CN116433021A - Enterprise compliance management risk assessment informationized evaluation method and system - Google Patents
Enterprise compliance management risk assessment informationized evaluation method and system Download PDFInfo
- Publication number
- CN116433021A CN116433021A CN202310363296.2A CN202310363296A CN116433021A CN 116433021 A CN116433021 A CN 116433021A CN 202310363296 A CN202310363296 A CN 202310363296A CN 116433021 A CN116433021 A CN 116433021A
- Authority
- CN
- China
- Prior art keywords
- evaluation
- enterprise
- risk
- compliance management
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 99
- 238000012502 risk assessment Methods 0.000 title claims abstract description 52
- 238000013210 evaluation model Methods 0.000 claims abstract description 17
- 238000011157 data evaluation Methods 0.000 claims abstract description 12
- 239000011159 matrix material Substances 0.000 claims abstract description 12
- 238000012098 association analyses Methods 0.000 claims abstract description 9
- 238000007726 management method Methods 0.000 claims description 117
- 238000000034 method Methods 0.000 claims description 39
- 230000006399 behavior Effects 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000009960 carding Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000007418 data mining Methods 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 claims description 3
- 238000011002 quantification Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 10
- 230000007613 environmental effect Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 230000002265 prevention Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000006872 improvement Effects 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 239000000126 substance Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000007774 longterm Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000013439 planning Methods 0.000 description 2
- 238000003326 Quality management system Methods 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000002747 voluntary effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Educational Administration (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Game Theory and Decision Science (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides an enterprise compliance management risk assessment informationized evaluation method and system, which relate to the technical field of Internet and compliance management and comprise the following steps: combining the current situation of the enterprise with the existing compliance management risk assessment model, generating a risk data evaluation matrix, and carrying out association analysis on enterprise data; analyzing the associated enterprise data, and calculating an influence coefficient of an initial auxiliary evaluation index of the enterprise, wherein the influence coefficient is used for reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model; and prompting the possibility of risk occurrence through the influence coefficient, and carrying out early warning and informationized evaluation on the enterprise compliance management risk. A certain amount of auxiliary indexes for enterprise compliance management risk assessment can be automatically screened out, and enterprise compliance management risk is comprehensively assessed. In addition, the application also provides an enterprise compliance management risk assessment informationized evaluation system, which comprises: the system comprises a data association module, a risk analysis module and an informationized evaluation module.
Description
Technical Field
The application relates to the technical field of Internet and compliance management, in particular to an enterprise compliance management risk assessment informatization evaluation method and system.
Background
Enterprise compliance management systems are essentially one of the management systems, but the core is compliance. There are a variety of enterprise management systems. Such as a quality management system, an environment management system, an information security management system, etc. The establishment and implementation of the management system have general rules. The management system is a regular repeated activity, namely, the key point of the comprehensive compliance management system for behaviors such as (strategic) planning, budgeting, execution, performance evaluation and the like of enterprises based on a certain target is obviously compliance, and the comprehensive compliance management system is integrated into the whole management system, otherwise, the common phenomenon of compliance and business is easy to generate. How to integrate into a business management system becomes a starting point of the compliance management of the volatility value and is also a difficulty of the compliance management system. It requires not only familiarity with compliance-related theory and operation, but also knowledge of business-related operations and features. The compliance management system is effectively landed and finally pushed and executed by a person. Accordingly, there must be a corresponding compliance management organization architecture. Meanwhile, the system has clear compliance responsibility for related personnel in the compliance management organization, such as the highest manager of the company, the chief compliance officer, the compliance team, the business director and the like. In addition to emphasizing the corresponding authority given to them, it is more important to emphasize that they have an associated responsibility for management of the compliance.
The main reasons for the problem of compliance are the change of external environment, especially laws and regulations, and the transition of the commercial value of people, so that the enterprise behavior is at risk of non-compliance. An effective compliance management system cannot simply cope with the existing laws and regulations, but rather needs to properly walk in front of the laws and regulations, i.e. has a certain prospective, and is not passive.
