JP2009134485A - Information processor and information processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor reducing a target related to maintenance evaluation in and after the second year in maintenance evaluation in internal control. <P>SOLUTION: A document data storage means of this information processor stores internal control document data of each year, a document difference extraction means extracts a difference between the internal control document data of the year that is a target stored in the document data storage means and the internal control document data of the previous year, and an evaluation target output means outputs a part of the difference extracted by the document difference extraction means as the target of the maintenance evaluation in the internal control. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing apparatus and an information processing program.

In recent years, financial internal control has been required. With regard to the financial internal control, “Internal Control – Integrated Framework” announced by COSO (Treadway Committee Organizing Committee) in 1992 has become the de facto standard.・ Board of Directors, Management and other organizations intended to provide reasonable assurance to achieve three objectives: efficiency, (2) reliability of financial statements, and (3) compliance with relevant laws and regulations. It is defined as "one process carried out by staff".
In financial internal control, it takes a lot of labor to manually manage and manage the relationship between activities / systems / resources / knowledge information, etc., to document business processes, and to build a mechanism for using those documents. It was hanging. There are four types of financial internal control documents: business description, business flow diagram, RCM (risk control matrix, risk and control relationship table), and segregation of duties table.

In addition, in financial internal control, a maintenance evaluation that analyzes work related to finance and checks the correctness and accuracy of the document that summarizes the results (hereinafter also referred to as a walk-through, also abbreviated as WT). There are two types of evaluation: operational evaluation that tests whether the system is operating as documented. The number of man-hours for these evaluations requires an enormous amount of time, and therefore needs to be performed efficiently.
In addition, since these assessments need to be conducted and reported every year with different test cases, the contents of the assessments and results of each year, as well as the issues left over from the previous year and how to deal with them, are quickly organized from a vast amount of data. It is necessary to prepare a document in the form that was made.

  As a technology related to these, for example, Patent Document 1 describes a business in which the flow from business analysis to creation of system specifications is ensured and facilitated, and the business flow is the processing contents and input / output information for each department. Business analysis means for creating flow diagrams interactively, means for automatically selecting and extracting hardware, software and information necessary for business flow diagrams using a knowledge base, and system products generated according to business flow diagrams It is disclosed that a person actually engaged in business can create a business flow diagram and automatically generate necessary system products according to the business flow diagram.

Also, for example, in Patent Document 2, in the workflow management system, a document name, an attribute name attached to the document, and an attribute value to be selected are used for the purpose of confirming whether the defined business process definition information is valid by simulation. A pseudo case with, is passed from node to node based on the business process definition information, and when the current node is a work node, an attribute that refers to the attribute value in the subsequent control node In the case of updating, it is disclosed that a transition is made to the next node leaving a record of the update, and when the current node is a control node, control is transferred to the node defined according to the update record.
JP 05-165844 A Japanese Patent Laid-Open No. 08-190587

  An object of the present invention is to provide an information processing apparatus and an information processing program that reduce the objects related to maintenance evaluation in the second and subsequent years in maintenance evaluation in internal control.

The gist of the present invention for achieving the object lies in the inventions of the following items.
[1] Document data storage means for storing internal control document data for each year;
A document difference extracting means for extracting the difference between the internal control document data of the target year stored in the document data storage means and the internal control document data of the previous year;
An information processing apparatus comprising: an evaluation target output unit that outputs a difference portion extracted by the document difference extraction unit as a maintenance evaluation target in internal control.

[2] Document data creation means for retrieving internal control document data for the previous year of the target year from the document data storage means, creating internal control document data for the target year, and storing the data in the document data storage means The information processing apparatus according to [1], further comprising:

[3] Evaluation data storage means for storing data for maintenance evaluation;
Based on the maintenance evaluation target output by the evaluation target output means and the maintenance evaluation data stored in the evaluation data storage means, a maintenance evaluation plan for the internal control document data in the target year is created. The information processing apparatus according to [1] or [2], further comprising maintenance evaluation plan creation means.

[4]
Document data storage means for storing internal control document data for each year;
A document difference extracting means for extracting the difference between the internal control document data of the target year stored in the document data storage means and the internal control document data of the previous year;
An information processing program that functions as an evaluation target output unit that outputs a difference portion extracted by the document difference extraction unit as a maintenance evaluation target in internal control.

  According to the information processing apparatus of the first aspect, in the maintenance evaluation in the internal control, it is possible to reduce the objects related to the maintenance evaluation after the second year.

  According to the information processing apparatus of the second aspect, the internal control document data of the current year can be created by diverting the internal control document data of the previous year.

  According to the information processing apparatus of the third aspect, it is possible to create a maintenance evaluation plan in which the objects related to the maintenance evaluation in the second and subsequent years are reduced.

  According to the information processing program of the fourth aspect, in the maintenance evaluation in the internal control, it is possible to reduce the objects related to the maintenance evaluation after the second year.

First, “Basic 4 Documents” of internal control will be described.
The four basic documents are basic documents created for each business process subject to financial internal control. Specifically, a business description, a business flow diagram, an RCM (risk control matrix), a job There is a separation table.
The business description is also called narrative. This is a documented flow of a series of operations from the start of the transaction to the final entry to the general ledger and reporting. Regulatory documents such as personnel regulations and accounting business regulations are higher-level documents of the business description, and the revision affects the business description. The business manual is a sub-document of the business description and is affected by the revision.
The business flow diagram is a visual flowchart of a series of business flows from the start of a transaction to the final entry to the general ledger and reporting. Risk and control are also placed on this flow.
The RCM (Risk Control Matrix) is a summary of internal control activities related to business processes, a summary of the control points to be achieved (assertion), assumed risks, and corresponding internal control activities. It is.
The segregation of duties table is used to check whether there is a duplication of processing by the same person in charge in the flow of business processes, which causes a problem in financial control.
Assertion is a precondition for financial information to be considered as reliable information. Specifically, it includes reality, completeness, evaluation, rights and obligations, period / allocation, and display. The item is generally used, but it is desirable that it can be customized because there are some changes by each company or audit corporation.
Risk refers to an impediment to assertions assumed in business processes.
Control refers to internal control activities against risks. Control types include preventive and detective.

Hereinafter, a preferred embodiment of the present invention will be described with reference to the drawings.
In financial internal control, the relationship between activities / systems / resources / knowledge information is organized, business processes are documented, and a system for utilizing the documents is constructed. This system is constructed in units of companies, but one system may be used between affiliated companies (including subsidiaries, parent companies, etc.).
A configuration example of the entire system for walkthrough or operational evaluation of financial internal control for realizing the present embodiment will be described with reference to FIG.
The entire system includes a client 3010 and an internal control processing server 3020. In addition, each structure may be plural. The client 3010 and the internal control processing server 3020 are connected via a communication line 3030. The client 3010 and the internal control processing server 3020 are connected using a communication protocol such as HTTP (Hyper Text Transfer Protocol) in which data is described using XML (extensible Markup Language) or the like.
The client 3010 has a user interface function for the operator to use the internal control processing server 3020.
In order to conduct a walk-through or operational evaluation in internal control, the internal control processing server 3020 displays a screen (WT plan record screen 400 or the like) for inputting an evaluation plan or the like on the client 3010.

With reference to FIGS. 1 to 12, a description will be given of the present embodiment for performing maintenance evaluation (walk-through) of financial internal control for confirming the validity and validity of a document created for financial internal control.
An example of a basic flow in the walk-through phase will be described with reference to FIG.
In step S102, the person in charge of financial internal control creates an overall plan for financial internal control.
In step S104, the person in charge creates a walk-through plan using the present embodiment. What is used in this case is a plan record and a WT detail sheet (plan).
In step S106, the person in charge performs a walk-through using the present embodiment. What is used at this time is a procedure record and a WT detail sheet (implementation).
In step S108, the person in charge performs evaluation from the result of the walk-through using the present embodiment. What is used at this time is an evaluation record.
In step S110, the person in charge examines a countermeasure from the evaluation of the result of the walkthrough. If it is determined by the person in charge that improvement is necessary, the process proceeds to step S112. Otherwise, the process proceeds to step S116.
In step S112, improvement activities by the person in charge are performed. For example, examination of which part of which document is to be corrected is performed based on the evaluation in step S108.
In step S114, the person in charge modifies / revises a document or the like using this embodiment as an improvement activity. Thereafter, the process returns to step S104.
In step S116, the person in charge performs a comprehensive evaluation on the document for financial internal control, etc. for which the walkthrough activity and the countermeasures have been completed.

A conceptual module configuration example of the present embodiment when performing walk-through will be described with reference to FIG.
Each component generally refers to components such as software (computer program) and hardware that can be logically separated. Therefore, the component in the present embodiment indicates not only a module in a computer program but also a module in a hardware configuration. Therefore, the present embodiment also serves as an explanation of a computer program, a system, and a method. However, for the sake of explanation, the words “store”, “store”, and equivalents thereof are used. However, when the embodiment is a computer program, these words are stored in a storage device or stored in memory. It is the control to be stored in the device. In addition, each component corresponds to the function almost one-to-one. However, in implementation, one component may be configured by one program, or a plurality of components may be configured by one program, and vice versa. In addition, one component may be composed of a plurality of programs. Further, the plurality of components may be executed by one computer, or the one component may be executed by a plurality of computers in a distributed or parallel environment. Note that one component may include other components. In the following, “connection” includes not only physical connection but also logical connection (data exchange, instruction, reference relationship between data, etc.). For example, data being connected to each other means that a part of the data is the same data, that one is pointing to the other by a pointer or a link.
In addition, the system or device is configured by connecting a plurality of computers, hardware, devices, and the like by communication means such as a network (including one-to-one correspondence communication connection), etc., and one computer, hardware, device. The case where it implement | achieves by etc. is also included.
The operator is also referred to as a creator, a verifier, a user, or the like depending on the context.
The term “input” is used when data is received by an operator's operation on the client 3010 or the internal control processing server 3020, or when each component accepts data from another component.

