WO2002031719A2 - Integrative risk management system and method - Google Patents

Integrative risk management system and method Download PDF

Info

Publication number
WO2002031719A2
WO2002031719A2 PCT/GB2001/004567 GB0104567W WO0231719A2 WO 2002031719 A2 WO2002031719 A2 WO 2002031719A2 GB 0104567 W GB0104567 W GB 0104567W WO 0231719 A2 WO0231719 A2 WO 0231719A2
Authority
WO
WIPO (PCT)
Prior art keywords
risk
project
actions
data store
activities
Prior art date
Application number
PCT/GB2001/004567
Other languages
French (fr)
Inventor
David Ellis
Richard Higgs
Michael King
Tom Teixeira
Tzanko Tzanev
Darren Wogan
Howard Weiner
Original Assignee
Strategic Thought Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Strategic Thought Limited filed Critical Strategic Thought Limited
Priority to EP01974519A priority Critical patent/EP1325452A1/en
Priority to AU2001294034A priority patent/AU2001294034A1/en
Publication of WO2002031719A2 publication Critical patent/WO2002031719A2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06312Adjustment or analysis of established resource schedule, e.g. resource or task levelling, or dynamic rescheduling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06313Resource planning in a project environment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06316Sequencing of tasks or work
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Definitions

  • the present invention relates to an integrative risk management system and a method thereof and particularly, but not exclusively, to a risk management system in which the risks arising from a plurality of separate, but related, projects can be automatically managed in a centralised manner.
  • Risk management fundamentally consists of assigning to a nested structure of projects and their associated activities at least a cost and a time and then identifying risks and the impact of such risks on the cost and time assigned to each particular activity and project. The same risk could affect more than one activity or project but may have differing levels of impact. Where a risk has an impact on the cost of an activity, for example, then the analysis can be performed against each activity independently. If, on the other hand, a risk has an impact on time, then the analysis of the impact must feed through the entire project structure.
  • mitigating plans are identified and put in place to reduce or prevent the risk.
  • the mitigating plans are generally in the form of a series of actions that are to be followed.
  • the mitigating plans could have the effect of reducing the probability of the risk arising or of reducing the extent of the risk's impact on a particular activity or project.
  • the present invention therefore seeks to provide an integrative risk management system that overcomes at least some of the disadvantages outlined above and in particular is capable of integrating with project management systems.
  • the present invention is especially, but not exclusively, concerned with providing a risk management system and method that is suitable for use with multiple projects at multiple sites, remote from one another.
  • the invention provides an integrated project management and risk management apparatus comprising: a project data store containing a plurality of ' inter-related project actions; a risk data store containing a plurality of inter-related project activities related to said project actions, and a plurality of risk indicators associated with said project activities; and a risk processor in communication with said project data store and said risk data store, said risk processor being operable to: read project actions from said project data store; read project activities and associated risk indicators from said risk data store; generate and write to said risk data store changes to said project activities and risk indicators to reflect the project actions read from the project data store; generate or receive, and write to said risk data store, one or more mitigating activities identified to reduce or prevent a risk or the consequences of a risk associated with a project activity; and generate and write to the project data store one or more new project actions, or alterations to existing project actions, corresponding to the mitigating activities generated or received.
  • the invention also provides corresponding software for execution by the risk processor, and a computer readable medium or media carrying such software.
  • the invention also provides risk management software comprising a set of instructions for the following steps to be performed when the software is executed: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities in dependence on whether the changes are to actions in the project data resulting from step c) above.
  • the changes to the project data are compared with new actions or alterations to existing actions previously output to the project data and where the changes to project data relate to actions previously output -to the project data no revisions are made to the plurality of activities;
  • the software may receive a trigger from the product data so that it knows when the project data has been changed.
  • the software may periodically poll the project data to determine whether changes have been made to the project data.
  • the risk management software comprises the further step of automatically outputting a message to a predetermined recipient when the consequences of a risk are identified as exceeding a selected threshold. Also a message may be automatically output to one or more predetermined recipients when the processor receives notice of an impacted risk.
  • the present invention provides risk management apparatus comprising a risk processor; means for linking the risk processor to a risk data store; a project data interface for linking the risk processor to a second store containing project data; and a program store containing a set of ' instructions for performing the following functions: a) accessing project data in the second store, the project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator and storing the plurality of activities in the risk data store; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of' a risk, outputting to the second store one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities stored in the risk data store in dependence on whether the changes are to actions in the project data resulting from step c) above.
  • the risk data store and the second store a program store containing
  • the functionality of the apparatus is divided into at least three parts: a presentational part for managing the presentation of risk information to a user of the apparatus; a logic part for analysing the project data and for generating and updating the contents of the risk data store; and an interface part for enabling communication of the apparatus with external applications and wherein the presentational part and the interface part are restricted to only interfacing internally with the logic part.
  • a fourth part may be included consisting of a risk data store interface which is permitted to interface with both the logic part and the interface part.
  • the present invention provides a risk management method for storing and updating risk information, comprising the steps of: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities in dependence on whether the changes are to actions in the project data resulting from step c) above.
  • FIG. 1 is a schematic illustration of an integrated project management and risk management system
  • FIG. 2 is a schematic overview of the system architecture of an integrated project management and risk management system in accordance with the present invention
  • FIG. 3 schematically illustrates the interfaces between the various functions of the risk processor of Figure 2;
  • Figure 4 illustrates a systems architecture for a risk management system in accordance with the present invention.
  • the risk management system 1 including a risk processor 2 will be at a first location, for example head office, and in communication with a risk data store 3 which is either part of the same machine as the processor 2 or may be elsewhere, in which case communication of the processor 2 with the data store 3 is via a communications link which may be provided by, for example, a local or wide area network.
  • a large number of workstations 30, away from the first location, are also capable of communication with the risk processor 2 via similar communications links 32 which may, at least in part, be provided by the publically accessible Internet.
  • each workstation 30 is provided with standard Internet/HTML web browser ' software to enable the workstation to interrogate and update the risk management system and read and update risk information from the risk data store 3.
  • the remote workstations 30 include project management systems 4. Project data " in the form of a series of nested actions and their statuses is stored by the project management systems 4 or in one or more separate project databases 8, along with information on the status of the actions.
  • one or more of the project management systems may be collocated with, or even running on the same computer system as the risk processor 2.
  • the risk management system 1 is able to automatically interrogate the project management systems 4 or project databases 8 and retrieve the project data.
  • This project data is used by the risk management system in the construction of a conventional activity breakdown structure which consists of the projects and their associated activities, ordered in a nested arrangement, with. a respective cost and time assigned to each project and activity, as mentioned earlier.
  • the risk management system 1 is similarly capable of identifying and retrieving changes to individual managed projects and adjusting the activity breakdown structure accordingly.
  • the identification and retrieval by the risk management system of changes to an existing managed project is described in greater detail below. All potential risks are then identified and the impact of the risks on the cost and time assigned to each activity and each project is determined along with suitable mitigating actions.
  • the identification of risks and mitigating actions may be performed manually and the data entered into the risk management system or the risk management system may include functionality to identify risks and mitigating actions automatically.
  • mitigating actions have been identified and the risk for each project and activity adjusted to account for the implementation of mitigating actions, * where appropriate, risk or mitigating action assignments are then automatically communicated by the risk management system, ideally via e-mail using an e-mail interface 6, to the relevant project managers via their remote workstations.
  • risk management system may also update, or cause to be updated, the project data automatically or directly.
  • These changes like all other changes to the managed projects are identified by the risk management system as mentioned above. However,' where these changes reflect mitigating actions that were originally identified by the risk management system, the changes are not used to update the activity breakdown structure. This is necessary to avoid the development of a continuous loop of adjustments attracting further adjustments, and so on.
  • the exchange of data between the project management systems 4 and the risk management system 1 may be achieved by means of a mapping table 21 that may be stored with the risk management system.
  • the mapping table 21 may additionally be used to record changes to the managed project.
  • a polling function may be implemented by the risk management system 1 to interrogate the mapping table on a regular basis, e.g. once a day or once an hour to identify any new additions to the mapping table representing changes to the managed project. Any new additions that are identified are then read by the risk management system and compared against the mitigating actions and activities which are already known to the system. Where an addition is found to represent a change to a managed project that does not result from a mitigating action, the activity breakdown structure stored in the risk database 3 is updated to reflect the change.
  • the risk management system When an event that has been identified as a risk occurs, that is to say it is impacted, this is entered into the risk management system.
  • the risk management system then automatically issues messages, ideally in the form of e-mail messages, to one or more people whose names are pre-programmed into the risk management system, for notifications of this nature.
