
  accessing the second risk using the second link, wherein the second risk is accessible due to the control objective being accessed first from the data structure and then the second link being accessed via the control objective and used to access the second risk.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable storage medium of claim 14, further comprising:
    - storing a third link that links a third risk to a central sub-process in a third table in the data structure; and
      
      accessing the central sub-process from the data structure;
      
      accessing the third link in the third table, the third link accessible via accessing the central sub-process;
      
      accessing the third risk using the third link, wherein the third risk is accessible due to the central sub-process being accessed first from the data structure and then the third link being accessed via the central sub-process and used to access the third risk.
  - 16. The non-transitory computer-readable storage medium of claim 14, further comprising:
    - linking the account group to a central sub-process, wherein the first risk is inherited to the central sub-process.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein accessing the first risk comprises:
    - determining an account group assertion for the account group from the central sub-process; and
      
      accessing the first risk for the account group assertion using the determined account group.
  - 18. The non-transitory computer-readable storage medium of claim 15, further comprising linking the control objective to the central sub-process, wherein the second risk is inherited to the central sub-process.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein accessing the second risk comprises:
    - accessing the control objective from the central sub-process; and
      
      accessing the second risk using the determined control objective.

20. An apparatus comprising:
- one or more computer processors; and
  
  a computer-readable storage medium comprising instructions for controlling the one or more computer processors to be operable for;
  
  storing a first link that links a first risk to an account group in a first table in a data structure of a database;
  
  storing a second link that links a second risk to a control objective in a second table in the data structure, wherein the control objective is an objective of a control for managing risk; and
  
  performing risk management by accessing both the first risk through the account group and the second risk through the control objective, wherein the risk management requires that the first risk is accessible due to the account group being accessed first from the data structure before accessing the first risk and the second risk is accessible due to the control objective being accessed first from the data structure before accessing the second risk, wherein performing risk management comprises;
  
  accessing the account group from the data structure;
  
  accessing the first link in the first table, the first link accessible via accessing the account group;
  
  accessing the first risk using the first link, wherein the first risk is accessible due to the account group being accessed first from the data structure and then the first link being accessed via the account group and used to access the first risk;
  
  accessing the control objective from the data structure;
  
  accessing the second link in the second table, the second link accessible via the control objective; and
  
  accessing the second risk using the second link, wherein the second risk is accessible due to the control objective being accessed first from the data structure and then the second link being accessed via the control objective and used to access the second risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Yu, Haiyang, Zeng, Ying, Chiu, Chihhe, Choi, Richard, DiMayuga, Agnes, Hu, Cheng, Orsag, Martin, Zhao, Xing, Zhou, Donghua
Primary Examiner(s)
Zeender, F.
Assistant Examiner(s)
Amsdell, Dana

Application Number

US12/832,532
Publication Number

US 20110251930A1
Time in Patent Office

2,084 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

G06Q 40/12 Accounting

Data management for top-down risk based audit approach

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data management for top-down risk based audit approach

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links