  In the database 200, as shown in FIG. 2, WT test data 201, activity data 202, WT test results 203, RCM data 204, resource data 205, and knowledge / information data 206 are stored. These may be managed by separate databases, or may be managed by one database.

  The WT test data 201 is connected to a WT plan record output unit 221, a WT detail sheet (plan) output unit 222, a WT plan record input unit 231, and a WT detail sheet (plan) input unit 232. The activity data 202 is connected to a WT detail sheet (plan) output unit 222, a WT detail sheet (execution) output unit 224, RCM data 204, resource data 205, and knowledge / information data 206. The WT test result 203 includes a WT procedure record output unit 223, a WT detail sheet (execution) output unit 224, a WT evaluation record output unit 225, a WT procedure record input unit 233, a WT detail sheet (execution) input unit 234, and a WT evaluation report. The input unit 235 is connected. The RCM data 204 includes a WT plan record output unit 221, a WT detail sheet (plan) output unit 222, a WT procedure record output unit 223, a WT detail sheet (execution) output unit 224, a WT evaluation record output unit 225, and activity data 202. It is connected. Resource data 205 is connected to activity data 202. The knowledge / information data 206 is connected to the WT detail sheet (plan) output unit 222, the WT detail sheet (execution) output unit 224, and the activity data 202.

  As components for inputting data to the database 200, a WT plan record input unit 231, a WT detail sheet (plan) input unit 232, a WT procedure record input unit 233, a WT detail sheet (execution) input unit 234, and a WT evaluation record input unit There are 235. The WT plan record input unit 231 and the WT detail sheet (plan) input unit 232 are connected to the WT test data 201. The WT procedure record input unit 233, the WT detail sheet (execution) input unit 234, and the WT evaluation record input unit 235 are connected to the WT test result 203.

  As the components that output data from the database 200, a WT plan record output unit 221, a WT detail sheet (plan) output unit 222, a WT procedure record output unit 223, a WT detail sheet (execution) output unit 224, and a WT evaluation record output unit There are 225. The WT plan record output unit 221 is connected to the WT test data 201 and the RCM data 204, and outputs the WT plan record 211. The WT detail sheet (plan) output unit 222 is connected to the WT test data 201, the activity data 202, the RCM data 204, and the knowledge / information data 206, and outputs a WT detail sheet 212. The WT procedure record output unit 223 is connected to the WT test result 203 and the RCM data 204 and outputs the WT procedure record 213. The WT detail sheet (execution) output unit 224 is connected to the activity data 202, the WT test result 203, the RCM data 204, and the knowledge / information data 206, and outputs a WT detail sheet 214. The WT evaluation paper output unit 225 is connected to the WT test result 203 and the RCM data 204, and outputs the WT evaluation paper 215.

An example of the relationship between data in the database 200 will be described in detail with reference to FIG.
FIG. 3 shows an activity table 300, a WT test data table 310, a WT test result table 320, a defect list table 330, a remaining risk list table 340, a WT test review table 350, a risk-control relationship table 360, a risk table 370, and a control. The relationship between the table 380 and the knowledge / information table 390 is shown. Note that each table column represents an example, and a column may be added so that other information can be stored.

  The activity table 300 corresponds to the activity data 202 in FIG. The activity table 300 includes an activity ID column 301, an activity name column 302, an activity type column 303, a system name column 304, a business category column 305, an activity category column 306, a responsible organization column 307, a responsible person column 308, and a practical content column 309. Have. The activity ID stored in the activity ID column 301 is an identifier that can uniquely identify an activity input by the operator. This activity ID is also used in the activity ID column 374 of the risk table 370, the activity ID column 384 of the control table 380, and the activity ID column 394 of the knowledge / information table 390, and these tables are related to the activity table 300. .

The risk-control relationship table 360, the risk table 370, and the control table 380 correspond to the RCM data 204 in FIG. As a whole, a risk control matrix is stored in which assumed risks are associated with controls corresponding to the risks.
The risk table 370 has a risk ID column 371, a risk name column 372, a risk content column 373, and an activity ID column 374. The risk ID stored in the risk ID column 371 of the risk table 370 is an identifier for uniquely identifying a risk. This risk ID is also used in the risk ID column 361 of the risk-control relationship table 360 and the risk ID column 343 of the remaining risk list table 340. The risk table 370 is the risk-control relationship table 360, the remaining risk list table 340, Related.
The control table 380 includes a control ID column 381, a control name column 382, a control content column 383, an activity ID column 384, and a trail knowledge ID column 385. The control ID stored in the control ID column 381 of the control table 380 is an identifier for uniquely identifying the control. This control ID is also used in the control ID column 362 of the risk-control relationship table 360, the control ID column 314 of the WT test data table 310, the control ID column 333 of the defect list table 330, and the alternative control column 334 of the defect list table 330. The control table 380 is associated with the risk-control relationship table 360, the WT test data table 310, and the deficiency list table 330.
The risk-control relationship table 360 has a risk ID column 361 and a control ID column 362. This table associates risk IDs with control IDs.

The knowledge / information table 390 corresponds to the knowledge / information data 206 of FIG.
The knowledge / information table 390 has a knowledge ID column 391, a knowledge name column 392, a knowledge type column 393, and an activity ID column 394. The knowledge ID stored in the knowledge ID column 391 of the knowledge / information table 390 is an identifier for uniquely identifying knowledge. This knowledge ID is also used in the knowledge ID column for trail 385 of the control table 380, and the knowledge / information table 390 is related to the control table 380.

The WT test data table 310 corresponds to the WT test data 201 in FIG.
The WT test data table 310 has a WTID column 311, a process ID column 312, a process name column 313, a control ID column 314, a test type column 315, and a test execution content column 316. The WTID stored in the WTID column 311 of the WT test data table 310 is an identifier for uniquely identifying the walkthrough. This WTID is also used in the WTID column 321 of the WT test result table 320, and the WT test data table 310 is related to the WT test result table 320.

The WT test result table 320 corresponds to the WT test result 203 in FIG.
The WT test result table 320 includes a WTID column 321, a test result column 322, a test performer column 323, a test date / time column 324, a plan difference column 325, a difference content column 326, and a comment column 327.

The defect list table 330, the remaining risk list table 340, and the WT test review table 350 are included in the WT test result 203 of FIG.
The defect list table 330 includes a process ID column 331, a process name column 332, a control ID column 333, an alternative control column 334, a countermeasure column 335, and an improvement plan column 336. The remaining risk list table 340 includes a process ID column 341, a process name column 342, a risk ID column 343, a supplementary control column 344, a corresponding necessity column 345, an improvement plan column 346, a complementary control column 347, and a corresponding necessity column 348. And an improvement plan column 349. The WT test review table 350 includes a form name column 351, a review result column 352, a review comment column 353, a review date column 354, and a reviewer column 355.

The internal control processing server 3020 uses the internal control processing server 3020 to perform a walk-through for confirming the validity and validity of a document created for financial internal control, which is a kind of evaluation of financial internal control. An example of a screen displayed on an output device such as a display of the control processing server 3020 will be described.
The outline of the walkthrough is as follows.
Using the four documents created for financial internal control and the database-based data (elements such as RCM data 204, resource data 205, knowledge / information data 206, and activity data 202 that is the center of the data) WT plan contents and test contents for planning the walk-through are input (WT plan record screen 400 shown in FIG. 4, WT detailed sheet (plan) screen 700 shown in FIG. 7), and the walk-through is performed. WT test results for input (WT procedure record screen 500 shown in FIG. 5, WT detailed sheet (execution) screen 800 shown in FIG. 9), and evaluation of WT test results (WT evaluation record shown in FIG. 6) Screen 600), and output a defect list and a residual risk list as a comprehensive evaluation of the walkthrough (defect list screen 1100 shown in FIG. 12, shown in FIG. 13). The remaining risk list screen 1200) to have.

FIG. 4 is an explanatory diagram of a screen example of the walk-through plan record.
A documentation process is designated and maintenance evaluation is performed by the operator's operation. Then, the input screen of the WT plan paper screen 400 is displayed.
A test target period column 401 is displayed, and input of period data (for example, 2008/04/01 to 2009/03/31) by an operator's operation is accepted. Similarly, the input in the execution person in charge column 431, the reviewer column 432, the test period column 433, and the review period column 434 is received.
Also, based on the period data input to the test target period column 401 using the data in the database 200, the company name column 402, the process ID column 404 and process name column 405 of the target process 403, and the total control number column 406. The planned control number column 407, the achievement rate column 408, and the test execution plan 410 are displayed. The test execution plan 410 has a CID column 411, a control column 412, a detailed plan column 413, and a remarks column 414.
Information on control of the documenting process is displayed in the control column 412 from the RCM data 204 stored in the database 200.
The total number of controls, the planned number of controls, and the achievement rate are calculated and displayed in the total control number column 406, the planned control number column 407, and the achievement rate column 408.
When the WT detail sheet button 409 is pressed by an operator's operation, a WT detail sheet (plan) screen 700 is displayed.
When a control cell in the control column 412 is designated by an operator's operation, a control details screen 900 is displayed.
For a test for each control, a plan that has not been implemented (may include an uncreated plan) is displayed in a form (for example, red, blinking, etc.) different from other displays.

Referring to the RCM data 204 in the database 200 (particularly, the risk-control relationship table 360, the risk table 370, the control table 380), a dummy control is automatically set for the risk for which there is no control. Therefore, the plan is not set to eliminate the control input omission. Further, the control additionally created in the remarks column 414 is displayed in a form (for example, red, blinking, etc.) different from other displays. A risk for which no control is defined for the risk is extracted from the RCM data 204 created by documenting the basic four documents. If there is no control corresponding to the risk stored in the RCM data 204, a dummy control is set. Next, when a dummy control is set, data indicating that the set control is a dummy (for example, the plan is not set) is set.
Specifically, in the table format of the risk and control matrix, there is no case where there is nothing corresponding to the vertical control for the horizontal risk. This means that risk is not controlled (control), so it is necessary to set control. First, the system automatically creates a control, and the contents of the control are added at this time. Later, the operator will define this color part.

In order to review this WT plan, an e-mail is transmitted to the reviewer by pressing a review request button 415 that is an operation of the operator.
By this review request, the reviewer can input the review result field 421, reviewer comment field 422, reviewer field 423, and review date field 424 in the review screen 420. That is, the item in the review screen 420 is made active. The review is confirmed by pressing the review completion button 425 that is a reviewer's operation.
When the close button 499 is pressed by an operator's operation, the WT plan paper screen 400 is closed and the process is terminated.

FIG. 5 is an explanatory diagram of a screen example of the walk-through procedure paper.
The WT procedure record screen 500 refers to data such as the WT test data 201 in the database 200, and includes a test target period column 501, a company name column 502, a process ID column 504 and a process name column 505 of the target process 503, and a result. A summary 510 and a test result 520 are displayed. The result summary 510 includes a test item number column 511, an OK column 512, and an NG column 513. The test result 520 includes a WT-ID column 521, a sub-process column 522, a CID column 523, a control column 524, and an execution content column 525. The result column 526, the test performer column 527, and the test execution date column 528 are displayed.
When the WT detail sheet button 514 is pressed by an operator's operation, a WT detail sheet (plan) screen 700 is displayed.
The total number of test items is displayed in the test item number field 511 from the test contents entered on the WT plan record screen 400 and the WT detail sheet (plan) screen 700, and the test result entered on the WT detail sheet (execution) screen 800 is OK. Displayed in the column 512 and the NG column 513.
In order to review this WT procedure paper, an e-mail is transmitted to the reviewer by pressing the review request button 529 which is an operation of the operator.
In response to this review request, the reviewer can input the review result column 531, reviewer comment column 532, reviewer column 533, and review date column 534 in the review screen 530. That is, the item in the review screen 530 is activated. The review is confirmed by pressing the review completion button 535 that is a reviewer's operation.
When the update button 598 is pressed by the operator's operation, the data in the database 200 is updated with the contents input on the current WT procedure paper 500, and the cancel button 599 is pressed by the operator's operation. Then, the content entered on the current WT procedure record screen 500 is canceled and the previous state is restored.

FIG. 6 is an explanatory diagram of a screen example of the walk-through evaluation paper.
The WT evaluation documentation screen 600 refers to data such as the WT test data table 310, the WT test result table 320, and the WT test data 201 in the database 200, and includes a process ID field 601, a process name field 602, a risk control field, The matrix 610 and the correspondence 630 to deficient control are displayed.
The risk control matrix 610 is a matrix and displays risks as rows and controls as columns. Risks include R01 column 614, R02 column 615, R03 column 616, R04 column 617, and R05 column 618, and controls include C01 column 625, C02 column 626, C03 column 627, C04 column 628, and C05 column 629. The risk displays an RID column 621 for displaying a risk identifier, a risk content column 622 for explaining the risk, and the number of controls effective for the risk (the total number in which “O” is displayed in the cell). The effective control column 623 includes an installation control column 624 for displaying the number of controls installed for the risk (the total number in which “O” or “X” is displayed in the cell). The control includes a CID column 611 for displaying a control identifier and a control content column 612 for explaining the control. In the cell where the risk row and the control column intersect, the test result for the control is indicated by “◯”, and the test result for NG is indicated by “X”. For the display, the WT test data table 310 and the WT test result table 320 in the database 200 are particularly referred to. That is, based on the evaluation result and the risk stored in correspondence with the control in the RCM data 204, whether or not the control is performed in units of risk is displayed.
The WT result field 619 displays the walkthrough result (valid or incomplete) for the control.
In addition, in the risk control matrix 610, the risk that was OK in the test result is 0 risk (R03 column 616 in the example of FIG. 6). The display is different from other displays (for example, red, blinking, etc.).
The control cell and the control detail screen 900 corresponding to the control are linked, and when the control cell is clicked by the operator, the control detail screen 900 corresponding to the control is displayed.

  Corresponding to deficient control 630 has a CID column 631, a control content column 632, a countermeasure necessity column 633, a reason column 634, and an improvement plan draft column 635, which are deficient in control (or “×”). List the ones with the mark). The identifier of the deficient control is displayed in the CID column 631 and the description is displayed in the control content column 632. For each control, a countermeasure necessity column 633, a reason column 634, and an improvement plan draft column 635 can be input. Further, the cell in the improvement plan draft column 635 is linked to the document related to the improvement plan, and when the cell in the improvement plan draft column 635 is clicked by the operator, the document related to the improvement plan is displayed.

In order to review this WT evaluation paper, an e-mail is transmitted to the reviewer by pressing a review request button 636 that is an operation of the operator.
By this review request, the reviewer can input the review result field 671, reviewer comment field 672, reviewer field 673, and review date field 674 in the review screen 670. That is, the item in the review screen 670 is made active. The review is confirmed by pressing the review completion button 675 which is a reviewer's operation.
When the update button 698 is pressed by the operator's operation, the data in the database 200 is updated with the contents input on the current WT evaluation paper screen 600, and the cancel button 699 is pressed by the operator's operation. Then, the contents input on the current WT evaluation paper screen 600 are canceled and the previous state is restored.

7 and 8 are explanatory diagrams of screen examples of the walk-through detail sheet (plan).
The WT detail sheet (plan) screen 700 refers to data such as activity data 202 and RCM data 204 in the database 200, and includes a process ID column 701, a process name column 702, a WT test procedure 710, a sub-process screen 730, A control screen 740 and a procedure screen 750 are displayed.
The WT test procedure 710 has a WT-ID column 711, a sub-process column 712, an activity name column 713, a CID column 714, a control content column 715, a type column 716, an implementation content column 717, and a trail (knowledge / information) column 718. ing.
When the add button 719 is pressed by an operator's operation, the RCM data 204 in the database 200 is referred to, and the test target control selection screen shown in FIG. 8 is displayed. When the control displayed on the screen shown in FIG. 8 is checked by the operation of the operator, the control is added to the WT test procedure 710.
When the delete button 720 is pressed by the operator's operation, the current line of the WT test procedure 710 is deleted from the walkthrough, and when the upward movement button 721 and the downward movement button 722 are pressed by the operator's operation, Move the current line of the WT test procedure 710.

The sub-process screen 730 includes a sub-process column 731, an activity name column 732, and an activity content column 733. With reference to data such as the activity data 202 and RCM data 204 in the database 200, the control and the control process are associated with it. Displays information about activities.
The control screen 740 includes a control ID column 741, a control content column 742, a key control column 743, a control type column 744, a control frequency column 745, a statistical basis column 746, a control implementation trail column 747, a dependent DB / system column 748, It has an information processing control purpose column 749 and refers to data such as knowledge / information data 206 in the database 200 to display knowledge / information related to the control as trail information.
The procedure screen 750 includes a procedure type column 751 (selectable from question, observation, browsing, and re-execution), an execution content column 752, and a trail (knowledge / information) 760, and a procedure as test data for each control. The type and implementation details can be entered.
The trail (knowledge / information) 760 has a check column 761, an ID column 762, and a name column 763 so that a trail used for evaluation can be selected in the check column 761.
When the update button 798 is pressed by the operator's operation, the data in the database 200 is updated with the contents input on the current WT detail sheet (plan) screen 700, and the close button 799 is operated by the operator's operation. When pressed, the WT detail sheet (plan) screen 700 is closed and the process is terminated.

FIG. 9 is an explanatory diagram of a screen example of the walk-through detail sheet (implementation).
The WT detail sheet (execution) screen 800 refers to data such as the WT test data 201 in the database 200, and includes a process ID column 801, a process name column 802, a WT test procedure 810, a sub-process screen 830, and an evaluation result screen. 840, an observation item column 850 other than the test items is displayed.
The WT test procedure 810 includes a WT-ID column 811, a sub-process column 812, a type column 813, an execution content column 814, a result column 815, a plan difference column 816, a difference content column 817, a comment column 818, and a performer column 819. And an implementation date column 820. The contents of these fields are displayed with reference to data such as WT test data 201 in the database 200.
The sub-process screen 830 includes a sub-process column 831, an activity name column 832, and an execution content column 833, and test content corresponding to the walkthrough selected by the operator in the WT test procedure 810 and activity information related to the test. Is displayed.

The evaluation result screen 840 includes a result column 841, a plan difference column 842, a difference content column 843, a comment column 844, an implementer column 845, and an implementation date column 846. As the test result data, a result (OK / NG), the difference (presence / absence) from the plan, the content of the difference, the comment, the implementer, and the implementation date can be input by the operator.
In the observation item column 850 other than the test items, observation items other than the test items can be input as observation item data.
When the update button 898 is pressed by the operator's operation, the data in the database 200 is updated with the contents input on the current WT detail sheet (execution) screen 800, and the close button 899 is pressed by the operator's operation. When pressed, the WT detail sheet (execution) screen 800 is closed and the process is terminated.

FIG. 10 is an explanatory diagram of a screen example of control details.
The control detail screen 900 is linked to a corresponding cell in the WT evaluation paper screen 600, and when a cell in the WT evaluation paper screen 600 is selected by an operator's click, the corresponding control details screen 900 is displayed.
The control detail screen 900 displays a control table 910 and a test table 920 with reference to data such as the RCM data 204 in the database 200.
The control table 910 includes a control ID column 911, a control content column 912, a key control column 913, a control type column 914, a control frequency column 915, a statistical basis column 916, a control implementation trail column 917, a control ID column 918, information processing A control purpose column 919 is displayed.
The test table 920 includes a test procedure column 921 and a test result column 924. The test procedure column 921 further includes a type column 922 and an execution content column 923. It has a column 926, a difference content column 927, and a comment column 928.

FIG. 11 is an explanatory diagram of a screen example for setting test data.
The test data setting screen 1000 is linked to a corresponding cell in the WT evaluation paper screen 600, and when a cell in the WT evaluation paper screen 600 is selected by an operator's click, the corresponding test data setting screen 1000 is displayed. To do.
The test data setting screen 1000 displays a test data table 1010 and a walk-through screen 1020 with reference to data such as the WT test data 201 in the database 200.
The test data table 1010 has a WT-ID column 1011, a resource (DB) name column 1012, a Serial-No (slip number) column 1013, and a remarks column 1014.
On the walk-through screen 1020, a WT-ID column 1021, a resource (DB) name column 1022, a Serial-No (slip number) column 1023, and a remarks column 1024 are displayed so that the operator can input them.
When the OK button 1025 is pressed by the operator's operation, the contents entered in the current walk-through screen 1020 are registered in the database 200 and the result is displayed in the test data table 1010, and the cancel button 1026 is operated. When pressed by the user's operation, the content entered on the current walk-through screen 1020 is canceled and the previous state is restored.
When the update button 1098 is pressed by the operator's operation, the data in the database 200 is updated with the content input on the current test data setting screen 1000, and the close button 1099 is pressed by the operator's operation. Then, the test data setting screen 1000 is closed and the process is terminated.

FIG. 12 is an explanatory diagram of a screen example of a defect list.
The defect list 1110 is displayed on the defect list screen 1100 with reference to data such as the defect list table 330 in the database 200. The defect list 1110 includes a PID column 1111, a process name column 1112, a CID column 1113, and a control content column 1114. , An alternative C column 1115, a countermeasure column 1116, and an improvement plan column 1117.
The defect list screen 1100 shows a process ID, a process name, a control ID, and a control content regarding a control that is NG in the WT evaluation document (see FIG. 6), a PID column 1111, a process name column 1112, a CID column 1113, and a control content. Displayed in a column 1114.
In the alternative C column 1115, a list of alternative controls that replace the target control is displayed using the RCM data 204 in the database 200. The presence / absence of countermeasures for the corresponding control and the improvement plan are displayed in the countermeasure column 1116 and the improvement plan column 1117 so that the operator can input them.

FIG. 13 is an explanatory diagram of a screen example of the remaining risk list.
The residual risk list screen 1200 displays the residual risk list 1210 with reference to data such as the residual risk list table 340 in the database 200. The residual risk list 1210 includes a PID column 1211, a process name column 1212, an RID column 1213, It has a risk content column 1214, a supplementary control column 1215, a necessity / unnecessity column 1216, an improvement plan column 1217, a monetary importance column 1218, an occurrence possibility column 1219, and a comprehensive evaluation column 1220.
For the control of the deficiency list target (see FIG. 12), using the data of the RCM data 204 in the database 200, the process ID, process name, risk ID, risk content, and presence / absence of supplementary control related to the risk with zero effective control Are displayed in the PID column 1211, the process name column 1212, the RID column 1213, the risk content column 1214, and the complementary control column 1215, respectively.
The necessity / unnecessity of countermeasures for the corresponding risk, improvement plan, monetary importance, possibility of occurrence, and comprehensive evaluation are respectively shown in the necessity / unnecessity column 1216, improvement plan column 1217, monetary importance column 1218, and possibility column 1219. , The comprehensive evaluation column 1220 is displayed so that the operator can input it.

Next, the present embodiment for performing operational evaluation of financial internal control will be described with reference to FIGS.
An example of a basic flow in the operation evaluation phase will be described with reference to FIG.
In step S1302, the person in charge of financial internal control creates an overall plan of financial internal control.
In step S1304, the person in charge creates an individual plan for operation evaluation using the present embodiment. What is used at this time is a plan record and a test detail sheet (plan).
In step S1306, the person in charge performs a test that is operation evaluation using the present embodiment. What is used at this time is a procedure record and a test detail sheet (execution).
In step S1308, the person in charge performs an evaluation from the result of the operation evaluation using the present embodiment. What is used at this time is an evaluation record. If it is determined by the person in charge that improvement is necessary, the process proceeds to step S1312, and if it is determined that an additional test is necessary, the process proceeds to step S1304 in order to perform operation evaluation using another test item. If it is determined that a test is necessary, the process proceeds to step S1304 to perform operation evaluation in another control, and otherwise, the process proceeds to step S1310.
In step S1312, the person in charge modifies / revises a document or the like using this embodiment as an improvement activity. Thereafter, the process returns to step S1304 or proceeds to step S1310.
In step S1310, the person in charge performs comprehensive evaluation on the operation evaluation activity, the document for financial internal control for which measures have been taken, and the like.

A conceptual module configuration example of the present embodiment when performing operation evaluation will be described with reference to FIG.
In the database 1400, as shown in FIG. 15, operation test data 1401, activity data 1402, operation test results 1403, RCM data 1404, resource data 1405, and knowledge / information data 1406 are stored. These may be managed by separate databases, or may be managed by one database.

  The operation test data 1401 is connected to an operation plan record output unit 1421, an operation detail sheet (plan) output unit 1422, an operation plan record input unit 1431, and an operation detail sheet (plan) input unit 1432. The activity data 1402 is connected to an operation details sheet (plan) output unit 1422, an operation details sheet (execution) output unit 1424, RCM data 1404, resource data 1405, and knowledge / information data 1406. The operation test result 1403 includes an operation procedure record output unit 1423, an operation detail sheet (execution) output unit 1424, an operation evaluation record output unit 1425, an operation procedure record input unit 1433, an operation detail sheet (execution) input unit 1434, and an operation evaluation record. The input unit 1435 is connected. The RCM data 1404 includes an operation plan record output unit 1421, an operation details sheet (plan) output unit 1422, an operation procedure record output unit 1423, an operation details sheet (execution) output unit 1424, an operation evaluation record output unit 1425, and activity data 1402. It is connected. The resource data 1405 is connected to the activity data 1402. The knowledge / information data 1406 is connected to an operation detail sheet (plan) output unit 1422, an operation detail sheet (execution) output unit 1424, and activity data 1402.

  As components for inputting data to the database 1400, an operation plan record input unit 1431, an operation detail sheet (plan) input unit 1432, an operation procedure record input unit 1433, an operation detail sheet (execution) input unit 1434, and an operation evaluation record input unit There is 1435. The operation plan record input unit 1431 and the operation detail sheet (plan) input unit 1432 are connected to the operation test data 1401. The operation procedure record input unit 1433, the operation detail sheet (execution) input unit 1434, and the operation evaluation record input unit 1435 are connected to the operation test result 1403.

  As configuration units for outputting data from the database 1400, an operation plan record output unit 1421, an operation detail sheet (plan) output unit 1422, an operation procedure record output unit 1423, an operation detail sheet (execution) output unit 1424, and an operation evaluation record output unit 1425. The operation plan record output unit 1421 is connected to the operation test data 1401 and the RCM data 1404 and outputs the operation plan record 1411. The operation detail sheet (plan) output unit 1422 is connected to the operation test data 1401, activity data 1402, RCM data 1404, and knowledge / information data 1406, and outputs an operation detail sheet 1412. The operation procedure record output unit 1423 is connected to the operation test result 1403 and the RCM data 1404 and outputs the operation procedure record 1413. The operation detail sheet (execution) output unit 1424 is connected to the activity data 1402, the operation test result 1403, the RCM data 1404, and the knowledge / information data 1406, and outputs the operation detail sheet 1414. The operation evaluation record output unit 1425 is connected to the operation test result 1403 and the RCM data 1404 and outputs the operation evaluation record 1415.

An example of the relationship between data in the database 1400 will be described in detail with reference to FIG.
FIG. 16 shows an activity table 1500, operation test data table 1510, sampling target table 1520, verification target table 1530, operation test result table 1540, operation test evaluation table 1550, deficiency list table 1560, residual risk list table 1570, operation test review. A table 1580, a risk-control relationship table 1590, a risk table 15A0, a control table 15B0, and a knowledge / information table 15C0 are shown. Note that each table column represents an example, and a column may be added so that other information can be stored.

  The activity table 1500 corresponds to the activity data 1402 in FIG. The activity table 1500 includes an activity ID column 1501, an activity name column 1502, an activity type column 1503, a system name column 1504, a business category column 1505, an activity category column 1506, a responsible organization column 1507, a responsible person column 1508, and a practical content column 1509. Have. The activity ID stored in the activity ID column 1501 is an identifier that can uniquely identify an activity input by the operator. This activity ID is also used in the activity ID column 15A4 of the risk table 15A0, the activity ID column 15B4 of the control table 15B0, and the activity ID column 15C4 of the knowledge / information table 15C0, and these tables are related to the activity table 1500. .

The risk-control relationship table 1590, the risk table 15A0, and the control table 15B0 correspond to the RCM data 1404 in FIG.
The risk table 15A0 has a risk ID column 15A1, a risk name column 15A2, a risk content column 15A3, and an activity ID column 15A4. The risk ID stored in the risk ID column 15A1 of the risk table 15A0 is an identifier for uniquely identifying the risk. This risk ID is also used in the risk ID column 1591 of the risk-control relationship table 1590 and the risk ID column 1573 of the remaining risk list table 1570. The risk table 15A0 is the risk-control relationship table 1590, the remaining risk list table 1570 Related.
The control table 15B0 has a control ID column 15B1, a control name column 15B2, a control content column 15B3, an activity ID column 15B4, and a trail knowledge ID column 15B5. The control ID stored in the control ID column 15B1 of the control table 15B0 is an identifier for uniquely identifying the control. This control ID includes the control ID column 1592 of the risk-control relationship table 1590, the control ID column 1563 of the defect list table 1560, the alternative control column 1564 of the defect list table 1560, the control ID column 1514 of the operation test data table 1510, the operation It is also used in the control ID column 1553 of the test evaluation table 1550, and the control table 15B0 is related to the risk-control relationship table 1590, the operation test data table 1510, the operation test evaluation table 1550, and the deficiency list table 1560.
The risk-control relationship table 1590 has a risk ID column 1591 and a control ID column 1592. This table associates risk IDs with control IDs.

The knowledge / information table 15C0 corresponds to the knowledge / information data 1406 of FIG.
The knowledge / information table 15C0 has a knowledge ID column 15C1, a knowledge name column 15C2, a knowledge type column 15C3, and an activity ID column 15C4. The knowledge ID stored in the knowledge ID column 15C1 of the knowledge / information table 15C0 is an identifier for uniquely identifying knowledge. This knowledge ID is also used in the knowledge ID column 1522 for the trail in the sampling target table 1520, the knowledge ID column 1532 in the verification target table 1530, and the knowledge ID 15B5 in the control table 15B0, and the knowledge / information table 15C0 is used as the sampling target table. 1520, the comparison target table 1530, and the control table 15B0.

The operation test data table 1510 corresponds to the operation test data 1401 in FIG.
The operation test data table 1510 includes a test ID column 1511, a process ID column 1512, a process name column 1513, a control ID column 1514, a test type column 1515, a test execution content column 1516, a sampling number column 1517, a deviation rate column 1518, and a reliability. A column 1519, a sampling target ID column 151A, and a verification target ID column 151B are provided.

The sampling target table 1520 is included in the operation test data 1401 of FIG.
The sampling target table 1520 includes a sampling target ID column 1521, a trail knowledge ID column 1522, a sampling method column 1523, a sampling attribute column 1524, and a test target attribute column 1525. The sampling target ID stored in the sampling target ID column 1521 of the sampling target table 1520 is an identifier for uniquely identifying the sampling target. This sampling target ID is also used in the sampling target ID column 151A of the operation test data table 1510 and the sampling target ID column 1542 of the operation test result table 1540. The sampling target table 1520 is the operation test data table 1510, the operation test result table 1540, and so on. Related. The test target attribute ID stored in the test target attribute column 1525 of the sampling target table 1520 is an identifier for uniquely identifying the test target attribute. This test target attribute ID is also used in the test target attribute column 1543 of the operation test result table 1540, and the sampling target table 1520 is related to the operation test result table 1540.

The verification target table 1530 is included in the operation test data 1401 of FIG.
The verification target table 1530 includes a verification target ID column 1531, a trail knowledge ID column 1532, a search method column 1533, a search attribute column 1534, and a verification attribute column 1535. The verification target ID stored in the verification target ID column 1531 of the verification target table 1530 is an identifier for uniquely identifying the verification target. This collation target ID is also used in the collation target ID column 151B of the operation test data table 1510, and the collation target table 1530 is related to the operation test data table 1510.

The operation test result table 1540 corresponds to the operation test result 1403 in FIG.
The operation test result table 1540 includes a test ID column 1541, a sampling target ID column 1542, a test target attribute column 1543, a matching result column 1544, and a comment column 1545. The test ID stored in the test ID column 1541 of the operation test result table 1540 is an identifier for uniquely identifying a test that is an operation evaluation. This test ID is also used in the test ID column 1511 of the operation test data table 1510, and the operation test result table 1540 is associated with the operation test data table 1510.

The operation test evaluation table 1550 is included in the operation test result 1403 of FIG.
The operation test evaluation table 1550 includes a process ID column 1551, a process name column 1552, a control ID column 1553, a primary evaluation response column 1554, a test continuation column 1555, a comment column 1556, an implementer column 1557, an execution date column 1558, It has a final evaluation column 1559, an incomplete content column 155A, an evaluator column 155B, and an evaluation date column 155C.
The deficiency list table 1560 is included in the operation test result 1403 of FIG.
The defect list table 1560 includes a process ID column 1561, a process name column 1562, a control ID column 1563, an alternative control column 1564, a countermeasure column 1565, and an improvement plan column 1566.
The remaining risk list table 1570 is included in the operation test result 1403 of FIG.
The remaining risk list table 1570 includes a process ID column 1571, a process name column 1572, a risk ID column 1573, a complementary control column 1574, a corresponding necessity column 1575, an improvement plan column 1576, a complementary control column 1577, and a corresponding necessity column 1578. And an improvement plan column 1579.
The operation test review table 1580 is included in the operation test result 1403 of FIG.
The operation test review table 1580 includes a form name column 1581, a review result column 1582, a review comment column 1583, a review date column 1584, and a reviewer column 1585.

An example of a screen displayed by the internal control processing server 3020 on an output device such as a display of the internal control processing server 3020 when performing operational evaluation, which is a kind of evaluation of financial internal control, will be described with reference to FIGS. .
The outline of operation evaluation is as follows.
Using the four documents created for financial internal control and the data in the base database (RCM data 204, resource data 205, knowledge / information data 206 elements and activity data 202 at the center) The operation evaluation plan contents and test contents for planning the operation evaluation are input (operation test plan document screen 1700 shown in FIG. 18), and the operation evaluation test results for performing the operation evaluation are input (FIG. 20). The operation test procedure documentation screen 1800 shown in FIG. 21 and the operation test detail sheet (execution) screen 1900 shown in FIG. 21) are evaluated, and the operation evaluation test results are evaluated (operation test evaluation documentation screen 2000 shown in FIG. 22). As a comprehensive evaluation, an incomplete list and a residual risk list are output (the incomplete list screen 1100 shown in FIG. 12 and the residual list shown in FIG. 13). Christo screen 1200) to.

FIG. 17 is an explanatory diagram of a screen example of tree display and operation test.
The tree display and operation test 1600 includes a tree screen 1610, a progress screen 1630, an operation evaluation screen 1650, and a processing screen 1670. The tree screen 1610 displays operation evaluation targets in a tree shape. The progress screen 1630 shows the progress status of the operation evaluation for the process. The operation evaluation screen 1650 shows test items for operation evaluation. The processing screen 1670 displays buttons for performing each process of plan record creation, procedure record creation, and evaluation record creation in operation evaluation.

In the tree screen 1610, when an operation evaluation test is added, an operation test addition screen 1620 is displayed, and a test type column 1621, an addition target test ID column 1622, a process ID column 1623, a process name column 1624, and a control column 1625 are displayed. Define additional tests.
The progress screen 1630 includes a process ID column 1631, a process name column 1632, an operation test plan table 1633 (plan / implementation / evaluation column 1634, person-in-charge column 1635, reviewer column 1636, execution period column 1637, review period column 1638. Test progress table 1640 (test target control number column 1641, completed column 1642, valid column 1643, deficient column 1644, unconfirmed column 1645, planned column 1646, executing column 1647, evaluated column 1648) Have).
The operation evaluation screen 1650 includes a test ID column 1651, a CID column 1652, a control column 1653, a status column 1654, an evaluation column 1655, a type column 1656, a sample number column 1657, a test result number column 1658 (OK column 1659, NG column 1660), A test result column 1661, a review column 1662, and a plan difference column 1663 are provided.
The processing screen 1670 displays a plan record button 1671, a procedure record button 1672, and an evaluation record button 1673. When the plan record button 1671 is pressed according to the operation of the operator, the operation test plan record screen 1700 (see FIG. 18). ) Is displayed, the operation test procedure record screen 1800 (see FIG. 20) is displayed when the procedure record button 1672 is pressed, and the operation test evaluation record screen 2000 (see FIG. 22) is displayed when the evaluation record button 1673 is pressed. indicate.

18 and 19 are explanatory diagrams of screen examples of the operation test plan paper.
The operation test plan record screen 1700 refers to data such as activity data 1402 and RCM data 1404 in the database 1400, and includes a test target period column 1701, a company name column 1702, a process ID column 1703, a process name column 1704, and a control. Column 1705, procedure type column 1706, execution content column 1707, sampling number column 1708, correction reason column 1710, deviation rate column 1712 of evaluation criteria 1711, reliability column 1713 and allowable NG number column 1714, sampling target 1715, verification target 1722 The review screen 1730 is displayed.

A test target period column 1701 is displayed, and input of period data (for example, 2008/04/01 to 2009/03/31) by an operator's operation is accepted.
The documented process name and control information corresponding to the test plan are displayed in the process name column 1704 and the control column 1705.
In accordance with the operation of the operator, the procedure type (question / observation / browsing / collation) is selected and input as test data in the procedure type column 1706, and the test execution content is input from the execution content column 1707.
In accordance with the operation of the operator, the sampling number of the test data is input from the sampling number column 1708, and when the correction is made by pressing the correction button 1709 after the input, the correction reason is input from the correction reason column 1710.
When the deviation rate and reliability are input from the deviation rate column 1712 and the reliability column 1713 as evaluation criteria, the allowable NG number is automatically calculated from the number of controls and displayed in the allowable NG number column 1714.

The sampling target 1715 has a knowledge / information (trail) column 1716, a sampling attribute column 1717, and a test target attribute column 1718.
When the add button 1719 is pressed by an operator's operation, a sampling target addition screen 1750 shown in FIG. 19A is displayed.
The sampling target addition screen 1750 displays a sampling target 1751 having a knowledge / information (trail) column 1752 and a sampling method column 1753, a sampling method column 1754, a sampling attribute column 1755, and a test target attribute column 1756. The test data sampling target is the trail information (related document) and its sampling method (automatic extraction of data under specified conditions, random extraction of data, manual extraction), depending on the operator's operation. It is selected in the knowledge / information (trail) column 1752, the sampling method column 1753 or the sampling method column 1754.
Even when the edit button 1720 is pressed by the operator's operation, the sampling target addition screen 1750 can be displayed and the contents thereof can be edited in the same manner as the addition button 1719. When the delete button 1721 is pressed by the operator's operation, the selected trail in the sampling target 1715 is deleted.

The verification target 1722 has a knowledge / information (trail) column 1723, a sampling attribute column 1724, and a test target attribute column 1725.
When an add button 1726 is pressed by an operator's operation, a collation target addition screen 1760 shown in FIG. 19B is displayed.
On this collation target addition screen 1760, a sampling target 1761 having a knowledge / information (trail) column 1762 and a sampling method column 1763, a search method column 1764, a search attribute column 1765, and a collation attribute column 1766 are displayed. And, as verification target for test confirmation, trail information (related document) and its sampling method (automatic extraction of data under specified conditions, automatic extraction of random data, manual extraction) Is selected in the knowledge / information (trail) column 1762, the sampling method column 1763, or the search method column 1764.
Even when the edit button 1727 is pressed by an operator's operation, the collation target addition screen 1760 can be displayed and the contents thereof can be edited as in the case of the add button 1726. When the delete button 1728 is pressed by the operator's operation, the selected trail in the verification target 1722 is deleted.

In order to review the operation test plan paper, an e-mail is transmitted to the reviewer by pressing a review request button 1735 that is an operation of the operator.
This review request allows the reviewer to input the review result field 1731, reviewer comment field 1732, reviewer field 1733, and review date field 1734 in the review screen 1730. That is, the item in the review screen 1730 is made active. In addition, in the operation test plan record screen 1700 viewed by the reviewer, the display of the review request button 1735 is set to “review completed”. The review is confirmed by pressing the review completion button, which is the reviewer's operation.
Note that when the update button 1736 is pressed by the operator's operation, the data in the database 1400 is updated with the contents entered in the current operation test plan paper screen 1700, and the cancel button 1737 is pressed by the operator's operation. Then, the content is canceled and the previous state is restored.

FIG. 20 is an explanatory diagram of a screen example of the operation test procedure paper.
The operation test procedure record screen 1800 refers to data such as the operation test data 1401 in the database 1400, and includes a test target period column 1801, a company name column 1802, a process ID column 1804 and a process name column 1805 of the test target process 1803. The control ID column 1807 and the control name column 1808 of the test target control 1806, the test execution procedure column 1810, the execution content column 1811, the sample number column 1812, the extraction method column 1822, the performer column 1813, the execution period column 1814, and the plan A difference column 1815, a difference content column 1823, the number of test results 1816, a result column 1820, a comment column 1821, and a review screen 1830 are displayed. When a test result sheet button 1809 is pressed by an operator's operation, a corresponding test result sheet is displayed on another screen.

A test target period column 1801 is displayed, and input of period data (for example, 2008/04/01 to 2009/03/31) by an operator's operation is accepted.
Test target documented process name, control information, and test data information created in the operation test plan paper (see FIGS. 18 and 19) are stored in the process name column 1805, test target control 1806, test execution procedure column 1810, etc. indicate.
According to the operation of the operator, the test results are the difference between the performer, the implementation period, and the plan (yes / no), and the content of the difference from the implementer column 1813, the implementation period column 1814, and the plan difference column 1815. input.
As the number of test results, the total number of tests, the number of OK, and the number of NG are displayed in the test number column 1817, OK column 1818, and NG column 1819 of the test result number 1816. Then, compared with the allowable NG number in the allowable NG number column 1714 of the operation test plan document (see FIGS. 18 and 19), OK and NG are displayed in the result column 1820 as the test result. A comment is input from the comment field 1821 according to the operation of the operator.

In order to review the operation test procedure paper, an e-mail is transmitted to the reviewer by pressing a review request button 1840 that is an operation of the operator.
By this review request, the reviewer can input the review result field 1831, reviewer comment field 1832, reviewer field 1833, and review date field 1834 in the review screen 1830. That is, the item in the review screen 1830 is made active. In addition, in the operation test procedure record screen 1800 viewed by the reviewer, the display of the button of the review request button 1840 is set to “review completed”. The review is confirmed by pressing the review completion button, which is the reviewer's operation.
When the update button 1898 is pressed by the operator's operation, the data in the database 1400 is updated with the contents input on the current operation test procedure record screen 1800, and the cancel button 1899 is pressed by the operator's operation. Then, the content is canceled and the previous state is restored.

FIG. 21 is an explanatory diagram of a screen example of the operation test detail sheet (execution).
The operation test detail sheet (execution) screen 1900 refers to data such as the operation test data 1401 in the database 1400 and refers to the process ID column 1902 and process name column 1903 of the test target process 1901 and the control ID of the test target control 1904. A column 1905, a control name column 1906, a manual extraction method column 1908, and a test execution result 1910 are displayed.
The test target documented process name and control information are displayed in the process name column 1903, the test target control 1904, and the like.
When the extraction execution button 1907 is pressed by the operator's operation, the sampling target is extracted based on the method input to the manual extraction method 1908.
The test execution result 1910 includes a sampling attribute column 1911 of the sampling target trail, a test target attribute column 1912 of the sampling target trail, a sampling attribute column 1913 of the verification target trail, a test target attribute column 1914 of the verification target attribute, and a reference column 1915 (sampling target A trail column 1916, a verification target trail column 1917), and a result column 1918 (a verification result (1) column 1919, a comment column 1920). The test execution result 1910 displays a list of exported and imported data for taking in data for sampling.
Note that when the export button 1921 is pressed by an operator's operation, the data content of the test execution result 1910 is output in CSV (Comma Separated Value) format. When the import button 1922 is pressed by the operator's operation, external CSV format data is read and displayed in the test execution result 1910.
When the update button 1998 is pressed by the operator's operation, the data in the database 1400 is updated with the contents input on the current operation test detail sheet (execution) screen 1900, and the cancel button 1999 is operated by the operator. When pressed, the contents are canceled and the previous state is restored.

FIG. 22 is an explanatory diagram of a screen example of the operation test evaluation paper.
The operation test evaluation record screen 2000 refers to data such as an operation test result 1403 in the database 1400, and includes a test target period column 2001, a company name column 2002, a process ID column 2004 and a process name column 2005 of the test target process 2003. , A control ID column 2006, a control content column 2007, a test content / result screen 2010, an alternative control screen 2040, a primary evaluation response screen 2050, a test continuation screen 2060, a final evaluation screen 2070, and a review result screen 2080.

The documented process name, control information, and test result information to be tested are displayed in the process name column 2005, the control content column 2007, the test content / result screen 2010, and the like.
When the control detail button 2008 is pressed by the operator's operation, the corresponding control detail screen 900 is displayed.
In addition, the test content / result screen 2010 refers to data such as the operation test result 1403 in the database 1400 and the test execution procedure column 2011, the execution content column 2012, the sample number column 2013, and the extraction method column of the evaluation standard 2014. 2015, deviation rate column 2016, reliability column 2017, allowable NG number column 2018, test result number 2019 (test number column 2020, OK column 2021, NG column 2022), result (primary evaluation) column 2023, difference from plan 2024, a difference content column 2025, a comment column 2026, a performer column 2027, an execution date column 2028, a review comment column 2029, a reviewer column 2030, and a review execution date column 2031 are displayed.

From the RCM data 1404 of the database 1400, a list of alternative controls that replace the target control is displayed on the alternative control screen 2040.
The alternative control screen 2040 includes an alternative control table 2041 having an RID column 2042, a risk content column 2043, a CID column 2044, a control content column 2045, an evaluation result column 2046, and a test record column 2047, and an alternative control evaluation result column 2048. .

The designation of “continue test” or “execution of final evaluation” as a response to the primary evaluation, which is the operator's judgment based on the test result, is input from the response screen 2050 for the primary evaluation.
When the test continuation is selected, any one of retest / alternative control test / improvement planning, comment, performer, and execution date / time are displayed in accordance with the operator's operation on the test continuation screen 2060 The user field 2062, the implementation date field 2063, etc.).
When final evaluation execution is selected, selection of valid / incomplete as a conclusion, and in the case of incompleteness, the content of the incompleteness is displayed in a final evaluation screen 2070 (conclusion (evaluation result) field 2071, incomplete content field 2072, evaluator field 2073, evaluation date column 2074, etc.).
In order to review the operation test evaluation paper, an e-mail is transmitted to the reviewer by pressing a review request button 2085 which is an operation of the operator.
In response to this review request, the review result field 2081, the review comment field 2082, the reviewer field 2083, and the review date field 2084 in the review result screen 2080 can be input by the reviewer. That is, the item in the review result screen 2080 is made active. Further, in the operation test evaluation documentation screen 2000 viewed by the reviewer, the display of the review request button 2085 is set to “review completed”. The review is confirmed by pressing the review completion button, which is the reviewer's operation.
When the update button 2098 is pressed by the operator's operation, the data in the database 1400 is updated with the contents entered on the current operation test evaluation paper 2000, and the cancel button 2099 is pressed by the operator's operation. Then, the content is canceled and the previous state is restored.

The deficiency list screen 1100 in the operation evaluation will be described with reference to FIG.
The deficiency list 1110 is displayed on the deficiency list screen 1100 with reference to data such as the deficiency list table 1560 in the database 1400. The deficiency list 1110 includes a PID column 1111, a process name column 1112, a CID column 1113, and a control content column 1114. , An alternative C column 1115, a countermeasure column 1116, and an improvement plan column 1117.
The defect list screen 1100 is an operation test evaluation document (see FIG. 22). In the PID column, a process ID, a process name, a control ID, and a control content related to a control in which the NG number of the test result exceeds the allowable NG number of the evaluation standard 1111, process name column 1112, CID column 1113, and control content column 1114.
In the alternative C column 1115, a list of alternative controls that replace the target control is displayed using the RCM data 1404 in the database 1400. The presence / absence of countermeasures for the corresponding control and the improvement plan are displayed in the countermeasure column 1116 and the improvement plan column 1117 so that the operator can input them.

The remaining risk list screen 1200 in the operation evaluation will be described with reference to FIG.
The residual risk list screen 1200 displays the residual risk list 1210 with reference to data such as the residual risk list table 1570 in the database 1400. The residual risk list 1210 includes a PID column 1211, a process name column 1212, an RID column 1213, It has a risk content column 1214, a supplementary control column 1215, a necessity / unnecessity column 1216, an improvement plan column 1217, a monetary importance column 1218, an occurrence possibility column 1219, and a comprehensive evaluation column 1220.
For the control of the defect list target (see FIG. 12), using the data of the RCM data 1404 in the database 1400, the process ID, process name, risk ID, risk content, and presence / absence of supplementary control regarding the risk that the effective control is 0 Are displayed in the PID column 1211, the process name column 1212, the RID column 1213, the risk content column 1214, and the complementary control column 1215, respectively.
The necessity / unnecessity of countermeasures for the corresponding risk, improvement plan, monetary importance, possibility of occurrence, and comprehensive evaluation are respectively shown in the necessity / unnecessity column 1216, improvement plan column 1217, monetary importance column 1218, and possibility column 1219. , The comprehensive evaluation column 1220 is displayed so that the operator can input it.

Next, the maintenance evaluation (walk-through) processing in the second and subsequent years in the present embodiment will be described with reference to FIGS.
In the explanation so far, in the system based on the premise of work support in the first year, the maintenance evaluation from the second year onward is also performed for all processes and controls within the process.
However, since the work has been carried out continuously since the second year, it is efficient to modify and use the four basic documents of internal control from the previous year.
Therefore, in the maintenance evaluation test for the second and subsequent years, the operation test may be performed without performing the maintenance evaluation test for the “process unchanged from the previous year”. In addition, it is only necessary to conduct a maintenance evaluation test for only the changed part of “the process in which part has been changed”.

FIG. 23 is an explanatory diagram showing an example of internal control activities and maintenance evaluation particularly in the first year.
For example, as shown in the flowchart on the left side of FIG. 23, the internal control activities include control document creation (step S2302), maintenance evaluation (step S2304), operation evaluation (step S2306), and report creation (step S2308). .
In step S2302, four basic documents for internal control are created.

In step S2304, maintenance evaluation is performed. Specifically, the processing shown in the flowchart on the right side of FIG. 23 is performed. This is the same as the flowchart already described with reference to FIG.
In step S2306, operation evaluation is performed. The operation evaluation has already been described with reference to FIG.
In step S2308, a report is created based on the results of maintenance evaluation and operation evaluation. The reports to be created include internal control documents (business description, business flow diagram, RCM, job separation table), maintenance evaluation test paper, and operation evaluation test paper.

FIG. 24 is an explanatory diagram showing an example of internal control activities and maintenance evaluations in and after the second year.
For example, as shown in the flowchart on the left side of FIG. 24, internal control activities in and after the second year are a copy of the control document of the previous year (step S2402), a correction of the control document (step S2404), a maintenance evaluation (step S2406), Operation evaluation (step S2408) and report creation (step S2410) for the current year are performed.
Steps S2402 and S2404 are for creating a control document in the first year (step S2302 in FIG. 23). In step S2402, a copy of the basic four documents of the internal control of the previous year is created. In step S2404, a control document for the current year is created by correcting the copied four basic documents of internal control.

In step S2406, maintenance evaluation is performed. Specifically, the processing shown in the flowchart on the right side of FIG. 24 is performed.
Steps S2452 and S2456 to S2468 are the same as steps S102 to S116 shown in FIG. 23 (that is, FIG. 1).
In step S2454, the control document of the previous year is compared with the control document of the current year, and the corrected part of the control document is detected. Then, the detection result is reflected in the WT plan (step S2456). Details will be described later with reference to FIG.

In step S2408, operation evaluation is performed. Operational evaluation must be carried out without change in the first year and after the second year. The operation evaluation has already been described with reference to FIG.
In step S2410, a report is created based on the results of maintenance evaluation and operation evaluation in the current year. The reports to be created include internal control documents (business description, business flow diagram, RCM, job separation table), maintenance evaluation test paper, and operation evaluation test paper as in the first year.

FIG. 25 is an explanatory diagram showing a configuration example of the entire system. This is a more specific example of what is shown in FIG.
The business control support server 2510, the business control manager terminal 2520, the business control worker terminal 2531, and the business control worker terminal 2532 are connected via a LAN / WAN 2599, respectively. The business control manager terminal 2520, the business control worker terminals 2531 and 2532 correspond to the client 3010 in FIG. 30, the business control support server 2510 corresponds to the internal control processing server 3020, and the LAN / WAN 2599 corresponds to the communication line 3030, respectively.
The business control support server 2510 has the database 200 shown in FIG. 2 and performs creation, maintenance evaluation, operation evaluation, and the like of control documents.
The business control manager terminal 2520 is a terminal used by an administrator in internal control, and is used to give an instruction to the business control support server 2510 or an instruction to the business control worker.
The business control worker terminals 2531 and 2532 are terminals used by workers in internal control, and are used to receive instructions to the business control support server 2510 or instructions from the administrator.

FIG. 26 is a block diagram illustrating a configuration example of a module in the present embodiment.
A control document input unit 2610, an internal control document data DB 2620, a document difference extraction unit 2630, a maintenance evaluation data DB 2640, and a maintenance evaluation input unit 2650 are provided.

The control document input unit 2610 is connected to the internal control document data DB 2620, and the internal control document data is based on instructions from the workers of the business control worker terminals 2531 and 2532 or the manager of the business control manager terminal 2520. Is created and stored in the internal control document data DB 2620. In the second and subsequent years, the internal control document data of the previous year is extracted from the internal control document data DB 2620, the target internal control document data is created, and stored in the internal control document data DB 2620. In other words, the control document data of the previous year is used to correct the changed part.
The internal control document data DB 2620 is accessed from the control document input unit 2610 and the document difference extraction unit 2630, and stores internal control document data for each year. For example, “200x year data”, “(200x + 1) year data”, etc., which are internal control document data, are stored.

The document difference extraction unit 2630 is connected to the internal control document data DB 2620 and the maintenance evaluation input unit 2650, and the internal control document data of the current year and the internal control of the previous year that are stored in the internal control document data DB 2620. Extract differences in document data. At that time, the RCM including the data related to the control among the internal control document data is analyzed. Then, the extracted difference portion is output to the maintenance evaluation input unit 2650 as a maintenance evaluation target in the internal control.
The maintenance evaluation data DB 2640 is accessed from the maintenance evaluation input unit 2650 and stores maintenance evaluation data. For example, “WT test data”, “WT test result”, “WT evaluation result” and the like are stored.
The maintenance evaluation input unit 2650 is connected to the document difference extraction unit 2630 and the maintenance evaluation data DB 2640, and the difference from the previous year (that is, a portion to be subjected to maintenance evaluation (WT)) from the document difference extraction unit 2630. Then, based on the object of maintenance evaluation and the maintenance evaluation data stored in the maintenance evaluation data DB 2640, a maintenance evaluation plan of the internal control document data in the target year is created. Further, the result of maintenance evaluation by the operator is received and stored in the maintenance evaluation data DB 2640.

FIG. 27 is an explanatory diagram of an example of a list of controls for each year.
The control list 2702 for the year 200x, which is the previous year, has three controls. Specifically, C001 is the control content “confirm XX”, C002 “confirms △ Δ”, and C003 “Implement □□”. Based on this, a maintenance evaluation test is conducted in the previous year to confirm the status of C001-C003 control.
The control list 2704 for the year (200x + 1), which is the current year, has four controls. Specifically, C001 is the control content “confirm XX”, and C002 “confirms △ □”. C003 is “perform □□”, and C004 is “perform □□”. Here, if the maintenance evaluation test is carried out in the same manner as in the first year, the maintenance evaluation test is also carried out in order to confirm the state of control of C001 to C004 even in the current year.

FIG. 28 is an explanatory diagram illustrating an example of processing for generating a list of differences in control for the second and subsequent years in the present embodiment.
The document difference extraction unit 2630 compares the control list 2702 for the 200x year with the control list 2704 for the (200x + 1) year, and extracts a difference. That is, in the example of FIG. 28, two pieces of difference information are obtained. Specifically, C002 (“Confirm △ □”) and C004 (“Execute □ ○”) in the control list 2704 in the (200x + 1) year are differences.
Therefore, in the current year, a maintenance evaluation test may be performed in order to confirm the status of the control of C002 and C004 in the control list 2704 in the (200x + 1) year.

FIG. 29 is a flowchart illustrating an example of an algorithm for extracting a difference in control after the second year in the present embodiment. This is processing performed by the document difference extraction unit 2630.
In step S2902, the control list for the previous year is defined as pCtrlList, the control list for the current year is defined as cCtrlList, and the list for differential extraction output is defined as uCtrlList. 2702), a control list of the current year (for example, a control list 2704 of (200x + 1) year) is substituted into cCtrlList, and Null (empty list) is substituted into uCtrlList.

