Abstract: Methods and systems for risk prioritization allow a user or organization to prioritize various risk items using a knowledge base. The knowledge base may be continually updated and/or improved based on newly available historical data (e.g., cost of mitigation, actual effects), new forecasts or predicative analyses (e.g., costs for mitigation), expert community consensus and/or new priority information. As new information is updated in the knowledge base, new and existing risk items may be evaluated and/or re-evaluated to determine a risk priority. Risk priority may be determined based on a remediation cost score as well as a risk score. The prioritization system may further develop recommendations for prioritizing and mitigating a risk item.

Abstract: System and method for operational risk assessment and control. The present invention, in disclosed, example embodiments provides systems and methods to facilitate risk assessment, prioritization, mitigation and control activities. Various modules work together to accomplish risk assessment, prioritization, mitigation and stability tracking. The modules can be implemented by a computer system or systems, software and networks, or by other means, such as paper-based means. In some embodiments, operational risk management and control begins with an assessment for one or more functions of the organization involved. This assessment includes identifying failure modes, causes and effects, which are permuted to define risk items. A risk prioritization report is produced which prioritizes the risk items based at least in part on the ratings associated with the causes and effects, and a mitigation plan can be put in place.

Abstract: A tool to assess risks associated with software applications, and controls implemented to mitigate these risks, includes a first software component configured to gather information about the risks and controls, and a second software component configured to display the gathered information. The first software component includes a self-assessment tool which is invoked by a user to enter information reflective of risk levels over a number of risk categories. These risk levels are used to calculate a risk score associated with a particular application. The user also enters information as to whether or not a number of specific control attributes have been implemented, and this information is used to calculate a control score.

Abstract: System and method for operational risk assessment and control. The present invention, in disclosed, example embodiments provides systems and methods to facilitate risk assessment, prioritization, mitigation and control activities. Various modules work together to accomplish risk assessment, prioritization, mitigation and stability tracking. The modules can be implemented by a computer system or systems, software and networks, or by other means, such as paper-based means. In some embodiments, operational risk management and control begins with an assessment for one or more functions of the organization involved. This assessment includes identifying failure modes, causes and effects, which are permuted to define risk items. A risk prioritization report is produced which prioritizes the risk items based at least in part on the ratings associated with the causes and effects, and a mitigation plan can be put in place.

Abstract: System and method for operational risk assessment and control. The present invention, in disclosed, example embodiments provides systems and methods to facilitate risk assessment, prioritization, mitigation and control activities. Various modules work together to accomplish risk assessment, prioritization, mitigation and stability tracking. The modules can be implemented by a computer system or systems, software and networks, or by other means, such as paper-based means. In some embodiments, operational risk management and control begins with an assessment for one or more functions of the organization involved. This assessment includes identifying failure modes, causes and effects, which are permuted to define risk items. A risk prioritization report is produced which prioritizes the risk items based at least in part on the ratings associated with the causes and effects, and a mitigation plan can be put in place.

Abstract: A tool to assess risks associated with software applications, and controls implemented to mitigate these risks, includes a first software component configured to gather information about the risks and controls, and a second software component configured to display the gathered information. The first software component includes a self-assessment tool which is invoked by a user to enter information reflective of risk levels over a number of risk categories. These risk levels are used to calculate a risk score associated with a particular application. The user also enters information as to whether or not a number of specific control attributes have been implemented, and this information is used to calculate a control score. This process may be repeated for each of several software applications.