  • the recipients of such automated messages may include the risk manager, the project manager of the project affected by the impacted risk and in the case of catastrophic risks a CEO or other senior director of the company managing the project would in all probability also be automatically notified.
  • Filters can be defined in the risk management system to control when such messages are sent. Examples of such filters include: risk category, cost or risk owner (the person -responsible for managing the risk and any mitigating actions) .
  • the system architecture comprises risk register and analysis functions implemented in a risk processor 2, an activity and risk data store 3, which ideally stores the data in a relational database, one or more project planning functions 4, requirements management applications 5, communications applications ⁇ and reporting applications 7.
  • the risk processor 2 interfaces with each of the other system functions but the other system functions, with the exception of the reporting applications 7, may be limited to interfacing with the risk processor.
  • the reporting applications 7 additionally interface directly with the activity and risk data store 3 so that data can be read from the data store and written into reports that are launched by the risk processor 2.
  • Various components of the system architecture may be physically distributed in a variety of ways, for example using one, two or more computer systems or operating systems in communication with each other as appropriate.
  • the project planning functions 4, requirements management 5, communications applications 6 and the reporting applications 7 may all be external third-party applications with which the risk processor 2 is capable of interfacing and hence integrating into a centrally controlled combined project management and risk management system.
  • the project planning functions 4 may be implemented using MS ProjectTM
  • the requirements management 5 may be implemented in QSS DOORSTM
  • MS Outlook/ExchangeTM may be utilised as the communications applications 6
  • Seagate Crystal ReportsTM may be utilised as the reporting application 7.
  • the above commercially available applications only exemplify the type of third-party applications that may be implemented with the integrative risk management system described herein.
  • the risk processor 2 is structured so as to maximise its interoperability and to reduce its dependency on any particular third-party package.
  • the risk processor 2 is preferably implemented as a web-based application, rather than a stand-alone executable application. This permits the client interface to be within a Web browser in which case the client side of the risk management system requires no special technology beyond a standard web browser. This is particularly beneficial in large-scale systems where there may be large numbers of workstations to be integrated into the system as the use of a web-based browser avoids the need to set-up and maintain client based software on all the workstations.
  • the risk register and analysis functions, implemented in the risk processor 2 are organised into a series of layers as illustrated in Figure 3. The purpose of this is to separate the different functionalities of data presentation 9, business logic 10 (risk management services) , data store access 11 and interface services 12, 13, 14, 15, 16.
  • the interface between each group of functionalities is in the form of component method invocations, with the interfaces between the layers being restricted to immediately adjacent layers.
  • functions in the presentation layer 9 may call functions in the risk management layer 10 but may not directly call to the lower layers which interface with external applications or the data access layer 11.
  • the presentation layer 9 consists of software for the presentation of risk management information in the form of a graphical user interface (GUI) .
  • GUI graphical user interface
  • the presentation layer 9 handles input to and output from the risk management services layer 10 and also performs formatting and validation on the input and output data.
  • the presentation layer 9 is implemented partly in HTML, or another mark-up language, which the user sees, and associated client-side scripting, and partly by server-side ASP scripts that generate the HTML commands.
  • the risk management services 10 implement the core business logic of the risk management system. Functions in this layer correspond closely to the functions, that shall be described in greater detail below, of a conventional risk management system such as the addition and removal of risks, the display of information concerning a specific risk etc. These functions embody the business logic of the system, for example the way risk scoring calculations are performed as well as the ability to add, remove or modify risks.
  • the risk management functions are not able to access external systems (such as the project planning application) directly. Instead, interface functions are used. This isolates the core business logic from the concrete details of the various external applications with which the risk management system integrates. This means that changes to the external applications should not affect the risk management functions of layer 10, as any such changes are instead accommodated by the relevant interface.
  • the risk management services 10 are able to access the data store by means of a data store access interface 11.
  • An e-mail interface 12 enables the risk management system . to interact with users via e-mail using the communications applications 6. Such interactions may involve the notification to a user of risk or action assignments.
  • the integrative risk management system provides an additional separate route for communicating with users via e-mail which shall be described in greater detail below.
  • a project planning interface 13 provides the interface to the external project planning functions 4.
  • the project planning interface 13 enables the importation of work breakdown structures (as will be described below) , the export of actions that are identified during the risk mitigation process and the processing of changes in the project plan.
  • a reporting interface 14 provides the ability to create reports using external reporting applications 7. This mainly involves launching a reporting application and passing to the application parameters to control filtering, sorting etc. The actual generation and formatting of reports is performed by the external reporting applications package 7 using ' the contents of the data store 3.
  • Security services 15 provide authorisation facilities, governing the functions and data which are accessible to users.
  • the security is implemented through a combination of environment features and application logic.
  • the security In the client-server environment, which is the preferred environment for the risk management system, the security has three main aspects: authentication which ensures only valid' clients are allowed to connect to the system; authorisation which ensures that clients are only allowed to perform authorised operations; and encryption, where needed.
  • authentication which ensures only valid' clients are allowed to connect to the system
  • authorisation ensures that clients are only allowed to perform authorised operations
  • encryption where needed.
  • Such security provisions are well known and may be implemented through the operating platform of the risk management system.
  • a requirements interface 16 provides the interface to the requirements management applications 7.
  • the data store access interface 11 provides an access layer to the risk management database 3.
  • This is preferably a generic interface through which to retrieve and update data but which acts to insulate the functionalities, that interface with the data access services, from the logical and physical implementation details of the database.
  • the system architecture for the risk management system is ideally a three-tier, web-based client-server system as illustrated in Figure 4. With this architecture the interface between the client 17 and the server 18 is based on standard HTML. Using ASP 19, web pages are dynamically generated to display the appropriate user interface as the client moves through the application. As mentioned earlier, no special technology is required on the client side apart from a standard web browser.
  • the ASP scripts make use of a • suite of COM or .NET components, which make up the bulk of the risk management system which, as mentioned above, is structured in a number of layers.
  • the components access an SQL server or other type of database 20 via ODBC.
  • All of the server side components preferably run within the framework of MTS or COM+ which provides transactional control for all service calls and so allows the components to be distributed across multiple machines, if required.
  • the transactional framework extends to the ASP scripts as well as to the installed COM or .NET components with MTS or COM+, so that transactions could be handled within ASP script, it is preferred that all transactions be handled within the top-level components of the business logic layer 10.
  • Connection between the server and a browser based client workstation may conveniently utilise the HTTP connection, or a Secure HTTPS connection, with a TCP/IP connection for ODBC access where the client workstation is running a project management system such as MS Project.
  • a project management system such as MS Project.
  • the relationship between client and server in order for the system to operate efficiently and to maximise throughput it is preferable for the relationship between client and server to be stateless.
  • the HTTP ' protocol provides a stateless relationship but this can be problematic where it is highly likely that almost always some state will need to be maintained from one page to the next. This is preferably achieved through the use of additional URL parameters and/or hidden HTML fields.
  • an alternative approach would include the use of cookies.
  • Integration with the project management system MS Project may be achieved through the use of a DBMS interface.
  • This enables the risk management system 1 to directly read and update the underlying tables which store the project plan.
  • the read interface allows MS Project plans, summary tasks and tasks to be linked in via the mapping table to form the activity breakdown structure.
  • the update interface is used to insert mitigating actions back into the project plan.
  • the MS Project plans can be stored in the same physical database as the risk management tables. This simplifies coding within the data access layer and enables queries to be performed spanning both the project management data and the risk management data. However, it is not essential for both sets of data to be stored in the same physical database and instead the project management data could be stored in a separate database remote from the risk management database.
  • the MTS or C0M+ framework is adopted, distributed transactions across two or more databases can be performed where necessary. This is particularly important where different project management systems are implemented at different remoter sites.
  • triggers can be added to the project database.
  • the project plan is checked to establish whether the plan is one that has been imported into the risk management system. If not, no further action is taken. If the plan is one that has been imported then a row is inserted into the risk event queue which is allocated a unique identification code and whatever additional information is required to identify the event to be processed.
  • the risk management system polls the event queue to check for new events and where a new event is detected the risk management system determines the appropriate action to be taken e.g. to add or delete a project task.
  • the risk management system 1 is also capable of integrating with requirements management applications such as QSS DOORS. Requirements can either be defined locally with the risk management system or can be imported from the requirements management application. In the case of QSS DOORS, integration is performed using an import/export protocol for example using a comma separated variables (CSV) file as the current version of QSS DOORS holds data in a proprietary repository format.
  • CSV comma separated variables
  • the integrative risk management system is intended to integrate with many different project management systems including but not limited to MS ProjectTM PrimaveraTM and ArtemisTM. Additionally, although reference is made herein to messages being sent by the risk management system by e-mail it will be apparent that other forms of automated messaging may alternatively be implemented including but not limited ' to SMS, pager and WAP communication.

Description

INTEGRATIVE RISK MANAGEMENT SYSTEM AND METHOD
The present invention relates to an integrative risk management system and a method thereof and particularly, but not exclusively, to a risk management system in which the risks arising from a plurality of separate, but related, projects can be automatically managed in a centralised manner. Risk management fundamentally consists of assigning to a nested structure of projects and their associated activities at least a cost and a time and then identifying risks and the impact of such risks on the cost and time assigned to each particular activity and project. The same risk could affect more than one activity or project but may have differing levels of impact. Where a risk has an impact on the cost of an activity, for example, then the analysis can be performed against each activity independently. If, on the other hand, a risk has an impact on time, then the analysis of the impact must feed through the entire project structure. For each risk that is identified, mitigating plans are identified and put in place to reduce or prevent the risk. The mitigating plans are generally in the form of a series of actions that are to be followed. The mitigating plans could have the effect of reducing the probability of the risk arising or of reducing the extent of the risk's impact on a particular activity or project.
Increasingly, companies are turning to risk management to identify and implement ways of reducing their exposure to risk, especially in large-scale projects. Various risk management software products have been developed to assist in this, much of the software being specifically for use in risk management in the medical field. Development of risk management systems has focused on ways of automating the analysis of risk and identification of mitigating actions. For example, US5930762 describes risk management software which is capable of automatically identifying appropriate mitigating actions in response to an identified risk. However, commonly, those having responsibility for the management of risk in large scale projects have not been part of the day-to-day management of the projects involved. As a result, risk management software has remained a stand-alone software product. Especially for large-scale projects, it has been realised that the .separation of risk management and project management is not ideal. Firstly, such separation results in unnecessary duplication of work. More importantly, where there is a separation of risk management and project management, poor communication can result in changes in a project not being accommodated in the modelling of the risk for that project and in actions, identified as best mitigating a risk, not being implemented in the project. The present invention therefore seeks to provide an integrative risk management system that overcomes at least some of the disadvantages outlined above and in particular is capable of integrating with project management systems. The present invention is especially, but not exclusively, concerned with providing a risk management system and method that is suitable for use with multiple projects at multiple sites, remote from one another.
The invention provides an integrated project management and risk management apparatus comprising: a project data store containing a plurality of ' inter-related project actions; a risk data store containing a plurality of inter-related project activities related to said project actions, and a plurality of risk indicators associated with said project activities; and a risk processor in communication with said project data store and said risk data store, said risk processor being operable to: read project actions from said project data store; read project activities and associated risk indicators from said risk data store; generate and write to said risk data store changes to said project activities and risk indicators to reflect the project actions read from the project data store; generate or receive, and write to said risk data store, one or more mitigating activities identified to reduce or prevent a risk or the consequences of a risk associated with a project activity; and generate and write to the project data store one or more new project actions, or alterations to existing project actions, corresponding to the mitigating activities generated or received.
The invention also provides corresponding software for execution by the risk processor, and a computer readable medium or media carrying such software.
The invention also provides risk management software comprising a set of instructions for the following steps to be performed when the software is executed: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities in dependence on whether the changes are to actions in the project data resulting from step c) above. Preferably, the changes to the project data are compared with new actions or alterations to existing actions previously output to the project data and where the changes to project data relate to actions previously output -to the project data no revisions are made to the plurality of activities; Moreover, the software may receive a trigger from the product data so that it knows when the project data has been changed. Alternatively, the software may periodically poll the project data to determine whether changes have been made to the project data.
In a preferred embodiment the risk management software comprises the further step of automatically outputting a message to a predetermined recipient when the consequences of a risk are identified as exceeding a selected threshold. Also a message may be automatically output to one or more predetermined recipients when the processor receives notice of an impacted risk.
In a further aspect the present invention provides risk management apparatus comprising a risk processor; means for linking the risk processor to a risk data store; a project data interface for linking the risk processor to a second store containing project data; and a program store containing a set of ' instructions for performing the following functions: a) accessing project data in the second store, the project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator and storing the plurality of activities in the risk data store; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of' a risk, outputting to the second store one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities stored in the risk data store in dependence on whether the changes are to actions in the project data resulting from step c) above. Ideally, the risk data store and the second store utilise the same database. Alternatively, a network interface may be provided for connecting to the second store when located at a remote site.
Ideally, the functionality of the apparatus is divided into at least three parts: a presentational part for managing the presentation of risk information to a user of the apparatus; a logic part for analysing the project data and for generating and updating the contents of the risk data store; and an interface part for enabling communication of the apparatus with external applications and wherein the presentational part and the interface part are restricted to only interfacing internally with the logic part. A fourth part may be included consisting of a risk data store interface which is permitted to interface with both the logic part and the interface part.
In another aspect the present invention provides a risk management method for storing and updating risk information, comprising the steps of: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities in dependence on whether the changes are to actions in the project data resulting from step c) above. Thus, with the present invention, it is possible for risk to be managed from a central system which automatically accesses and utilises project management data on a global basis, therefore making it suitable for use with projects involving a consortium of different enterprises. Furthermore, the integrative risk management system of the present invention is capable of being proactive with respect to changes in the one or more projects for which risk is being managed. A risk indicator may be, in particular, a _ cost allowance or a time allowance. However, other risk indicators such as quality or performance or indeed any other suitable and possibly user defined indicator could be used. An embodiment of the present invention will now be described by way of example with reference to and ' as shown in the accompanying drawings, in which: Figure 1 is a schematic illustration of an integrated project management and risk management system;
Figure 2 is a schematic overview of the system architecture of an integrated project management and risk management system in accordance with the present invention;
Figure 3 schematically illustrates the interfaces between the various functions of the risk processor of Figure 2; and
Figure 4 illustrates a systems architecture for a risk management system in accordance with the present invention.
With reference to Figure 1, in large-scale implementation of the integrated project management and risk management system for example for a multi-national company, in practice the risk management system 1 including a risk processor 2 will be at a first location, for example head office, and in communication with a risk data store 3 which is either part of the same machine as the processor 2 or may be elsewhere, in which case communication of the processor 2 with the data store 3 is via a communications link which may be provided by, for example, a local or wide area network. A large number of workstations 30, away from the first location, are also capable of communication with the risk processor 2 via similar communications links 32 which may, at least in part, be provided by the publically accessible Internet. Preferably, each workstation 30 is provided with standard Internet/HTML web browser' software to enable the workstation to interrogate and update the risk management system and read and update risk information from the risk data store 3. Additionally, at least some of the remote workstations 30 include project management systems 4. Project data " in the form of a series of nested actions and their statuses is stored by the project management systems 4 or in one or more separate project databases 8, along with information on the status of the actions.
Instead of being distant, one or more of the project management systems may be collocated with, or even running on the same computer system as the risk processor 2.
The risk management system 1 is able to automatically interrogate the project management systems 4 or project databases 8 and retrieve the project data. This project data is used by the risk management system in the construction of a conventional activity breakdown structure which consists of the projects and their associated activities, ordered in a nested arrangement, with. a respective cost and time assigned to each project and activity, as mentioned earlier. The risk management system 1 is similarly capable of identifying and retrieving changes to individual managed projects and adjusting the activity breakdown structure accordingly. The identification and retrieval by the risk management system of changes to an existing managed project is described in greater detail below. All potential risks are then identified and the impact of the risks on the cost and time assigned to each activity and each project is determined along with suitable mitigating actions. The identification of risks and mitigating actions may be performed manually and the data entered into the risk management system or the risk management system may include functionality to identify risks and mitigating actions automatically.
Once the mitigating actions have been identified and the risk for each project and activity adjusted to account for the implementation of mitigating actions, * where appropriate, risk or mitigating action assignments are then automatically communicated by the risk management system, ideally via e-mail using an e-mail interface 6, to the relevant project managers via their remote workstations. As a result of these new assignments, individual projects may be altered resulting in changes to the project data. The risk management system may also update, or cause to be updated, the project data automatically or directly. These changes, like all other changes to the managed projects are identified by the risk management system as mentioned above. However,' where these changes reflect mitigating actions that were originally identified by the risk management system, the changes are not used to update the activity breakdown structure. This is necessary to avoid the development of a continuous loop of adjustments attracting further adjustments, and so on.
The exchange of data between the project management systems 4 and the risk management system 1 may be achieved by means of a mapping table 21 that may be stored with the risk management system. The mapping table 21 may additionally be used to record changes to the managed project. In this way a polling function may be implemented by the risk management system 1 to interrogate the mapping table on a regular basis, e.g. once a day or once an hour to identify any new additions to the mapping table representing changes to the managed project. Any new additions that are identified are then read by the risk management system and compared against the mitigating actions and activities which are already known to the system. Where an addition is found to represent a change to a managed project that does not result from a mitigating action, the activity breakdown structure stored in the risk database 3 is updated to reflect the change.
When an event that has been identified as a risk occurs, that is to say it is impacted, this is entered into the risk management system. The risk management system then automatically issues messages, ideally in the form of e-mail messages, to one or more people whose names are pre-programmed into the risk management system, for notifications of this nature. For example, the recipients of such automated messages may include the risk manager, the project manager of the project affected by the impacted risk and in the case of catastrophic risks a CEO or other senior director of the company managing the project would in all probability also be automatically notified. Filters can be defined in the risk management system to control when such messages are sent. Examples of such filters include: risk category, cost or risk owner (the person -responsible for managing the risk and any mitigating actions) .
In Figure 2 an overview of the system architecture of an integrated project management and risk management system is shown. The system architecture comprises risk register and analysis functions implemented in a risk processor 2, an activity and risk data store 3, which ideally stores the data in a relational database, one or more project planning functions 4, requirements management applications 5, communications applications β and reporting applications 7. The risk processor 2 interfaces with each of the other system functions but the other system functions, with the exception of the reporting applications 7, may be limited to interfacing with the risk processor. The reporting applications 7 additionally interface directly with the activity and risk data store 3 so that data can be read from the data store and written into reports that are launched by the risk processor 2. Various components of the system architecture may be physically distributed in a variety of ways, for example using one, two or more computer systems or operating systems in communication with each other as appropriate.
The project planning functions 4, requirements management 5, communications applications 6 and the reporting applications 7 may all be external third-party applications with which the risk processor 2 is capable of interfacing and hence integrating into a centrally controlled combined project management and risk management system. For example, the project planning functions 4 may be implemented using MS Project™, the requirements management 5 may be implemented in QSS DOORS™, MS Outlook/Exchange™ may be utilised as the communications applications 6 and Seagate Crystal Reports™ may be utilised as the reporting application 7. The above commercially available applications only exemplify the type of third-party applications that may be implemented with the integrative risk management system described herein. As will be described below, the risk processor 2 is structured so as to maximise its interoperability and to reduce its dependency on any particular third-party package.
The risk processor 2 is preferably implemented as a web-based application, rather than a stand-alone executable application. This permits the client interface to be within a Web browser in which case the client side of the risk management system requires no special technology beyond a standard web browser. This is particularly beneficial in large-scale systems where there may be large numbers of workstations to be integrated into the system as the use of a web-based browser avoids the need to set-up and maintain client based software on all the workstations. The risk register and analysis functions, implemented in the risk processor 2, are organised into a series of layers as illustrated in Figure 3. The purpose of this is to separate the different functionalities of data presentation 9, business logic 10 (risk management services) , data store access 11 and interface services 12, 13, 14, 15, 16. This allows the business logic 10 to be preserved while porting one or more of the user interface 9, the data store access 11 and the external interfaces 12, 13, 14, 15, 16 to alternative technologies. The interface between each group of functionalities is in the form of component method invocations, with the interfaces between the layers being restricted to immediately adjacent layers. For example, functions in the presentation layer 9 may call functions in the risk management layer 10 but may not directly call to the lower layers which interface with external applications or the data access layer 11.
The presentation layer 9 consists of software for the presentation of risk management information in the form of a graphical user interface (GUI) . The presentation layer 9 handles input to and output from the risk management services layer 10 and also performs formatting and validation on the input and output data. In a preferred form of the risk management system, the presentation layer 9 is implemented partly in HTML, or another mark-up language, which the user sees, and associated client-side scripting, and partly by server-side ASP scripts that generate the HTML commands.
The risk management services 10 implement the core business logic of the risk management system. Functions in this layer correspond closely to the functions, that shall be described in greater detail below, of a conventional risk management system such as the addition and removal of risks, the display of information concerning a specific risk etc. These functions embody the business logic of the system, for example the way risk scoring calculations are performed as well as the ability to add, remove or modify risks. The risk management functions are not able to access external systems (such as the project planning application) directly. Instead, interface functions are used. This isolates the core business logic from the concrete details of the various external applications with which the risk management system integrates. This means that changes to the external applications should not affect the risk management functions of layer 10, as any such changes are instead accommodated by the relevant interface. The risk management services 10 are able to access the data store by means of a data store access interface 11. An e-mail interface 12 enables the risk management system .to interact with users via e-mail using the communications applications 6. Such interactions may involve the notification to a user of risk or action assignments. The integrative risk management system provides an additional separate route for communicating with users via e-mail which shall be described in greater detail below.
A project planning interface 13 provides the interface to the external project planning functions 4. The project planning interface 13 enables the importation of work breakdown structures (as will be described below) , the export of actions that are identified during the risk mitigation process and the processing of changes in the project plan. A reporting interface 14 provides the ability to create reports using external reporting applications 7. This mainly involves launching a reporting application and passing to the application parameters to control filtering, sorting etc. The actual generation and formatting of reports is performed by the external reporting applications package 7 using ' the contents of the data store 3.
Security services 15 provide authorisation facilities, governing the functions and data which are accessible to users. The security is implemented through a combination of environment features and application logic. In the client-server environment, which is the preferred environment for the risk management system, the security has three main aspects: authentication which ensures only valid' clients are allowed to connect to the system; authorisation which ensures that clients are only allowed to perform authorised operations; and encryption, where needed. Such security provisions are well known and may be implemented through the operating platform of the risk management system. A requirements interface 16 provides the interface to the requirements management applications 7.
The data store access interface 11 provides an access layer to the risk management database 3. This is preferably a generic interface through which to retrieve and update data but which acts to insulate the functionalities, that interface with the data access services, from the logical and physical implementation details of the database. As mentioned above, the system architecture for the risk management system is ideally a three-tier, web-based client-server system as illustrated in Figure 4. With this architecture the interface between the client 17 and the server 18 is based on standard HTML. Using ASP 19, web pages are dynamically generated to display the appropriate user interface as the client moves through the application. As mentioned earlier, no special technology is required on the client side apart from a standard web browser.
On the server side, the ASP scripts make use of a suite of COM or .NET components, which make up the bulk of the risk management system which, as mentioned above, is structured in a number of layers. At the lowest layer 11, the components access an SQL server or other type of database 20 via ODBC. All of the server side components preferably run within the framework of MTS or COM+ which provides transactional control for all service calls and so allows the components to be distributed across multiple machines, if required. Although the transactional framework extends to the ASP scripts as well as to the installed COM or .NET components with MTS or COM+, so that transactions could be handled within ASP script, it is preferred that all transactions be handled within the top-level components of the business logic layer 10. This ensures that if, at any time, the ASP layer were to be replaced with an alternative GUI, the components in the business logic layer would retain their integrity. With MTS or COM+ it is additionally possible to implement features such as Object pooling' in the architecture of the client-server network.
Connection between the server and a browser based client workstation may conveniently utilise the HTTP connection, or a Secure HTTPS connection, with a TCP/IP connection for ODBC access where the client workstation is running a project management system such as MS Project. Thus, integration of the project management system with the risk management system can be achieved. The relationship between the project management system and the risk management system is described more fully below.
It should be noted that in order for the system to operate efficiently and to maximise throughput it is preferable for the relationship between client and server to be stateless. Conveniently the HTTP ' protocol provides a stateless relationship but this can be problematic where it is highly likely that almost always some state will need to be maintained from one page to the next. This is preferably achieved through the use of additional URL parameters and/or hidden HTML fields. However an alternative approach would include the use of cookies. Although of more relevance where the client and server are separated across a network, the adoption of a stateless relationship between client and server in a web server environment where the client and server are on the same machine is still preferable.
Integration with the project management system MS Project may be achieved through the use of a DBMS interface. This enables the risk management system 1 to directly read and update the underlying tables which store the project plan. The read interface allows MS Project plans, summary tasks and tasks to be linked in via the mapping table to form the activity breakdown structure. The update interface is used to insert mitigating actions back into the project plan. The MS Project plans can be stored in the same physical database as the risk management tables. This simplifies coding within the data access layer and enables queries to be performed spanning both the project management data and the risk management data. However, it is not essential for both sets of data to be stored in the same physical database and instead the project management data could be stored in a separate database remote from the risk management database. As mentioned earlier, where the MTS or C0M+ framework is adopted, distributed transactions across two or more databases can be performed where necessary. This is particularly important where different project management systems are implemented at different remoter sites.
Earlier it was mentioned that changes to the project management data could be detected through a mapping table. Additionally, in the case of MS Project, triggers can be added to the project database. When an event is triggered as a result of a change to the project database, the project plan is checked to establish whether the plan is one that has been imported into the risk management system. If not, no further action is taken. If the plan is one that has been imported then a row is inserted into the risk event queue which is allocated a unique identification code and whatever additional information is required to identify the event to be processed. Periodically the risk management system then polls the event queue to check for new events and where a new event is detected the risk management system determines the appropriate action to be taken e.g. to add or delete a project task.
The risk management system 1 is also capable of integrating with requirements management applications such as QSS DOORS. Requirements can either be defined locally with the risk management system or can be imported from the requirements management application. In the case of QSS DOORS, integration is performed using an import/export protocol for example using a comma separated variables (CSV) file as the current version of QSS DOORS holds data in a proprietary repository format.
Although reference has been made herein to the project management application MS Project, the integrative risk management system is intended to integrate with many different project management systems including but not limited to MS Project™ Primavera™ and Artemis™. Additionally, although reference is made herein to messages being sent by the risk management system by e-mail it will be apparent that other forms of automated messaging may alternatively be implemented including but not limited ' to SMS, pager and WAP communication.

Claims

1. Risk management software comprising a set of instructions for the following steps to be performed when the software is executed: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities in dependence on whether the changes are to actions in the project data resulting from step c) above.
2. Risk management software as claimed in claim 1, wherein the changes to the project data are compared with new actions or alterations to existing actions previously output to the project data and where the changes to project data relate to actions previously output to the project data no revisions are made to the plurality of activities.
' 3. Risk management software as claimed in either of claims 1 or 2, comprising the step of receiving a trigger from the project data when the project data has been changed.
4. Risk management software as claimed in either of claims 1 or 2, comprising the step of periodically polling the project data to determine whether changes have been made to the project data.
5. Risk management software as claimed in any one of the preceding claims, comprising the further step of automatically outputting a message to one or more predetermined recipients.
6. Risk management software as claimed in claim 5, comprising the further step of automatically outputting a message to one or more predetermined recipients when the consequences of a risk are identified as exceeding a selected threshold.
7. Risk management software as claimed in claim 5 or 6, wherein the message is automatically output when the processor receives notice of an impacted risk.
8. Risk management software as claimed in any one of the preceding claims, wherein the risk indicator consists of one or more of a cost allowance and a time allowance.
9. A computer readable medium or media carrying the risk management software of any of claims 1 to 8.
10. Risk management apparatus comprising a risk processor; means for linking the risk processor to a risk data store; a project data interface for linking the risk processor to a second store containing project data; and a program store containing a set of instructions for performing the following functions: a) accessing project data in the second store, the project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator and storing the plurality of activities in the risk data store; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the second store one or more new actions or alterations to existing actions in the project data; and d) accessing changes to the project data and revising the plurality of activities stored in the risk data store in dependence on whether the changes are to actions in the project data resulting from step c) above.
11. Risk management apparatus as claimed in claim 10, wherein the risk data store and the second store utilise the same database.
12. Risk management apparatus as claimed in claim 10, further comprising a network interface for connecting to the second store when located at a remote site.
13. Risk management apparatus as claimed in any one of claims 10 to 12, wherein the functionality of the apparatus is divided into at least three parts: a presentational part for managing the presentation of risk information to a user of the apparatus; a logic part for analysing the project data and for generating and updating the contents of the risk data store; - and an interface part for enabling communication of the apparatus with external applications and wherein the presentational part and the interface part are restricted to only interfacing internally with the logic part.
14. Risk management apparatus as claimed in claim 13, wherein the apparatus includes a fourth part consisting of a risk data store interface which is permitted to interface with both the logic part and the interface part.
15. A risk management method for storing and updating risk information, comprising the steps of: a) accessing project data consisting of a plurality of actions to be performed; b) analysing the project data to identify a plurality of activities to at least some of which is assigned at least one risk indicator; c) on the basis of one or more mitigating tasks identified to reduce or prevent a risk or the consequences of a risk, outputting to the project data one or more new actions or alterations to existing actions in the project data; and
(d) accessing changes to the project data and revising the plurality of activities in dependence upon whether the changes are to actions in the project data resulting from the step (c) above.
16. Integrated project management and risk management apparatus comprising: a project data store containing a plurality of inter-related project actions; a risk data store containing a plurality of ' inter-related project activities related to said project actions, and a plurality of risk indicators associated with said project activities; and a risk processor in communication with said project data store and said risk data store, said risk processor being operable to: read project actions from said project data store; read project activities and associated risk indicators from said risk data store; generate and write to said risk data store changes to said project activities and risk indicators to reflect the project actions read from the project data store; generate or receive, and write to said risk data store, one or more mitigating activities identified to reduce or prevent a risk or the consequences of a risk associated with a project activity; and generate and write to the project data store one or more new project actions, or alterations to existing project actions, corresponding to the mitigating activities generated or received.
17. The apparatus of claim 16 wherein the risk processor is operable to identify and thereby not to further process changes in the project data which were generated by the risk processor.
18. A method of operating an integrated project management and risk management apparatus comprising a project data store containing a plurality of interrelated project actions, a risk data store containing a plurality of inter-related project activities related to said project actions and a plurality of risk indicators associated with said project activities, and a risk processor in communication with said project data store and said risk data store, the method comprising the steps of operating said risk processor to: read project actions from said project data store; read project activities and associated risk indicators from said risk data store; generate and write to said risk data store changes to said project activities and risk indicators to reflect the project actions read from the project data store; generate or receive, and write to said risk data store, one or more mitigating activities identified to reduce or prevent a risk or the consequences of a risk associated with a project activity; and generate and write to the project data store one or more new project actions, or alterations to existing project actions, corresponding to the mitigating activities generated or received.
19. A computer program product for use in an integrated project management and risk management apparatus comprising a project data store containing a plurality of inter-related project actions, a risk data store containing a plurality of project activities related to said project actions and a plurality of risk indicators associated with said project activities, and a risk processor in communication with said project data store and said risk data store, said computer program product comprising computer program instructions which, when executed by said risk processor, carry out the method steps of claim 18.
PCT/GB2001/004567 2000-10-12 2001-10-12 Integrative risk management system and method WO2002031719A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP01974519A EP1325452A1 (en) 2000-10-12 2001-10-12 Integrative risk management system and method
AU2001294034A AU2001294034A1 (en) 2000-10-12 2001-10-12 Integrative risk management system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0025066A GB2372843A (en) 2000-10-12 2000-10-12 Integrative project risk management system
GB0025066.2 2000-10-12

Publications (1)

Publication Number Publication Date
WO2002031719A2 true WO2002031719A2 (en) 2002-04-18

Family

ID=9901181

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/004567 WO2002031719A2 (en) 2000-10-12 2001-10-12 Integrative risk management system and method

Country Status (6)

Country Link
US (1) US7440905B2 (en)
EP (1) EP1325452A1 (en)
AU (1) AU2001294034A1 (en)
GB (1) GB2372843A (en)
HK (1) HK1048681A1 (en)
WO (1) WO2002031719A2 (en)

Families Citing this family (97)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7389265B2 (en) * 2001-01-30 2008-06-17 Goldman Sachs & Co. Systems and methods for automated political risk management
US8121937B2 (en) 2001-03-20 2012-02-21 Goldman Sachs & Co. Gaming industry risk management clearinghouse
US7958027B2 (en) * 2001-03-20 2011-06-07 Goldman, Sachs & Co. Systems and methods for managing risk associated with a geo-political area
US20040143446A1 (en) * 2001-03-20 2004-07-22 David Lawrence Long term care risk management clearinghouse
EP1336927A1 (en) * 2002-02-13 2003-08-20 Sap Ag Method and system for risk evaluation
US7930230B2 (en) * 2002-02-13 2011-04-19 Sap Ag Methods and systems for risk evaluation
US7441197B2 (en) * 2002-02-26 2008-10-21 Global Asset Protection Services, Llc Risk management information interface system and associated methods
US7536405B2 (en) * 2002-02-26 2009-05-19 Global Asset Protection Services, Llc Risk management information interface system and associated methods
JP4033291B2 (en) * 2002-05-29 2008-01-16 株式会社日立製作所 Project risk management system
US7373274B2 (en) 2003-07-10 2008-05-13 Erc-Ip, Llc Methods and structure for improved interactive statistical analysis
US7606828B2 (en) * 2003-11-18 2009-10-20 Sap Ag Delta-mechanism for integration of OLAP-based planning and reporting
US20050222892A1 (en) * 2004-03-30 2005-10-06 Erc-Ip Llc Strategies for managing recommendations
US8606723B2 (en) 2004-06-04 2013-12-10 Sap Ag Consistent set of interfaces derived from a business object model
US8655756B2 (en) 2004-06-04 2014-02-18 Sap Ag Consistent set of interfaces derived from a business object model
JP2005352742A (en) * 2004-06-10 2005-12-22 Hitachi Ltd Simulation program and simulation apparatus
US8694397B2 (en) 2004-06-18 2014-04-08 Sap Ag Consistent set of interfaces derived from a business object model
AU2005267592B2 (en) 2004-06-29 2009-10-01 Textura Corporation Construction payment management system and method
US7877321B2 (en) * 2004-06-29 2011-01-25 Textura Corporation Method of and system for evaluating financial risk associated with a construction project
US8762191B2 (en) * 2004-07-02 2014-06-24 Goldman, Sachs & Co. Systems, methods, apparatus, and schema for storing, managing and retrieving information
US8442953B2 (en) 2004-07-02 2013-05-14 Goldman, Sachs & Co. Method, system, apparatus, program code and means for determining a redundancy of information
US8510300B2 (en) 2004-07-02 2013-08-13 Goldman, Sachs & Co. Systems and methods for managing information associated with legal, compliance and regulatory risk
US8996481B2 (en) 2004-07-02 2015-03-31 Goldman, Sach & Co. Method, system, apparatus, program code and means for identifying and extracting information
US8744937B2 (en) 2005-02-25 2014-06-03 Sap Ag Consistent set of interfaces derived from a business object model
US8374931B2 (en) 2006-03-31 2013-02-12 Sap Ag Consistent set of interfaces derived from a business object model
EP2076874A4 (en) 2006-05-13 2011-03-09 Sap Ag Consistent set of interfaces derived from a business object model
US7769684B2 (en) * 2006-05-19 2010-08-03 Accenture Global Services Gmbh Semi-quantitative risk analysis
US8392364B2 (en) 2006-07-10 2013-03-05 Sap Ag Consistent set of interfaces derived from a business object model
US8566193B2 (en) 2006-08-11 2013-10-22 Sap Ag Consistent set of interfaces derived from a business object model
CN101136087A (en) * 2006-08-31 2008-03-05 国际商业机器公司 System and method for activity management in item management
US8571961B1 (en) 2006-09-28 2013-10-29 Sap Ag Managing consistent interfaces for financial business objects across heterogeneous systems
US8417593B2 (en) * 2008-02-28 2013-04-09 Sap Ag System and computer-readable medium for managing consistent interfaces for business objects across heterogeneous systems
US8577991B2 (en) 2008-03-31 2013-11-05 Sap Ag Managing consistent interfaces for internal service request business objects across heterogeneous systems
US8423418B2 (en) * 2008-03-31 2013-04-16 Sap Ag Managing consistent interfaces for business objects across heterogeneous systems
US8433585B2 (en) 2008-03-31 2013-04-30 Sap Ag Managing consistent interfaces for business objects across heterogeneous systems
US8370233B2 (en) 2008-03-31 2013-02-05 Sap Ag Managing consistent interfaces for business objects across heterogeneous systems
US8364715B2 (en) * 2008-03-31 2013-01-29 Sap Ag Managing consistent interfaces for automatic identification label business objects across heterogeneous systems
US8413165B2 (en) 2008-03-31 2013-04-02 Sap Ag Managing consistent interfaces for maintenance order business objects across heterogeneous systems
US8473317B2 (en) 2008-03-31 2013-06-25 Sap Ag Managing consistent interfaces for service part business objects across heterogeneous systems
US8589263B2 (en) 2008-03-31 2013-11-19 Sap Ag Managing consistent interfaces for retail business objects across heterogeneous systems
US8930248B2 (en) 2008-03-31 2015-01-06 Sap Se Managing consistent interfaces for supply network business objects across heterogeneous systems
US8645228B2 (en) 2008-06-26 2014-02-04 Sap Ag Managing consistent interfaces for business objects across heterogeneous systems
US8566185B2 (en) 2008-06-26 2013-10-22 Sap Ag Managing consistent interfaces for financial instrument business objects across heterogeneous systems
US8671064B2 (en) 2008-06-26 2014-03-11 Sap Ag Managing consistent interfaces for supply chain management business objects across heterogeneous systems
US20090326988A1 (en) 2008-06-26 2009-12-31 Robert Barth Managing consistent interfaces for business objects across heterogeneous systems
US8577760B2 (en) 2008-11-25 2013-11-05 Sap Ag Managing consistent interfaces for tax authority business objects across heterogeneous systems
US8463666B2 (en) 2008-11-25 2013-06-11 Sap Ag Managing consistent interfaces for merchandise and assortment planning business objects across heterogeneous systems
US20100153297A1 (en) * 2008-12-12 2010-06-17 Sap Ag Managing Consistent Interfaces for Credit Portfolio Business Objects Across Heterogeneous Systems
US20100324957A1 (en) * 2009-06-18 2010-12-23 Sumner Steven E System and Method for Program Management Using Systems Engineering Management Model
US8396751B2 (en) 2009-09-30 2013-03-12 Sap Ag Managing consistent interfaces for merchandising business objects across heterogeneous systems
US11132748B2 (en) * 2009-12-01 2021-09-28 Refinitiv Us Organization Llc Method and apparatus for risk mining
US8527327B1 (en) 2010-03-21 2013-09-03 Mark Lawrence Method and apparatus to manage project control
US8732083B2 (en) 2010-06-15 2014-05-20 Sap Ag Managing consistent interfaces for number range, number range profile, payment card payment authorisation, and product template template business objects across heterogeneous systems
US8364608B2 (en) 2010-06-15 2013-01-29 Sap Ag Managing consistent interfaces for export declaration and export declaration request business objects across heterogeneous systems
US8417588B2 (en) 2010-06-15 2013-04-09 Sap Ag Managing consistent interfaces for goods tag, production bill of material hierarchy, and release order template business objects across heterogeneous systems
US8515794B2 (en) 2010-06-15 2013-08-20 Sap Ag Managing consistent interfaces for employee time event and human capital management view of payroll process business objects across heterogeneous systems
US8370272B2 (en) 2010-06-15 2013-02-05 Sap Ag Managing consistent interfaces for business document message monitoring view, customs arrangement, and freight list business objects across heterogeneous systems
US9135585B2 (en) 2010-06-15 2015-09-15 Sap Se Managing consistent interfaces for property library, property list template, quantity conversion virtual object, and supplier property specification business objects across heterogeneous systems
US8412603B2 (en) 2010-06-15 2013-04-02 Sap Ag Managing consistent interfaces for currency conversion and date and time business objects across heterogeneous systems
US20120053982A1 (en) * 2010-09-01 2012-03-01 Bank Of America Corporation Standardized Technology and Operations Risk Management (STORM)
US8560392B2 (en) 2011-07-28 2013-10-15 Sap Ag Managing consistent interfaces for a point of sale transaction business object across heterogeneous systems
US8601490B2 (en) 2011-07-28 2013-12-03 Sap Ag Managing consistent interfaces for business rule business object across heterogeneous systems
US8521838B2 (en) 2011-07-28 2013-08-27 Sap Ag Managing consistent interfaces for communication system and object identifier mapping business objects across heterogeneous systems
US8725654B2 (en) 2011-07-28 2014-05-13 Sap Ag Managing consistent interfaces for employee data replication business objects across heterogeneous systems
US8666845B2 (en) 2011-07-28 2014-03-04 Sap Ag Managing consistent interfaces for a customer requirement business object across heterogeneous systems
US8775280B2 (en) 2011-07-28 2014-07-08 Sap Ag Managing consistent interfaces for financial business objects across heterogeneous systems
US8756274B2 (en) 2012-02-16 2014-06-17 Sap Ag Consistent interface for sales territory message type set 1
US9232368B2 (en) 2012-02-16 2016-01-05 Sap Se Consistent interface for user feed administrator, user feed event link and user feed settings
US9237425B2 (en) 2012-02-16 2016-01-12 Sap Se Consistent interface for feed event, feed event document and feed event type
US8762453B2 (en) 2012-02-16 2014-06-24 Sap Ag Consistent interface for feed collaboration group and feed event subscription
US8984050B2 (en) 2012-02-16 2015-03-17 Sap Se Consistent interface for sales territory message type set 2
US8762454B2 (en) 2012-02-16 2014-06-24 Sap Ag Consistent interface for flag and tag
US20140100890A1 (en) * 2012-03-14 2014-04-10 Terrance Luciani Risk management system and method for protecting virtual assets
US9246869B2 (en) 2012-06-28 2016-01-26 Sap Se Consistent interface for opportunity
WO2014000200A1 (en) 2012-06-28 2014-01-03 Sap Ag Consistent interface for document output request
US8615451B1 (en) 2012-06-28 2013-12-24 Sap Ag Consistent interface for goods and activity confirmation
US8756135B2 (en) 2012-06-28 2014-06-17 Sap Ag Consistent interface for product valuation data and product valuation level
US9400998B2 (en) 2012-06-28 2016-07-26 Sap Se Consistent interface for message-based communication arrangement, organisational centre replication request, and payment schedule
US8521621B1 (en) 2012-06-28 2013-08-27 Sap Ag Consistent interface for inbound delivery request
US9367826B2 (en) 2012-06-28 2016-06-14 Sap Se Consistent interface for entitlement product
US8949855B2 (en) 2012-06-28 2015-02-03 Sap Se Consistent interface for address snapshot and approval process definition
US9547833B2 (en) 2012-08-22 2017-01-17 Sap Se Consistent interface for financial instrument impairment calculation
US9076112B2 (en) 2012-08-22 2015-07-07 Sap Se Consistent interface for financial instrument impairment expected cash flow analytical result
US9043236B2 (en) 2012-08-22 2015-05-26 Sap Se Consistent interface for financial instrument impairment attribute values analytical result
US20140278730A1 (en) * 2013-03-14 2014-09-18 Memorial Healthcare System Vendor management system and method for vendor risk profile and risk relationship generation
CA2904195A1 (en) * 2013-03-14 2014-10-02 Memorial Healthcare System Vendor management system and method for vendor risk profile and risk relationship generation
US9191357B2 (en) 2013-03-15 2015-11-17 Sap Se Consistent interface for email activity business object
US9191343B2 (en) 2013-03-15 2015-11-17 Sap Se Consistent interface for appointment activity business object
US20140330615A1 (en) * 2013-05-03 2014-11-06 Oracle International Corporation Risk estimation of inspection sites
US11120380B1 (en) 2014-06-03 2021-09-14 Massachusetts Mutual Life Insurance Company Systems and methods for managing information risk after integration of an acquired entity in mergers and acquisitions
JPWO2016021184A1 (en) * 2014-08-06 2017-06-01 日本電気株式会社 Information processing system, project risk detection method and program
US10198702B2 (en) * 2015-01-30 2019-02-05 Acccenture Global Services Limited End-to end project management
US10599676B2 (en) 2015-12-15 2020-03-24 Microsoft Technology Licensing, Llc Replication control among redundant data centers
US11226985B2 (en) 2015-12-15 2022-01-18 Microsoft Technology Licensing, Llc Replication of structured data records among partitioned data storage spaces
US10235406B2 (en) 2015-12-15 2019-03-19 Microsoft Technology Licensing, Llc Reminder processing of structured data records among partitioned data storage spaces
US10248709B2 (en) 2015-12-15 2019-04-02 Microsoft Technology Licensing, Llc Promoted properties in relational structured data
US11295261B2 (en) 2018-05-25 2022-04-05 Deepwell Dtx FDA compliant quality system to risk-mitigate, develop, and maintain software-based medical systems
WO2022067332A1 (en) 2020-09-24 2022-03-31 Douglas Ryan J Immersive medicine translational engine for development and repurposing of non-verified and validated code

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4935877A (en) 1988-05-20 1990-06-19 Koza John R Non-linear genetic algorithms for solving problems
US5586252A (en) * 1994-05-24 1996-12-17 International Business Machines Corporation System for failure mode and effects analysis
US6088678A (en) * 1996-04-09 2000-07-11 Raytheon Company Process simulation technique using benefit-trade matrices to estimate schedule, cost, and risk
US5930762A (en) * 1996-09-24 1999-07-27 Rco Software Limited Computer aided risk management in multiple-parameter physical systems
JP3639434B2 (en) * 1998-06-24 2005-04-20 株式会社日立製作所 Management work evaluation apparatus and method in project management
US6219805B1 (en) * 1998-09-15 2001-04-17 Nortel Networks Limited Method and system for dynamic risk assessment of software systems
JP2000200303A (en) * 1999-01-05 2000-07-18 Hitachi Ltd Return risk evaluation system
JP2002535748A (en) * 1999-01-15 2002-10-22 ビックネル, コンサルティング, インコーポレイテッド An integrated product development system that integrates content
US7212986B1 (en) * 1999-06-16 2007-05-01 Metier, Ltd. Method and apparatus for planning and monitoring multiple tasks based on user defined criteria and predictive ability
US6237915B1 (en) * 1999-06-30 2001-05-29 Practice Fields L.L.C. Board game for teaching project management skills
US6397202B1 (en) * 1999-07-01 2002-05-28 The United States Of America As Represented By The Secretary Of The Navy System and method for monitoring risk in a system development program
US6370573B1 (en) * 1999-08-31 2002-04-09 Accenture Llp System, method and article of manufacture for managing an environment of a development architecture framework
US6662357B1 (en) * 1999-08-31 2003-12-09 Accenture Llp Managing information in an integrated development architecture framework
US7231327B1 (en) 1999-12-03 2007-06-12 Digital Sandbox Method and apparatus for risk management
JP3886322B2 (en) 2000-06-23 2007-02-28 株式会社アシックス Shoe sole ventilation structure
US6718342B1 (en) * 2000-09-01 2004-04-06 Real Time Boss, Inc. Method and apparatus for network-enabled risk assessment

Also Published As

Publication number Publication date
EP1325452A1 (en) 2003-07-09
US7440905B2 (en) 2008-10-21
HK1048681A1 (en) 2003-04-11
GB2372843A (en) 2002-09-04
US20020138318A1 (en) 2002-09-26
AU2001294034A1 (en) 2002-04-22
GB0025066D0 (en) 2000-11-29

Similar Documents

Publication Publication Date Title
US7440905B2 (en) Integrative risk management system and method
US10452668B2 (en) Smart defaults for data visualizations
US8707336B2 (en) Data event processing and application integration in a network
US7640165B2 (en) Web based methods and systems for managing compliance assurance information
CN100483405C (en) Method and system for alert delivery architecture
US7617210B2 (en) Global inventory warehouse
US6918059B1 (en) Method and system for handling errors in a distributed computer system
US8176083B2 (en) Generic data object mapping agent
US7151438B1 (en) System and wireless device for providing real-time alerts in response to changes in business operational data
US20080133594A1 (en) Application Directory
US8321232B2 (en) Screening electronic service requests
US20070222589A1 (en) Identifying security threats
CA2688509A1 (en) Distributed system for monitoring information events
DE10316218A1 (en) Network service based communication for use in a process control system
US20070198477A1 (en) Systems and methods for managing regulatory information
US20150007261A1 (en) System and method of assessing data protection status of data protection resources
US20060004597A1 (en) Method and system for grouping events
WO2016134098A1 (en) Plan visualization
EP2616969A2 (en) Enterprise application workcenter
US20080163218A1 (en) Configuration and execution of mass data run objects
CA2484521C (en) Workstation deployment
EP0438020B1 (en) Method and system for automatically controlling the distribution of data objects
US20050096774A1 (en) System and method for integrating transactional and real-time manufacturing data
CN108701122A (en) System and method for the incident management in enterprise resource planning
US20020087439A1 (en) Method and system for electronically qualifying supplier parts

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001974519

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001974519

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP