최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0433316 (2006-05-12) |
등록번호 | US-7260549 (2007-08-21) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 32 인용 특허 : 340 |
A data processing system and method of using said data processing system for assessing and managing risk is disclosed. The preferred embodiment of the method includes the steps of identifying a set of risk elements; determining an importance for each said risk element; identifying any subrisks assoc
A data processing system and method of using said data processing system for assessing and managing risk is disclosed. The preferred embodiment of the method includes the steps of identifying a set of risk elements; determining an importance for each said risk element; identifying any subrisks associated with said risk elements; identifying one or more control procedures for each said subrisk element; assigning weights to each said control procedure; rating compliance with each said control procedure and calculating an overall weighed compliance score. The method may further include the steps of for each non-fully compliant subrisk, allowing the user to determine whether to accept the risk or generate an action plan addressing the risk. The method may further preferably include calculating future compliance scores based on said action plans. The system further provides for sorting and displaying compliance scores by a number of parameters.
What is claimed is: 1. A method for determining compliance with organizational business policies associated with a business risk, said method comprising: a. a computer, coupled to a server via a network, receiving a user selection of a business risk element from a business risk element list which i
What is claimed is: 1. A method for determining compliance with organizational business policies associated with a business risk, said method comprising: a. a computer, coupled to a server via a network, receiving a user selection of a business risk element from a business risk element list which is displayed to the user, said business risk element list being retrieved from a database coupled to said computer via said network; b. in response to the selection of said business risk element, the computer retrieving one or more predetermined control procedures, the control procedures identified by an administrator as a means for complying with business policies associated with said selected business risk element; c. the computer associating said one or more predetermined control procedures with said selected business risk element, said predetermined control procedures being stored in said database; d. in response to the retrieving of the control procedures, the computer retrieving a weight assigned to each one of said predetermined control procedures, said weight being stored in said database; e. the computer receiving a user selection of a compliance rating for each said predetermined control procedure, the rating selected by the user indicating a level of compliance with each one of said predetermined control procedures, for each of said predetermined control procedures the level of compliance is a subjective rating selected from a rigid set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures, wherein said compliance ratings comprise at least one rating identifying a non-fully compliant control procedures; f. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance rating of said predetermined control procedures; g. for each said control procedure having a non-fully compliant rating, the computer receiving a user generated signal indicating whether said non-fully compliant rating is accepted or not accepted; and h. for each said non-fully compliant control procedure which is indicated as not accepted, requiring the user to provide signals for generating an action plan. 2. The method of claim 1 wherein said action plan include a target date, said method further comprising the step of the computer calculating an expected compliance score for one or more future dates based on said action plan target dates. 3. The method of claim 2 further comprising the step of the computer tracking whether said expected compliance scores have been met, said tracking including calculating actual compliance scores for said target dates. 4. The method of claim 3 further comprising the step of the computer displaying said expected compliance scores versus said actual compliance for said target dates. 5. The method of claim 4 wherein said compliance score and said second compliance score are calculated at different points in time during a project. 6. A method for determining compliance with organizational business policies associated with a business risk, said method comprising: a. a computer receiving a user selection of a business risk element from a business risk element list which is displayed to a user on a display terminal of the computer, said business risk element list being retrieved from a database coupled to said computer; b. in response to the selection of said business risk element, the computer identifying one or more subrisk elements associated with said business risk element, each said subrisk element being retrieved from said database; c. for at least one subrisk element, the computer retrieving one or more predetermined control procedures, the control procedures identified by an administrator as a means for complying with business policies associated with said identified subrisk element; d. the computer associating said one or more control procedures with said subrisk element, said control procedures being stored in said database; e. the computer retrieving a weight assigned to each one of said predetermined control procedures, said weight being stored in said database; f. the computer receiving a user selection of a compliance rating for each said predetermined control procedure, each said compliance rating is a subjective rating selected from a rigid predetermined set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures including at least one rating indicating said control procedure is not fully compliant; g. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance rating of said control procedures; h. for each said subrisk, the computer determining whether at least one control procedure associated with said subrisk is not fully compliant; i. for each said subrisk associated with at least one control procedure which is not fully compliant, the computer receiving a signal from the user indicating whether said subrisk should be accepted or not accepted; j. for each said subrisk which is indicated as not accepted, the computer generating an action plan; k. receiving a user selection of a business risk element from a business risk element list; and l. in response to the selection of said business risk element, the computer presenting a sorted list of business risk elements including the selected business risk element. 7. The method of claim 6 wherein said sorted list contains business risk elements from multiple projects. 8. A data processing system for determining compliance with organizational business policies associated with a business risk, said system comprising: a. a database; b. a processor coupled to said database, said processor being programmed to perform the steps comprising: i. the computer receiving a first signal identifying a user selection of a set of business risk elements from a business risk element list which is displayed to a user, said business risk elements being stored in said database; ii. the computer receiving a second signal identifying a user selection of one or more control procedures associated with each said business risk element, said control procedure comprising a means for complying with business policies associated with said risk elements, said control procedures being stored in said database; iii. the computer receiving a third signal assigning a weight to each said control procedure, said weight being stored said database; iv. the computer receiving a fourth signal identifying a user selection of a compliance rating for each said control procedure, for each of said predetermined control procedures the compliance rating is selected from a rigid set of compliance ratings, the same set of compliance ratings is available for each of said predetermined control procedures wherein said compliance ratings comprise at least one rating identifying a non-fully compliant control procedure; v. the computer calculating a compliance score, said compliance score being a function of said assigned weights and said compliance rating of said control procedures; vi. for each said control procedure having a non-fully compliant rating, the computer receiving a signal indicating whether said non-fully compliant rating is accepted or not accepted; vii. for each said non-fully compliant control procedure which is indicated as not accepted, the computer receiving an action plan, said action plan including an expected target date for implementation and an expected compliance rating; viii. the computer generating one or more future expected compliance scores for a future date, said compliance scores being a function of said target dates, said assigned weights and said expected compliance rating of said control procedures; and ix. the computer calculating a second compliance score at said future date, said second compliance score being a function of said assigned weights and said compliance rating of said control procedures at said future date. 9. The method of claim 8 wherein said action plan further includes a target date, said method further comprising the step of the computer calculating a future compliance score based on said action plan target dates. 10. The system of claim 9 further comprising the step of the computer sorting said compliance ratings and displaying said sorted ratings. 11. The system of claim 8 further comprising the step of the computer associating one or more parameters with each said compliance rating. 12. A method of forecasting compliance with organizational business policies associated with a business risk with the aid of a computer system, said method comprising: a. the computer identifying a set of business risk elements, said business risk elements being stored in a database coupled to said computer; b. for at least one of said business risk elements, the computer retrieving one or more predetermined control procedures, the control procedures identified by an administrator as a means for complying with business policies associated with said business risk element; c. the computer associating said one or more control procedures with said business risk element; d. the computer retrieving a weight assigned to each one of said predetermined control procedures, said weight being stored in said database; e. the computer receiving a user selection of a compliance rating for each said predetermined control procedure, said compliance ratings are subjective ratings chosen from a predetermined rigid set of ratings over a uniform range, the same set of compliance ratings is available for each of said predetermined control procedures, including at least one rating identifying a non-fully compliant control procedure and at least one rating identifying fully compliant control procedures; f. for each said control procedure having a non-fully compliant rating, the user employing the computer to generate an action plan, said action plan including a target date for at least one action listed therein; and g. the computer calculating an expected compliance score for a future date, said expected compliance score being a function of said assigned weights, said fully compliant control procedures, and said action plan target dates for said non-fully compliant control procedures; h. the computer calculating a second compliance score at said future date, said second compliance score being a function of said assigned weights and said compliance rating of said control procedures at said future date. 13. The method of claim 12 wherein said compliance score and said second compliance score are calculated at different points in time during a project.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.