WO2003046780A2 - Verfahren und anordnung zur informationsverarbeitung in monitoring-systemen für das ethik-, risiko- und/oder wertemanagement sowie ein entsprechendes computerprogrammprodukt und ein entsprechendes speichermedium - Google Patents
Verfahren und anordnung zur informationsverarbeitung in monitoring-systemen für das ethik-, risiko- und/oder wertemanagement sowie ein entsprechendes computerprogrammprodukt und ein entsprechendes speichermedium Download PDFInfo
- Publication number
- WO2003046780A2 WO2003046780A2 PCT/EP2002/013479 EP0213479W WO03046780A2 WO 2003046780 A2 WO2003046780 A2 WO 2003046780A2 EP 0213479 W EP0213479 W EP 0213479W WO 03046780 A2 WO03046780 A2 WO 03046780A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- information
- evaluation
- anonymous
- results
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Definitions
- the invention relates to a method and an arrangement for information processing in monitoring systems for ethics, risk and / or value management as well as a corresponding computer program product and a corresponding storage medium, which in particular as a processing and management system for information based on anonymously submitted messages , can be used.
- Monitoring for the early detection of existential developments and process deviations in the economy therefore represents a special area of application of the invention.
- the groups named above are increasingly taking on the tasks in business and administration to record and evaluate information and facts.
- a system for recording, research and documentation etc. is currently not known.
- Another problem is that all agents can only give one time window for the inclusion of information.
- the whistleblower only has the chance to provide information at certain specified times (business hours) or to reach one of the groups of people mentioned above.
- the object of the invention is to remedy the disadvantages of the conventional solutions and, in particular, to enable anonymous communication between the reporting party and the evaluating system.
- the invention is also intended to minimize the inhibition threshold for the detection of risk factors, to ensure the documentation and later traceability of the processing of information, and at the same time to increase the quality and relevance of the information for those affected by the irregularities and process deviations, as well as to create the possibility of all types Check processes and procedures for any deviations and enable a timely response to them, thereby ensuring the minimization of risk factors.
- a particular advantage of the invention is that in the method for processing information in monitoring systems for ethics, risk and / or value management, data received from a computer system are searched and evaluated and / or classified according to predetermined patterns, depending on the Evaluation the data are deleted or made available for further processing, the further processing of the data comprises the following steps: Evaluation of the data, depending on the results of the data evaluation, determination of associated further data by database query, - depending on the results of the preceding steps, creation of a data volume expanded by the associated data, depending on the results of the previous steps, transmission of at least part of the data - Further data volume to person (s) identified by the content of the extended data volume.
- An arrangement for information processing in monitoring systems for ethics, risk and / or value management is advantageously set up in such a way that it includes a processor that is set up in such a way that information processing in monitoring systems for ethics, risk and / or value management can be carried out in such a way that data received from a computer system are searched and evaluated and / or classified according to predetermined patterns, depending on the evaluation the data are deleted or made available for further processing, the further processing of the data comprises the following steps: Data, - depending on the results of the data evaluation, determination of associated additional data by database queries, depending on the results of the preceding steps.
- a computer program product for information processing in monitoring systems for ethics, risk and / or value management comprises a computer-readable storage medium on which a program is stored which enables a computer after it has been loaded into the memory of the computer, to carry out information processing in monitoring systems for ethics, risk and / or value management, data received from a computer system being searched and evaluated and / or classified according to predetermined patterns, depending on the evaluation the data being deleted or made available for further processing , the further processing of the data comprises the following steps: - evaluation of the data, depending on the results of the data evaluation, determination of associated further data by database query, depending on the results of the preceding steps, creation of a quantity of data expanded by the associated data, depending on the results of the preceding steps, transmitting at least part of the expanded data set to a person (s) identified by the content of the expanded data set.
- a computer-readable storage medium can be used for information processing in monitoring systems for ethics, risk and / or value management, on which a program is stored which enables a computer after it has been loaded into the memory of the computer
- Perform information processing in monitoring systems for ethics, risk and / or value management whereby a computer data received by the system are searched and evaluated and / or classified according to predetermined patterns, depending on the evaluation the data are deleted or made available for further processing, the further processing of the data comprises the following steps: evaluation of the data, depending on the results of the data evaluation, determination of associated data further data by database query, - depending on the results of the preceding steps, creating a quantity of data expanded by the associated data, depending on the results of the preceding steps, transmitting at least part of the expanded data quantity to (one) by the content of the expanded data quantity identified person (s).
- a method for using a method for information processing in monitoring systems for ethics, risk and / or value management advantageously consists in that a provider provides a monitoring system for ethics, risk and / or value management which Data received from a computer system is searched and evaluated and / or classified according to predetermined patterns, depending on the evaluation the data is deleted or made available for further processing, the further processing of the data comprising the following steps: evaluation of the data, - depending on the results of the data evaluation Determination of related additional data by database query, depending on the results of the previous steps, creating a data volume expanded by the associated data, depending on the results of the previous steps, at least a portion of the expanded data volume, paid for, to a person (s) identified by the content of the expanded data volume.
- the inhibition threshold for the detection of risk factors is minimized, so that on the one hand a larger amount of information can be expected, and on the other hand the quality and relevance of the anonymous reports is increased by working with the whistleblower inquiries becomes.
- the automation of the process supports both aspects: - The confidence of the reporting parties in maintaining their anonymity is increased, through the possibility of querying extensive databases and the computer-assisted evaluation of this amount of data, which can be done with knowledge-based systems, quality and relevance of the notifications improved and an unchangeable documentation of the notices and the processing of notices enables for the first time the traceability of the deviating and explosive processes related notices and notices processing. It has proven to be advantageous in the method according to the invention that current, ongoing processes can be technically ascertained and that for the first time a timely and factual reaction can take place.
- the invention hereinafter referred to as the Business Keeper Monitoring System (BKMS) - represents a new procedure.
- BKMS Business Keeper Monitoring System
- a particular advantage of this approach is that it minimizes the inhibition threshold for uncovering risk factors and at the same time increases the quality and relevance of the information for companies, business leaders and organizations.
- Each information entry is made via the anonymous application area of the specially secured internet application of the BKMS.
- the data transfer is carried out using an SSL 128-bit line. This is an encryption method that e.g. B. is also used in payment transactions at banks.
- the customer can use the BKMS without any technical effort, since no interface to the existing IT system is required.
- the procedure corresponds in all points to the currently highest possible security standard and is continuously developed through current technical extensions'.
- the BKMS is a system in which the continuous acquisition of information is advantageously carried out by outsourcing from the companies and organizations using a neutral communication platform in order to gain knowledge of improper and forensically relevant actions and such an economic criminal nature.
- the information is based on anonymously submitted reports, from which additional data quantities enriched with additional company-relevant information are then generated.
- the information can be collected, edited and enriched without direct access to organizational systems of the client and / or those affected.
- a report is compiled from the expanded data volume, which is forwarded to a person or a group of people who is identified by the content of the expanded data volume.
- the monitoring system is operated by an independent provider.
- the monitoring system can also be used by an affected company or other institutions to process the information and data on irregularities on its own through an ombudsman, corruption officer, etc. In this case, the user of the monitoring system can adapt the report creation to his specific circumstances.
- the BKMS is a knowledge management module that can be built on the existing controlling, risk, ethics and social management systems and thus for the first time an indispensable instrument for the final implementation and full implementation of risk, ethics and social management systems is. It is to be understood as the first system which, in addition to the preventive effect and the protection of corporate processes, sensitizes the employees of the companies or organizations to deviations of an economic criminal nature and for the guidelines and code of conduct, while at the same time reducing the liability risk of the management.
- the BKMS can not only record the information that is later processed by ombudspersons (internal or external), corruption officers or the auditors become.
- the BKMS also ensures that the documentation and later traceability is ensured.
- the information provided by the whistleblower is stored unchangeably in the system. All subsequent dialogues by the processor are recorded. All data that are added to and added to the information by external sources (databases and archives) are documented. And any change in data or activities by a user (processor) can only be completed with a final reason, which the system requests. Also runs in
- the Business Keeper Monitoring System stands out from the conventional controlling applications and methods, the disadvantages of which have been explained above.
- the invention makes it possible not only to evaluate financial data, but also to collect and evaluate information and data from all areas of the company and processes, as well as their business environment, and to transparently indicate deviations that impair value.
- An important advantage of the invention is that an interface to systems of the affected and / or the contracting companies is not necessary for the notification of a message or for the feedback on such a message - and also for the reasons set out above Considering the anonymity to be preserved would make little sense.
- the benefit for the affected and / or contracting companies when using the invention consists primarily in the prevention, prevention, disclosure and information about and about damage or deviations in company processes, since this enables countermeasures to be taken promptly and effectively.
- the minimum amount of costs and expenses for the use of the BKMS knowledge management system is in no relation to the expected damage minimization in the organizations (for example, image damage, legal concerns of the management, liquidity problems have a regular negative impact on the company's balance sheet result ). Overall, the service offered therefore represents a very efficient and economical instrument for companies and organizations.
- the BKMS for the first time all employees of a corporate community, their partners, customers, etc. are included in a controlling process.
- the system is industry-independent and does not require an interface in the company.
- the BKMS is the first controlling system that takes into account both technical and behavioral deviations and can be used to intervene in external process deviations.
- FIG. 1 illustrates the processing of information by the BKMS
- Fig. 2 illustrates the sequence of the procedure for submitting a message or the dialogue with the whistleblower when using the General Postbox;
- Fig. 5a Ein- and processing modules that when using the monitoring system as
- DIP Direct Internal Postbox
- FIG. 8 illustrates an exemplary use of the monitoring system as a direct internal postbox (DIP) using BIMS-C-DIP and BIMS-CC-DIP as processing modules.
- DIP direct internal postbox
- the exemplary monitoring system is used in particular to quickly and effectively obtain plausible, relevant and enriched information about the risk factor of human misconduct, as well as for the discreet forwarding of this documented information.
- All information received on the monitoring system via a specially secured internet application is subjected to a detailed plausibility and relevance check 14. All parameters known to the system, such as B.
- Target specifications and facts from process guidelines or value-based agreements, such as guidelines and codes of conduct, are taken into account.
- Correlated information from databases and archives are fed in using special software, connections are uncovered and the information is enriched.