At present, before a compliance management system is built, the environmental risk is analyzed, predicted and estimated, the environmental risk of the compliance management system is pre-estimated only according to inherent factors such as substances related to the compliance management system project, the risk of a process system, the environmental sensitivity of a place, and the like, and artificial factors such as the actual compliance management system condition, the management level difference, the implementation condition of protection measures and risk precautions of an enterprise can lead to a large gap in the occurrence probability of environmental emergency of the enterprise, and the artificial factors cannot be estimated and estimated in the environmental impact evaluation.
Disclosure of Invention
The purpose of the application is to provide an enterprise compliance management risk assessment informationized evaluation method, which can automatically screen out a certain amount of enterprise compliance management risk assessment auxiliary indexes, and the enterprise compliance management risk is comprehensively assessed.
Another object of the present application is to provide an enterprise compliance management risk assessment informationized assessment system, which is capable of running an enterprise compliance management risk assessment informationized assessment method.
Embodiments of the present application are implemented as follows:
in a first aspect, an embodiment of the present application provides an enterprise compliance management risk assessment informationized evaluation method, which includes generating a risk data evaluation matrix by combining an enterprise current situation and an existing compliance management risk assessment model, and performing association analysis on enterprise data; analyzing the associated enterprise data, and calculating an influence coefficient of an initial auxiliary evaluation index of the enterprise, wherein the influence coefficient is used for reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model; and prompting the possibility of risk occurrence through the influence coefficient, and carrying out early warning and informationized evaluation on the enterprise compliance management risk.
In some embodiments of the present application, the generating the risk data evaluation matrix by combining the current status of the enterprise and the existing compliance management risk assessment model, and performing the association analysis on the enterprise data includes: the risk data evaluation matrix is divided into five types, including enterprise compliance indexes, industry risk indexes, production process risk indexes, pollution control measure indexes and risk precaution measure indexes.
In some embodiments of the present application, the foregoing further includes: and giving a score range and corresponding evaluation standards for enterprise compliance management risk auxiliary evaluation indexes of each evaluation module of the compliance management risk evaluation model.
In some embodiments of the present application, the analyzing the associated enterprise data, calculating an influence coefficient of an initial auxiliary evaluation index of the enterprise, where the influence coefficient is used to reflect an influence coefficient of the corresponding initial auxiliary evaluation index on an existing compliance management risk assessment model includes: the associated enterprise data designs an informationized evaluation framework, namely a basic implementation layer and an evaluation modeling layer, wherein the basic implementation layer works with the evaluation framework and a risk library as a basis, and the evaluation modeling layer introduces enterprise data risk evaluation.
In some embodiments of the present application, the foregoing further includes: and carrying out data analysis and mining according to the associated enterprise data, drawing out a compliance characteristic map, behavior characteristics and trends of a special enterprise, and continuously collecting the behavior characteristics by utilizing a compliance management risk assessment model.
In some embodiments of the present application, the foregoing warning and informationized evaluation of the enterprise compliance management risk by influencing the risk factor to prompt the risk occurrence probability includes: establishing an auxiliary standard of a risk early warning critical value, and carrying out early warning on the enterprise compliance management risk by a quantification method by adopting a historical data method.
In some embodiments of the present application, the foregoing further includes: and (3) carrying out targeted evaluation and carding according to auxiliary standards of risk early warning critical values to obtain matching degree, namely the proportion of compliance items, and carrying out informatization evaluation on enterprise compliance management risks by combining a historical data method.
In a second aspect, an embodiment of the present application provides an enterprise compliance management risk assessment informationized evaluation system, which includes a data association module, configured to generate a risk data evaluation matrix by combining an enterprise current situation and an existing compliance management risk assessment model, and perform association analysis on enterprise data;
the risk analysis module is used for analyzing the associated enterprise data, calculating the influence coefficient of the initial auxiliary evaluation index of the enterprise, and reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model;
and the informatization evaluation module is used for carrying out early warning and informatization evaluation on the enterprise compliance management risk through the possibility of risk occurrence prompted by the influence coefficient.
In some embodiments of the present application, the foregoing includes: at least one memory for storing computer instructions; at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to perform: the system comprises a data association module, a risk analysis module and an informationized evaluation module.
