WO2019100682A1 - 风险评估方法、装置、计算机设备及可读存储介质 - Google Patents

风险评估方法、装置、计算机设备及可读存储介质 Download PDF

Info

Publication number
WO2019100682A1
WO2019100682A1 PCT/CN2018/088710 CN2018088710W WO2019100682A1 WO 2019100682 A1 WO2019100682 A1 WO 2019100682A1 CN 2018088710 W CN2018088710 W CN 2018088710W WO 2019100682 A1 WO2019100682 A1 WO 2019100682A1
Authority
WO
WIPO (PCT)
Prior art keywords
risk
event
evaluated
severity level
level
Prior art date
Application number
PCT/CN2018/088710
Other languages
English (en)
French (fr)
Inventor
李玲
谭志荣
朱勇军
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019100682A1 publication Critical patent/WO2019100682A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Definitions

  • the present application relates to a risk assessment method, apparatus, computer device, and readable storage medium.
  • Risk Assessment refers to the quantitative assessment of the impact and loss of people's life, life, property and other aspects before or after the risk event (but not yet finished). That is, risk assessment is to quantify the extent to which an event or thing is affected or lost.
  • the inventors are aware that the risk assessment in traditional technology is generally based on the past experience, and the risk of the event is determined through manual review. Because the audit criteria of different personnel are inconsistent, the results of the risk assessment obtained by the same event are inconsistent. There is an error in the results of the risk assessment.
  • a risk assessment method In accordance with various embodiments disclosed herein, a risk assessment method, apparatus, computer apparatus, and readable storage medium are provided.
  • a risk assessment method that includes:
  • a target severity level is obtained according to the highest severity level, and the target severity level is output.
  • a risk assessment device comprising:
  • a parameter obtaining module configured to obtain a parameter of the input event to be evaluated
  • a standard acquisition module configured to obtain a risk assessment applicable standard corresponding to the event to be evaluated
  • a parameter conversion module configured to convert the parameter of the event to be evaluated into a dimension parameter according to a preset rule
  • a comparison module configured to compare the dimension parameter with a corresponding threshold in the risk assessment applicable standard to obtain a severity level of each dimension
  • a statistical module for determining a highest severity level by a short board method and counting the number of the highest severity levels
  • a severity level output module configured to: when the number of the highest severity levels exceeds a preset value; obtain a target severity level according to the highest severity level, and output the target severity level.
  • a computer device comprising a memory and one or more processors having stored therein computer readable instructions, the computer readable instructions being executable by the processor to cause the one or more processors to execute The following steps:
  • a target severity level is obtained according to the highest severity level, and the target severity level is output.
  • One or more non-transitory computer readable instruction storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of:
  • a target severity level is obtained according to the highest severity level, and the target severity level is output.
  • FIG. 1 is an application environment diagram of a risk assessment method in accordance with one or more embodiments.
  • FIG. 2 is a flow chart of a risk assessment method in accordance with one or more embodiments.
  • FIG. 3 is a schematic diagram of a risk assessment device in accordance with one or more embodiments.
  • FIG. 4 is a block diagram of a computer device in accordance with one or more embodiments.
  • FIG. 1 is an application environment diagram of a risk assessment method according to one or more embodiments.
  • a computer device and a plurality of clients may be sent, and the client may send a to-evaluation to a computer device.
  • the parameter of the event such that the computer device can calculate the risk level of the event to be evaluated based on the parameter of the event to be evaluated.
  • Clients can be, but are not limited to, a variety of personal computers, laptops, smart phones, tablets, and portable wearable devices, which can be implemented as a stand-alone server or a cluster of servers consisting of multiple servers.
  • a risk assessment method is provided. This embodiment is exemplified by applying the method to the computer device in FIG. 1 above.
  • a risk assessment program is run on the computer device, and the risk assessment method is implemented by the risk assessment program.
  • the method specifically includes the following steps:
  • the event to be evaluated is an event that needs to be evaluated, generally an event involved in activities such as production and sales
  • the parameter of the event to be evaluated refers to a parameter that can identify the nature of the event to be evaluated, which may include a company name, Annual pre-tax profit, annual business income, etc.
  • the organizational structure of a general company may include a group and a subsidiary, or a company or a branch, wherein the branch may be regarded as a department of the company.
  • a subsidiary, group or company can be considered an independent company.
  • Each independent company is equipped with a corresponding risk assessment applicable standard, so that the applicable criteria for risk assessment can be obtained according to the event to be evaluated.
  • the event to be evaluated can be set with an identifier, and the risk assessment can be directly obtained according to the identifier of the event to be evaluated. standard.
  • the risk assessment applicable standard may be a storage center that is pre-configured by the management personnel and can establish a risk impact degree and a defect rating standard.
  • the storage center stores the group risk assessment applicable standard and the subsidiary risk assessment applicable standard, and the security is
  • applicable standards for risk assessment of group headquarters and applicable standards for risk assessment of other subsidiaries such as applicable standards for Ping An Life Risk Assessment, applicable standards for Ping An Insurance Risk Assessment, and applicable standards for Ping An Trust Risk Assessment, etc., may be stored.
  • the threshold in the applicable standard of risk assessment can be configured by the administrator.
  • the configuration process may include: the computer device receives parameters input by the management personnel, including the company name, the annual pre-tax profit, and the annual business income, wherein the company name may include the name of the group as a whole, the group headquarters, and each subsidiary, taking Ping An as an example.
  • the company name may include the group as a whole, the group headquarters, Ping An Life Insurance, Ping An Property Insurance, Ping An Trust, Ping An Securities, Ping An Bank, Ping An Asset Management, Ping An Annuity Insurance, Ping An Health Insurance, Ping An Real Estate, Ping An Number, Ping An Direct, Ping An Subsidiaries such as Leasing, Ping An Jinke, Ping An Lujin, Ping An Bao Dai, Ping An Pay, and Ping An Futures.
  • the computer equipment calculates each threshold according to the input annual pre-tax profit and annual operating income, and finally obtains the risk assessment applicable standard of the group and each subsidiary according to the calculated threshold, that is, first obtains a unified risk assessment applicable standard template, and then The obtained threshold is directly filled in the risk assessment applicable standard template.
  • the threshold calculation formula is as follows:
  • E MIN (MAX ((" annual operating income (million)” * 0.0005%), 3), 5), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • F MIN (MAX ((" annual operating income (million)" ⁇ 0.005%), 30), 50), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • G MIN (MAX (("year operating income (million)" ⁇ 0.05%), 300), 500), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • H MIN (MAX ((" annual operating income (million)" ⁇ 5%), 3000), 50000), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • E B MIN (MAX (("year operating income (million)" ⁇ 0.0005%), 3), 10), computer equipment automatically calculated.
  • F B MIN (MAX (("year operating income (million)" ⁇ 0.005%), 30), 100), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • G B MIN (MAX (("year operating income (million)" ⁇ 0.05%), 300), 1000), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • H B MIN (MAX (("year operating income (million)" ⁇ 5%), 3000), 50000), computer equipment automatically calculated. MIN is the minimum value and MAX is the maximum value.
  • S206 Convert a parameter of the event to be evaluated into a dimension parameter according to a preset rule.
  • the severity evaluation dimension may include multiple dimensions, for example, 4, 5, 8, etc., and there is no limitation here, wherein for convenience, 8 dimensions are included, and the 8 dimensions include 2 financial correlations. Dimensions and six non-financial related dimensions, two of which include financial reporting misstatement impacts, actual financial losses; six non-financial related dimensions including legal compliance, strategic and business objectives, ongoing business operations and customer service , information disclosure, reputational impact, data and information systems.
  • the parameter of the event to be evaluated may be converted into a dimension parameter of the dimension according to a preset rule, for example, a keyword for obtaining a parameter of the event to be evaluated, and converted into a corresponding dimension according to the keyword.
  • the parameter of the event to be evaluated includes financial loss
  • the financial loss is directly converted into the actual financial loss.
  • the parameter of the event to be evaluated includes the information leakage range
  • the dimensional parameter of the information disclosure dimension is calculated according to the information leakage range, and the dimensions of other dimensions are The parameters can also be obtained accordingly, and will not be described here.
  • each dimension parameter is compared with a corresponding threshold value in the obtained risk assessment applicable standard to obtain a severity level of each dimension.
  • the severity level can be set to multiple, for example, level 5, level 6, level 8, etc., and is not limited herein, and for convenience, the severity level here includes level 5: slight (1), general (2), important (3), serious (4) and catastrophic (5). This compares the dimensional parameters to the corresponding thresholds in the risk assessment applicable criteria to obtain the severity level for each dimension.