In step S2904, it is determined whether cCtrlList is Null. If Null (Y), the process proceeds to step S2920; otherwise, the process proceeds to step S2906.
In step S2906, the top element of cCtrlList is substituted for cCtrl. That is, the top element of cCtrlList is acquired. For example, the first element to be acquired is “confirm XX” in “C001” of the control list 2704 for the (200x + 1) year.
In step S2908, the result of the find function (the element in pCtrlList if there is the same, Null if there is not the same) is substituted into pCtrl. That is, the same thing as cCtrl is searched from pCtrlList.

In step S2910, it is determined whether pCtrl is Null. If it is Null (Y), the process proceeds to step S2914; otherwise, the process proceeds to step S2912. In other words, if the same item is not found in step S2908, cCtrl is a control newly added in the current fiscal year, and thus the process proceeds to step S2914 to add to uCtrlList.
In step S2912, the result of getLastUpdate for pCtrl is assigned to pDate, and the result of getLastUpdate for cCtrl is assigned to cDate. That is, the last update date and time of pCtrl obtained in step S2908 and cCtrl obtained in step S2906 are acquired.

In step S2914, cCtrl is added to uCtrlList. In other words, a control different from the previous year (one with different contents and one with a new update date) is extracted as a difference.
In step S2916, the pDate and cDate obtained in step S2912 are compared. If pDate is smaller than cDate (Y), the process proceeds to step S2914; otherwise, the process proceeds to step S2918. That is, the last update date / time is compared, and if cCtrl is newer, it is an updated control. Therefore, the process proceeds to step S2914 to add to uCtrlList.
In step S2918, cCtrlList is updated with the content excluding the top element of cCtrlList. In other words, the next control of the current fiscal year is used as a judgment target whether or not it is a difference.
In step S2920, uCtrlList ends as the final result. That is, the difference is extracted in uCtrlList at the time when all the controls of this year are checked.

It should be noted that a control ID that can identify a control throughout a plurality of years (that is, an ID that can specify the contents of the control in 200x years and 200x + 1 years) may be used as a comparison target.
In addition, control (control) has been mainly described as internal control document data that takes a difference from the previous year, but risk and activity may also be targeted.

  The hardware configuration of the computer on which the program according to the present embodiment is executed is a general computer as shown in FIG. 31. Specifically, the client 3010 is a personal computer or the like, and the internal control process. The server 3020 is a computer that can be a server. WT plan record output unit 221, WT detail sheet (plan) output unit 222, WT procedure record output unit 223, WT detail sheet (execution) output unit 224 or the like or operation plan record output unit 1421, operation detail sheet (plan) output unit 1422, an operation procedure record output unit 1423, an operation details sheet (execution) output unit 1424, and the like, a CPU 3101 for executing programs, a RAM 3102 for storing the programs and data, a program for starting the computer, and the like are stored. ROM 3103, an auxiliary storage device HD 3104, an input device 3106 for inputting data such as a keyboard and a mouse, an output device 3105 such as a CRT and a liquid crystal display, and a communication line interface 3107 for connecting to a communication network. And connect them to the day And a bus 3108 for the exchange. A plurality of these computers may be connected to each other via a network.

  Note that the hardware configuration shown in FIG. 31 shows one configuration example, and the present embodiment is not limited to the configuration shown in FIG. 31, and the configuration capable of executing the components described in the present embodiment. If it is. For example, some of the components may be configured with dedicated hardware (for example, ASIC). In particular, in addition to personal computers, mobile phones, game machines, car navigation systems, information appliances, copiers, fax machines, scanners, printers, multifunction machines (also called multifunction copiers, scanners, printers, copiers, fax machines, etc.) Or the like.

The described program can be stored in a recording medium, and the program can be provided by communication means. In that case, for example, the above-described program can also be regarded as an invention of a “computer-readable recording medium recording the program”.
The “computer-readable recording medium on which a program is recorded” refers to a computer-readable recording medium on which a program is recorded, which is used for program installation, execution, program distribution, and the like.
The recording medium is, for example, a digital versatile disc (DVD), which is a standard established by the DVD Forum, such as “DVD-R, DVD-RW, DVD-RAM,” and DVD + RW. Standards such as “DVD + R, DVD + RW, etc.”, compact discs (CDs), read-only memory (CD-ROM), CD recordable (CD-R), CD rewritable (CD-RW), etc. MO), flexible disk (FD), magnetic tape, hard disk, read only memory (ROM), electrically erasable and rewritable read only memory (EEPROM), flash memory, random access memory (RAM), etc. It is.
The program or a part of the program can be recorded on the recording medium and stored or distributed. Also, by communication, for example, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a wired network used for the Internet, an intranet, an extranet, etc., or wireless communication It can be transmitted using a transmission medium such as a network or a combination thereof, and can also be carried on a carrier wave.
Furthermore, the above program may be a part of another program, or may be recorded on a recording medium together with a separate program.

It is a flowchart which shows the example of the basic flow in a walk through phase. It is a block diagram which shows the structural example of the module in this Embodiment. It is explanatory drawing about the example of a relationship between the tables which this Embodiment handles. It is explanatory drawing of the example of a screen of a walk through plan record. It is explanatory drawing of the example of a screen of a walk-through procedure record. It is explanatory drawing of the example of a screen of a walk-through evaluation record. It is explanatory drawing of the example of a screen of a walk through detailed sheet | seat (plan). It is explanatory drawing of the example of a screen of a walk through detailed sheet | seat (plan). It is explanatory drawing of the example of a screen of a walk-through detailed sheet | seat (implementation). It is explanatory drawing of the example of a screen of control details. It is explanatory drawing of the example of a screen of test data setting. It is explanatory drawing of the example of a screen of a deficiency list. It is explanatory drawing of the example of a screen of a remaining risk list. It is a flowchart which shows the example of the basic flow in an operation evaluation phase. It is a block diagram which shows the structural example of the module in this Embodiment. It is explanatory drawing about the example of a relationship between the tables which this Embodiment handles. It is explanatory drawing of the example of a screen of a tree display and an operation test. It is explanatory drawing of the example of a screen of an operation test plan paper. It is explanatory drawing of the example of a screen of an operation test plan paper. It is explanatory drawing of the example of a screen of an operation test procedure paper. It is explanatory drawing of the example of a screen of an operation test detailed sheet | seat (implementation). It is explanatory drawing of the example of a screen of an operation test evaluation paper. It is explanatory drawing which shows the example of the internal control activity and maintenance evaluation in the first year. It is explanatory drawing which shows the example of the internal control activity and maintenance evaluation after the 2nd fiscal year. It is explanatory drawing which shows the structural example of the whole system. It is a block diagram which shows the structural example of the module in this Embodiment. It is explanatory drawing which shows the example of the list of control for every year. It is explanatory drawing which shows the example of the process which produces | generates the list | wrist of the difference of the control after the 2nd year in this Embodiment. It is a flowchart explaining the example of the algorithm which extracts the difference of the control after the 2nd year in this Embodiment. It is a block diagram which shows the structural example of the whole system. It is a block diagram which shows the hardware structural example of the computer which implement | achieves this Embodiment.

Explanation of symbols

200 ... Database 201 ... WT test data 202 ... Activity data 203 ... WT test result 204 ... RCM data 205 ... Resource data 206 ... Knowledge / information data 211 ... WT plan record 212 ... WT details sheet 213 ... WT procedure record 214 ... WT details Sheet 215... WT evaluation report 221... WT plan record output unit 222. Plan record input unit 232 ... WT detail sheet (plan) input unit 233 ... WT procedure record input unit 234 ... WT detail sheet (execution) input unit 235 ... WT evaluation record input unit 1400 ... database 1401 ... operation test data 1402 ... activity data 1403 ... Operation test results 404 ... RCM data 1405 ... Resource data 1406 ... Knowledge / information data 1411 ... Operation plan record 1412 ... Operation details sheet 1413 ... Operation procedure record 1414 ... Operation details sheet 1415 ... Operation evaluation record 1421 ... Operation plan record output unit 1422 ... Operation details Sheet (plan) output unit 1423 ... Operation procedure record output unit 1424 ... Operation detail sheet (execution) output unit 1425 ... Operation evaluation record output unit 1431 ... Operation plan record input unit 1432 ... Operation detail sheet (plan) input unit 1433 ... Operation Procedure record input part 1434 ... Operation details sheet (execution) input part 1435 ... Operation evaluation record input part 2510 ... Business control support server 2520 ... Business control manager terminal 2531 ... Business control worker terminal 2532 ... Business control worker terminal 2599 ... LAN / WAN
2610 ... Control document input unit 2620 ... Internal control document data DB
2630 ... Document difference extraction unit 2640 ... Maintenance evaluation data DB
2650 ... Maintenance evaluation input unit 3010 ... Client 3020 ... Internal control processing server 3030 ... Communication line

Claims (4)

Document data storage means for storing internal control document data for each year;
A document difference extracting means for extracting the difference between the internal control document data of the target year stored in the document data storage means and the internal control document data of the previous year;
An information processing apparatus comprising: an evaluation target output unit that outputs a difference portion extracted by the document difference extraction unit as a maintenance evaluation target in internal control. Document data creation means for fetching internal control document data for the previous year of the target year from the document data storage means, creating internal control document data for the target year, and storing it in the document data storage means The information processing apparatus according to claim 1. Evaluation data storage means for storing data for maintenance evaluation;
Based on the maintenance evaluation target output by the evaluation target output means and the maintenance evaluation data stored in the evaluation data storage means, a maintenance evaluation plan for the internal control document data in the target year is created. The information processing apparatus according to claim 1, further comprising maintenance evaluation plan creation means. Computer
Document data storage means for storing internal control document data for each year;
A document difference extracting means for extracting the difference between the internal control document data of the target year stored in the document data storage means and the internal control document data of the previous year;
An information processing program that functions as an evaluation target output unit that outputs a difference portion extracted by the document difference extraction unit as a maintenance evaluation target in internal control.

Images