A data processing system and method of using said data processing system for assessing and managing risk is disclosed. The preferred embodiment of the method includes the steps of identifying a set of risk elements; determining an importance for each said risk element; identifying any subrisks associated with said risk elements; identifying one ore more control procedures for each said subrisk element; assigning weights to each said control procedure; rating compliance with each said control procedure and calculating an overall weighed compliance score. The method may further include the steps of for each non-fully compliant subrisk, allowing the user to determine whether to accept the risk or generate an action plan addressing the risk. The method may further preferably include calculating future compliance scores based on said action plans. The system further provides for sorting and displaying compliance scores by a number of parameters.
A method for generating a compliance rating for federally mandated accessibility standards for a consumer oriented product is disclosed wherein relevance criteria for at least one provision of said standards has already been defined. The method involves the steps of identifying at least one configuration for the product to rate, determining which rules of the standard are relevant to the identified configuration and generating a list of user functions for the configuration, dividing each of the user task functions intended to be performed into a plurality of sub-tasks, filtering the generated list of tasks as to appropriateness and applicability, and performing each sub-task and rating the performance against the identified relevant standards as defined therein. Lastly, the method involves repeating these steps until all configurations of the product under review have been rated.
When the process plan made for execution is corrected based on the process correction condition, the variation amount in each of processes based on the process correction condition is calculated as the probability distribution using the probability distribution data generated by obtaining the probability distribution from the variation-amount prediction value of each of the processes. Thereby, the influence degree on other processes when the process is corrected can be estimated not simply as the propagation of the variation fixed value but so as to be more suited to the actual circumstances in accordance with the attribute information and the past variation patterns of the process.
A computer-implemented method for generating a risk assessment regarding a software implementation project includes accessing a previously specified importance value and maximum score for each of a multiple of risk factors. The importance value for each risk factor reflects experience of an implementing entity regarding the extent to which the factor may negatively impact a software implementation project if the factor is not adequately addressed, the importance value and maximum score for each factor being multiplied to define a potential weighted score for the factor. An actual score for a particular software implementation project is received for each factor based on an analysis specific to the particular project. An actual weighted score for the particular project is generated for each factor by multiplying the importance value and actual score for the factor, and a relationship between the potential weighted score and actual weighted score for each factor. A risk level for the particular project is assigned to each factor according to the relationship between the potential weighted score and the actual weighted score for the factor. The risk level for each factor represents an assessment regarding the extent to which the factor may negatively impact the particular project if the factor is not adequately addressed. A risk assessment is generated for the particular project including one or more of the assigned risk levels for the particular project for one or more corresponding factors.
A method, system and computer product for risk evaluation. A computer assigns a risk to an object. The object has an object measure-value and the risk has at least one threat level. The computer receives a probability of the at least one threat level. The probability refers to the object. The computer calculates the object measure-value by using the probability of the at least one threat level and by using a deviation-value that corresponds to the at least one threat level and relates to the object.
A system provides audit opinions on an enterprise's organizations, processes, risks, and risk controls. The system first evaluates the enterprise's set of risk controls. The audit opinions of the set of risk controls are used to evaluate the set of risks associated with the set of risk controls. The audit opinions of the set of risks and of the set of risk controls are in turn used to evaluate the set of processes associated with the set of risks. Finally, all of these audit opinions are used to evaluate the set of organizations associated with the set of processes. The system streamlines the evaluation of risk by determining suggested audit opinions. Suggested audit opinions for a given item can be determined from audit opinions previously determined and associated with the given item. Rules can be defined for a given item to specify how to determine the suggested audit result.
