SYSTEM AND METHOD OF CONDUCTING SELF ASSESSMENT FOR REGULATORY COMPLIANCE

摘要

A system and method for self-assessing a company's compliance with a preset regulatory framework. The system presents a plurality of questions that are based on particular regulatory requirements. In response to each question, the system receives an answer to each question, a measure of inherent risk associated with each question for the company, and a measure of control risk associated with each question for the organization. The system is then configured to calculate the residual risk associated with each question based on at least the received inherent risk and control risk. The system also allows a user to delegate a question to a second user and track the status of a question. In addition to delegating questions, the system provides for local help and help through communicating with a compliance expert.

主权项

1. A computer system comprising:
a. at least one processor; and b. memory operatively coupled to the at least one processor; wherein the at least one processor is configured to:
i. present a plurality of questions to a user;ii. if the user is qualified to answer a particular question of the plurality of questions:
receive an answer to the particular question;receive a measurement of inherent risk associated with the subject matter of the particular question as it applies to the user;receive a measurement of risk control associated with the particular question as it applies to the user;iii. at least partially in response to receiving the answer, the measurement of inherent risk and the measurement of risk control for the particular question, calculate a residual risk associated with the particular question as it applies to the user;iv. store, in memory, the particular question, the received answer to the particular question, the received measurement of inherent risk, the received measurement of control risk, and the calculated residual risk; andv. generate a self-assessment report based on the received answer, the received measurement of inherent risk, the received measurement of risk control and the calculated residual risk for each one of the plurality of questions.