US2006100958A1PendingUtilityA1
Method and apparatus for operational risk assessment and mitigation
Est. expiryNov 9, 2024(expired)· nominal 20-yr term from priority
G06Q 40/03G06Q 10/0631G06Q 10/0635G06Q 30/0201G06Q 10/06375G06Q 10/06312G06Q 40/08
62
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Risk in business management is analyzed based on a probabilistic network approach which quantifies the impact of operational risk on financial metrics such as Value-at-Risk (VAR) and/or Potential Losses (PL). This approach provides further capability to determine the optimal placement of one or more countermeasures within a system to minimize the impact of operational risks.
Claims
exact text as granted — not AI-modified1 . A method for modeling and quantifying operational risk of a business enterprise comprising the steps of:
identifying one or more causal operational risk event drivers, identifying one or more business processes in the business enterprise impacted by identified causal operational risk event drivers, identifying one or more resources and one or more tasks within identified business processes impacted by identified causal operational risk drivers, identifying one or more countermeasures associated with each impacted resource, or the absence thereof, and assigning quantitative effectiveness weighting to each identifying one or more countermeasures associated with each impacted task, or the absence thereof, and assigning quantitative effectiveness weighting to each, identifying one or more mitigants associated with each causal operational risk event driver, or the absence thereof, and assigning quantitative effectiveness weighting to each, constructing a probabilistic network model based on the causal operational risk event drivers, business processes, impacted resources and tasks, and associated countermeasures and mitigants, computing a probability distribution of financial loss associated with the causal operational risk event drivers, or by associating one or more fixed exposure variables, and computing an overall potential enterprise process exposure to loss arising from the causal operational event drivers utilizing values for financial loss associated with the causal operational risk event drivers and effectiveness weightings for each identified countermeasure and mitigant.
2 . A method according to claim 1 , wherein the model is used to quantify any combination of technology, process and/or people risk, or the risk of any of them separately.
3 . A method according to claim 1 , wherein probability distribution of financial losses is calculated using an algorithm whose computational effort is a non-exponential function of number of operational risk events and parameters describing the probabilistic network such as number of nodes, arcs etc.
4 . A method according to claim 1 , further comprising the step of estimating a Return on Investment (ROI) for identified risk countermeasures.
5 . A method according to claim 1 , further comprising the step of modeling the state of an environment according to the risk tolerance of the business manager or owner.
6 . A method according to claim 1 , wherein users can dynamically alter the state representation of an environment to create “what-if” scenarios.
7 . A method according to claim 1 , wherein the at least one operational risk event further comprises the step of prioritizing events reflecting state changes based on changes in systemic quantified risk and optimize the allocation of resources to manage system change.
8 . A method according to claim 1 , wherein the assessed risk is the determination of the probability of failure of any system component, as well as its duration and frequency.
9 . A method according to claim 1 , wherein the computation of the potential loss exposure due to the operational risk event is itself inherently inclusive of a combinatorial risk explosion; and wherein the computational method obviates the combinatorial risk explosion by constructing a filtering operation determined by setting the parameters of the input adverse events to specified material risk levels according to the tolerances of a particular institution or a class of institutions.
10 . A method for modeling and quantifying operational risk in a business enterprise comprising the steps of:
identifying one or more operational risks in the business enterprise, obtaining historical information on events that contribute to identified operational risks, identifying one or more business processes in the business enterprise, associating identified business processes with underlying logical and physical infrastructure and operational risks, constructing a probabilistic network model based on the business processes, underlying infrastructure and operational risks, and computing an overall potential exposure to losses in the business.
11 . A method according to claim 10 , wherein the model is used to quantify any combination of technology, process and/or people risk, or the risk of any of them separately.
12 . A method according to claim 10 , wherein probability distribution of financial losses is calculated using an algorithm whose computational effort is a non-exponential function of number of operational risk events and parameters describing the probabilistic network such as number of nodes, arcs etc.
13 . A method according to claim 10 , further comprising the step of taking one or more actions or countermeasures to control one or more aspects of operational risk.
14 . A method according to claim 10 , further comprising the step of taking one or more actions or countermeasures to control the financial risk presented by a system.
15 . A method according to claim 10 , further comprising the step of estimating a Return on Investment (ROI) for identified risk countermeasures.