  • S210 Determine the highest severity level by the short board method, and count the number of the highest severity levels.
  • the short board method determines the highest severity level that appears in all dimensions, for example, among the eight dimensions, the severity level is 4 in the slight (1), and the severity level is 2 in the general (2). If the severity level is 2 (3), the highest severity level is considered important (3) and the highest severity level is 2.
  • the preset value may be set by the administrator in advance, as shown in the following Table 1.
  • Table 1 The preset value table is taken as an example:
  • the input parameter is converted into a dimension parameter.
  • a dimension parameter For example, when the user inputs the actual financial loss, it is directly converted into the actual financial loss, and compared with the threshold in the actual financial loss dimension to obtain the actual financial loss.
  • the severity level of the dimension If the user enters a penalty parameter, such as the penal level of the internal personnel and the consequences of the penalty, the penalty level and the penalty result are converted into legal compliance dimension parameters, and then the legal compliance dimension parameter and the threshold in the legal compliance dimension are performed. Compare to get the severity level of the legal compliance dimension. When the comparison is completed, the level of 8 dimensions is counted. Firstly, several dimensions of 8 dimensions are involved.
  • the unparticipated display is N/A.
  • the level of the participating dimensions is counted, and then the highest severity is calculated according to the short board method.
  • the level then counts the number of highest severity levels, compares the number of highest severity levels with a preset value, and exceeds the preset value to increase the highest severity level.
  • the target severity level output can be used as a risk assessment result for the event.
  • the above risk assessment method obtains a corresponding risk assessment applicable standard according to the parameter of the risk to be evaluated, and converts the parameter of the risk to be evaluated into a dimension parameter, and compares the dimension parameter with a corresponding threshold value in the risk assessment applicable standard to obtain each The severity level of the dimension, using the short board method to determine the target severity level of the event as a result of the risk assessment.
  • the risk level may be determined according to the target severity level to evaluate the risk of the event to be assessed, or The risk of the event to be evaluated is directly evaluated according to the target severity level, no manual participation is required, the efficiency is high, and the applicable criteria for risk assessment are preset, and the accuracy of the risk assessment is improved.
  • the step S204 that is, the step of acquiring the risk assessment applicable standard corresponding to the event to be evaluated may include acquiring the code of the risk point when the type of the event to be evaluated is a risk point; Obtain the company logo; obtain the applicable criteria for risk assessment corresponding to the company logo.
  • each risk point is set with a unique code
  • the format of the code is company logo + serial number, or serial number + company logo, or the company logo is set in the serial number, wherein the company logo can be a group
  • the identifier of the subsidiary is the identifier of the subsidiary company.
  • the serial number is a code that can uniquely identify the risk point.
  • the serial number can be set to multiple digits.
  • the company logo can also be set to multiple digits. For example, the serial number can be set to 4 digits.
  • the serial number is 12345678 as an example, so the code can be PAYH12345678, or 12345678PAYH, or 12PAYH345678, or 1234PAYH5678, etc.
  • the format of the code can be preset, so that the computer device directly obtains the coded pre-point of the risk point. The value of the digit is set, and then the company identification is obtained according to the data, so that the corresponding risk assessment applicable standard can be obtained according to the company logo.
  • the code of the risk point may be directly obtained, and then the value of the preset number of digits is obtained, and according to the value, the company logo may be directly obtained, thereby The corresponding risk assessment applicable standards can be obtained, which is simple and reliable.
  • the step S204 that is, the step of acquiring the risk assessment applicable standard corresponding to the event to be evaluated may include: when the type of the event to be evaluated is an operation risk or a rectification risk, acquiring the input department parameter; The organizational structure is to obtain the company logo corresponding to the department parameters; and obtain the applicable standards for risk assessment corresponding to the company logo.
  • the company's organizational structure is directly queried according to the parameters of the department input by the user, that is, the company logo of the company to which the risk to be assessed belongs, such as the company name, may be obtained. Therefore, the applicable risk assessment criteria can be queried according to the company's company logo. For example, according to the processing interface selected by the user, whether the event to be evaluated is an operational risk problem and a rectification problem, or a risk point, or an event identifier of the event to be evaluated may be determined to determine that the event to be evaluated is an operational risk problem and a rectification problem. Still a risk point.
  • the company personnel system can be directly queried, the organization structure of the company is obtained, and the department parameters are compared with the company's organizational structure, wherein the department parameter can refer to the department code.
  • the department parameter can refer to the department code.
  • you can set a unique code for each department for example, the format can be a subsidiary ID + department code), so that the department can be distinguished from other departments, and then continue to judge the company where the department is located, so that the The company logo of the company where the department is located, and then the corresponding risk assessment applicable standard can be obtained according to the company logo.
  • the department parameter input by the user is obtained, so that the company to which the department belongs can be queried according to the department parameter, and then the company to which the department belongs can be obtained.
  • the operation is simple and reliable.
  • the risk assessment method may further include a conversion step of converting the target severity level into a group severity level, wherein the The conversion step may include: when the applicable risk assessment applicable standard is the subsidiary risk assessment applicable standard, the ratio of the subsidiary's income to the group income is obtained; and the target severity level is converted into the group severity level according to the ratio.
  • the obtained target severity level is a subsidiary severity level
  • the subsidiary severity level can be converted into a group severity level according to a preset rule.
  • the ratio of the subsidiary's income to the group's income is used as the standard to convert the subsidiary's severity level into the group's severity level.
  • the group severity level of the event to be evaluated is 3 according to the table.
  • the subsidiary severity level needs to be converted into the group severity level, so that the group can uniformly manage each subsidiary and clarify the event. Influence, thereby improving the management of the company.
  • the risk assessment method may further include: when the type of the event to be evaluated is a risk point, obtaining a possibility corresponding to the event to be evaluated; obtaining a risk level according to the target severity level and the possibility, and outputting Risk level.
  • a risk rating is then obtained according to the probability and severity level obtained according to the above table 3 possibility, wherein the subsidiary risk rating can be obtained according to the subsidiary severity level, and the group risk rating can be obtained according to the group severity level.
  • the probability of computer simulation is occasional (3) and the target severity level is general (2), the risk level is 2.
  • the target severity level may be a subsidiary severity level or a group severity level.
  • the probability corresponding to the event to be evaluated is acquired, and the risk level of the event to be evaluated is obtained by the possibility and the target severity level, and the event may be further evaluated. Make the results of the event assessment more accurate.
  • the risk assessment method may further include: when the type of the event to be evaluated is an operation risk or a rectification risk, the query severity level and the risk level comparison table obtain a risk level corresponding to the target severity level, and Output risk level.
  • the risk level of the situation may be obtained directly according to the severity, because the situation is an operational risk problem or a defect has occurred, so only the operational risk problem or The defect problem can be used without considering the possibility.
  • the following table 4 Risk level:
  • the subsidiary risk rating can be obtained according to the subsidiary severity level
  • the group risk rating can be obtained according to the group severity level.
  • the target severity level indicates the subsidiary severity level
  • it is obtained according to Table 4 above.
  • the risk level is the subsidiary risk level.
  • the target severity level indicates the group severity level
  • the risk level obtained according to Table 4 above is the group risk level.
  • the target severity level is 3, the risk level is 3 according to Table 4 above.
  • the risk level can be obtained directly according to the severity level, and the processing is simpler.
  • steps in the flowchart of FIG. 2 are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and the steps may be performed in other orders. Moreover, at least some of the steps in FIG. 2 may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be executed at different times, the execution of these sub-steps or stages The order is also not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of the other steps.
  • FIG. 3 is a schematic diagram of a risk assessment apparatus according to one or more embodiments, the apparatus includes:
  • the parameter obtaining module 100 is configured to obtain an input parameter of the event to be evaluated.
  • the standard acquisition module 200 is configured to obtain a risk assessment applicable standard corresponding to the event to be evaluated.
  • the parameter conversion module 300 is configured to convert the parameter of the event to be evaluated into a dimension parameter according to a preset rule.
  • the comparison module 400 is configured to compare the dimension parameter with a corresponding threshold in the risk assessment applicable standard to obtain a severity level of each dimension.
  • the statistics module 500 is configured to determine the highest severity level by the short board method and count the number of the highest severity levels.
  • the severity level output module 600 is configured to: when the number of the highest severity levels exceeds a preset value; obtain a target severity level according to the highest severity level, and output a target severity level.
  • the standard acquisition module 200 can include:
  • the code acquisition unit is configured to acquire the code of the risk point when the type of the event to be evaluated is a risk point.
  • the company identification obtaining unit is configured to obtain the company logo according to the preset number of digits encoded.
  • the first standard obtaining unit is configured to obtain a risk assessment applicable standard corresponding to the company logo.
  • the standard acquisition module 200 can include:
  • the department parameter obtaining unit is configured to obtain the input department parameter when the type of the event to be evaluated is an operation risk or a rectification risk.
  • the query unit is used to query the group organization structure to obtain the company logo corresponding to the department parameter.
  • the second standard obtaining unit is configured to obtain a risk assessment applicable standard corresponding to the company logo.
  • the apparatus may further include:
  • the income ratio acquisition module is configured to obtain the ratio of the income of the subsidiary company to the group income when the applicable risk assessment standard is the applicable standard of the subsidiary risk assessment;
  • a severity level conversion module for converting a target severity level to a group severity level based on a ratio.
  • the apparatus may further include:
  • a possibility acquisition module configured to: when the type of the event to be evaluated is a risk point, obtain a possibility corresponding to the event to be evaluated;
  • the first risk level output module is configured to obtain a risk level according to the target severity level and the possibility, and output the risk level.
  • the apparatus may further include:
  • the second risk level output module is configured to: when the type of the event to be evaluated is an operation risk or a rectification risk, the query severity level and the risk level comparison table obtain a risk level corresponding to the target severity level, and output the risk level.
  • the various modules in the above risk assessment device may be implemented in whole or in part by software, hardware, and combinations thereof. Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
  • the processor can be a central processing unit (CPU), a microprocessor, a microcontroller, or the like.
  • the risk assessment device described above can be implemented in the form of a computer readable instruction that can be executed on a computer device as shown in FIG.
  • a computer device which may be a server, and its internal structure diagram may be as shown in FIG.
  • the computer device includes a processor, memory, network interface, and database connected by a system bus.
  • the processor of the computer device is used to provide computing and control capabilities.
  • the memory of the computer device includes a non-transitory computer readable instruction storage medium, an internal memory.
  • the non-transitory computer readable instruction storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for the operation of an operating system and computer readable instructions in a non-transitory computer readable instruction storage medium.
  • the network interface of the computer device is used to communicate with an external terminal via a network connection.
  • the computer readable instructions are executed by the processor to implement a risk assessment method.
  • FIG. 4 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation of the computer device to which the solution of the present application is applied.
  • the specific computer device may It includes more or fewer components than those shown in the figures, or some components are combined, or have different component arrangements.
  • a computer device comprising a memory and one or more processors, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the one or more processors to perform the following steps:: obtaining input Evaluating the parameters of the event; obtaining the applicable criteria for the risk assessment corresponding to the event to be evaluated; converting the parameters of the event to be evaluated into a dimension parameter according to a preset rule; comparing the dimension parameter with a corresponding threshold in the risk assessment applicable standard to obtain each dimension The severity level; determine the highest severity level by the short board method, and count the number of the highest severity level; and when the number of the highest severity level exceeds the preset value, the target severity is obtained according to the highest severity level. Level and output the target severity level.
  • the step of obtaining a risk assessment applicable standard corresponding to the event to be evaluated when the processor executes the program includes: acquiring the code of the risk point when the type of the event to be evaluated is a risk point; The coded preset number of bits obtains the company logo; and obtains the applicable criteria for risk assessment corresponding to the company logo.
  • the step of obtaining a risk assessment applicable standard corresponding to the event to be evaluated when the processor executes the program includes: when the type of the event to be evaluated is an operation risk or a rectification risk, obtaining the input department parameter Query the group organization structure to obtain the company logo corresponding to the department parameters; and obtain the applicable standards for risk assessment corresponding to the company logo.
  • the processor may further implement the following steps: when the acquired risk assessment applicable standard is a subsidiary risk assessment applicable standard, the proportion of the subsidiary's income to the group's income is obtained; and the target is proportioned according to the ratio The severity level is converted to a group severity level.
  • the processor may further implement the following steps: when the type of the event to be evaluated is a risk point, the probability corresponding to the event to be evaluated is acquired; and the risk is obtained according to the target severity level and the possibility Level and output the risk level.
  • the processor when the processor executes the program, the following steps may be implemented: when the type of the event to be evaluated is an operation risk or a rectification risk, the query severity level and the risk level comparison table are obtained corresponding to the target severity level. Risk level and output risk level.
  • One or more non-transitory computer readable instruction storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of: obtaining an input The parameter of the event to be evaluated; the applicable criteria for the risk assessment corresponding to the event to be evaluated; the parameter of the event to be evaluated is converted into the dimension parameter according to the preset rule; and the dimension parameter is compared with the corresponding threshold in the applicable standard of the risk assessment to obtain each The severity level of one dimension; the highest severity level is determined by the short board method, and the number of the highest severity level is counted; and when the number of the highest severity level exceeds the preset value, the target is obtained according to the highest severity level. The severity level and the target severity level is output.
  • the step of obtaining, by the processor, the risk assessment applicable standard corresponding to the event to be evaluated includes: acquiring the code of the risk point when the type of the event to be evaluated is a risk point; Obtain the company logo according to the preset number of digits encoded; and obtain the applicable criteria for risk assessment corresponding to the company logo.
  • the step of obtaining, by the processor, the risk assessment applicable standard corresponding to the event to be evaluated includes: when the type of the event to be evaluated is an operation risk or a rectification risk, the input is obtained. Department parameters; query the group organization structure to obtain the company logo corresponding to the department parameters; and obtain the risk assessment applicable standard corresponding to the company logo.
  • the following steps may be implemented: when the applicable risk assessment applicable standard is a subsidiary risk assessment standard, the ratio of the income of the subsidiary to the group income is obtained; and according to the ratio Convert the target severity level to the group severity level.
  • the following steps may be further implemented: when the type of the event to be evaluated is a risk point, the probability corresponding to the event to be evaluated is obtained; and according to the target severity level and the possibility Obtain a risk level and output a risk level.
  • the following steps may be implemented: when the type of the event to be evaluated is an operation risk or a rectification risk, the query severity level and the risk level comparison table are obtained with the target severity level. Corresponding risk level and output risk level.
  • Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM) or external cache memory.
  • RAM is available in a variety of formats, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronization chain.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • Synchlink DRAM SLDRAM
  • Memory Bus Radbus
  • RDRAM Direct RAM
  • DRAM Direct Memory Bus Dynamic RAM
  • RDRAM Memory Bus Dynamic RAM

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

一种风险评估方法,该方法包括:获取输入的待评估事件的参数;获取与所述待评估事件对应的风险评估适用标准;根据预设规则将所述待评估事件的参数转换为维度参数;将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。

Description

风险评估方法、装置、计算机设备及可读存储介质
相关申请的交叉引用
本申请要求于2017年11月23日提交中国专利局,申请号为2017111807395,申请名称为“风险评估方法、装置、计算机设备及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及一种风险评估方法、装置、计算机设备及可读存储介质。
背景技术
风险评估(Risk Assessment)是指,在风险事件发生之前或之后(但还没有结束),该事件给人们的生活、生命、财产等各个方面造成的影响和损失的可能性进行量化评估的工作。即,风险评估就是量化测评某一事件或事物带来的影响或损失的可能程度。
然而,发明人意识到传统技术中对风险进行评估一般是利用既往经验,通过人工审核来确定事件的风险,由于不同的人员的审核标准不一致,导致同一事件所得到的风险评估的结果不一致,从而导致风险评估的结果存在误差。
发明内容
根据本申请公开的各种实施例,提供一种风险评估方法、装置、计算机设备及可读存储介质。
一种风险评估方法,包括:
获取输入的待评估事件的参数;
获取与所述待评估事件对应的风险评估适用标准;
根据预设规则将所述待评估事件的参数转换为维度参数;
将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
一种风险评估装置,包括:
参数获取模块,用于获取输入的待评估事件的参数;
标准获取模块,用于获取与所述待评估事件对应的风险评估适用标准;
参数转换模块,用于根据预设规则将所述待评估事件的参数转换为维度参数;
比较模块,用于将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
统计模块,用于通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
严重度等级输出模块,用于当所述最高严重度等级的个数超过预设值时;则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
一种计算机设备,包括存储器和一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述一个或多个处理器执行以下步骤:
获取输入的待评估事件的参数;
获取与所述待评估事件对应的风险评估适用标准;
根据预设规则将所述待评估事件的参数转换为维度参数;
将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
一个或多个存储有计算机可读指令的非易失性计算机可读指令存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:
获取输入的待评估事件的参数;
获取与所述待评估事件对应的风险评估适用标准;
根据预设规则将所述待评估事件的参数转换为维度参数;
将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。
附图说明
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。
图1为根据一个或多个实施例中的风险评估方法的应用环境图。
图2为根据一个或多个实施例中的风险评估方法的流程图。
图3为根据一个或多个实施例中的风险评估装置的示意图。
图4为根据一个或多个实施例中的计算机设备的框图。
具体实施方式
为了使本申请的技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用于解释本申请,并不用于限定本申请。
请参阅图1,图1为根据一个或多个实施例中的风险评估方法的应用环境图,在该实施例中,包括计算机设备和多个客户端,该客户端可以向计算机设备发送待评估事件的参数,从而计算机设备可以根据该待评估事件的参数计算该待评估事件的风险等级。客户端可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备,计算机设备可以用独立的服务器或者是多个服务器组成的服务器集群来实现。
请参阅图2,在其中一个实施例中,提供一种风险评估方法,本实施例以该方法应用到上述图1中的计算机设备来举例说明。该计算机设备上运行有风险评估程序,通过该风险评估程序来实施风险评估方法。该方法具体包括如下步骤:
S202:获取输入的待评估事件的参数。
具体地,待评估事件为需要进行评估的事件,一般为生产、销售等活动中所涉及的事件,待评估事件的参数是指可以标识该待评估事件的性质的参数,其可以包括公司名称、年度税前利润、年度营业收入等。
S204:获取与待评估事件对应的风险评估适用标准。
具体地,一般公司的组织架构可以包括集团和子公司,或者公司或分公司,其中分公司可以看作公司的部门。其中子公司、集团或公司可以看作独立的公司。每一独立的公司都配置有一相应的风险评估适用标准,从而可以根据待评估事件获取风险评估适用标准,例如待评估事件可以设置有标识,根据该待评估事件的标识可以直接获取到风险评估适用标准。
其中,风险评估适用标准可以是由管理人员预先进行配置的,可以建立风险影响程度及缺陷评级标准的存储中心,该存储中心中存储有集团风险评估适用标准和子公司风险评估适用标准,以平安为例,可以存储有集团总部风险评估适用标准和其他子公司风险评估适用标准,例如平安人寿风险评估适用标准,平安产险风险评估适用标准,平安信托风险评估适用标准等等。其中,风险评估适用标准中的阈值可以由管理人员进行配置。配置过程可以包括:计算机设备接收管理人员输入的参数,其中包括公司名称、年度税前利润以及年度营业收入,其中公司名称可以包括集团整体、集团总部以及各个子公司的名称,以中国平安为例,公司名称可以包括集团整体、集团总部、平安人寿、平安产险、平安信托、平安证券、平安银行、平安资管、平安养老险、平安健康险、平安不动产、平安数科、平 安直通、平安租赁、平安金科、平安陆金所、平安保代、平安支付、平安期货等子公司。计算机设备根据输入的年度税前利润以及年度营业收入计算各个阈值,最后根据所计算的阈值得到集团和各个子公司的风险评估适用标准,即首先获取到统一的风险评估适用标准模板,然后将所得到的阈值直接填写到风险评估适用标准模板中即可。其中阈值计算公式如下:
A=(“年度税前利润(万)”×0.1%)的绝对值,计算机设备自动计算得出。
B=(“年度税前利润(万)”×1%)的绝对值,计算机设备自动计算得出。
C=(“年度税前利润(万)”×5%)的绝对值,计算机设备自动计算得出。
D=(“年度税前利润(万)”×10%)的绝对值,计算机设备自动计算得出。
E=MIN(MAX((“年度营业收入(万)”*0.0005%),3),5),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
F=MIN(MAX((“年度营业收入(万)”×0.005%),30),50),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
G=MIN(MAX((“年度营业收入(万)”×0.05%),300),500),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
H=MIN(MAX((“年度营业收入(万)”×5%),3000),50000),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
E B=MIN(MAX((“年度营业收入(万)”×0.0005%),3),10),计算机设备自动计算得出。
F B=MIN(MAX((“年度营业收入(万)”×0.005%),30),100),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
G B=MIN(MAX((“年度营业收入(万)”×0.05%),300),1000),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
H B=MIN(MAX((“年度营业收入(万)”×5%),3000),50000),计算机设备自动计算得出。MIN为取最小值计算,MAX为取最大值计算。
上述操作,不需要为每个子公司和集团设置不同的风险评估标准模板,只需要设置一套风险评估标准模板,计算机设备可以根据管理人员输入的参数对风险评估标准模板中的阈值进行设置,从而生成针对每一子公司或集团的风险评估标准,操作简单,减少了人力物力的投入。
S206:根据预设规则将待评估事件的参数转换为维度参数。
具体地,严重度评判维度可以包括多个维度,例如4个、5个、8个等,在此不做限制,其中为了方便以8个维度进行说明,该8个维度中包括2个财务相关维度以及6个非财务相关维度,其中两个财务相关维度包括财务报告错报的影响、实际财务损失;6个非财务相关维度包括合法合规、战略及经营目标、业务的持续运营和客户服务、信息披露、声誉影响、数据及信息系统。当获取到待评估事件的参数后,可以根据预设规则将待评估 事件的参数转换为该些维度的维度参数,例如获取待评估事件的参数的关键字,根据该关键字转换为相应的维度,并将参数按照预设逻辑计算得到各个维度参数。例如当待评估事件的参数包括财务损失,则直接将财务损失转换为实际财务损失,当待评估事件的参数包括信息泄露范围,则根据信息泄露范围计算信息披露维度的维度参数,其他维度的维度参数也可以相应的获得,在此不再赘述。
S208:将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级。
具体地,当计算得到各个维度参数后,则将各个维度参数与所获得的风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级。其中严重度等级可以设置为多个,例如5级、6级、8级等,在此不作限制,且为了方便,此处严重度等级包括5级:轻微(1)、一般(2)、重要(3)、严重(4)和灾难性(5)。这样将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级。
S210:通过短板法确定最高严重度等级,并统计最高严重度等级的个数。
具体地,短板法即确定所有维度中出现的最高严重度等级,例如八个维度中,严重度等级为轻微(1)的存在4个,严重度等级为一般(2)的存在2个,严重度等级为重要(3)的存在2个,则认为最高严重度等级为重要(3),最高严重度等级的个数为2。
S212:当最高严重度等级的个数超过预设值时,则根据最高严重度等级得到目标严重度等级,并输出目标严重度等级。
具体地,预设值可以由管理人员预先进行设置,如下表1.预设值表为例进行说明:
表1.预设值表
Figure PCTCN2018088710-appb-000001
例如根据预设的规则将输入的参数转换为维度参数,例如用户输入的是实际财务损失时,则直接转换为实际财务损失,以与实际财务损失维度中的阈值进行比较,以得到实际财务损失维度的严重度等级。如果用户输入的是处罚参数,例如内部人员的处罚级别和处罚后果等,则将该处罚级别和处罚后果转换为合法合规维度参数,然后合法合规维度参数与合法合规维度中的阈值进行比较,以得到合法合规维度的严重度等级。当比较完成后,则统计8个维度的级别,首先8个维度中有几个维度参与,未参与的显示为N/A,然后统计参与的维度的级别,再根据短板法计算最高严重度等级,然后统计最高严重度等级的个数,将该最高严重度等级的个数与预设值进行比较,超过预设值则提升最高严重度等级。 假设某个待评估风险的8个维度如下:
Figure PCTCN2018088710-appb-000002
首先,按照短板法,得到最高严重度等级=3(重要)。然后,计算最高严重的等级的个数:最高严重的等级为3,那么评估结果为3的维度有合法合规、战略及经营目标、业务的持续运营和客户服务、信息披露一共4个维度,即最高严重的等级的个数为4。第三,按照表1,对于最高严重的等级为3级的风险点,要达到升级要求,需要有7个维度或以上受到影响且影响程度与最高严重的等级相同,与最高严重的等级相同的维度的总数为4,不满足升级条件。因此,目标严重的等级=最高严重的等级=3。可以将该目标严重度等级输出作为该事件的风险评估结果。
上述的风险评估方法,根据待评估风险的参数获取对应的风险评估适用标准,且将待评估风险的参数转换为维度参数,并将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级,采用短板法来确定该事件的目标严重度等级作为风险评估的结果,例如,可以根据目标严重度等级来确定风险等级等,以评价待评估事件的风险,或者还可以直接根据目标严重度等级来评估待评估事件的风险,不需要人工参与,效率高,且预先设置了风险评估适用标准,提高了风险评估的精确度。
在其中一个实施例中,步骤S204,即获取与待评估事件对应的风险评估适用标准的步骤可以包括当待评估事件的类型为风险点时,则获取风险点的编码;根据编码的预设位数获取公司标识;获取与公司标识对应的风险评估适用标准。
具体地,其中每一风险点都设置有唯一的编码,该编码的格式为公司标识+流水号,或者流水号+公司标识,亦或者将公司标识设置在流水号中,其中公司标识可以为集团的标识或者为子公司的标识,流水号为可以唯一标识该风险点的代码,该流水号可以设置为多位,该公司标识也可以设置为多位,例如可以设置为4位,以公司标识为PAYH,流水号为12345678为例,从而该编码可以为PAYH12345678,或者12345678PAYH,或者为12PAYH345678,或者为1234PAYH5678等,该编码的格式可以预先设定,从而计算机设备直接获取该风险点的编码的预设位数上的数值,然后根据该数据获取到公司标识,从而可以根据公司标识获取到对应的风险评估适用标准。
上述实施例中,当待评估事件的类型为风险点时,则可以直接获取风险点的编码,然后获取到编码的预设位数上的数值,根据该数值则可以直接获取到公司标识,从而可以获取到对应的风险评估适用标准,简单可靠。
在其中一个实施例中,步骤S204,即获取与待评估事件对应的风险评估适用标准的步骤可以包括:当待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;查询集团组织架构以获取与部门参数对应的公司标识;获取与公司标识对应的风险评估适用标准。
具体地,当待评估事件为操作风险问题和整改问题时,则直接根据用户输入的部门的参数,查询公司的组织架构,即可以得到待评估风险所属的公司的公司标识,例如公司名称等,从而可以根据公司的公司标识查询到的对应的风险评估适用标准。例如可以根据用户选择的处理界面来判断待评估事件是操作风险问题和整改问题,还是风险点,或者可以通过设置待评估事件的事件标识等方式来判断待评估事件是操作风险问题和整改问题,还是风险点。当待评估事件为操作风险问题和整改问题时,则可以直接查询公司人事系统,获取公司的组织组织架构,再将该部门参数与公司的组织架构进行比较,其中部门参数可以是指部门的代码,例如可以为每一个部门设置唯一的代码(例如格式可以为子公司标识+部门代号),从而可以将该部门与其他的部门区分开来,然后继续判断该部门所在的公司,从而可以获得该部门所在的公司的公司标识,进而可以根据公司的公司标识获取到相应的风险评估适用标准。
上述实施例中,当待评估事件的类型为操作风险或整改风险时,则获取用户输入的部门参数,从而可以根据该部门参数查询到该部门所属的公司,进而可以根据该部门所属的公司获取到相应的风险评估适用标准,操作简单可靠。
在其中一个实施例中,当所得到的目标严重度等级为子公司的严重度等级时,则该风险评估方法还可以包括一转换步骤,即将该目标严重度等级转换为集团严重度等级,其中该转换步骤可以包括:当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取子公司的收入占集团收入的比例;根据比例将目标严重度等级转换为集团严重度等级。
具体地,如果所使用的风险评估适用标准不是集团风险评估适用标准,则所得到的目标严重度等级为子公司严重度等级,可以根据预设规则将子公司严重度等级转换为集团严重度等级,在本实施例中以子公司的收入占集团收入的比例为标准以将子公司严重度等级转换为集团严重度等级,具体可以参见下表:
表2.子公司严重度等级与集团严重度等级转换表
Figure PCTCN2018088710-appb-000003
例如上述表格中,当所得到的目标严重度等级即子公司严重度等级为4,且子公司的收入占集团收入的比例为8%,则根据表格,该待评估事件的集团严重度等级为3。
上述实施例中,当所得到的目标严重度等级为子公司严重度等级时,则需要将子公司严重度等级转换为集团严重度等级,这样集团可以对各个子公司进行统一地管理,明确事件的影响力,从而提高对公司的管理。
在其中一个实施例中,该风险评估方法还可以包括:当待评估事件的类型为风险点时,则获取待评估事件对应的可能性;根据目标严重度等级以及可能性获得风险等级,并输出风险等级。
具体地,当待评估事件的类型为风险点时,其需要根据目标严重度级别和可能性来获取到风险评级,其中可能性可以是由计算机模拟场景在观测期内所得到的可能性,具体评价标准见下表3:
表3.可能性
Figure PCTCN2018088710-appb-000004
然后根据所得到的可能性和严重度级别根据上述表3可能性得到风险评级,其中子公司风险评级可以根据子公司严重度等级获得,集团风险评级可以根据集团严重度等级获得。例如当计算机模拟得到的可能性为偶尔(3),目标严重度等级为一般(2),则其风险等级为2。其中目标严重度等级可以是表示子公司严重度等级或集团严重度等级。
上述实施例中,当待评估事件的类型为风险点时,则获取待评估事件对应的可能性,通过可能性和目标严重度等级获取待评估事件的风险等级,可以进一步地对事件进行评估,使得事件评估的结果更加准确。
在其中一个实施例中,该风险评估方法还可以包括当待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与目标严重度等级对应的风险等级,并输出风险等级。
具体地,当待评估事件是操作风险问题与整改类型时,该种情况风险等级直接根据严重度获得即可,因为该种情况是操作风险问题或缺陷已经发生,因此只需要评价操作风险问题或缺陷问题即可,不需要考虑可能性,具体可以参见下表4风险等级:
表4.风险等级
风险等级 目标严重度等级
低(1) 1
较低(2) 2
中(3) 3
较高(4) 4
高(5) 5
其中,其中子公司风险评级可以根据子公司严重度等级获得,集团风险评级可以根据集团严重度等级获得,例如当目标严重度等级表示的是子公司严重度等级时,则根据上述表4所得到的风险等级则为子公司风险等级,当目标严重度等级表示的是集团严重度等级时,则根据上述表4所得到的风险等级则为集团风险等级。例如,当目标严重度等级为3级时,则根据上述表4风险等级为3级。
上述实施例中,当待评估事件是操作风险问题与整改类型时,考虑到该种情况是操作风险问题或缺陷已经发生,因此只需要评价操作风险问题或缺陷问题即可,不需要考虑可能性,因此可以直接根据严重度等级获取到风险等级,处理更为简单。
应该理解的是,虽然图2的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。
请参阅图3,图3为根据一个或多个实施例中的风险评估装置的示意图,该装置包括:
参数获取模块100,用于获取输入的待评估事件的参数。
标准获取模块200,用于获取与待评估事件对应的风险评估适用标准。
参数转换模块300,用于根据预设规则将待评估事件的参数转换为维度参数。
比较模块400,用于将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级。
统计模块500,用于通过短板法确定最高严重度等级,并统计最高严重度等级的个数。
严重度等级输出模块600,用于当最高严重度等级的个数超过预设值时;则根据最高严重度等级得到目标严重度等级,并输出目标严重度等级。
在其中一个实施例中,标准获取模块200可以包括:
编码获取单元,用于当待评估事件的类型为风险点时,则获取风险点的编码。
公司标识获取单元,用于根据编码的预设位数获取公司标识。
第一标准获取单元,用于获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,标准获取模块200可以包括:
部门参数获取单元,用于当待评估事件的类型为操作风险或整改风险时,则获取输入 的部门参数。
查询单元,用于查询集团组织架构以获取与部门参数对应的公司标识。
第二标准获取单元,用于获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,装置还可以包括:
收入比例获取模块,用于当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取子公司的收入占集团收入的比例;
严重度等级转换模块,用于根据比例将目标严重度等级转换为集团严重度等级。
在其中一个实施例中,装置还可以包括:
可能性获取模块,用于当待评估事件的类型为风险点时,则获取待评估事件对应的可能性;
第一风险等级输出模块,用于根据目标严重度等级以及可能性获得风险等级,并输出风险等级。
在其中一个实施例中,装置还可以包括:
第二风险等级输出模块,用于当待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与目标严重度等级对应的风险等级,并输出风险等级。
关于风险评估装置的具体限定可以参见上文中对于风险评估方法的限定,在此不再赘述。上述风险评估装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。该处理器可以为中央处理单元(CPU)、微处理器、单片机等。上述风险评估装置可以实现为一种计算机可读指令的形式,计算机可读指令可在如图1所示的计算机设备上运行。
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图4所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性计算机可读指令存储介质、内存储器。该非易失性计算机可读指令存储介质存储有操作系统、计算机可读指令和数据库。该内存储器为非易失性计算机可读指令存储介质中的操作系统和计算机可读指令的运行提供环境。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机可读指令被处理器执行时以实现一种风险评估方法。
本领域技术人员可以理解,图4中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。
一种计算机设备,包括存储器和一个或多个处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得一个或多个处理器执行以下步骤::获取输入的待评估事件的参数;获取与待评估事件对应的风险评估适用标准;根据预设规则将待评估事 件的参数转换为维度参数;将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;通过短板法确定最高严重度等级,并统计最高严重度等级的个数;及当最高严重度等级的个数超过预设值时,则根据最高严重度等级得到目标严重度等级,并输出目标严重度等级。
在其中一个实施例中,处理器执行程序时所实现获取与待评估事件对应的风险评估适用标准的步骤,包括:当待评估事件的类型为风险点时,则获取风险点的编码;及根据编码的预设位数获取公司标识;获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,处理器执行程序时所实现获取与待评估事件对应的风险评估适用标准的步骤,包括:当待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;查询集团组织架构以获取与部门参数对应的公司标识;及获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,处理器执行程序时还可以实现以下步骤:当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取子公司的收入占集团收入的比例;及根据比例将目标严重度等级转换为集团严重度等级。
在其中一个实施例中,处理器执行程序时还可以实现以下步骤:当待评估事件的类型为风险点时,则获取待评估事件对应的可能性;及根据目标严重度等级以及可能性获得风险等级,并输出风险等级。
在其中一个实施例中,处理器执行程序时还可以实现以下步骤:当待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与目标严重度等级对应的风险等级,并输出风险等级。
一个或多个存储有计算机可读指令的非易失性计算机可读指令存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤::获取输入的待评估事件的参数;获取与待评估事件对应的风险评估适用标准;根据预设规则将待评估事件的参数转换为维度参数;将维度参数与风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;通过短板法确定最高严重度等级,并统计最高严重度等级的个数;及当最高严重度等级的个数超过预设值时,则根据最高严重度等级得到目标严重度等级,并输出目标严重度等级。
在其中一个实施例中,该程序被处理器执行时所实现获取与待评估事件对应的风险评估适用标准的步骤,包括:当待评估事件的类型为风险点时,则获取风险点的编码;根据编码的预设位数获取公司标识;及获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,该程序被处理器执行时所实现获取与待评估事件对应的风险评估适用标准的步骤,包括:当待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;查询集团组织架构以获取与部门参数对应的公司标识;及获取与公司标识对应的风险评估适用标准。
在其中一个实施例中,该程序被处理器执行时还可以实现以下步骤:当所获取的风险 评估适用标准为子公司风险评估适用标准时,则获取子公司的收入占集团收入的比例;及根据比例将目标严重度等级转换为集团严重度等级。
在其中一个实施例中,该程序被处理器执行时还可以实现以下步骤:当待评估事件的类型为风险点时,则获取待评估事件对应的可能性;及根据目标严重度等级以及可能性获得风险等级,并输出风险等级。
在其中一个实施例中,该程序被处理器执行时还可以实现以下步骤:当待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与目标严重度等级对应的风险等级,并输出风险等级。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。
以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。

Claims (20)

  1. 一种风险评估方法,包括:
    获取输入的待评估事件的参数;
    获取与所述待评估事件对应的风险评估适用标准;
    根据预设规则将所述待评估事件的参数转换为维度参数;
    将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
    通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
    当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
  2. 根据权利要求1所述的方法,其特征在于,所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为风险点时,则获取所述风险点的编码;
    根据所述编码的预设位数获取公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  3. 根据权利要求1所述的方法,其特征在于,所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;
    查询集团组织架构以获取与所述部门参数对应的公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  4. 根据权利要求1所述的方法,其特征在于,所述方法还包括:
    当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取所述子公司的收入占所述集团收入的比例;及
    根据所述比例将所述目标严重度等级转换为集团严重度等级。
  5. 根据权利要求1所述的方法,其特征在于,所述方法还包括:
    当所述待评估事件的类型为风险点时,则获取所述待评估事件对应的可能性;及
    根据所述目标严重度等级以及所述可能性获得风险等级,并输出所述风险等级。
  6. 根据权利要求1所述的方法,其特征在于,所述方法还包括:
    当所述待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与所述目标严重度等级对应的风险等级,并输出所述风险等级。
  7. 一种风险评估装置,包括:
    参数获取模块,用于获取输入的待评估事件的参数;
    标准获取模块,用于获取与所述待评估事件对应的风险评估适用标准;
    参数转换模块,用于根据预设规则将所述待评估事件的参数转换为维度参数;
    比较模块,用于将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到 每一维度的严重度等级;
    统计模块,用于通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
    严重度等级输出模块,用于当所述最高严重度等级的个数超过预设值时;则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
  8. 根据权利要求7所述的装置,其特征在于,所述标准获取模块包括:
    编码获取单元,用于当所述待评估事件的类型为风险点时,则获取所述风险点的编码;
    公司标识获取单元,用于根据所述编码的预设位数获取公司标识;及
    第一标准获取单元,用于获取与所述公司标识对应的风险评估适用标准。
  9. 一种计算机设备,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:
    获取输入的待评估事件的参数;
    获取与所述待评估事件对应的风险评估适用标准;
    根据预设规则将所述待评估事件的参数转换为维度参数;
    将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
    通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
    当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
  10. 根据权利要求9所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时所实现的所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为风险点时,则获取所述风险点的编码;
    根据所述编码的预设位数获取公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  11. 根据权利要求9所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时所实现的所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;
    查询集团组织架构以获取与所述部门参数对应的公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  12. 根据权利要求9所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:
    当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取所述子公司的收入占所述集团收入的比例;及
    根据所述比例将所述目标严重度等级转换为集团严重度等级。
  13. 根据权利要求9所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:
    当所述待评估事件的类型为风险点时,则获取所述待评估事件对应的可能性;及
    根据所述目标严重度等级以及所述可能性获得风险等级,并输出所述风险等级。
  14. 根据权利要求9所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤:
    当所述待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与所述目标严重度等级对应的风险等级,并输出所述风险等级。
  15. 一个或多个存储有计算机可读指令的非易失性计算机可读指令存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:
    获取输入的待评估事件的参数;
    获取与所述待评估事件对应的风险评估适用标准;
    根据预设规则将所述待评估事件的参数转换为维度参数;
    将所述维度参数与所述风险评估适用标准中对应的阈值进行比较得到每一维度的严重度等级;
    通过短板法确定最高严重度等级,并统计所述最高严重度等级的个数;及
    当所述最高严重度等级的个数超过预设值时,则根据所述最高严重度等级得到目标严重度等级,并输出所述目标严重度等级。
  16. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时所实现的所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为风险点时,则获取所述风险点的编码;
    根据所述编码的预设位数获取公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  17. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时所实现的所述获取与所述待评估事件对应的风险评估适用标准,包括:
    当所述待评估事件的类型为操作风险或整改风险时,则获取输入的部门参数;
    查询集团组织架构以获取与所述部门参数对应的公司标识;及
    获取与所述公司标识对应的风险评估适用标准。
  18. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:
    当所获取的风险评估适用标准为子公司风险评估适用标准时,则获取所述子公司的收入占所述集团收入的比例;及
    根据所述比例将所述目标严重度等级转换为集团严重度等级。
  19. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:
    当所述待评估事件的类型为风险点时,则获取所述待评估事件对应的可能性;及
    根据所述目标严重度等级以及所述可能性获得风险等级,并输出所述风险等级。
  20. 根据权利要求15所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:
    当所述待评估事件的类型为操作风险或整改风险时,则查询严重度等级与风险等级对照表得到与所述目标严重度等级对应的风险等级,并输出所述风险等级。
PCT/CN2018/088710 2017-11-23 2018-05-28 风险评估方法、装置、计算机设备及可读存储介质 WO2019100682A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711180739.5A CN108009711A (zh) 2017-11-23 2017-11-23 风险评估方法、装置、计算机设备及可读存储介质
CN201711180739.5 2017-11-23

Publications (1)

Publication Number Publication Date
WO2019100682A1 true WO2019100682A1 (zh) 2019-05-31

Family

ID=62053407

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/088710 WO2019100682A1 (zh) 2017-11-23 2018-05-28 风险评估方法、装置、计算机设备及可读存储介质

Country Status (2)

Country Link
CN (1) CN108009711A (zh)
WO (1) WO2019100682A1 (zh)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108009711A (zh) * 2017-11-23 2018-05-08 平安科技(深圳)有限公司 风险评估方法、装置、计算机设备及可读存储介质
CN108683662B (zh) * 2018-05-14 2020-08-14 深圳市联软科技股份有限公司 单台在网设备风险评估方法及系统
CN109102394A (zh) * 2018-08-14 2018-12-28 深圳市人民政府金融发展服务办公室 风险评估方法、装置及计算机可读存储介质
CN109492911A (zh) * 2018-11-13 2019-03-19 平安科技(深圳)有限公司 风险事件的风险预估方法、装置、计算机设备及存储介质
CN109657914A (zh) * 2018-11-19 2019-04-19 平安科技(深圳)有限公司 信息推送方法、装置、计算机设备及存储介质
CN111724007B (zh) * 2019-03-18 2022-12-06 马上消费金融股份有限公司 风险评价方法、评价装置、智能系统及存储装置
CN111724009B (zh) * 2019-03-18 2024-10-15 阿里巴巴集团控股有限公司 风险评估方法、风控系统及风险评估设备
CN110163470B (zh) * 2019-04-04 2023-05-30 创新先进技术有限公司 事件评估方法及装置
CN111415257B (zh) * 2020-03-20 2023-05-09 华泰证券股份有限公司 一种证券行业系统应用变更级别量化评估方法
CN112465011B (zh) * 2020-11-25 2022-08-02 深圳平安医疗健康科技服务有限公司 基于项目研发过程的项目风险预测方法和系统
CN112884297A (zh) * 2021-01-29 2021-06-01 绿盟科技集团股份有限公司 基于钓鱼邮件的风险评分确定方法、装置、设备和介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1898079B1 (fr) * 2006-09-08 2014-03-26 Peugeot Citroën Automobiles SA Procedure de modulation de performances d'un moteur thermique base sur une estimation de la temperature de piston
CN107154880A (zh) * 2016-03-03 2017-09-12 阿里巴巴集团控股有限公司 系统监控方法及装置
CN107305649A (zh) * 2016-04-19 2017-10-31 中国石油化工股份有限公司 钻探目标关键地质风险因素钻前钻后分析方法
CN108009711A (zh) * 2017-11-23 2018-05-08 平安科技(深圳)有限公司 风险评估方法、装置、计算机设备及可读存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1898079B1 (fr) * 2006-09-08 2014-03-26 Peugeot Citroën Automobiles SA Procedure de modulation de performances d'un moteur thermique base sur une estimation de la temperature de piston
CN107154880A (zh) * 2016-03-03 2017-09-12 阿里巴巴集团控股有限公司 系统监控方法及装置
CN107305649A (zh) * 2016-04-19 2017-10-31 中国石油化工股份有限公司 钻探目标关键地质风险因素钻前钻后分析方法
CN108009711A (zh) * 2017-11-23 2018-05-08 平安科技(深圳)有限公司 风险评估方法、装置、计算机设备及可读存储介质

Also Published As

Publication number Publication date
CN108009711A (zh) 2018-05-08

Similar Documents

Publication Publication Date Title
WO2019100682A1 (zh) 风险评估方法、装置、计算机设备及可读存储介质
CN108876600B (zh) 预警信息推送方法、装置、计算机设备和介质
US20200005189A1 (en) Cognitive blockchain automation and management
EP3859644A1 (en) Block chain-based data check system and method, computing device, and storage medium
TWI804575B (zh) 確定高風險用戶的方法及裝置、電腦可讀儲存媒體、和計算設備
US20220277106A1 (en) Method and apparatus for de-identification of personal information
CN109636402B (zh) 基于区块链的信用信息处理方法、装置、设备、存储介质
CN109508903B (zh) 风险评估方法、装置、计算机设备和存储介质
WO2019019636A1 (zh) 用户身份识别方法、电子装置及计算机可读存储介质
CN110609737B (zh) 关联数据查询方法、装置、计算机设备和存储介质
CN110443698A (zh) 信用评估装置和信用评估系统
CN110135978B (zh) 用户金融风险评估方法、装置、电子设备和可读介质
CN107633257B (zh) 数据质量评估方法及装置、计算机可读存储介质、终端
WO2019041931A1 (zh) 工作流数据的时限提醒方法、处理方法及其装置、设备
CN115545216B (zh) 一种业务指标预测方法、装置、设备和存储介质
JP2019512128A (ja) データの秘匿性−実用性間のトレードオフを算出するためのシステムおよび方法
WO2018184520A1 (zh) 业务数据处理方法、装置、服务器和存储介质
CN109271564B (zh) 保单查询方法及设备
CN109740799B (zh) 预算数据生成方法、装置、计算机设备和存储介质
WO2019196502A1 (zh) 营销活动质量评估方法、服务器及计算机可读存储介质
WO2019200754A1 (zh) 数据传输风险评估方法、装置、计算机设备和存储介质
WO2019019753A1 (zh) 提供健康报告的判断方法、装置、计算机设备和存储介质
CN110097250B (zh) 产品风险预测方法、装置、计算机设备和存储介质
Zhu A mixed portmanteau test for ARMA‐GARCH models by the quasi‐maximum exponential likelihood estimation approach
CN110781232A (zh) 数据处理方法、装置、计算机设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18881182

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29/09/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18881182

Country of ref document: EP

Kind code of ref document: A1