Methods and systems for policy statement execution engine

Abstract

A policy statement execution engine for use in connection with a policy compliance monitoring system that determines exceptions to policies expressed by computer-executable policy statements. The system allows establishment, codification, and maintenance of enterprise policies, monitors electronic transactions of the enterprise from various data sources, detects exceptions to established policies, reports exceptions to authorized users such as managers and auditors, and / or provides a case management system for tracking exceptions and their underlying transactions. A storage device stores a set of computer-executable policy statements. A data storage device stores enterprise data analyzed in connection with determining policy exceptions. A policy analysis engine retrieves data from the data storage device that is referenced by the policy statement, evaluates an indicator provided in the policy statement, and determines a confidence level associated with the indicator. An exception determining component responsive to the confidence level generates data indicating a policy exception.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application is a continuation of copending U.S. patent application entitled “METHODS AND SYSTEMS FOR TRANSACTION COMPLIANCE MONITORING” by Peter H. Kennis, Daniel R. Kuokka, Charles A. Coombs, Stayton D. Addison, Andrew T. Otwell, Jeffrey Z. Johnson, Patrick Taylor, and Michael E. Lortz, having application Ser. No. 11 / 085,725, filed on Mar. 21, 2005, which claims the benefit of and priority on U.S. Provisional Patent Application No. 60 / 554,784 entitled “METHODS AND SYSTEMS FOR CONTINUOUS MONITORING OF TRANSACTION DATA FLOW” BY Peter H. Kennis, Stayton D. Addison, Charles A. Coombs, Andrew T. Otwell, and Daniel R. Kuokka, filed on Mar. 19, 2004, the disclosures of which are hereby incorporated herein by reference in their entirety.[0002]This application is also related to and incorporates by reference herein the following US patent applications:(1) application Ser. No. 11 / ______, filed on ______, entitled “Methods and Systems for Extra...

AI Technical Summary

Benefits of technology

"The present invention relates to a computer-executable policy statement execution engine for use in a computerized transaction compliance monitoring system. The engine detects exceptions to policies expressed in computer-executable policy statements by retrieving data from a data storage device and evaluating indicators in the policy statements. The engine can detect and respond to potential policy violations in real-time, providing a valuable tool for managing enterprise policies. The invention also includes a system for monitoring electronic transactions and reporting policy exceptions to authorized users. The invention can be used in conjunction with various data sources such as ERP systems, enterprise application systems, external data sources, and information technology infrastructure data."

Problems solved by technology

However, automated business systems are subject to errors, misuse, and fraud, just like manual, unautomated systems.

Furthermore, automated business systems can open the door for business “hacks” resulting in asset misappropriation and significant financial losses.

Both intentional and unintentional problems can jeopardize the integrity of transactions and reporting of an enterprise.

Vulnerabilities in electronic transaction systems can: (1) permit access to target business applications to launch fraudulent schemes, (2) unknowingly introduce system errors that affect asset appropriation, such as create duplicate payments, or (3) allow system control to be overridden or circumvented, which then provides others the opportunity to abuse or misuse the system to commit fraud.

Present day financial controls of modern business enterprises do not do enough to mitigate business risks from fraud and error within the organization.

According to reports from the Association of Certified Fraud Examiners (ACFE), fraud and white collar hacks collectively drain 6 percent of a typical business enterprise's annual revenue.

Failure to establish and abide by some government-imposed requirements can result in criminal as well as civil penalties, so many businesses and other organizations are scrambling to establish policies and compliance monitoring systems.

The real-time nature of information, analysis, decision-making, and policy validation creates additional complexities in financial controls and compliance monitoring.

In the process of exploring automated monitoring systems, many enterprises are facing tradeoffs between stringent controls, operational efficiency, and business risk.

While stringent systems controls may stop a small percent of insiders who intend to defraud the enterprise, stringent controls place a heavy burden on the vast majority of insiders who are honest.

However, prior efforts to provide efficient and effective automated transaction monitoring systems have not been entirely successful.

Such limited approaches are watchful of only a small percentage of transactions on a computer system.

Problematic issues in areas outside of the monitored fields can be overlooked though such issues may result in problems in seemingly non-critical transactions, may affect critical transactions with subtlety, and may result in disperse adverse affects that amount in summations to problems deserving attention but that may go undetected.

Images