CN116205496B - Compliance risk management and control method, system, electronic equipment and storage medium - Google Patents

Compliance risk management and control method, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN116205496B
CN116205496B CN202310349054.8A CN202310349054A CN116205496B CN 116205496 B CN116205496 B CN 116205496B CN 202310349054 A CN202310349054 A CN 202310349054A CN 116205496 B CN116205496 B CN 116205496B
Authority
CN
China
Prior art keywords
risk
examination
library
standard
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310349054.8A
Other languages
Chinese (zh)
Other versions
CN116205496A (en
Inventor
刘伟
林毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Prospect Mdt Infotech Ltd
Original Assignee
Guangdong Prospect Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Prospect Mdt Infotech Ltd filed Critical Guangdong Prospect Mdt Infotech Ltd
Priority to CN202310349054.8A priority Critical patent/CN116205496B/en
Publication of CN116205496A publication Critical patent/CN116205496A/en
Application granted granted Critical
Publication of CN116205496B publication Critical patent/CN116205496B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/067Enterprise or organisation modelling
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the invention relates to the technical field of risk assessment and discloses a method, a system, electronic equipment and a storage medium for managing and controlling compliance risks; comprising the following steps: collecting legal and regulation information and establishing a regulation standard library; establishing an industry standard library based on a preset target industry field and a rule standard library; establishing a risk index library based on an industry standard library; constructing a total risk model based on the risk index library; acquiring the operation information of each target enterprise; data analysis is carried out on the management information to determine a corresponding examination item list; and generating a risk report based on the examination item list and the total risk model, wherein the risk report comprises a total risk index. The emergency flow management method in the embodiment of the invention realizes the normalization of a series of flows of acquisition, identification, conversion, evaluation and rectification by establishing a standardized and flow-based compliance management mechanism, improves the compliance management efficiency by an informatization technical means, and continuously discovers the risk of enterprise compliance and prompts improvement.

Description

Compliance risk management and control method, system, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of risk assessment, in particular to a method, a system, electronic equipment and a storage medium for managing and controlling compliance risks.
Background
Compliance risk management is the core of enterprise compliance management, and throughout enterprise compliance management, the use and specific operation flow of professional methods are involved. Compliance risk is one of the risks of an enterprise, and refers to the possibility and consequences of non-compliance of compliance obligations of the enterprise (2.12 th of the guidelines of compliance management systems of China (GB/T35770-2017)), and is the risk of sanctions, penalties, property loss and reputation loss that may be caused by the violation of compliance regulations by the enterprise.
At present, the construction of an enterprise safety compliance system mainly has the following typical problems: 1) The identification is incomplete and untimely. Safety law and regulation standards relate to the fields of multiple fields, wide sources and large quantity, and meanwhile, the regulation standards are updated frequently, so that incomplete and untimely updating of enterprise applicable resource lists is easy to cause. 2) The depth of the defect is identified. The identification of the terms by the enterprise lacks accurate comprehensive analysis, and missed judgment and misjudgment occur frequently. 3) The transformation is not timely and complete. When the applicable regulation standard is revised and fails, the regulation standard is disjointed with the regulation standard due to the failure of timely updating the system, the self-diagnosis form and the like. 4) The compliance system is not sound. No sound compliance management system and operation mechanism are established, and compliance assessment flows in a formal manner.
Therefore, the method and the device guide the enterprise to keep the line on the bottom and bright red through improving the legal standard recognition transformation capability, and are important grippers for perfecting the enterprise compliance management system.
Disclosure of Invention
Aiming at the defects, the embodiment of the invention discloses a compliance risk management and control method, a system, electronic equipment and a storage medium, which realize the normalization of a series of processes of acquisition, identification, conversion, evaluation and rectification by establishing a standardized and process compliance management mechanism, can implement the compliance management to each link of management and improve the compliance management efficiency by an informatization technical means, and continuously discover the risk of enterprise compliance and prompt improvement.
The first aspect of the embodiment of the invention discloses a method for managing and controlling compliance risks, which comprises the following steps:
collecting legal and legal information, and carrying out structural processing on the collected legal and legal information to establish a legal and legal standard library;
establishing an industry standard library based on a preset target industry field and the rule standard library, wherein the industry standard library comprises law and rule standards applicable to the target industry field;
establishing a risk index library based on the industry standard library; constructing a total risk model based on the risk index library;
acquiring the operation information of each target enterprise; data analysis is carried out on the management information to determine a corresponding examination item list;
and generating a risk report based on the examination item list and the total risk model, wherein the risk report comprises a total risk index.
As an alternative implementation manner, in the first aspect of the embodiment of the present invention, the method further includes,
the method comprises the steps of monitoring legal regulation updating conditions in real time, wherein the legal regulation updating conditions comprise latest release information, latest implementation information, latest revision information and latest revocation information;
according to the legal regulation updating condition, updating the regulation standard library in real time, and updating the total risk model based on the updated regulation standard library;
and outputting the model update prompt information.