In a third aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program that, when executed by a processor, implements a method as any one of the enterprise compliance management risk assessment informationized assessment methods.
Compared with the prior art, the embodiment of the application has at least the following advantages or beneficial effects:
by implementing the organization structure of the compliance management behavior and the system and the flow related to the compliance management, the compliance management behavior operation mechanism and the feedback and improvement behavior related to the compliance management can ensure the continuous and long-term implementation of the compliance management, and the compliance culture can also reduce the operation cost of the compliance management system. Meanwhile, the compliance culture is the last defense line for enterprise compliance risk prevention, so that the compliance culture modeling is also an important component established by a compliance management system, and the enterprise environment risk auxiliary evaluation index with the largest relevance is automatically screened out according to the existing compliance management risk evaluation model, so that the optimization direction is clear, and the calculated amount is small.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic step diagram of an informationized evaluation method for enterprise compliance management risk assessment according to an embodiment of the present application;
fig. 2 is a detailed step schematic diagram of an enterprise compliance management risk assessment informatization evaluation method provided in an embodiment of the present application;
fig. 3 is a schematic diagram of an enterprise compliance management risk assessment informationized evaluation system module provided in an embodiment of the present application;
fig. 4 is an electronic device provided in an embodiment of the present application.
Icon: 10-a data association module; 20-a risk analysis module; 30-an informatization evaluation module; 101-memory; 102-a processor; 103-communication interface.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
It should be noted that the term "comprises," "comprising," or any other variation thereof is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The various embodiments and features of the embodiments described below may be combined with one another without conflict.
Example 1
Referring to fig. 1, fig. 1 is a schematic step diagram of an informationized evaluation method for enterprise compliance management risk assessment, which is provided in an embodiment of the present application, and is as follows:
step S100, generating a risk data evaluation matrix by combining the current situation of an enterprise with an existing compliance management risk evaluation model, and performing association analysis on enterprise data;
in some embodiments, in order to improve the evaluation efficiency, after determining the auxiliary evaluation indexes, based on each auxiliary evaluation index having a tendency, classifying all the auxiliary evaluation indexes, respectively establishing corresponding evaluation modules from several directions, and then establishing a compliance management risk evaluation model. And carrying out compliance risk identification and evaluation through a compliance management risk evaluation model. Compliance obligations are derived from four aspects: first, laws, regulations, and department regulations; secondly, the internal regulation system of enterprises; thirdly, professional conservation and moral standardization; fourth, the enterprise agrees with other main body. Second, compliance management behavior refers to all relevant behavior that puts compliance management into time. It is first an organizational framework comprising the implementation of the compliance management actions, which is the basis of humans. The system and the flow related to the compliance management are then the basis of the system. And then the compliance management behavior operation mechanism and finally the feedback and improvement behavior related to the compliance management. The compliance culture can ensure continuous and long-term implementation of compliance management, and the compliance culture can also reduce the operation cost of the compliance management system. Meanwhile, compliance culture is the last defense line for enterprise compliance risk prevention. Therefore, compliance culture modeling should also be an important component of the establishment of a compliance management system.
Step S110, analyzing the associated enterprise data, and calculating an influence coefficient of an initial auxiliary evaluation index of the enterprise, wherein the influence coefficient is used for reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model;
in some embodiments, compliance requirements, such as laws and regulations, regulations or guidelines issued by regulatory authorities, decisions by courts or arbitration authorities, treaties, conventions, etc. and compliance commitments of enterprises, such as agreements with authorities and clients, voluntary principles or behavior rules, etc. are respectively listed by the parsed enterprise data. And carrying out clearance of the rights and matters to form a rights list. And cleaning and determining various public responsibilities according to the business flow system and the authorization system of the enterprise, and identifying the corresponding rights to form a rights list. May be developed based on business processes or may be developed based on post responsibilities. And finally, calculating the influence coefficient of the initial auxiliary evaluation index of the enterprise according to the responsibility list, and starting risk evaluation work, wherein the method comprises the steps of determining the compliance risk level, forming a risk sequence, and planning a risk coping plan according to the risk sequence.
And step S120, warning and informationized evaluation is carried out on the enterprise compliance management risk by prompting the possibility of risk occurrence through the influence coefficient.
In some embodiments, the risk assessment model is used for treating the risk by assessing the security risk possibly encountered by the target information under the condition of comprehensively considering the cost and benefit, and finally reducing the risk of the target information to a tolerable or acceptable risk level, and the main steps comprise environmental threat identification, business threat identification, data management identification, data asset identification, vulnerability identification and finally forming unified informationized risk assessment.
Example 2
Referring to fig. 2, fig. 2 is a detailed step schematic diagram of an enterprise compliance management risk assessment informatization evaluation method provided in an embodiment of the present application, which is as follows:
step S200, the risk data evaluation matrix is divided into five categories, including enterprise compliance index, industry risk index, production process risk index, pollution prevention measure index, and risk prevention measure index.
Step S210, a score range and a corresponding evaluation standard are given to enterprise compliance management risk auxiliary evaluation indexes of each evaluation module of the compliance management risk evaluation model.
In step S220, the associated enterprise data designs an informationized evaluation framework, namely a basic implementation layer and an evaluation modeling layer, wherein the basic implementation layer works with the evaluation framework and the risk library as a basis, and the evaluation modeling layer introduces enterprise data risk evaluation.
And step S230, carrying out data analysis and mining according to the associated enterprise data, sketching out a compliance characteristic map, behavior characteristics and trends of a special enterprise, and continuously collecting the behavior characteristics by utilizing a compliance management risk assessment model.
And step 240, establishing an auxiliary standard of a risk early warning critical value, and carrying out early warning on the enterprise compliance management risk by a quantification method by adopting a historical data method.
And S250, carrying out targeted evaluation and carding according to auxiliary standards of risk early warning critical values to obtain matching degree, namely the proportion of the compliance items, and carrying out informatization evaluation on the enterprise compliance management risk by combining a historical data method.
In some embodiments, the enterprise compliance index assists in assessing risk from an enterprise management perspective, for example, whether an environmental protection procedure, a safety procedure, a related risk management system and the like are complete, whether a serious dangerous source of dangerous chemicals is recorded or not, and the like, and such index affects the enterprise environmental risk from the side, for example, whether the serious dangerous source of dangerous chemicals is recorded or not directly affects the risk assessment of substances and process systems involved in an enterprise. An evaluation total score is set for each classification based on the characteristics of the enterprise. And assigning a score range and a corresponding scoring standard to the auxiliary evaluation index of the enterprise environmental risk under each category by combining the corresponding influence coefficient and the evaluation total of the category. And optimizing the existing compliance management risk assessment model, and establishing a final compliance management risk assessment model.
Example 3
Referring to fig. 3, fig. 3 is a schematic diagram of an enterprise compliance management risk assessment informatization evaluation system according to an embodiment of the present application, which is as follows:
the data association module 10 is used for generating a risk data evaluation matrix by combining the current situation of the enterprise and the existing compliance management risk evaluation model, and carrying out association analysis on the enterprise data;
the risk analysis module 20 is configured to analyze the associated enterprise data, calculate an influence coefficient of an initial auxiliary evaluation index of the enterprise, and reflect the influence coefficient of the corresponding initial auxiliary evaluation index on an existing compliance management risk evaluation model;
the informatization evaluation module 30 is used for carrying out early warning and informatization evaluation on the enterprise compliance management risk by prompting the possibility of risk occurrence through the influence coefficient.
As shown in fig. 4, an embodiment of the present application provides an electronic device, which includes a memory 101 for storing one or more programs; a processor 102. The method of any of the first aspects described above is implemented when one or more programs are executed by the processor 102.
And a communication interface 103, where the memory 101, the processor 102 and the communication interface 103 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 101 may be used to store software programs and modules that are stored within the memory 101 for execution by the processor 102 to perform various functional applications and data processing. The communication interface 103 may be used for communication of signaling or data with other node devices.
The Memory 101 may be, but is not limited to, a random access Memory 101 (Random Access Memory, RAM), a Read Only Memory 101 (ROM), a programmable Read Only Memory 101 (Programmable Read-Only Memory, PROM), an erasable Read Only Memory 101 (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory 101 (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 102 may be an integrated circuit chip with signal processing capabilities. The processor 102 may be a general purpose processor 102, including a central processor 102 (Central Processing Unit, CPU), a network processor 102 (Network Processor, NP), etc.; but may also be a digital signal processor 102 (Digital Signal Processing, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a Field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
In the embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other manners. The above-described method and system embodiments are merely illustrative, for example, flow charts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
In another aspect, embodiments of the present application provide a computer-readable storage medium having stored thereon a computer program which, when executed by the processor 102, implements a method as in any of the first aspects described above. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory 101 (ROM), a random access Memory 101 (RAM, random Access Memory), a magnetic disk or an optical disk, or other various media capable of storing program codes.
In summary, according to the enterprise compliance management risk assessment informatization evaluation method and system provided by the embodiment of the application, by implementing the organization architecture of the compliance management behavior and the system and the process related to the compliance management, the compliance management behavior operation mechanism and the feedback and improvement behavior related to the compliance management can be ensured to be continuously and permanently implemented, and the compliance culture can also reduce the operation cost of the compliance management system. Meanwhile, the compliance culture is the last defense line for enterprise compliance risk prevention, so that the compliance culture modeling is also an important component established by a compliance management system, and the enterprise environment risk auxiliary evaluation index with the largest relevance is automatically screened out according to the existing compliance management risk evaluation model, so that the optimization direction is clear, and the calculated amount is small.
The foregoing is merely a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and variations may be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. An enterprise compliance management risk assessment informationized evaluation method is characterized by comprising the following steps:
combining the current situation of the enterprise with the existing compliance management risk assessment model, generating a risk data evaluation matrix, and carrying out association analysis on enterprise data;
analyzing the associated enterprise data, and calculating an influence coefficient of an initial auxiliary evaluation index of the enterprise, wherein the influence coefficient is used for reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model;
and prompting the possibility of risk occurrence through the influence coefficient, and carrying out early warning and informationized evaluation on the enterprise compliance management risk.
2. The method for informationized evaluation of enterprise compliance management risk assessment according to claim 1, wherein the steps of combining the current situation of the enterprise with the existing compliance management risk assessment model, generating a risk data evaluation matrix, and performing association analysis on the enterprise data comprise:
the risk data evaluation matrix is divided into five types, including enterprise compliance indexes, industry risk indexes, production process risk indexes, pollution control measure indexes and risk precaution measure indexes.
3. The method for informationized evaluation of enterprise compliance management risk assessment according to claim 2, further comprising:
and giving a score range and corresponding evaluation standards for enterprise compliance management risk auxiliary evaluation indexes of each evaluation module of the compliance management risk evaluation model.
4. The method for informationized evaluation of enterprise compliance management risk assessment according to claim 1, wherein the analyzing the associated enterprise data, calculating an influence coefficient of an initial auxiliary assessment index of the enterprise, the influence coefficient being used for reflecting the influence coefficient of the corresponding initial auxiliary assessment index on the existing compliance management risk assessment model, comprises:
the associated enterprise data designs an informationized evaluation framework, namely a basic implementation layer and an evaluation modeling layer, wherein the basic implementation layer works with the evaluation framework and a risk library as a basis, and the evaluation modeling layer introduces enterprise data risk evaluation.
5. The method for informationized evaluation of enterprise compliance management risk assessment of claim 4, further comprising:
and carrying out data analysis and mining according to the associated enterprise data, drawing out a compliance characteristic map, behavior characteristics and trends of a special enterprise, and continuously collecting the behavior characteristics by utilizing a compliance management risk assessment model.
6. The method for informationized evaluation of enterprise compliance risk assessment according to claim 1, wherein the prompting of risk occurrence probability by the influence coefficient comprises the steps of:
establishing an auxiliary standard of a risk early warning critical value, and carrying out early warning on the enterprise compliance management risk by a quantification method by adopting a historical data method.
7. The method for informationized evaluation of enterprise compliance management risk assessment of claim 6, further comprising:
and (3) carrying out targeted evaluation and carding according to auxiliary standards of risk early warning critical values to obtain matching degree, namely the proportion of compliance items, and carrying out informatization evaluation on enterprise compliance management risks by combining a historical data method.
8. An enterprise compliance management risk assessment informationized evaluation system, comprising:
the data association module is used for generating a risk data evaluation matrix by combining the current situation of the enterprise with the existing compliance management risk evaluation model and carrying out association analysis on the enterprise data;
the risk analysis module is used for analyzing the associated enterprise data, calculating the influence coefficient of the initial auxiliary evaluation index of the enterprise, and reflecting the influence coefficient of the corresponding initial auxiliary evaluation index on the existing compliance management risk evaluation model;
and the informatization evaluation module is used for carrying out early warning and informatization evaluation on the enterprise compliance management risk through the possibility of risk occurrence prompted by the influence coefficient.
9. The enterprise compliance management risk assessment informationized assessment system of claim 8, comprising:
at least one memory for storing computer instructions;
at least one processor in communication with the memory, wherein the at least one processor, when executing the computer instructions, causes the system to perform: the system comprises a data association module, a risk analysis module and an informationized evaluation module.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310363296.2A CN116433021A (en) | 2023-04-04 | 2023-04-04 | Enterprise compliance management risk assessment informationized evaluation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310363296.2A CN116433021A (en) | 2023-04-04 | 2023-04-04 | Enterprise compliance management risk assessment informationized evaluation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116433021A true CN116433021A (en) | 2023-07-14 |
Family
ID=87092117
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310363296.2A Pending CN116433021A (en) | 2023-04-04 | 2023-04-04 | Enterprise compliance management risk assessment informationized evaluation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116433021A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118396350A (en) * | 2024-06-28 | 2024-07-26 | 苔花科迈(西安)信息技术有限公司 | Coal mine safety compliance control method and system applied to mine side |
-
2023
- 2023-04-04 CN CN202310363296.2A patent/CN116433021A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118396350A (en) * | 2024-06-28 | 2024-07-26 | 苔花科迈(西安)信息技术有限公司 | Coal mine safety compliance control method and system applied to mine side |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Busuioc | Accountable artificial intelligence: Holding algorithms to account | |
| US10339321B2 (en) | Cybersecurity maturity forecasting tool/dashboard | |
| US8196207B2 (en) | Control automation tool | |
| Imoniana et al. | The forensic accounting and corporate fraud | |
| US20120102361A1 (en) | Heuristic policy analysis | |
| US20220335553A1 (en) | System and a method for generating and managing machine executable digital contracts | |
| US20230214500A1 (en) | Flexible risk assessment and management system for integrated risk and value analysis | |
| Dokuchaev et al. | Analysis of Data Risk Management Methods for Personal Data Information Systems | |
| US20210049526A1 (en) | Risk analysis through mapping | |
| Amraoui et al. | Information Systems Risk Management: Litterature Review. | |
| CN116433021A (en) | Enterprise compliance management risk assessment informationized evaluation method and system | |
| KR100524649B1 (en) | Risk analysis system for information assets | |
| US11314892B2 (en) | Mitigating governance impact on machine learning | |
| Kiedrowicz | Multi-faceted methodology of the risk analysis and management referring to the IT system supporting the processing of documents at different levels of sensitivity | |
| Skeoch et al. | Pricing cyber-insurance for systems via maturity models | |
| Heidari et al. | A fuzzy data envelopment analysis for the supply chain resilience assessment: An Iranian car manufacturer | |
| Dojutrek et al. | A fuzzy approach for assessing transportation infrastructure security | |
| Antonio | Continuous auditing: Developing automated audit systems for fraud and error detections | |
| KR20040011858A (en) | Real Time Information Security Risk Assessment System and Method | |
| Stanik | System risk model of the IT system supporting the processing of documents at different levels of sensitivity | |
| Taubenberger et al. | IT Security Risk Analysis based on Business Process Models enhanced with Security Requirements. | |
| Kharisova et al. | Some questions of it control in economic entities | |
| da Costa et al. | Industrial occupational safety: Industry 4.0 upcoming challenges | |
| Barateiro et al. | Integrated management of risk information | |
| CN118521315B (en) | Multi-dimensional comprehensive coding method, system, equipment and medium for prepaid card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |