There is a need to manage and assess the quality of a project's controls.
In some embodiments, a system for third party control alignment is provided. The system comprises: a memory; a processor; and a module stored in memory, executable by a processor, and configured to: receive a guideline associated with a third party; compare the received guideline associated with a third party with a plurality of control objectives; determine a match between the received guideline associated with a third party and at least one control objective from the plurality of control objectives; and assign the at least one control objective to the received guideline associated with a third party in response to determining a match.
In some embodiments, the at least one control objective comprises at least one of a control objective internal to a financial institution and a third party guideline.
In some embodiments, the third party guideline is associated with COBIT.
In some embodiments, comparing the at least guideline associated with a third party to the plurality of control objectives comprises generating an overall control effectiveness via an electronic workbook.
In some embodiments, the electronic workbook comprises at least one of a menu, a table, a list, a map, or a spreadsheet.
In some embodiments, the electronic workbook comprises means for enabling a user to input information associated with at least one of the guideline associated with a third party and the plurality of control objectives via an interface.
In some embodiments, information associated with the guideline associated with a third party and the at least one control objective comprises at least one of an identification number, a grouping, a service name, a description, included activities, a process description, a control objective, a control objective description, a value driver, a control practice, or guidelines.
In some embodiments, the electronic workbook comprises means for identifying at least one gap in existing control.
In some embodiments, the electronic workbook comprises means for recommending deployment of at least one control objective to fill the at least one gap based on identifying the least one gap.
In some embodiments, the electronic workbook is integrated with an existing online platform associated with a financial institution.
In some embodiments, assigning the at least one control objective to the guideline associated with a third party enables at least one of the at least one control objective and the guideline associated with a third party to serve as a common translation means between at least one of a control objective and a third party guideline.
In some embodiments, the electronic workbook comprises means for enabling a user to add, edit, delete, modify, save, and store at least one of a service catalog item, a control objective, and a guideline associated with a third party.
In some embodiments, the system comprises generating a message in response to assigning the at least one control objective to the guideline associated with a third party.
In some embodiments, the message is transmitted to an apparatus associated with a user, wherein the user is at least one of a project manager, an internal operations specialist, a process owner, or a member of a quality assurance team associated with a financial institution.
In some embodiments, comparing the guideline associated with a third party with the plurality of control objectives comprises analyzing information associated with at least one of the guideline associated with a third party and the plurality of control objectives;
In some embodiments, assigning the at least one control objective to the guideline associated with a third party comprises associating the at least one control objective with the guideline associated with a third party so that when a user recalls the at least one control objective, the guideline associated with a third party is recalled as well.
In some embodiments, the electronic workbook comprises an interface for enabling a user to visually navigate information associated with the guideline associated with a third party and the plurality of control objectives.
In some embodiments, the workbook is integrated with an existing digital platform.
In some embodiments, a method for third party control alignment. The method comprises: receiving a guideline associated with a third party; comparing the received guideline associated with a third party with a plurality of control objectives; determining a match between the received guideline associated with a third party and at least one control objective from the plurality of control objectives; and assigning the at least one control objective to the received guideline associated with a third party in response to determining a match.
In some embodiments, a computer program product for third party control alignment is provided. The product comprises: a memory; a processor; and a module stored in memory, executable by a processor, and configured to: receive a guideline associated with a third party; compare the received guideline associated with a third party with a plurality of control objectives; determine a match between the received guideline associated with a third party and at least one control objective from the plurality of control objectives; and assign the at least one control objective to the received guideline associated with a third party in response to determining a match.
Having thus described embodiments of the invention in general terms, reference will now be made to the accompanying drawings, where:
Embodiments of the present invention now may be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all, embodiments of the invention are shown. Indeed, the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure may satisfy applicable legal requirements. Like numbers refer to like elements throughout.
In some embodiments, an “entity” as used herein may be a financial institution. For the purposes of this invention, a “financial institution” may be defined as any organization, entity, or the like in the business of moving, investing, or lending money, dealing in financial instruments, or providing financial services. This may include commercial banks, thrifts, federal and state savings banks, savings and loan associations, credit unions, investment companies, insurance companies and the like. In other embodiments, an “entity” may not be a financial institution.
In some embodiments, a “user” may be an internal operations specialist, a business development operations specialist, a business unit manager, a project manager, a process owner, or a member quality assurance team associated with the entity.
The entity may currently utilize a financial system that enables a user to map, track, and/or assess the quality (e.g., performance, adherence to guidelines, or the like) of a service catalog item (or a project, a process, a production, a phase of production, a control, a control objective, a third party guideline, a business unit procedure, protocol, service, or metric, or the like). In some embodiments, the user may assess the quality of the service catalog item by evaluating the service catalog item against an industry-standard set of guidelines, such as COBIT, guidelines associated with a third party, or internal quality assessment tools, namely control objectives. Adherence to such guidelines and controls may ensure to a high degree of certainty that the service catalog is designed to perform—and therefore will perform with high priority—at satisfactory quality levels.
The present invention may be designed to incorporate third party regulatory guidelines into the entity's existing quality control system. Uniquely, the third party guidelines may be aligned with or correspond to internal quality control objectives so that the third party guidelines serve as a common translation between one or more sets of guidelines or controls within the entity's quality control system. In theory, if a service catalog item's quality is assessed against and adheres to a control objective that is aligned with a third party guideline (which may be, in some embodiments, more stringent than the internal control objective), then with high probability the service catalog item also adheres to the third party guideline, or vice versa.
The purpose of incorporating third party guidelines into the entity's existing quality control system may be to aid in obtaining advanced quality certifications. A certification may be awarded to the entity as a whole or on a per-service-catalog-item basis for achieving or sustaining a predetermined threshold of quality on a service catalog item. With this certification, the entity may prove to its shareholders that a service catalog item is operating in compliance with industry-standard guidelines and regulations, including those associated with a trusted third party. Ultimately, the certification may increase shareholder confidence that the entity is not only producing high quality service catalog items, but also that they are being measured and validated via reputable methods.
The present invention may enable an apparatus (e.g., a computer system) associated with the entity to efficiently assess and control the quality and performance of a service catalog item in a production environment. In some embodiments, a framework may be provided for managing and maintaining satisfactory performance of a service catalog item as a project (or another business development operation) moves through various phases of production. In some embodiments, the framework may define a menu, a table, a list, a map, or, typically, a workbook.
The workbook may embody a spreadsheet that is utilized by the user to assess the service catalog item against one or more internal control objectives and/or third party guidelines. In practice, analyzing information associated with a service catalog item, a control objective, or an aligned third party guideline may enable the user to determine via the workbook that the service catalog item is perhaps suitable for compliance with industry-standard regulations. The service catalog item (or the associated project/business development operation as a whole) may be granted third-party certification based on its compliance with industry-standard third party guidelines. The actual granting of certification may occur via the entity or a third party.
Information associated with a control objective, a service catalog item, or a third party guideline may include an identification number, a grouping, a service name, a description, included activities, or the like and may be used as a reference for alignment. Information associated with the alignment of a control objective to a third party guideline (or vice versa) may be presented in the workbook. This information may include an identification number, a process description, a control objective, a control objective description, a value driver, a control practice, guidelines, or the like. The user may input this information in determining if a control objective or a service catalog item applies to or is aligned with a third party guideline (or vice versa). The user may also denote in the workbook if the aligned control objective or service catalog item is applicable or not applicable to the third party guideline (or vice versa). Based on its applicability, the user may update information associated with the control objective or service catalog item before a quality evaluation. The user may access this information via an interface that is associated with a display, a touchscreen, a keyboard, a mouse, or the like.
The workbook may be further utilized to evaluate the quality of existing internal controls associated with the entity (e.g., control objectives) or third party guidelines. Associated information fields may be presented to the user and may include a description of controls in place, a control type, a control class, a control design, a control effectiveness, or the like. The user typically selects an appropriate response to each of these fields via a drop down list, but other methods of selecting a response may be used as well.
An overall control effectiveness may serve as a rating of the service catalog item's adherence to internal control objectives or third party guidelines. The overall control effectiveness may be automatically determined by the present invention based on the user's selection of a control design and a control effectiveness associated with the service catalog item. Once determined, the overall control effectiveness may be assigned to the service catalog item. Furthermore, determining the overall control effectiveness may reveal gaps in the existing controls in place associated with the service catalog item.
Additional fields for comments may exist in the workbook, including a control rating justification and a control action plan. Comments may or may not be required depending on the user's selections, any provided information, and the overall control effectiveness rating. It is in these comment fields where control gaps may be identified or addressed. For example, the user may input an action plan with a timeline in the control action plan field. The present invention may be configured to automatically generate a list of gaps in existing controls.
The workbook may prompt the user with a list of gaps in existing controls. This list may include recommendations for adding additional control objectives or third party guidelines to the list of existing controls to address any gaps in control quality associated with the service catalog item. Additional control objectives or third party guidelines may be included in or appended to the service catalog, wherein adding the additional control objectives, service catalog items, or third party guidelines includes creating a record of the additional control objectives, service catalog items, or third party guidelines in the service catalog. When additional control objectives or third party guidelines are added to the list of existing controls, the present invention may be configured to automatically implement or include the additional control objectives, service catalog items, or third party guidelines in the control assessment processes. The user may further be prompted for comments directed to whether or not the recommendations will be taken and applied to the project.
Furthermore, the workbook may enable the user to align a control objective to a third party guideline, or vice versa. The workbook, through a series of user prompts and information inputs, may be configured to identify which control objectives and third party guidelines are associated with one another. Identified control objectives may be determined to be a match with other control objectives or third party guidelines. Based on determining a match between the control objective and the third party guideline, the apparatus may assign and align the control objective to the third party guideline. If no match is determined, the present invention may be configured to enable the user to add the control objective or third party guideline to the service catalog for future item matching.
If maintaining a satisfactory level of quality of a service catalog item requires adherence to a particular control objective, the workbook may be configured to assist the user in identifying which third party guideline aligns (or are associated) with the particular control objective. Alternatively, if a service catalog item requires adherence to a third party guideline, the workbook may enable the user to identify which control objective corresponds to the third party guideline. Thus, the workbook aims to ensure that a high level of project quality is maintained throughout a phase of a service catalog item by evaluating and quantifying the quality of the service catalog item.
In some embodiments, the control objective may serve as a translation means between other control objectives or third party guidelines. In other embodiments, third party guidelines may serve as a translation means between control objectives or other third party guidelines. The user may be enabled to select which translation means is used via the interface. The control objective or the third party guideline may be associated with the service catalog item.
The present invention may enable the user to efficiently modify the total number of items in the service catalog. For example, the present invention may be configured to add a new service item to the item catalog, or edit or modify an existing service catalog item so that it fills in identified gaps in the entity's existing quality control processes. The user may also select a service maturity rating for each service catalog item. Furthermore, a metric for each service catalog item may be provided in the workbook. The metric may include the overall control effectiveness for each service catalog item.
The present invention may help streamline the identification of appropriate controls or gaps in controls when maintaining an adequate level of service catalog item quality. Ultimately, the present invention may improve the entity's foundational understanding of their control management system for ensuring service catalog items comply with internal control objectives and third party guidelines, thus increasing probability that the service catalog items (and their associated projects or business unit services) obtain advanced third party certification.
The framework's interface may further include a dashboard from which the user may manage the quality of a service catalog item. In some embodiments, the dashboard may include a visual representation of the project and its associated phases of project execution. For example, a block diagram or a map may depict how each aspect (a deliverable, a production goal or phase, or the like) of the service catalog item is connected. The dashboard may be configured to present to the information associated with the service catalog item, including but not limited to a list of critical elements, a deliverable title, a control objective, a description, a usage, a timeline, a deliverable dependency, an update, a team name or a list of contributors, a status, a link to a deliverable, or the like. The user may better understand how the service catalog item and its associated information are connected to other service catalog items, control objectives, or third party guidelines.
The information included in the dashboard may be sorted or filtered by a variety of criteria including a deliverable title, a date, a description, a usage, an update, a team, a template, a type, or the like. The information may also be edited, modified, deleted, or added by the user. Typically, the user is removed from the execution of the service catalog item itself, such as a member of an internal quality assurance team. If the user is directly associated with the service catalog item, such as a project manager or a developer, he or she may not have access to edit, modify, add, or delete information.
In some embodiments, the apparatus may transmit a message to the user in response to assessing the quality of the service catalog item, determining the overall control effectiveness, or another function. The message may include a notification that the quality assurance evaluation process is completed, that a particular threshold of quality has been approached or surpassed, that there are identified control gaps, or in response to another action.
All in all, the purpose of the framework (the workbook and the interface) may be to ensure a desired level of quality throughout the various phases of a service catalog item. By evaluating service catalog item quality based on internal control objectives and industry-standard third party guidelines, the framework can increase efficiency in the entity's project execution processes. Furthermore, an easy-to-navigate dashboard and innovative quality assessment tools may simplify the management of the project.
As shown in
The user input system 640 may include any computerized apparatus that can be configured to perform any one or more of the functions of the user input system 640 described and/or contemplated herein. For example, the user 645 may use the user input system 640 to transmit and/or receive information or commands to and from the system 630. In some embodiments, for example, the user input system 640 may include a personal computer system (e.g. a non-mobile or non-portable computing system, or the like), a mobile computing device, a personal digital assistant, a mobile phone, a tablet computing device, a network device, and/or the like. As illustrated in
Each communication interface described herein, including the communication interface 642, generally includes hardware, and, in some instances, software, that enables the user input system 640, to transport, send, receive, and/or otherwise communicate information to and/or from the communication interface of one or more other systems on the network 610. For example, the communication interface 642 of the user input system 640 may include a wireless transceiver, modem, server, electrical connection, and/or other electronic device that operatively connects the user input system 640 to another system such as the system 630. The wireless transceiver may include a radio circuit to enable wireless transmission and reception of information. Additionally, the user input system 640 may include a positioning system. The positioning system (e.g. a global positioning system (GPS), a network address (IP address) positioning system, a positioning system based on the nearest cell tower location, or the like) may enable at least one of the user input system 640 or an external server or computing device in communication with the user input system 640 to determine the location (e.g. location coordinates) of the user input system 640.
Each processor described herein, including the processor 644, generally includes circuitry for implementing the audio, visual, and/or logic functions of the user input system 640. For example, the processor may include a digital signal processor device, a microprocessor device, and various analog-to-digital converters, digital-to-analog converters, and other support circuits. Control and signal processing functions of the system in which the processor resides may be allocated between these devices according to their respective capabilities. The processor may also include functionality to operate one or more software programs based at least partially on computer-executable program code portions thereof, which may be stored, for example, in a memory device, such as in the user application 647 of the memory 646 of the user input system 640.
Each memory device described herein, including the memory 646 for storing the user application 647 and other information, may include any computer-readable medium. For example, memory may include volatile memory, such as volatile random access memory (RAM) having a cache area for the temporary storage of information. Memory may also include non-volatile memory, which may be embedded and/or may be removable. The non-volatile memory may additionally or alternatively include an EEPROM, flash memory, and/or the like. The memory may store any one or more of pieces of information and data used by the system in which it resides to implement the functions of that system.
As shown in
Also shown in
It will be understood that the system application 637 may be configured to implement any one or more portions of the various user interfaces and/or process flow described herein. The system application 637 may interact with the user application 647. It will also be understood that, in some embodiments, the memory includes other applications. It will also be understood that, in some embodiments, the system application 637 is configured to communicate with the datastore 638, the user input system 640, or the like.
It will be further understood that, in some embodiments, the system application 637 includes computer-executable program code portions for instructing the processor 634 to perform any one or more of the functions of the system application 637 described and/or contemplated herein. In some embodiments, the system application 637 may include and/or use one or more network and/or system communication protocols.
In addition to the system application 637, the memory 636 also includes the datastore 638. As used herein, the datastore 638 may be one or more distinct and/or remote datastores. In some embodiments, the datastore 638 is not located within the system and is instead located remotely from the system. In some embodiments, the datastore 638 stores information or data described herein.
It will be understood that the datastore 638 may include any one or more storage devices, including, but not limited to, datastores, databases, and/or any of the other storage devices typically associated with a computer system. It will also be understood that the datastore 638 may store information in any known way, such as, for example, by using one or more computer codes and/or languages, alphanumeric character strings, data sets, figures, tables, charts, links, documents, and/or the like. Further, in some embodiments, the datastore 638 may include information associated with one or more applications, such as, for example, the system application 637. It will also be understood that, in some embodiments, the datastore 638 provides a substantially real-time representation of the information stored therein, so that, for example, when the processor 634 accesses the datastore 638, the information stored therein is current or substantially current.
It will be understood that the embodiment of the system environment illustrated in
In addition, the various portions of the system environment 600 may be maintained for and/or by the same or separate parties. It will also be understood that the system 630 may include and/or implement any embodiment of the present invention described and/or contemplated herein. For example, in some embodiments, the system 630 is configured to implement any one or more of the embodiments of the process flows described and/or contemplated herein in connection any process flow described herein. Additionally, the system 630 or the user input system 640 is configured to initiate presentation of any of the user interfaces described herein.
In accordance with embodiments of the invention, the term “module” with respect to a system may refer to a hardware component of the system, a software component of the system, or a component of the system that includes both hardware and software. As used herein, a module may include one or more modules, where each module may reside in separate pieces of hardware or software.
Although many embodiments of the present invention have just been described above, the present invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Also, it will be understood that, where possible, any of the advantages, features, functions, devices, and/or operational aspects of any of the embodiments of the present invention described and/or contemplated herein may be included in any of the other embodiments of the present invention described and/or contemplated herein, and/or vice versa. In addition, where possible, any terms expressed in the singular form herein are meant to also include the plural form and/or vice versa, unless explicitly stated otherwise. Accordingly, the terms “a” and/or “an” shall mean “one or more,” even though the phrase “one or more” is also used herein. Like numbers refer to like elements throughout.
As will be appreciated by one of ordinary skill in the art in view of this disclosure, the present invention may include and/or be embodied as an apparatus (including, for example, a system, machine, device, computer program product, and/or the like), as a method (including, for example, a business method, computer-implemented process, and/or the like), or as any combination of the foregoing. Accordingly, embodiments of the present invention may take the form of an entirely business method embodiment, an entirely software embodiment (including firmware, resident software, micro-code, stored procedures in a database, or the like), an entirely hardware embodiment, or an embodiment combining business method, software, and hardware aspects that may generally be referred to herein as a “system.” Furthermore, embodiments of the present invention may take the form of a computer program product that includes a computer-readable storage medium having one or more computer-executable program code portions stored therein. As used herein, a processor, which may include one or more processors, may be “configured to” perform a certain function in a variety of ways, including, for example, by having one or more general-purpose circuits perform the function by executing one or more computer-executable program code portions embodied in a computer-readable medium, and/or by having one or more application-specific circuits perform the function.
It will be understood that any suitable computer-readable medium may be utilized. The computer-readable medium may include, but is not limited to, a non-transitory computer-readable medium, such as a tangible electronic, magnetic, optical, electromagnetic, infrared, and/or semiconductor system, device, and/or other apparatus. For example, in some embodiments, the non-transitory computer-readable medium includes a tangible medium such as a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a compact disc read-only memory (CD-ROM), and/or some other tangible optical and/or magnetic storage device. In other embodiments of the present invention, however, the computer-readable medium may be transitory, such as, for example, a propagation signal including computer-executable program code portions embodied therein.
One or more computer-executable program code portions for carrying out operations of the present invention may include object-oriented, scripted, and/or unscripted programming languages, such as, for example, Java, Perl, Smalltalk, C++, SAS, SQL, Python, Objective C, JavaScript, and/or the like. In some embodiments, the one or more computer-executable program code portions for carrying out operations of embodiments of the present invention are written in conventional procedural programming languages, such as the “C” programming languages and/or similar programming languages. The computer program code may alternatively or additionally be written in one or more multi-paradigm programming languages, such as, for example, F#.
Some embodiments of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of apparatus and/or methods. It will be understood that each block included in the flowchart illustrations and/or block diagrams, and/or combinations of blocks included in the flowchart illustrations and/or block diagrams, may be implemented by one or more computer-executable program code portions. These one or more computer-executable program code portions may be provided to a processor of a general purpose computer, special purpose computer, and/or some other programmable data processing apparatus in order to produce a particular machine, such that the one or more computer-executable program code portions, which execute via the processor of the computer and/or other programmable data processing apparatus, create mechanisms for implementing the steps and/or functions represented by the flowchart(s) and/or block diagram block(s).
The one or more computer-executable program code portions may be stored in a transitory and/or non-transitory computer-readable medium (e.g. a memory) that can direct, instruct, and/or cause a computer and/or other programmable data processing apparatus to function in a particular manner, such that the computer-executable program code portions stored in the computer-readable medium produce an article of manufacture including instruction mechanisms which implement the steps and/or functions specified in the flowchart(s) and/or block diagram block(s).
The one or more computer-executable program code portions may also be loaded onto a computer and/or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer and/or other programmable apparatus. In some embodiments, this produces a computer-implemented process such that the one or more computer-executable program code portions which execute on the computer and/or other programmable apparatus provide operational steps to implement the steps specified in the flowchart(s) and/or the functions specified in the block diagram block(s). Alternatively, computer-implemented steps may be combined with, and/or replaced with, operator- and/or human-implemented steps in order to carry out an embodiment of the present invention.
While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other changes, combinations, omissions, modifications and substitutions, in addition to those set forth in the above paragraphs, are possible. Those skilled in the art will appreciate that various adaptations, modifications, and combinations of the just described embodiments can be configured without departing from the scope and spirit of the invention. Therefore, it is to be understood that, within the scope of the appended claims, the invention may be practiced other than as specifically described herein.