In an optional implementation manner, in a first aspect of the embodiment of the present invention, the obtaining operation information of each target enterprise includes:
and executing the operation information filling of the target enterprises according to a preset filling triggering mechanism to acquire the operation information of each target enterprise, wherein the filling triggering mechanism comprises autonomous triggering, model updating triggering, accident triggering, three-prevention early warning triggering and special triggering.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the risk index library is built based on the industry standard library; constructing a total risk model based on the risk index library includes,
identifying various rule standard terms of laws and regulations in the industry standard library;
constructing a risk index item based on the rule standard clause to form a risk index library; the risk index item comprises an examination item, an examination basis, examination contents, common problems, punishment basis, corrective measures and responsibility objects;
and marking corresponding risk labels for the rule standard clauses according to the content of the risk index item.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the step of constructing the total risk model based on the risk indicator library includes:
acquiring checking matters in a risk index library by identifying the risk tag, and constructing a risk model based on the checking matters; wherein the inspection items include a first inspection item and a second inspection item; the risk model comprises a first risk model and a second risk model;
the first risk model is constructed according to the first examination matters and is used for obtaining a first risk index according to examination matters list information of the first examination matters; the second risk model is constructed according to the second examination matters and is used for obtaining a second risk index according to examination matters list information of the second examination matters;
and constructing a total risk model based on the first risk model and the second risk model.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the step of constructing a risk model based on the examination matters includes:
identifying a regulatory standard term involved in the inspection item, the regulatory standard term involved in the inspection item including a first regulatory standard term and a second regulatory standard term;
setting corresponding first weight parameters for the inspection item list information of the inspection items according to the importance degree of the related legal standard clauses;
and constructing a risk model based on the examination item list information of the examination items and the corresponding first weight parameters.
As an optional implementation manner, in the first aspect of the embodiment of the present invention, the step of constructing a total risk model based on the first risk model and the second risk model includes,
setting corresponding second weight parameters according to the importance degree of the examination matters related to the risk model;
and constructing a total risk model based on the first risk index and the corresponding second weight parameter thereof and the second risk index and the corresponding second weight parameter thereof.
A second aspect of the embodiments of the present invention discloses a compliance risk management and control system, including:
the acquisition module is used for acquiring laws and regulations;
the database module is used for storing legal and legal information, including a legal and legal standard library, an industry standard library and a risk index library;
the first identification module is used for reading laws and regulations in the regulation standard library according to the preset target industry field and identifying the laws and regulations and establishing an industry standard library;
the second identification module is used for identifying laws and regulations of the regulation standard library and establishing a risk index library;
the receiving module is provided with an input end, wherein the input end is used for inputting the filling information and forming an examination item list according to the filling information;
a risk assessment module loaded with a total risk model; and outputting a risk report according to the examination item list information.
A third aspect of an embodiment of the present invention discloses an electronic device, including: a memory storing executable program code; a processor coupled to the memory; the processor invokes the executable program code stored in the memory to perform the method for managing and controlling the risk of compliance according to the first aspect of the embodiment of the present invention.
A fourth aspect of the embodiment of the present invention discloses a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program causes a computer to execute the method for managing and controlling the risk of compliance according to the first aspect of the embodiment of the present invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
according to the method, the system and the device, comprehensive risk investigation and carding in the target industry field and identification and introduction of applicable regulation standards can be realized, the construction of risk model libraries in different industry fields can be realized, related enterprises are comprehensively guided to conduct illegal and illegal behavior diagnosis, a perfect risk management and control and hidden danger investigation dual prevention mechanism is built, the labor is greatly spent on prevention and management and control of risks, the construction pace of an 'Anrutaishan' safety production scientific prevention system is accelerated, the forward movement of a gateway, accurate supervision, source management and scientific prevention are realized, and the initiative of safety production is firmly held.
The embodiment realizes timely receiving and responding to legal and legal standard information (legal regulations, regulatory regulations, industry standards, standard specifications, illegal cases and the like), standardizes and processes a compliance management system of an enterprise, thereby perfecting a system mechanism, refining working measures, landing various tasks, and sustainably discovering and rectifying compliance risks; the comprehensive collection of the regulation standard is realized through the whole network monitoring technology, the problems of incomplete identification and untimely identification in the traditional compliance management of enterprises are changed, and the identification is more comprehensive; through establishing a standardized and procedural compliance management mechanism, a series of procedures of collection, identification, transformation, evaluation and rectification are normalized, the compliance management can be implemented to each link of management, the compliance management efficiency is improved through an informatization technical means, the risk of enterprise compliance is continuously found, improvement is urged, and the mechanism is more sound.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for managing and controlling compliance risk according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a method for constructing a total risk model according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a risk model construction method disclosed in an embodiment of the present invention;
FIG. 4 is a schematic flow chart of another implementation of the total risk model construction method disclosed in the embodiment of the present invention;
FIG. 5 is a schematic flow chart of another embodiment of a method for managing and controlling compliance risk disclosed in the example of the present invention;
FIG. 6 is a schematic flow chart of a risk model construction method disclosed in an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a compliance risk management and control system according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present invention are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order. The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
Compliance risk management is the core of enterprise compliance management, throughout enterprise compliance management, the construction of the current enterprise safety compliance system mainly has the following typical problems: 1) The identification is incomplete and untimely. Safety law and regulation standards relate to the fields of multiple fields, wide sources and large quantity, and meanwhile, the regulation standards are updated frequently, so that incomplete and untimely updating of enterprise applicable resource lists is easy to cause. 2) The depth of the defect is identified. The identification of the terms by the enterprise lacks accurate comprehensive analysis, and missed judgment and misjudgment occur frequently. 3) The transformation is not timely and complete. When the applicable regulation standard is revised and fails, the regulation standard is disjointed with the regulation standard due to the failure of timely updating the system, the self-diagnosis form and the like. 4) The compliance system is not sound. No sound compliance management system and operation mechanism are established, and compliance assessment flows in a formal manner. Based on the above, the embodiment of the invention discloses a method, a system, electronic equipment and a storage medium for managing and controlling compliance risks, which are characterized in that a series of processes of collection, identification, conversion, evaluation and rectification are normalized by establishing a standardized and flow compliance management mechanism, the compliance management can be implemented to each link of management and management, the compliance management efficiency is improved by an informatization technical means, and the risk of enterprise compliance is continuously found and urged to be improved.
Example 1
Referring to fig. 1-6, fig. 1 is a schematic flow chart of a method for managing and controlling compliance risk according to an embodiment of the present invention. The execution main body of the method described in the embodiment of the invention is an execution main body composed of software or/and hardware, and the execution main body can receive related information in a wired or/and wireless mode and can send a certain instruction. Of course, it may also have certain processing and storage functions. The execution body may control a plurality of devices, such as a remote physical server or cloud server and related software, or may be a local host or server and related software that performs related operations on a device that is located somewhere, etc. In some scenarios, multiple storage devices may also be controlled, which may be located in the same location or in different locations than the devices. As shown in fig. 1, the compliance risk management and control method includes the following steps:
step S1: collecting legal and legal information, and carrying out structural processing on the collected legal and legal information to establish a legal and legal standard library;
the legal and legal standard information is acquired through a whole network monitoring technology means, and the legal and legal standard information pointed by the embodiment comprises national laws, official regulations, official regulation files, local regulations, local regulation and regulation files, national standards, industry standards, local standards and the like, and the whole legal and legal standard can be further subjected to text and structuring treatment on the basis, so that an established legal standard library provides a basis for managing and controlling compliance risks.
The existing enterprises acquire regulations and standards through internal files in a small part and through the Internet in a large part, and often acquire untimely and source-irregular conditions. In order to solve the above-mentioned situation, in this embodiment, the collection of the legal and legal standard information may be manually recorded, that is, manually adjusted, or may be achieved by automatic acquisition, or a combination of both. The automatic acquisition method can be to interface with the existing legal and legal standard database, or to acquire from government websites by adopting web crawler technology, so as to enhance the timeliness of the acquired policy files.
At present, a legal and legal database for docking is put into 8000 various national laws, administrative regulations, official regulations and normative files, local administrative regulations and local department regulations, and the database is subjected to text and structural treatment, so that the database can be energized for relevant enterprises. The current standard specification database stores 30 ten thousand standards, wherein more than 3 ten thousand standards are subjected to text and structuring treatment, and can be energized for relevant enterprises. On the other hand, the web crawler technology is a program or script for automatically capturing internet information according to a preset rule, and can selectively acquire data of pages related to a predefined main body. By utilizing the web crawler technology, various policy regulations and standard files of government outbound can be timely and effectively acquired. Since various regulatory policies are only for government outbound, a crawling policy based on link structure evaluation may be utilized in this embodiment.
Step S2: establishing an industry standard library based on a preset target industry field and the rule standard library, wherein the industry standard library comprises law and rule standards applicable to the target industry field;
in the step, the legal standards are primarily identified according to different industry fields, and legal regulations applicable to the target industry field are read to form a legal standard library applicable to the industry field, namely an industry standard library. The step is realized by primarily identifying the legal standard information based on natural language processing technology, and natural language processing (NLP, natural Language Processing) is a subject of language problems of human interaction with a computer. According to different technical implementation difficulties, the system can be divided into three types of simple matching type, fuzzy matching type and paragraph cleavage type. An intelligent matching function is established through an NLP technology, intelligent matching of a system and a rule standard is achieved, and enterprises are helped to achieve compliance risks efficiently; establishing an enterprise system and rule standard intelligent receiving system through an NLP technology, and comparing the system with the rule standard so as to quickly realize system compliance evaluation;
step S3: establishing a risk index library based on the industry standard library; constructing a total risk model based on the risk index library;
in the step, a knowledge graph taking a risk index as a core, namely a risk index library, is established by carrying out clause recognition and carding on each legal and legal standard information in an industry standard library; wherein the step of establishing the risk indicator library comprises,
step S31: identifying various rule standard terms of laws and regulations in the industry standard library;
step S32: constructing a risk index item based on the rule standard clause to form a risk index library;
step S33: and marking corresponding risk labels for the rule standard clauses according to the content of the risk index item.
Specifically, the identification of the rule standard terms and the construction of the risk index terms can be realized by training the neural network model by big data to obtain an identification model; in some preferred embodiments, the method further comprises the steps of establishing an expert workbench, training the identification model by collecting identification data of a large number of target industry field experts on risk index items, and improving identification accuracy and reliability; an expert interface may also be provided through the expert workstation, whereby information instructions are received to adjust the risk indicator library. Through the step, the compliance specialists in each industry are converged, the enthusiasm of the enterprise senior compliance specialists is started, a unified compliance specialist service system is established, and the enterprise with weak professional strength is helped to promote the compliance management capability.
Specifically, the risk indicator items in step S32 include inspection items, inspection bases, inspection contents, common questions, penalty bases, corrective measures, and responsibility objects;
the step of constructing a total risk model based on the risk index library includes,
step S34: acquiring checking matters in a risk index library by identifying the risk tag, and constructing a risk model based on the checking matters;
wherein the inspection items include a first inspection item and a second inspection item; the risk model comprises a first risk model and a second risk model; the first risk model is constructed according to the first examination matters and is used for obtaining a first risk index according to examination matters list information of the first examination matters; the second risk model is constructed according to the second examination matters and is used for obtaining a second risk index according to examination matters list information of the second examination matters.
Specifically, the step of constructing a risk model based on the examination matters includes,
step S341: identifying a regulatory standard term involved in the inspection item, the regulatory standard term involved in the inspection item including a first regulatory standard term and a second regulatory standard term;
step S342: setting corresponding first weight parameters according to the importance degree of the related rule standard clauses;
step S343: and constructing a risk model based on the first rule standard clause and the corresponding first weight parameter thereof, and the second rule standard clause and the corresponding first weight parameter thereof.
In the embodiment, the construction of the first risk model is used for explaining, in this step, by identifying the risk index library, identifying the risk label marked by the rule standard clause in step S33, obtaining each inspection item in the risk index library, and recording the inspection items as a first inspection item and a second inspection item; constructing a first risk model based on the first examination matters;
the first risk model in the step comprehensively evaluates the risk degree of the first examination matters in the risk index library to obtain a first risk index, wherein the first risk index synthesizes all the rule standard terms related to the first examination matters in the industry standard library, comprehensively considers the influence of different rule standard terms on the first examination matters, and has more comprehensive and more accurate results.
Further, identifying that the first inspection item relates to a regulatory standard term includes a first regulatory standard term and a second regulatory standard term; setting corresponding first weight parameters according to the risk level of the related legal standard clause; the influence degree of each rule standard term on the risk assessment result is controlled, when the influence degree of the rule standard term on the risk assessment result is larger, the first weight parameter is allocated with a higher value, the influence degree is allocated with a smaller value, so that the influence degree of different rule standard terms on the examination item is reflected, and the risk assessment result of the first risk model constructed by the method is more effective and reliable.
The construction method of the second risk model is identical to the construction method of the first risk model, and will not be described here again, as will be understood by those skilled in the art.
The step of constructing a total risk model based on the risk index library further comprises,
step S35: and constructing a total risk model based on the first risk model and the second risk model.
The construction method of the total risk model comprises the specific steps of,
step S351: setting corresponding second weight parameters according to the importance degree of the examination matters related to the risk model;
step S352: and constructing a total risk model based on the first risk index and the corresponding second weight parameter thereof and the second risk index and the corresponding second weight parameter thereof.
In the step, because the influence degree of the inspection items on the overall risk is different, corresponding second weight parameters are respectively set for the risk models corresponding to different inspection items according to the risk levels of the inspection items; the influence degree of each examination item on the total risk assessment result is controlled, when the influence degree of the examination item on the total risk assessment result is relatively large, the second weight parameter is allocated with a higher value, and the influence degree is allocated with a lower value, so that the influence degree of different examination items on the total risk model is reflected, and the total risk model constructed by the method is more effective and reliable in risk assessment result.
Step S4: acquiring the operation information of each target enterprise; data analysis is carried out on the management information to determine a corresponding examination item list; an enterprise may be referred to herein as a profit enterprise or a government having an organization's architecture.
In this step, acquiring the operation information of each target enterprise includes executing operation information reporting of the target enterprise according to a preset reporting trigger mechanism to acquire the operation information of each target enterprise, where the preset reporting trigger mechanism includes autonomous triggering, model updating triggering, accident triggering, three-prevention early warning triggering and special triggering. The automatic triggering is that the group automatically opens a filling mechanism, so that the business information of the target enterprise can be periodically filled to the risk state of the enterprise according to the self-requirement; in addition, other event triggering modes can be set for filling, such as model updating triggering, accident triggering, three-prevention early warning triggering, special triggering and the like, so that the risk situation of the enterprise can be updated and managed in time after the event triggering. The method realizes regular filling of enterprises by establishing an enterprise self-diagnosis and online filling working mechanism, and establishes a multi-aspect triggering filling mechanism through model updating, accident learning, three-prevention early warning, group special project corresponding requirements and the like, thereby improving the perceived response capability of each enterprise of the group to risks.
Step S5: and inputting the examination item list into the total risk model to generate a risk report, wherein the risk report comprises a total risk index. And the compliance state of the enterprise is quantitatively evaluated through the medium risk index, so that the enterprise compliance state evaluation method is visual and accurate.
Step S6: the method comprises the steps of monitoring legal regulation updating conditions in real time, wherein the legal regulation updating conditions comprise latest release information, latest implementation information, latest revision information and latest revocation information;
and updating the rule standard library in real time according to the rule updating condition, updating the total risk model based on the updated rule standard library, and outputting model updating prompt information.
And triggering the operation information of the execution target enterprise in the step S4 by the model update prompt information to fill the risk state of the enterprise to update in real time. The step realizes the promotion and update according to the rule standard, establishes a long-acting rule standard identification, conversion and update working mechanism, and ensures the dynamic maintenance of a risk model library.
According to the method, the system and the device, comprehensive risk investigation and carding in the target industry field and identification and introduction of applicable regulation standards can be realized, the construction of risk model libraries in different industry fields can be realized, related enterprises are comprehensively guided to conduct illegal and illegal behavior diagnosis, a perfect risk management and control and hidden danger investigation dual prevention mechanism is built, the labor is greatly spent on prevention and management and control of risks, the construction pace of an 'Anrutaishan' safety production scientific prevention system is accelerated, the forward movement of a gateway, accurate supervision, source management and scientific prevention are realized, and the initiative of safety production is firmly held.
The embodiment realizes timely receiving and responding to legal and legal standard information (legal regulations, regulatory regulations, industry standards, standard specifications, illegal cases and the like), standardizes and processes a compliance management system of an enterprise, thereby perfecting a system mechanism, refining working measures, landing various tasks, and sustainably discovering and rectifying compliance risks; the comprehensive collection of the regulation standard is realized through the whole network monitoring technology, the problems of incomplete identification and untimely identification in the traditional compliance management of enterprises are changed, and the identification is more comprehensive; through establishing a standardized and procedural compliance management mechanism, a series of procedures of collection, identification, transformation, evaluation and rectification are normalized, the compliance management can be implemented to each link of management, the compliance management efficiency is improved through an informatization technical means, the risk of enterprise compliance is continuously found, improvement is urged, and the mechanism is more sound.
Example two
Referring to fig. 7, fig. 7 is a schematic structural diagram of a compliance risk management system according to an embodiment of the present invention. As shown in fig. 7, the compliance risk management system may include:
the acquisition module is used for acquiring laws and regulations;
the database module is used for storing laws and regulations, including a regulation standard library, an industry standard library and a risk index library;
the first identification module is used for reading laws and regulations in the regulation standard library according to the preset target industry field and identifying the laws and regulations and establishing an industry standard library;
the second identification module is used for identifying laws and regulations of the regulation standard library and establishing a risk index library;
the receiving module is provided with an input end, wherein the input end is used for inputting the filling information and forming an examination item list according to the filling information;
a risk assessment module loaded with a total risk model; and outputting a risk report according to the examination item list information.
In some preferred embodiments, the method further comprises,
the filling triggering module is used for outputting filling prompt information according to a filling triggering mechanism preset in advance;
in some preferred embodiments, the method further comprises,
the updating module is used for monitoring legal regulation updating conditions in real time, updating the regulation standard library and outputting model updating prompt information.
The compliance risk management and control system in the embodiment of the invention can realize the construction of risk model libraries in different industries by comprehensively researching and carding comprehensive risks in the target industry field and identifying and quoting applicable regulation standards, comprehensively guide related enterprises to carry out illegal behavior diagnosis, establish and perfect double prevention mechanisms of risk management and hidden danger investigation, and greatly reduce the labor on prevention and management risks, accelerate the promotion of the construction pace of an 'Anas Taishan' safety production scientific prevention system, realize the forward shift of a gateway, accurate supervision, source management and scientific prevention, and firmly grasp the initiative of safety production.
Example III
Referring to fig. 8, fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the invention. The electronic device may be a computer, a server, or the like, and of course, may also be an intelligent device such as a mobile phone, a tablet computer, a monitor terminal, or the like, and an image acquisition device having a processing function. As shown in fig. 8, the electronic device may include:
a memory storing executable program code;
a processor coupled to the memory;
the processor invokes executable program codes stored in the memory to execute some or all of the steps in the compliance risk management method in the first embodiment.
The embodiment of the invention discloses a computer readable storage medium storing a computer program, wherein the computer program causes a computer to execute part or all of the steps in the method for managing the risk of compliance in the first embodiment.
The embodiment of the invention also discloses a computer program product, wherein the computer program product enables a computer to execute part or all of the steps in the method for managing the compliance risk in the first embodiment when running on the computer.
The embodiment of the invention also discloses an application release platform, wherein the application release platform is used for releasing a computer program product, and the computer program product enables the computer to execute part or all of the steps in the compliance risk management method in the first embodiment when running on the computer.
In various embodiments of the present invention, it should be understood that the size of the sequence numbers of the processes does not mean that the execution sequence of the processes is necessarily sequential, and the execution sequence of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer-accessible memory. Based on this understanding, the technical solution of the present invention, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a memory, comprising several requests for a computer device (which may be a personal computer, a server or a network device, etc., in particular may be a processor in a computer device) to execute some or all of the steps of the method according to the embodiments of the present invention.
In the embodiments provided herein, it should be understood that "B corresponding to a" means that B is associated with a, from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may also determine B from a and/or other information.
Those of ordinary skill in the art will appreciate that some or all of the steps of the various methods of the described embodiments may be implemented by hardware associated with a program that may be stored in a computer-readable storage medium, including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM), or other optical disk Memory, magnetic disk Memory, tape Memory, or any other medium capable of being used to carry or store data that is readable by a computer.
The method, system, electronic device and storage medium for managing and controlling the risk of compliance disclosed in the embodiments of the present invention are described in detail, and specific examples are applied to the description of the principles and embodiments of the present invention, where the description of the above embodiments is only used to help understand the method and core idea of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (6)

1. A method for managing and controlling compliance risk, comprising:
collecting legal and legal information, and carrying out structural processing on the collected legal and legal information to establish a legal and legal standard library;
establishing an industry standard library based on a preset target industry field and the rule standard library, wherein the industry standard library comprises law and rule standards applicable to the target industry field;
establishing a risk index library based on the industry standard library; constructing a total risk model based on the risk index library;
acquiring the operation information of each target enterprise; data analysis is carried out on the management information to determine a corresponding examination item list;
generating a risk report based on the examination item list and the total risk model, wherein the risk report comprises a total risk index;
wherein the risk index library is established based on the industry standard library; the step of constructing the total risk model based on the risk index library comprises the following steps: identifying various rule standard terms of laws and regulations in the industry standard library; constructing a risk index item based on the rule standard clause to form a risk index library; the risk index item comprises an examination item, an examination basis, examination contents, common problems, punishment basis, corrective measures and responsibility objects; marking corresponding risk labels for the rule standard clauses according to the content of the risk index item; acquiring checking matters in a risk index library by identifying the risk tag, and constructing a risk model based on the checking matters;
wherein the inspection items include a first inspection item and a second inspection item; the risk model comprises a first risk model and a second risk model; the first risk model is constructed according to the first examination matters and is used for obtaining a first risk index according to examination matters list information of the first examination matters; the second risk model is constructed according to the second examination matters and is used for obtaining a second risk index according to examination matters list information of the second examination matters;
wherein the step of constructing a risk model based on the inspection items comprises: identifying a regulatory standard term involved in the inspection item, the regulatory standard term involved in the inspection item including a first regulatory standard term and a second regulatory standard term; setting corresponding first weight parameters for the inspection item list information of the inspection items according to the importance degree of the related legal standard clauses; constructing a risk model based on the examination item list information of the examination items and the corresponding first weight parameters thereof;
wherein the step of constructing a total risk model based on the first risk model and the second risk model comprises: setting corresponding second weight parameters for the first risk index and the second risk index according to the importance degree of the examination matters related to the risk model; and constructing a total risk model based on the first risk index and the corresponding second weight parameter thereof and the second risk index and the corresponding second weight parameter thereof.
2. The method of claim 1, further comprising,
the method comprises the steps of monitoring legal regulation updating conditions in real time, wherein the legal regulation updating conditions comprise latest release information, latest implementation information, latest revision information and latest revocation information;
according to the legal regulation updating condition, updating the regulation standard library in real time, and updating the total risk model based on the updated regulation standard library;
and outputting the model update prompt information.
3. The method for managing and controlling the risk of compliance as set forth in claim 2, wherein said obtaining the business information of each target enterprise includes:
and executing the operation information filling of the target enterprises according to a preset filling triggering mechanism to acquire the operation information of each target enterprise, wherein the filling triggering mechanism comprises autonomous triggering, model updating triggering, accident triggering, three-prevention early warning triggering and special triggering.
4. A compliance risk management and control system, comprising:
the acquisition module is used for acquiring laws and regulations;
the database module is used for storing legal and legal information, including a legal and legal standard library, an industry standard library and a risk index library;
the first identification module is used for reading laws and regulations in the regulation standard library according to the preset target industry field and identifying the laws and regulations and establishing an industry standard library;
the second identification module is used for identifying laws and regulations of the regulation standard library and establishing a risk index library;
the receiving module is provided with an input end, wherein the input end is used for inputting the filling information and forming an examination item list according to the filling information;
a risk assessment module loaded with a total risk model; the risk report is output according to the examination item list information;
the method for constructing the total risk model comprises the following steps: identifying various rule standard terms of laws and regulations in the industry standard library; constructing a risk index item based on the rule standard clause to form a risk index library; the risk index item comprises an examination item, an examination basis, examination contents, common problems, punishment basis, corrective measures and responsibility objects; marking corresponding risk labels for the rule standard clauses according to the content of the risk index item; acquiring checking matters in a risk index library by identifying the risk tag, and constructing a risk model based on the checking matters;
wherein the inspection items include a first inspection item and a second inspection item; the risk model comprises a first risk model and a second risk model; the first risk model is constructed according to the first examination matters and is used for obtaining a first risk index according to examination matters list information of the first examination matters; the second risk model is constructed according to the second examination matters and is used for obtaining a second risk index according to examination matters list information of the second examination matters;
wherein the step of constructing a risk model based on the inspection items comprises: identifying a regulatory standard term involved in the inspection item, the regulatory standard term involved in the inspection item including a first regulatory standard term and a second regulatory standard term; setting corresponding first weight parameters for the inspection item list information of the inspection items according to the importance degree of the related legal standard clauses; constructing a risk model based on the examination item list information of the examination items and the corresponding first weight parameters thereof;
wherein the step of constructing a total risk model based on the first risk model and the second risk model comprises: setting corresponding second weight parameters for the first risk index and the second risk index according to the importance degree of the examination matters related to the risk model; and constructing a total risk model based on the first risk index and the corresponding second weight parameter thereof and the second risk index and the corresponding second weight parameter thereof.
5. An electronic device, comprising: a memory storing executable program code; a processor coupled to the memory; the processor invokes the executable program code stored in the memory for performing the compliance risk management method of any one of claims 1 to 3.
6. A computer-readable storage medium storing a computer program, wherein the computer program causes a computer to execute the compliance risk management method of any one of claims 1 to 3.
CN202310349054.8A 2023-04-04 2023-04-04 Compliance risk management and control method, system, electronic equipment and storage medium Active CN116205496B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310349054.8A CN116205496B (en) 2023-04-04 2023-04-04 Compliance risk management and control method, system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310349054.8A CN116205496B (en) 2023-04-04 2023-04-04 Compliance risk management and control method, system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116205496A CN116205496A (en) 2023-06-02
CN116205496B true CN116205496B (en) 2023-08-15

Family

ID=86519439

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310349054.8A Active CN116205496B (en) 2023-04-04 2023-04-04 Compliance risk management and control method, system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116205496B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019071354A1 (en) * 2017-10-13 2019-04-18 2509757 Ontario Inc. Security risk identification in a secure software lifecycle
AU2019100261A4 (en) * 2018-03-16 2019-04-18 Corethix Holdings Pty Limited An online and fully integrated Integrity Risk Management System for business
WO2019227706A1 (en) * 2018-05-28 2019-12-05 平安科技(深圳)有限公司 Risk event confirmation method, server and computer readable storage medium
