| US 7,593,859 B1 | ||
| System and method for operational risk assessment and control | ||
| Jennifer B. Owens, Charlotte, N.C. (US); Jacob Firestone, Martinez, Calif. (US); Edward T. Hawthorne, Fairfield, Calif. (US); Joseph L Valasquez, Charlotte, N.C. (US); David Hadd, Charlotte, N.C. (US); and Bradley A. Yee, South San Francisco, Calif. (US) | ||
| Assigned to Bank of America Corporation, Charlotte, N.C. (US) | ||
| Filed on Oct. 08, 2003, as Appl. No. 10/605,551. | ||
| Int. Cl. G06F 17/50 (2006.01) | ||
| U.S. Cl. 705—7 | 39 Claims |
| 1. A method of managing operational risk for an organization, the method comprising:
identifying at least one failure mode for a function of the organization;
identifying at least one cause and at least one effect for at least one of the at least one failure mode;
acquiring ratings associated with the at least one cause and the at least one effect;
permuting the at least one failure mode, the at least one cause, and the at least one effect to define at least two risk items;
and
producing a risk prioritization report of the at least two risk items based at least in part on the ratings associated with
the at least one cause and the at least one effect, the ratings comprising:
a severity rating and a response rating associated with each of the at least one effect; and
an occurrence rating and a detection rating associated with each of the at least one cause; and
wherein the acquiring permuting and producing steps are performed by a computer; and
wherein the producing of the risk prioritization report comprises:
calculating a criticality based on the severity rating and the occurrence rating;
calculating a risk priority number based on the severity rating, the occurrence rating and the detection rating; and
calculating an adjusted criticality based on the criticality, the severity rating, and the response rating,
wherein the calculating steps are performed by a computer.
|