16 . A method according to claim 10 , further comprising the step of modeling the state of an environment according to the risk tolerance of the business manager or owner.
17 . A method according to claim 10 , wherein users can dynamically alter the state representation of an environment to create “what-if” scenarios.
18 . A method according to claim 10 , wherein the at least one operational risk event further comprises the step of prioritizing events reflecting state changes based on changes in systemic quantified risk and optimize the allocation of resources to manage system change.
19 . A method according to claim 10 , wherein the assessed risk is the determination of the probability of failure of any system component, as well as its duration and frequency.
20 . A method according to claim 10 , wherein the computation of the potential loss exposure due to the operational risk event is itself inherently inclusive of a combinatorial risk explosion; and wherein the computational method obviates the combinatorial risk explosion by constructing a filtering operation determined by setting the parameters of the input adverse events to specified material risk levels according to the tolerances of a particular institution or a class of institutions.
21 . A computer implemented method for modeling and quantifying operational risk of a business enterprise comprising the steps of:
identifying one or more causal operational risk event drivers, identifying one or more business processes in the business enterprise impacted by identified causal operational risk event drivers, identifying one or more resources and one or more tasks within identified business processes impacted by identified causal operational risk drivers, identifying one or more countermeasures associated with each impacted resource, or the absence thereof, and assigning quantitative effectiveness weighting to each identifying one or more countermeasures associated with each impacted task, or the absence thereof, and assigning quantitative effectiveness weighting to each, identifying one or more mitigants associated with each causal operational risk event driver, or the absence thereof, and assigning quantitative effectiveness weighting to each, constructing a probabilistic network model based on the causal operational risk event drivers, business processes, impacted resources and tasks, and associated countermeasures and mitigants, computing a probability distribution of financial loss associated with the causal operational risk event drivers, or by associating one or more fixed exposure variables, and computing an overall potential enterprise process exposure to loss arising from the causal operational event drivers utilizing values for financial loss associated with the causal operational risk event drivers and effectiveness weightings for each indentified countermeasure and mitigant.
22 . A signal-bearing medium tangibly embodying a program of machine readable instructions executable by a digital processing apparatus to perform a method for modeling and quantifying operational risk of a business enterprise comprising the steps of:
identifying one or more causal operational risk event drivers, identifying one or more business processes in the business enterprise impacted by identified causal operational risk event drivers, identifying one or more resources and one or more tasks within identified business processes impacted by identified causal operational risk drivers, identifying one or more countermeasures associated with each impacted resource, or the absence thereof, and assigning quantitative effectiveness weighting to each identifying one or more countermeasures associated with each impacted task, or the absence thereof, and assigning quantitative effectiveness weighting to each, identifying one or more mitigants associated with each causal operational risk event driver, or the absence thereof, and assigning quantitative effectiveness weighting to each, constructing a probabilistic network model based on the causal operational risk event drivers, business processes, impacted resources and tasks, and associated countermeasures and mitigants, computing a probability distribution of financial loss associated with the causal operational risk event drivers, or by associating one or more fixed exposure variables, and computing an overall potential enterprise process exposure to loss arising from the causal operational event drivers utilizing values for financial loss associated with the causal operational risk event drivers and effectiveness weightings for each indentified countermeasure and mitigant.
23 . A computer implemented method for modeling and quantifying operational risk of a business enterprise comprising the steps of:
identifying one or more operational risks in the business enterprise, obtaining historical information on events that contribute to identified operational risks, identifying one or more business processes in the business enterprise, associating identified business processes with underlying logical and physical infrastructure and operational risks, constructing a probabilistic network model based on the business processes, underlying infrastructure and operational risks, and computing an overall potential exposure to losses in the business.
24 . A signal-bearing medium tangibly embodying a program of machine readable instructions executable by a digital processing apparatus to perform a method for modeling and quantifying operational risk of a business enterprise comprising the steps of:
identifying one or more operational risks in the business enterprise, obtaining historical information on events that contribute to identified operational risks, identifying one or more business processes in the business enterprise, associating identified business processes with underlying logical and physical infrastructure and operational risks, constructing a probabilistic network model based on the business processes, underlying infrastructure and operational risks, and computing an overall potential exposure to losses in the business.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.