- These can be both internal databases 7 and databases from external providers 8 or automatic requests for special databases 26 of information files, such as Creditreform, Burgel or Dun & Bradstreet and other information retailers.
- the editing application can index data / documents in all external databases and archives as well as the internal data (publication, company and personal database) the information (documents). This means that every single document out of the millions of documents is indexed or every document is given a fingerprint. This means that the system can analyze each document in several topic clusters beforehand and record them in the system.
- a case comes into the system, which concerns, for example, a certain load, a truck and its route.
- the system indexes and takes a fingerprint (several topic clusters) of the case (note 9) and only compares the topic clusters in its indexed databases.
- topic clusters could arise for a particular route, truck or load.
- Case-related information is now determined by searching the data / documents or the fingerprints of the data / documents of the accessible databases for these topics. The relevance of Data / documents are then determined on the basis of the frequency of occurrence or on the basis of combinations of topics.
- the system can not only process documents 30, but also compare audio information. You can connect the system to countless radio stations and it analyzes the contributions to topic clusters and finds the topics that may be relevant to the case (note 9). The hit rate here is over 95%.
- the checked and refined information regarding economic criminal acts and other critical processes in the respective company are made available in the form of a report 15, which depends on Agreement with the ordering company can also be made periodically.
- This can be represented by several differently configured systems, whereby systems are offered that are solely the responsibility of the provider of the monitoring system, but also those monitoring systems that are used and processed independently by the customer company (important embodiments of these different systems are explained below).
- the monitoring system according to the invention thus supplements existing risk management systems with the previously missing element of human misconduct.
- This information platform which comprises a first (external) database system 6 for the filter system 4, can, for example, be set up as a web server 10 at an Internet provider. It is referred to as an external data processing device 1 because it is accessible from the outside by serving to receive messages 9, feedback and communication 11 with the anonymous whistleblower 12.
- Computers, databases and similar systems that are used for the implementation of the method according to the invention and from the outside, for. B via the Internet 32, are not accessible, are referred to as internal systems.
- the data are transmitted to the data center and to an internal database system 7 of the provider of the invention by means of an encryption system.
- No data of information is stored on the external data processing device 1 or on a system that can be reached via the Internet 32. This outpost is being set up for security reasons to prevent direct external access to the internal system. No information is provided Notes stored on the external system.
- the external data processing device 1 forwards the incoming messages 9 directly to the internal data processing device 2, the messages are filtered on the external data processing device 1 only by a few defined routines.
- the data undergo a further selection process, which and 'correlation of the data verified in particular syntax with predeterminable criteria which influence the further processing of the message.
- the external data processing device 1 can also be installed at the provider of the invention - but since there is also a connection to the Internet 32 or an intranet, it is still referred to as an external computer system.
- the BIMS 5 application compiles further information which is obtained through research 13 of external databases 8, from internal processes and from a multi-stage plausibility analysis or correlation check 14, the results of which are reflected in a report 15.
- the exemplary information processing system can be characterized by the following components, depending on the area of application of this system, the functionality of the components can be reduced or expanded by supporting applications if necessary:
- Information and communication platform on the Internet 32 or intranet secures up to 100% anonymity of the reporting party 12 through an anonymous area 16; enables the generation of an "anonymous and / or silent electronic mailbox" 3.
- the automated knowledge management system BKMS can be supported by an operator in a dialog process with regard to the transfer of know-how from bad and / or forensic expert knowledge and with decision support according to the plausibility levels, for example if a message has been declared by the system as "unclear" ,
- the method according to the invention is to be explained in detail below using a monitoring system for economic crime incidents (cf. FIG. 2). If someone believes they have noticed an irregularity that they think is relevant and should be prevented, but fears that the incident will be reported openly, the inventive method enables them to submit the report anonymously. To do this, he dials into the homepage of a service provider (e.g. business keeper) who offers the method according to the invention as a service. He thus arrives at the information and communication platform in the absolutely anonymous area 16 of the business keeper, which is provided by the external data processing device 1. Entry into the information and communication platform can take place via the Internet 32 or via a browser-controlled environment in the intranet or internal network environment of a company, an administration or other organizations (NGO or GO organization).
- a service provider e.g. business keeper
- the whistleblower 12 is thus located in the anonymous area 16. If the notifier 12 has not yet set up an "anonymous and / or silent mailbox" 3, he can enter his message 9 in a notification form 17 which is made available to him after he has activated the "message button" 25.
- the reporting party 12 (external business keeper) writes his or her report 9 on a specified data structure specified by an input mask, the mentioned reporting form 17, and places it in the anonymous information and communication platform. Personal data and information are not required.
- he When he generates a message 9 for the first time, he is only active in the direct anonymous registration form. He is in the anonymous area, but not in the "anonymous and / or silent mailbox" 3.
- the whistleblower 12 is asked by the system whether he wants to follow up the processing of his message 9 or to answer any questions that may arise. wants to set up anonymous and / or silent mailbox "3. If the reporting party 12 is not interested, he can exit the system by closing 19 the anonymous area 16.
- the whistleblower 12 wishes to be informed about the further course of the process, he can set up an “anonymous and / or silent mailbox” 3 by entering a pseudo name and a password.
- the system checks the selected pseudo name for usability. After the confirmation 21 of the pseudo name, the device 22 of the "anonymous and / or silent mailbox" 3 takes place. If he has already generated an "anonymous and / or silent mailbox" 3 in the past, he can send the message or information in the "anonymous and / or generate silent mailbox "3.
- a "anonymized and / or silent mailbox" 3 which has already been set up can be reached via a login button 23 which, when actuated (clicked), provides an input mask for the pseudo name and password.
- the reporting party 12 can enter one or more new messages 9 for further cases Make additions to a case or respond to feedback from the business keepers.
- the message 9 can also be sent to an intranet network of a company, administration or organization (NGO or GO).
- the OlS system 4 (Outsource Incident System) is activated.
- the OIS 4 is a technique by which all information and texts are automatically and schematically checked for their content, their quality, a possible correlation and their components.
- information in messages 9 z. B. subjected to a syntax check, a legal check with legal texts, compared with conditions of different types and relationships with compilations of different key words and key keys.
- the components of message 9 determined and evaluated in this way are assigned to certain classes by a downstream filter system and are declared accordingly. With the classification or declaration of the components of the anonymous data, different routines are triggered which cause the deletion, forwarding of the message 9 and / or activation of secrecy levels.
- the reporting party 12 (external business keeper) immediately receives a message about the results. This means that OIS technology 4 excludes unwanted messages 9 or data content and ensures that a concentration of the desired information and only a predefined quality and selection of the information is forwarded to another database.
- the processing module OIS 4 Upon receipt of a notice in the external data processing device 1 of the monitoring system, the processing module OIS 4 automatically searches for the company or administrative guidelines, guidelines, code of conduct and legal offenses, comparing these in each case using the features contained in the notes and comparing them with the notice added if there is a reference to the message. All offenses (criminal law, insolvency law), company-internal guidelines, guidelines are previously fed into a database of the system and cataloged with characteristics and causality sequences. In this way, the system can add further information to a note (case) that can later support decision-making. The internal company or administrative guidelines, guidelines, codes of conduct etc. are fed in separately for each company and organization and are given special characteristics and causalities.
- action filters can be programmed and set accordingly in the OIS system 4. Depending on the type of message, words, word correlations and subject areas, actions are automatically carried out in the form of an early warning system.
- a customer for example an airport, processed his incoming information internally using his own internal ombudsman.
- a notice is received outside of business hours in management (e.g. ombudsman) at 11:00 p.m., which describes a threatening situation and provides a reference to it.
- the OIS 4 recognizes the content of the message and sends a defined code to one or more cell phones or fax machines, e-mails or notifies a security service, who notifies the person responsible immediately and then looks into the BIMS 5 system.
- Who the codes at The customer can set and change certain information in the system himself.
- the incoming note 9 itself is not sent, only the associated code. It serves as an early warning system for very explosive and existentially threatening information that must be dealt with immediately. Thousands of codes can be defined for thousands of defined note contents.
- Locations / locations are carried out, that is, a
- Message 9 or a case can be processed multiple times on one or different computers / server platforms using OIS system 4.
- the reporting party 12 can also enter 3 additions, new messages, answers via a previously generated "anonymous and / or silent mailbox", which are checked again by the OlS system 4 and possibly added to an earlier message 9, or else it becomes a new case created.
- the OIS system 4 can expand its framework conditions and quality and test relevance with the help of connections to databases and information centers or networks and be connected to them.
- an "anonymous and / or silent mailbox” 3 by the reporting party (external business keeper).
- the reporting party 12 (external business keeper), if he does not yet have an “anonymous and / or silent mailbox” 3, can generate an "anonymous and / or silent mailbox” 3 by means of a pseudo name and password. However, this is not mandatory; he can also send a message 9 directly in the anonymous area without an "anonymous and / or silent mailbox" 3.
- the generation of an "anonymous and / or silent mailbox” 3 makes sense, however, since the reporting party 12 receives feedback about this, which is necessary for further clarification of the case, or messages about the processing status of the message 9 (cf. also FIG. 2). ,
- a message 9 received in the anonymous information and communication platform can be deleted by the OIS system 4 if predetermined criteria are not met or the OlS system 4 complies with defined framework conditions.
- the automatic test and quality result which is composed of the specifications in the OlS system 4, is selected in the OlS system 4 again after deletion or forwarding and processed accordingly, for example deletion of the overall report or partial information or forwarding.
- the reporting party 12 In the event of deletion, further processing or partial deletion of individual information, the reporting party 12 (external business keeper) will be informed of the result of the OlS check immediately or later via the "anonymous and / or silent mailboxes" 3.
- the notification continues to be made anonymously in his "anonymous and / or silent mailbox" 3 or directly via the individual input mask of the anonymous information and communication platform.
- the result can thus immediately be in the anonymous region 16 be transmitted or, if necessary, later deposited in the "anonymous and / or silent mailbox" 3 of the reporting party 12.
- queries are also provided on the internal DVE 2 and are only transmitted (encrypted) to the external DVE 1 when the whistleblower 12 has logged into the “anonymous and / or silent mailbox” 3.
- a filter function is responsible for the classification of the levels of confidentiality and the classification of the relevance of the information.
- the areas of responsibility for the further processing of message 9 and / or the information are also divided.
- the messages 9 are and can be declared here in several levels of confidentiality, such as 'confidentialO, secretO, very secret', etc.
- the z. B. Assessment and / or classification includes, the result of the OlS examination classified with regard to relevance and / or confidentiality is transferred to the BK-SAPDB system.
- the information thus preselected and defined according to a defined quality standard, which has not been deleted by the OlS system 4 is stored as a result of the transfer on one or more (internal) databases 7 which are located on an internal data processing device which serves to process the messages 9 2 are located.
- This data transfer is encrypted with due regard to data security and the confidentiality of the messages submitted. Since the external data processing device 1 (the external server) on which the anonymous information and communication platform runs, for outsiders, for. B. is accessible via the Internet 32, there is always the risk that an unauthorized data access takes place.
- the internal databases 7 are not accessible from the outside and thus ensure almost complete protection against misuse of the data.
- the BIMS 5 application (Business Keeper Incident Management System) accepts message 9 with all information and results from the BK-SAPDB, which is part of the internal database system 7.
- a further automatic check and information correlation from the existing data stocks of the BK-SABDB database is created (cf. FIG. 4).
- the system searches possible relationships to other cases and information that are added to this current case or message 9.
- this check by the BIMS system 5 only processes information from the existing data stocks or data volumes from the BK-SAPDB database.
- a first check takes place immediately after the message 9 has been sent to the external data processing device 1 - the external server. This may only include a small (external) database 6 and separate messages 9 by carrying out a simple pattern comparison with terms that prove that the message 9 is unusable or that the monitoring system is not responsible for the reported case is.
- the BIMS system 5 - e.g. B. relevance or secrecy level - a further level of the check can be initiated automatically.
- Such a further test level in the BIMS 5 application can, for example, check the first plausibility of the message 9 and results, compile further information about the case or change the confidentiality level of the message 9. Such a level would be comparable to a compliance center.
- the information and data supplied by the reporting party 12 are automatically compiled from the databases of the BIMS system 5, the causality being checked in the BIMS system 5.
- the processing and relevance of message 9 is decided.
- Report 15 is created by the BIMS 5 system and can be output in different ways depending on the information content and plausibility level as well as the customer structure. The addressee or the addressees of report 15 may result from the data added to the original message. Report variants differ, for example: B. the information content, structure, customer structure, information recipients, etc.
- the BKMS is also a central element of a comprehensive and sustainable integrity management.
- message 9 or the case is marked accordingly.
- This can, for. B. are displayed whether the message 9 is fed to a further test stage, whether it is stored as information for possible new messages 9 in a database, - whether a query to the reporting party 12 is required, whether the information is sufficient to create a report 15 or whether the message 9 is deleted due to lack of relevance or because it is a message 9 that does not belong to the area of responsibility of the monitoring system for white-collar crime.
- reporting party 12 external business keeper
- additional internal or third-party databases 7, 8 from other database providers can be used and (one-sided) interfaces created. If feedback has been provided by the monitoring system, the reporting party 12 (external business keeper) can send a response immediately or after a few days afterwards and thus further information about his "anonymous and / or silent mailbox" 3 to the BKMS system and remains absolutely anonymous.
- the absolute anonymous correspondence with the reporting party 12 is an additional function in the application of the BKMS.
- the monitoring system according to the invention provides alternatively selectable input and processing modules which each provide the whistleblower 12 and the company with a specific information radius and a specific information depth.
- the combination of an input module and a processing module form the different embodiments of the monitoring system according to the invention.
- the BIMS 5 represents the platform for the further processing of the information through dialogue with the information provider 12, merging of information and evaluation.
- the different variants differ in their areas of application, their functionality and processing technology.
- Input module General Postbox (GP)
- Input module Direct Internal Postbox (DIP) 38 Internal, anonymous and / or silent mailbox 3 of the person you trust
- DIP Direct Internal Postbox
- each anonymous whistleblower 12 can be asked 3 questions about the specific case as well as about the plausibility and relevance check 14 by means of the anonymous and / or silent mailbox.
- this is carried out with the responsibility of the customer company or by the provider of the method according to the invention. If the customer company is responsible, a qualified group of people from the areas of auditing, corporate security or the legal department as well as, for example, an ombudsman (internal or external) or a corruption officer should be selected.
- a contracting company can be provided by the provider of the method according to the invention.
- a separate platform with an independent login routine is provided in order to access specific information on individual cases from certain groups of people (internal and external).
- a case-related monitoring process is initiated.
- the company announces the case-related login routine to one or more groups of people in its company or corporate environment.
- BIMS 5 can provide further assessments for case specification and decision support: a) Viewing and searching publications on involved companies, people, processes and similar offenses:
- BIMS 5 a technology is used that can be used to compare the topics of a note - message 9 - with millions of documents from archives and databases.
- Each document (including the note) is shown in topic clusters ("electronic fingerprint") based on the frequency of occurrence of certain words and word combinations.
- the content of each note 9 is indexed in this way and linked to documents from databases and archives according to its characteristics and word combinations, as well as topics that arise (cf. the above explanation on the topic clusters “cargo”, “truck”, “route”).
- audio and / or graphic information can be evaluated by determining topic clusters for audio recordings or connecting graphic patterns (logos for example) with certain words and / or topic clusters. Hit rates of up to 95% are achieved.
- the legal offense based on the characteristics of the offense or limits it to one, two or even more offense options.
- the legally prescribed causalities e.g. crime object, crime act and crime act etc.
- the legally prescribed causalities are taken into account by the system during analysis and evaluation.
- a function is depicted in the individual modules that is used directly when the information is given by a whistleblower 12.
- Words and word combinations predefined by the company lead to an immediate action. For example, the receipt of the word sabotage could be followed by the action that an SMS, a fax or an email is sent to one or more responsible persons with a code or the instruction to immediately look into the system.
- the actions and the input of the keywords are unlimited and can be done cover.
- a further area of application of this function is in particular airports or important public facilities, event locations, where special words or word combinations such as B. explosives, weapons, attack or the like immediately, that is, without further test stages, countermeasures are automatically started.
- the General Postbox (GP) 36 (see Fig. 5a)
- the GP 36 is open to the public. It enables all employees of a company and other potential information carriers in the company environment, regardless of time and location, to anonymously submit relevant information / reports 9 regarding white-collar crime or other counterproductive behavior.
- An individual "anonymous and / or silent mailbox" 3 is made available to the whistleblower 12 after the first notification / message 9. In this he can follow his case, respond to inquiries in dialogue with the provider of the monitoring system, submit supplements to the case and receive feedback. Absolute anonymity is guaranteed at all times.
- the GP 36 can only be combined with the processing module BIMS-BK 39, in which the receipt of the information as well as its processing and forwarding to the respective client is within the scope of report 15 on the part of the provider of the monitoring method according to the invention.
- the reporting party 12 (external business keeper) from the above-mentioned group of people then comes to an independent information and communication platform in the absolutely anonymous area.
- an “anonymous and / or silent mailbox” 3 which explicitly enables both feedback and communication in this case.
- This login routine triggers an independent BKMS process that runs through the well-known OIS 4 and BIMS 5 systems.
- the reporting party 12 also has the option here of receiving feedback or of communicating with the monitoring system by generating a — possibly separate — “anonymous and / or silent mailbox” 3.
- the contracting company has the option of deliberately recording individual deviations or deficits in the company's own process flows or having them researched very specifically on individual bad actions.
- the BKMS can produce fully automated statistics for individual contracting companies on the economically relevant deviations that affect them.
- CIP 37 is not open to the public. It is used for the efficient handling of a damage that has already occurred or for process optimization in a specific case. Access data are communicated to selected people, which they can use to read company-specific information and questions on the case-related website and provide information.
- the checked and qualified information is forwarded directly and exclusively from the provider of the method according to the invention to the client.
- the selection of the processing module BIMS-C-CIP 41 means the assumption of responsibility and processing by the company concerned without direct participation or possibility of knowledge of the provider of the method according to the invention. In principle, this is possible if the client can ensure the correct handling of the information.
- the Direct Internal Postbox (DIP) 38 (see Fig. 5c)
- DIP 38 is not open to the public. It is an internal information and communication platform for the person of trust, revision or corporate security of the company. Employees and external parties of a company receive access data with which they can anonymously contact their trusted person via the company-specific website. Company information (e.g. guidelines) or questions can be communicated and an anonymous dialogue can be established with the whistleblower.
- DIP 38 can be processed with three different processing modules: BIMS-DIP 42, BIMS-C-DIP 43, BIMS-CC-DIP 44.
- the notes and information are processed and answered during use of BIMS-DIP 42 from the provider of the monitoring system according to the invention when using the module BIMS-C-DIP 43 without the involvement of the provider of the monitoring system according to the invention directly from the person of trust.
- the processing module BIMS-CC-DIP 44 was specially developed for a holding company structure.
- each division 46 of a group receives an autonomous DIP 42, whereby the group or holding center 45 receives the subject lines and the status of the information received in the autonomous division 46 for information and control (a simple basic illustration is shown in FIG.
- the use of the processing module BIMS-C-DIP 43 is illustrated in more detail in FIG. 6.
- a corporation would like to investigate irregularities that were caused to it (not necessarily anonymously) in some way.
- the affected group is given the opportunity to use the processing module BIMS-C-DIP 43, which they can use at the headquarters. This is particularly useful if divergent actions in divisions 46 need to be investigated.
- the group can thus make the access data available to a selected group of people (employees or external parties such as partners, customers or the like), from whom it presumes special knowledge of the processes.
- the notices 9 introduced into the system by this group of people via the "silent and / or anonymous mailbox" 3 are searched for non-relevant information in a first filter, which can be set up in a company-specific manner.
- the relevant notices 9 that have passed the filter can now be evaluated internally within the group using the processing module BIMS-C-DIP 43.
- This also includes the creation of reports 15, which in this case are generated internally and not by a third-party provider of the monitoring system.
- the evaluation of the information processed by the Group's internal monitoring system can, however, be supported by a third, external and independent provider of the monitoring system, for example by making an agreement between the group and the third provider of the monitoring system, such as the content that the third provider of the Monitoring systems for a given list of keywords or topics related to this sends incoming information to the group via the general postbox 36, which is now available to the group in addition to the information provided by the selected group of people.
- FIG. 7 illustrates the situation in which the divisions 46 of a group each use their own processing modules BIMS-C-DIP 43, with which the divisions 46 can process different behavior themselves in their closer environment.
- the divisions 46 assign their own access data and process incoming information 9 on their own responsibility. Only the header, if any, is sent to the corporate headquarters. forwarded with the status of the information received.
- This variant of the information processing according to the invention can be used advantageously if the divisions 46 are areas with specific characteristics, such as the manufacturing area and house bank or the like, or divisions 46 with special regional features.
- the group headquarters and / or divisions 46 can be supported by a third provider of the monitoring system by providing additional information which he compiles and processes by himself processing messages 9 received by him.
- the method and system according to the invention also serve to communicate complaints or suggestions for improvement.
- whistleblowers 12 or customers or other groups of people provide information or reports 9 on a process a product and / or for process improvements or a complaint to the BKMS, which can also be used as a complaint or optimization system.
- Control center Ombudsman, auditing, internal security, person of trust,
- Direct Internal Postbox38 (DIP): - internal, access data, dialogue with whistleblower, research and evaluation, unlimited use,
- Control center Ombudsman, auditing, internal security, person of trust,
- CIP 37 and DIP 38 can be used by the customer through a qualified employee, ombudsman (internal or external), auditor, corruption officer or a legal person. The user also prints out the report himself.
- the customer can also have the processing of CIP 37 and DIP 38 carried out by an (external, neutral provider of the monitoring system.
- an (external, neutral provider of the monitoring system In this case, the customer only publishes the access data for the group of people or in the company or in the corporate environment. The processing and evaluation the detailed information is given by the provider.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Human Resources & Organizations (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Data Mining & Analysis (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002468873A CA2468873A1 (en) | 2001-11-26 | 2002-11-26 | Method and system for processing information in monitoring systems used in ethics, risk and/or value management and corresponding computer program product and corresponding storage medium |
AU2002356756A AU2002356756A1 (en) | 2001-11-26 | 2002-11-26 | Method and system for processing information in monitoring systems used in ethics, risk and/or value management and corresponding computer program product and corresponding storage medium |
US10/496,363 US20060179030A1 (en) | 2001-11-26 | 2002-11-26 | Method and system for processing information in monitoring system used in ethics, risk and/or value management and corresponding computer program product and corresponding storage medium |
EP02803812A EP1449145A2 (de) | 2001-11-26 | 2002-11-26 | Verfahren und anordnung zur informationsverarbeitung in monitoring-systemen für das ethik-, risiko- und/oder wertemanagement sowie ein entsprechendes computerprogrammprodukt und ein entsprechendes speichermedium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10159028.8 | 2001-11-26 | ||
DE10159028A DE10159028A1 (de) | 2001-11-26 | 2001-11-26 | Verfahren und Anordnung zur Informationsverarbeitung in Monitoringsystemen für das Ethik-, Risiko- und/oder Wertemanagement sowie ein entsprechendes Computerprogrammprodukt und ein entsprechendes Speichermedium |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003046780A2 true WO2003046780A2 (de) | 2003-06-05 |
WO2003046780A8 WO2003046780A8 (de) | 2003-08-07 |
Family
ID=7707689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2002/013479 WO2003046780A2 (de) | 2001-11-26 | 2002-11-26 | Verfahren und anordnung zur informationsverarbeitung in monitoring-systemen für das ethik-, risiko- und/oder wertemanagement sowie ein entsprechendes computerprogrammprodukt und ein entsprechendes speichermedium |
Country Status (6)
Country | Link |
---|---|
US (1) | US20060179030A1 (de) |
EP (1) | EP1449145A2 (de) |
AU (1) | AU2002356756A1 (de) |
CA (1) | CA2468873A1 (de) |
DE (1) | DE10159028A1 (de) |
WO (1) | WO2003046780A2 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005059785A1 (en) * | 2003-12-16 | 2005-06-30 | Sap Ag | Systems and methods for enabling anonymous reporting of business activities |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130282425A1 (en) * | 2012-04-23 | 2013-10-24 | Sa[ Ag | Intelligent Whistleblower Support System |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2861176B2 (ja) * | 1990-01-19 | 1999-02-24 | 株式会社日立製作所 | オンライン業務監視装置 |
JP2804403B2 (ja) * | 1991-05-16 | 1998-09-24 | インターナショナル・ビジネス・マシーンズ・コーポレイション | 質問回答システム |
JPH08251221A (ja) * | 1995-03-13 | 1996-09-27 | Nippon Telegr & Teleph Corp <Ntt> | メッセージハンドリング方法 |
US20010034708A1 (en) * | 1996-09-06 | 2001-10-25 | Walker Jay S. | Method and system for establishing and maintaining user-controlled anonymous communications |
US6144934A (en) * | 1996-09-18 | 2000-11-07 | Secure Computing Corporation | Binary filter using pattern recognition |
US6119103A (en) * | 1997-05-27 | 2000-09-12 | Visa International Service Association | Financial risk prediction systems and methods therefor |
US6250930B1 (en) * | 1997-05-30 | 2001-06-26 | Picante Communications Corporation | Multi-functional communication and aggregation platform |
US20020004900A1 (en) * | 1998-09-04 | 2002-01-10 | Baiju V. Patel | Method for secure anonymous communication |
US6850643B1 (en) * | 1999-09-08 | 2005-02-01 | Ge Capital Commercial Finance, Inc. | Methods and apparatus for collateral risk monitoring |
AU7857900A (en) * | 1999-10-04 | 2001-05-10 | John C. Day | Method of dynamically recommending web sites and answering user queries based upon affinity groups |
US7801766B2 (en) * | 2000-03-31 | 2010-09-21 | You Technology Brand Services, Inc. | Method, system, and computer readable medium for facilitating a transaction between a customer, a merchant and an associate |
US20020038217A1 (en) * | 2000-04-07 | 2002-03-28 | Alan Young | System and method for integrated data analysis and management |
US7389265B2 (en) * | 2001-01-30 | 2008-06-17 | Goldman Sachs & Co. | Systems and methods for automated political risk management |
US7188169B2 (en) * | 2001-06-08 | 2007-03-06 | Fair Isaac Corporation | System and method for monitoring key performance indicators in a business |
-
2001
- 2001-11-26 DE DE10159028A patent/DE10159028A1/de not_active Withdrawn
-
2002
- 2002-11-26 WO PCT/EP2002/013479 patent/WO2003046780A2/de not_active Application Discontinuation
- 2002-11-26 US US10/496,363 patent/US20060179030A1/en not_active Abandoned
- 2002-11-26 EP EP02803812A patent/EP1449145A2/de not_active Withdrawn
- 2002-11-26 AU AU2002356756A patent/AU2002356756A1/en not_active Abandoned
- 2002-11-26 CA CA002468873A patent/CA2468873A1/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
See references of EP1449145A2 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005059785A1 (en) * | 2003-12-16 | 2005-06-30 | Sap Ag | Systems and methods for enabling anonymous reporting of business activities |
Also Published As
Publication number | Publication date |
---|---|
DE10159028A1 (de) | 2003-06-12 |
WO2003046780A8 (de) | 2003-08-07 |
US20060179030A1 (en) | 2006-08-10 |
AU2002356756A1 (en) | 2003-06-10 |
EP1449145A2 (de) | 2004-08-25 |
CA2468873A1 (en) | 2003-06-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Comyns et al. | Corporate reputation and collective crises: A theoretical development using the case of Rana Plaza | |
US11409776B2 (en) | Anonymous reporting system | |
Mousa et al. | Legitimacy theory and environmental practices: Short notes | |
Meijer | Transparent government: Parliamentary and legal accountability in an information age | |
Hoitash | Should independent board members with social ties to management disqualify themselves from serving on the board? | |
US8250025B2 (en) | Anonymous reporting system | |
DE102012220716A1 (de) | Verfahren, Datenverarbeitungsvorrichtung und Programm zum Identifizieren vertraulicher Daten | |
EP1209579A1 (de) | System zur automatisierten Abwicklung von Transaktionen durch aktives Identitätsmanagement | |
US9135598B2 (en) | Anonymous reporting system | |
US20060229995A1 (en) | Report form generator for anonymous reporting system | |
Dreyer | When the postman beeps twice: the admissibility of electronic mail under the business records exception of the Federal Rules of Evidence | |
Halina et al. | The use of IT systems in financial and accounting services for enterprises in the conditions of the COVID-19 pandemic | |
DE602004002777T2 (de) | Vorrichtung zur Behandlung von E-Mails in einer Mehrbenutzer-Umgebung | |
EP1299817A2 (de) | Informationsdienstsystem | |
WO2003046780A2 (de) | Verfahren und anordnung zur informationsverarbeitung in monitoring-systemen für das ethik-, risiko- und/oder wertemanagement sowie ein entsprechendes computerprogrammprodukt und ein entsprechendes speichermedium | |
CN107886311A (zh) | 一种会员管理系统 | |
Swanson | Toward a Policy for Managing the Use of Computer Mediated Communication in the Workplace. | |
Iqbal et al. | LEGISLATION FOR UNIVERSALITY IN SENATE OF PAKISTAN (1985-1999) | |
Friedmann et al. | Improving crime data project | |
Sardjono et al. | Implementation of industrial revolution 4.0 on e-voting platform at the electronic general shareholders meeting | |
Wich | Will Artificial Intelligence Impact Union Prevention Efforts? | |
Finau et al. | The impact of the Environment Management Act (EMA) on the accountability of companies in Fiji | |
Soebagiya et al. | Policy Process for Law Enforcement Violation of Illegal Cigarettes Circulation in Indonesia | |
Ericson | Communication Breakdown: Identifying weaknesses and improvement possibilities in the cooperation between law enforcement and financial institutions regarding romance fraud | |
Harkness | Communicating a stakeholder report |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
D17 | Declaration under article 17(2)a | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002803812 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2468873 Country of ref document: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 2002803812 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
ENP | Entry into the national phase |
Ref document number: 2006179030 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10496363 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |
|
WWP | Wipo information: published in national office |
Ref document number: 10496363 Country of ref document: US |