CN111325434A (en) * 2018-12-17 2020-06-23 中安智讯(北京)信息科技有限公司 Coal mine production risk assessment index system construction method based on big data
CN112862339A (en) * 2021-02-25 2021-05-28 厦门渊亭信息科技有限公司 Risk decision method and system
CN113034019A (en) * 2021-03-31 2021-06-25 建信金融科技有限责任公司 Enterprise risk prediction method and device, computer equipment and readable storage medium
CN113313387A (en) * 2021-05-31 2021-08-27 中钢集团武汉安全环保研究院有限公司 Enterprise major safety risk grading intelligent management and control method and system
CN113469546A (en) * 2021-07-13 2021-10-01 宝能(广州)汽车研究院有限公司 Project management and control method based on standard and regulation, electronic equipment and storage medium
CN114169319A (en) * 2021-12-13 2022-03-11 广东博维创远科技有限公司 Enterprise body and contract risk examination system thereof
CN114358737A (en) * 2022-01-04 2022-04-15 胡益华 Compliance management system and management method thereof
CN115239190A (en) * 2022-08-15 2022-10-25 广东电网有限责任公司东莞供电局 Safety responsibility system comprehensive evaluation system
CN115422538A (en) * 2022-08-02 2022-12-02 阿里巴巴(中国)有限公司 Application risk identification method, device and equipment
CN115760160A (en) * 2022-11-17 2023-03-07 厦门市美亚柏科信息股份有限公司 Compliance behavior tracing and evaluating method, system, electronic device and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116029262B (en) * 2023-02-17 2023-06-09 广东远景信息科技有限公司 Legal and legal code generation method, database construction method and device

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019071354A1 (en) * 2017-10-13 2019-04-18 2509757 Ontario Inc. Security risk identification in a secure software lifecycle
AU2019100261A4 (en) * 2018-03-16 2019-04-18 Corethix Holdings Pty Limited An online and fully integrated Integrity Risk Management System for business
WO2019227706A1 (en) * 2018-05-28 2019-12-05 平安科技(深圳)有限公司 Risk event confirmation method, server and computer readable storage medium
CN111325434A (en) * 2018-12-17 2020-06-23 中安智讯(北京)信息科技有限公司 Coal mine production risk assessment index system construction method based on big data
CN112862339A (en) * 2021-02-25 2021-05-28 厦门渊亭信息科技有限公司 Risk decision method and system
CN113034019A (en) * 2021-03-31 2021-06-25 建信金融科技有限责任公司 Enterprise risk prediction method and device, computer equipment and readable storage medium
CN113313387A (en) * 2021-05-31 2021-08-27 中钢集团武汉安全环保研究院有限公司 Enterprise major safety risk grading intelligent management and control method and system
CN113469546A (en) * 2021-07-13 2021-10-01 宝能(广州)汽车研究院有限公司 Project management and control method based on standard and regulation, electronic equipment and storage medium
CN114169319A (en) * 2021-12-13 2022-03-11 广东博维创远科技有限公司 Enterprise body and contract risk examination system thereof
CN114358737A (en) * 2022-01-04 2022-04-15 胡益华 Compliance management system and management method thereof
CN115422538A (en) * 2022-08-02 2022-12-02 阿里巴巴(中国)有限公司 Application risk identification method, device and equipment
CN115239190A (en) * 2022-08-15 2022-10-25 广东电网有限责任公司东莞供电局 Safety responsibility system comprehensive evaluation system
CN115760160A (en) * 2022-11-17 2023-03-07 厦门市美亚柏科信息股份有限公司 Compliance behavior tracing and evaluating method, system, electronic device and storage medium

Also Published As

Publication number Publication date
CN116205496A (en) 2023-06-02

Similar Documents

Publication Publication Date Title
US20220283802A1 (en) Automation of task identification in a software lifecycle
Naikar et al. Analysing activity in complex systems with cognitive work analysis: concepts, guidelines and case study for control task analysis
US9701420B1 (en) Task-based health data monitoring of aircraft components
CN109714187A (en) Log analysis method, device, equipment and storage medium based on machine learning
CN116151626B (en) Risk management and control capability evaluating method, system, electronic equipment and storage medium
US20140019196A1 (en) Software program that identifies risks on technical development programs
CN113449959A (en) Mine personnel behavior governance system and platform
US20050273381A1 (en) System and method for monitoring employee productivity, attendance and safety
Rachman et al. Implementation of lean knowledge work in oil and gas industry-A case study from a Risk-Based Inspection project
CN116010066A (en) RPA robot and implementation method
CN110414806B (en) Employee risk early warning method and related device
Zhang et al. Developing a taxonomy and a dependency assessment model of performance influencing factors for intelligent coal mines
EP4086824A1 (en) Method for automatically updating unit cost of inspection by using comparison between inspection time and work time of crowdsourcing-based project for generating artificial intelligence training data
CN116205496B (en) Compliance risk management and control method, system, electronic equipment and storage medium
US8504412B1 (en) Audit automation with survey and test plan
Rashid Human factors effects in helicopter maintenance: proactive monitoring and controlling techniques
CN114036054A (en) Code quality evaluation method, device, equipment, medium and program product
CN116797034A (en) System compliance management method, device, electronic equipment and storage medium
Al Rashdan et al. Automated Work Package: Conceptual Design and Data Architecture
EP4362037A1 (en) Method and apparatus for providing intelligent pharmacovigilance platform
JP2006018735A (en) Coding standard observance situation monitoring system
CN115392804B (en) Talent enabling method and system based on big data
Mayr-Dorn et al. ProCon: An automated process-centric quality constraints checking framework
CN113190805B (en) Code asset management system
Sunindyo et al. Workflow validation framework in distributed engineering environments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant