Risk identification method and device, electronic equipment and storage medium
By constructing a risk control model system and utilizing its correlations for automated monitoring and analysis, hidden and upstream/downstream risks in complex businesses can be identified. This solves the problem of insufficient risk quantification assessment in existing auditing work and achieves comprehensive and timely risk management.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SF TECH CO LTD
- Filing Date
- 2024-12-04
- Publication Date
- 2026-06-05
AI Technical Summary
In existing technologies, audits of complex businesses typically only target specific risk points, neglecting hidden risks and risks associated with upstream and downstream operations. This results in the inability to effectively quantify and assess potential risks, hindering early warning and in-process intervention, and leading to low audit efficiency.
By constructing M risk control models and utilizing the relationships between these models, the target business data is processed to identify N risky process nodes. The frequency of monitoring is automated using scheduled tasks to trigger in-depth analysis of the associated models until the iteration stop condition is met, thereby achieving systematic identification and quantitative assessment of risks.
It improves the accuracy of risk identification and management efficiency, enables early warning and in-process intervention, comprehensively identifies potential risks, and enhances the comprehensiveness and timeliness of risk management.
Smart Images

Figure CN122155366A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of risk control technology, and in particular to a risk identification method, apparatus, electronic device and storage medium. Background Technology
[0002] Currently, routine audits of complex businesses typically focus only on specific risk points. While this approach can quickly identify and resolve surface-level issues, it overlooks hidden risks and upstream / downstream interconnected risks. In other words, when auditors focus solely on known or obvious risk areas, they may miss deeper, more widespread hidden dangers. Furthermore, this "point-based" auditing approach may prevent companies from fully understanding the complex interactions between various risk factors, such as interconnected risks in the upstream and downstream supply chain. This "point-based" auditing method leads to a continuous emergence of potential risks, making it impossible to effectively quantify and assess risks, let alone achieve pre-emptive warnings and in-process interventions, ultimately resulting in low audit efficiency and poor risk management. Summary of the Invention
[0003] The main objective of this application is to provide a risk identification method, apparatus, electronic device, and storage medium, which aims to improve the ability to identify and control risks in auditing work.
[0004] To achieve the above objectives, a first aspect of this application proposes a risk identification method, the method comprising:
[0005] Obtain the target business data to be processed;
[0006] The target business data is processed according to the correlation between M risk control models to obtain target information output by N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N.
[0007] The process nodes corresponding to the N risk control models are identified as nodes where risks exist when processing the target business data.
[0008] In some embodiments, before acquiring the target business data to be processed, the method further includes:
[0009] M monitoring frequencies are set for the M risk control models, with each risk control model corresponding to one monitoring frequency;
[0010] For each of the aforementioned risk control models, the following processing is performed:
[0011] Based on the monitoring frequency corresponding to the risk control model, a timed task is configured for the risk control model. The timed task is used to acquire business data according to the monitoring frequency.
[0012] In some embodiments, the target information output by the risk control model includes the risk identification results and business detail data output by the risk control model;
[0013] Based on the correlation between M risk control models, the target business data is processed to obtain target information output by N risk control models, including:
[0014] For any one of the M risk control models, the following processing is performed:
[0015] In response to the timed task of the first risk control model, the target business data is input into the first risk control model to obtain the target information output by the first risk control model;
[0016] If the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, a second risk control model is obtained. The second risk control model is another risk control model among the M risk control models that is related to the first risk control model and has not output target information.
[0017] The business details data of the first risk control model are input into the second risk control model to obtain the target information output by the second risk control model;
[0018] The second risk control model is used as the first risk control model. When the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, the step of obtaining the second risk control model is executed until the preset iteration stop condition is met.
[0019] In some embodiments, the iteration stopping condition includes: the risk identification result of the first risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data, or, all of the M risk control models that are related to the first risk control model have output target information.
[0020] In some embodiments, the process by which the first risk control model processes the target business data includes:
[0021] The target business data is processed according to the processing rules corresponding to the first risk control model to obtain the first quantitative indicator and the business detail data of the first risk control model;
[0022] If the first quantitative indicator of the first risk control model is greater than the first anomaly threshold corresponding to the first risk control model, then it is determined that the risk identification result output by the risk control model indicates that the process node corresponding to the first risk control model has a risk when processing the target business data.
[0023] If the first quantitative indicator is less than or equal to the first anomaly threshold, then the risk identification result output by the risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data.
[0024] In some embodiments, the correlation between the M risk control models is obtained according to at least one of the following:
[0025] The execution order of M process nodes;
[0026] The M risk control models involve the same business objects.
[0027] In some embodiments, after identifying the process nodes corresponding to the N risk control models as process nodes where risks exist when processing the target business data, the method further includes:
[0028] Risk warnings are issued for the process nodes corresponding to the N risk control models, and detailed business data corresponding to the N risk control models are output.
[0029] To achieve the above objectives, a second aspect of this application provides a risk identification device, the device comprising:
[0030] The acquisition module is used to acquire the target business data to be processed.
[0031] The processing module is used to process the target business data according to the correlation between M risk control models to obtain the target information output by N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N.
[0032] The identification module is used to identify the process nodes corresponding to the N risk control models as nodes that pose a risk when processing the target business data.
[0033] To achieve the above objectives, a third aspect of this application provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the method described in the first aspect.
[0034] To achieve the above objectives, a fourth aspect of the present application provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the method described in the first aspect.
[0035] The risk identification method, apparatus, electronic device, and storage medium proposed in this application acquire target business data to be processed and analyze the data using M predefined risk control models. Each model corresponds to a specific business process node. Based on the correlation between the M risk control models, when one model detects a risk, it can trigger other related models to conduct further in-depth checks, ultimately obtaining the output target information of N (N≤M) risk control models. Based on the risk identification results output by each risk control model, it determines which process nodes present risks when processing the target business data, thereby achieving effective risk identification. By constructing a systematic risk control model, the accuracy of risk identification can be improved, enabling correlation analysis and quantitative assessment of risk points, thereby achieving pre-emptive warnings and in-process interventions, effectively improving the efficiency and effectiveness of risk management. Attached Figure Description
[0036] Figure 1 This is a flowchart illustrating the risk identification method provided in an embodiment of this application;
[0037] Figure 2 This is a schematic diagram illustrating the relationships between the risk control models provided in the embodiments of this application;
[0038] Figure 3 This is a schematic diagram of the risk control model provided in the embodiments of this application;
[0039] Figure 4 This is a schematic diagram illustrating a model risk logic example provided in an embodiment of this application;
[0040] Figure 5 This is a flowchart illustrating the overall process logic of the risk identification method provided in this application embodiment;
[0041] Figure 6 This is a schematic diagram of the risk identification device provided in the embodiments of this application;
[0042] Figure 7 This is a schematic diagram of the hardware structure of the electronic device provided in the embodiments of this application. Detailed Implementation
[0043] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0044] It should be noted that although functional modules are divided in the device schematic diagram and a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than the module division in the device or the order in the flowchart. The terms "first," "second," etc., in the specification, claims, and the aforementioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence.
[0045] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of this application only and is not intended to limit this application.
[0046] Currently, routine audits of complex businesses typically only target specific risk points, neglecting the hidden risks behind these point-like risks and the risks associated with upstream and downstream operations. This "point-like" audit approach leads to the continuous emergence of potential risks and makes it impossible to effectively quantify and assess risks.
[0047] Based on this, embodiments of this application provide a risk identification method, apparatus, electronic device, and storage medium, aiming to improve the ability to identify and control risks in auditing work.
[0048] The risk identification method, apparatus, electronic device, and storage medium provided in this application are specifically described through the following embodiments. First, the recommended method in the embodiments of this application is described.
[0049] The risk identification method provided in this application relates to the field of risk control technology. The risk identification method provided in this application can be applied to a terminal, a server, or software running on either a terminal or a server. In some embodiments, the terminal can be a smartphone, tablet, laptop, desktop computer, etc.; the server can be configured as an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms; the software can be an application implementing the risk identification method, but is not limited to the above forms.
[0050] This application can be used in a wide variety of general-purpose or special-purpose computer system environments or configurations. Examples include: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, and distributed computing environments including any of the above systems or devices. This application can be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform specific tasks or implement specific abstract data types. This application can also be practiced in distributed computing environments where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.
[0051] It should be noted that in all specific embodiments of this application, when processing data related to user identity or characteristics, such as user information, user behavior data, user historical data, and user location information, user permission or consent is obtained first. Furthermore, the collection, use, and processing of this data comply with relevant laws, regulations, and standards. In addition, when embodiments of this application require access to sensitive personal information of users, separate permission or consent from the user is obtained through pop-ups or redirection to confirmation pages. Only after obtaining the user's separate permission or consent is the necessary user-related data required for the proper functioning of these embodiments acquired.
[0052] Figure 1 This is one of the flowcharts of the risk identification method provided in the embodiments of this application. Figure 1 The method may include, but is not limited to, steps S100 to S300, wherein:
[0053] Step S100: Obtain the target business data to be processed.
[0054] The target business data refers to the business data acquired by the process nodes corresponding to the risk control model currently being monitored. For example, business data is the core input for building and running the risk control model. It includes various data generated during business operations, such as: business personnel data (name, gender, age, department, etc.); waybill data (waybill number, sender information, recipient information, courier information, package information, pickup and delivery time, pickup and delivery fees, etc.); accrual data (accrual time, accrual amount, accrual reason, etc.); and courier performance data (courier work efficiency, service quality, complaint rate, etc.).
[0055] Step S200: Process the target business data according to the correlation between the M risk control models to obtain the target information output by the N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N.
[0056] In this embodiment, a risk control model is established for each process node, including elements such as scheduling cycle, model threshold, risk logic, input parameters, business object, output result, and a list of associated models. A business process often contains several business steps, each corresponding to several process nodes, and each process node corresponds to a risk control model. Each risk control model is used to identify and handle specific types of risks. In some complex business processes with long workflows, the same business object often participates in multiple process nodes. Therefore, the relationship between different risk control models can be determined based on the same business object and the execution order of the process nodes (upstream and downstream business relationships). When the risk control model of a process node outputs an abnormal result, it can be used as input parameters for downstream associated business risk control models, driving the downstream risk control models to analyze and assess the risk magnitude and impact scope, and so on. Specifically, the relationship between the M risk control models is obtained based on at least one of the following: the execution order of the M process nodes; the M risk control models involve the same business object.
[0057] like Figure 2 As shown, if risk control model 1 outputs an abnormal result at a process node corresponding to business segment 1, then risk control models that share the same business objects and have upstream / downstream business relationships with risk control model 1 are considered associated models of risk control model 1. In other words, if risk control model 1 outputs an abnormal result, then risk control models 2 and 3 corresponding to downstream business segments of risk control model 1 must also undergo risk identification; if risk control model 2 also outputs an abnormal result, then risk control models 4 and 5 corresponding to downstream business segments of risk control model 2 must also undergo risk identification, and so on. If the process node corresponding to risk control model 1 and the process node corresponding to risk control model 2 both have the same business objects involved, then after risk control model 1 outputs an abnormal result, risk control model 2, which shares the same business objects, must also undergo risk identification, and so on. Here, business objects include entities (people, organizations, things, etc.) participating in the business.
[0058] In one implementation of this embodiment, the entire business process includes M process nodes, each corresponding to a risk control model. The business process is used to process the target business data. Based on the relationships between the M risk control models, the target business data is processed to obtain target information output by N risk control models, where M and N are both positive integers, and M is greater than or equal to N. The N risk control models that output the target information are the risk control models corresponding to the process nodes that identified the risks.
[0059] Step S300: Identify the process nodes corresponding to the N risk control models as nodes where there is risk when processing the target business data.
[0060] The business process nodes corresponding to the N risk control models marked as having risks in the above steps are identified as nodes that may pose significant security risks when processing this batch of target business data. This means that these nodes may have introduced risks when processing the target business data, and further attention and intervention are needed in subsequent operations to take appropriate risk control measures to reduce the likelihood of risk occurrence or mitigate its impact.
[0061] For example, the risk identification methods described above can be applied to auditing work. After conducting on-site investigations and clarifying the business logic, risk points, and business objects (stakeholders, organizations, and all other business entities), auditors will build a risk control model based on business data and run it regularly to continuously monitor risk trends. These methods can identify potential hidden risks and upstream / downstream related risks, thereby improving the ability to identify and control risks in auditing work.
[0062] This embodiment analyzes the relationships between M risk control models, each corresponding to one of the M process nodes in the business process. These risk control models are used to process the target business data, resulting in target information output by N risk control models. Finally, based on the outputs of the N risk control models, the corresponding process nodes are identified as nodes with risks. Identifying risk nodes through risk control models allows for more accurate identification and handling of risk points in the business process, thereby improving the efficiency and effectiveness of risk management. Furthermore, risk linkage analysis enables a more comprehensive assessment of the impact of risks, further enhancing the overall system's early warning capabilities and response speed.
[0063] In some embodiments, steps prior to step S100 may include, but are not limited to, the following steps:
[0064] M monitoring frequencies are set for the M risk control models, with each risk control model corresponding to one monitoring frequency;
[0065] For each of the aforementioned risk control models, the following processing is performed:
[0066] Based on the monitoring frequency corresponding to the risk control model, a timed task is configured for the risk control model. The timed task is used to acquire business data according to the monitoring frequency.
[0067] Before acquiring the target business data to be processed, a specific monitoring frequency can be set for each risk control model, and corresponding scheduled tasks can be configured to automate this process. This setup helps ensure that the risk control system can regularly and efficiently collect and analyze the latest business data, thereby promptly identifying potential risks.
[0068] Specifically, based on the characteristics of each risk control model and the type of risk it focuses on, appropriate monitoring frequencies are set for each of the M risk control models. The monitoring frequency can be adjusted according to business scenarios and risk characteristics, such as daily, weekly, or monthly. The selection of the monitoring frequency is based on various factors, including but not limited to the sensitivity of business processes, the frequency of historical risk events, and the speed of data updates. For example, high-risk or critical transaction processes may require more frequent monitoring (such as hourly or even real-time monitoring); while for relatively stable business segments, a lower frequency (such as daily or weekly) can be chosen.
[0069] A scheduled task is configured for each risk control model based on its corresponding monitoring frequency. The scheduled task will run automatically according to the set monitoring frequency, and acquire the business data corresponding to that process node as input to the model. The acquired business data will then be passed to the corresponding risk control model for analysis and processing.
[0070] This embodiment configures scheduled tasks to enable each risk control model to run automatically at a predetermined monitoring frequency, thereby achieving continuous monitoring of business data. This method ensures that the risk control model obtains the latest data in a timely manner and performs risk assessments, thus promptly identifying potential risks and ensuring the efficiency and timeliness of risk management. Simultaneously, the automated processing of scheduled tasks reduces the need for manual intervention, improving the accuracy and reliability of risk control efforts.
[0071] In some embodiments, step S200 may include, but is not limited to, the following steps:
[0072] For any one of the M risk control models, the following processing is performed:
[0073] In response to the timed task of the first risk control model, the target business data is input into the first risk control model to obtain the target information output by the first risk control model;
[0074] If the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, a second risk control model is obtained. The second risk control model is another risk control model among the M risk control models that is related to the first risk control model and has not output target information.
[0075] The business details data of the first risk control model are input into the second risk control model to obtain the target information output by the second risk control model;
[0076] The second risk control model is used as the first risk control model. When the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, the step of obtaining the second risk control model is executed until the preset iteration stop condition is met.
[0077] In this embodiment, when a scheduled task of a certain risk control model (the first risk control model) is triggered, the system automatically inputs the target business data to be processed into the model. After processing the target business data, the first risk control model outputs target information, including risk identification results and related business detail data. The risk identification results indicate whether there is risk at the corresponding process node of the model; the business detail data is used for further analysis or as input to other models. Specifically, the business detail data consists of all business data related to the target business data obtained through model calculations based on the target business data. For example, if the target business data of the first risk control model is a business person surnamed Li, the business detail data of the first risk control model includes the names, ID numbers, contact information, positions, departments, and other relevant information of all business persons surnamed Li in the system.
[0078] Specifically, for any one of the M risk control models, the following processing is performed:
[0079] The first step involves inputting the target business data into the first risk control model when its scheduled task is triggered, thereby obtaining the target information output by the first risk control model. If the risk identification result of the first risk control model indicates that there is a risk in the corresponding process node when processing the target business data, then proceed to the next step. Otherwise, no further processing is required for this model, and it can continue to the next model or wait for the next scheduled task.
[0080] The second step is to identify other risk control models (secondary risk control models) that are related to the primary risk control model. The secondary risk control model is one of the M risk control models that has not yet output target information and is related to the primary risk control model. Then, the business detail data from the primary risk control model is input into the secondary risk control model to obtain the target information output by the secondary risk control model.
[0081] The third step involves iteratively processing the target information output by the second risk control model. The current second risk control model is treated as the new "first risk control model," and the steps of risk identification and correlation model processing described above are repeated until a preset iteration stop condition is met. The preset iteration stop condition includes: the risk identification result of the first risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data; or, all of the M risk control models associated with the first risk control model have output target information.
[0082] Ultimately, the above process yields target information output by N risk control models, where N ≤ M. The business process nodes corresponding to these models are considered critical nodes where risks exist when processing the target business data.
[0083] This iterative processing approach ensures that when one risk control model identifies a risk, other related risk control models are also activated, resulting in a more comprehensive risk assessment of business data. This method helps reveal potential risk chains within business processes, improving the depth and breadth of risk management.
[0084] In some embodiments, the process by which the first risk control model processes the target business data may include, but is not limited to, the following steps:
[0085] The target business data is processed according to the processing rules corresponding to the first risk control model to obtain the first quantitative indicator and the business detail data of the first risk control model;
[0086] If the first quantitative indicator of the first risk control model is greater than the first anomaly threshold corresponding to the first risk control model, then it is determined that the risk identification result output by the risk control model indicates that the process node corresponding to the first risk control model has a risk when processing the target business data.
[0087] If the first quantitative indicator is less than or equal to the first anomaly threshold, then the risk identification result output by the risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data.
[0088] like Figure 3As shown, the risk control model includes the following key elements: scheduling cycle, i.e., the monitoring frequency of the risk control model, which can be set as needed according to the characteristics of different risk control models; model threshold, used to determine whether the quantitative indicators of the risk control model meet the risk warning requirements, set by business personnel based on historical business data; risk logic, which is a model algorithm set by business personnel according to specific business conditions and the characteristics of the risk control model, used to analyze business data and identify risks; input parameters, i.e., target business data, including business data and other relevant data, such as personnel information, waybill information, accrual information, etc.; output results, including quantitative indicators and business detail data, where quantitative indicators are numerical indicators for assessing the impact of risks, used to compare with the model threshold to obtain the risk identification results of the risk model, and business detail data is used for business verification or as input parameters for related risk control models; business objects, i.e., entities participating in the business, including people, organizations, things, etc.; and a list of related models, i.e., a list of upstream and downstream related models with business relationships, which can be used to obtain the relationship between business process nodes.
[0089] Specifically, when the quantitative indicator of a certain risk model exceeds a preset threshold, the risk identification result of the process node corresponding to the risk control model in processing the target business data is obtained, triggering the analysis of the associated risk model; the business detail data generated by the risk model is passed to the associated risk model, and the associated risk model performs further analysis based on the received data until all associated risk models have been run, thereby identifying potential risks and quantifying the risk impact.
[0090] In one implementation of this embodiment, the first risk control model first preprocesses the target business data, including data cleaning, feature extraction, and pattern recognition. For example, it performs preliminary cleaning of the input business data to remove invalid data such as duplicates, errors, and missing values, thereby reducing the sample range and improving efficiency. Then, the preprocessed target business data is input into the first risk control model. The first risk control model analyzes this data according to its preset processing rules (e.g., specific algorithms, rule sets, or statistical methods). These processing rules may include, but are not limited to, anomaly detection algorithms, pattern recognition techniques, or machine learning models trained on historical data; no specific limitations are imposed here.
[0091] The first risk control model generates one or more quantitative indicators to measure the degree of risk in the target business data. These quantitative indicators can be scores, probability values, or other forms of risk measurement, and are not limited here. The calculated first quantitative indicator is compared with a pre-set first anomaly threshold, which is typically a critical value determined based on historical data, industry standards, or business needs, and is not limited here. If the first quantitative indicator is greater than the first anomaly threshold preset by the first risk control model, it means that the target business data presents risk when processed at the corresponding process node of the first risk control model. Therefore, the risk identification result output by the first risk control model will indicate the presence of risk. Conversely, if the first quantitative indicator is less than or equal to the first anomaly threshold, it indicates that there is no risk when processing the target business data, and the corresponding risk identification result will also indicate the absence of risk.
[0092] In addition to risk identification results, the first risk control model also generates detailed business data, which may include specific information used for risk assessment, such as raw data, processed data, and feature values, etc., without limitation. Furthermore, the detailed business data will be used for further analysis or as input to other related risk control models.
[0093] For example, such as Figure 4 As shown, taking the "courier pickup and delivery scenario" as an example, if there is a risk of "an abnormal increase in the monthly pickup and delivery commission amount for couriers," the reasons for this risk include "couriers engaging in abnormal order fraud" and "couriers faking climbing stairs to fraudulently obtain climbing commissions." These three risks are all directly related to the courier (the business target), so three related risk models can be formed. The risk logic of the model is as follows:
[0094] If the risk model for "abnormally high month-on-month accrual" is run monthly (scheduling cycle), the summary waybill details and accrual details (input parameters) are analyzed to obtain the month-on-month accrual ratio of the courier's collection and delivery (quantitative indicator). If the courier's accrual amount (quantitative indicator) is 50% higher than the month-on-month ratio (model threshold), a risk identification result is obtained. The abnormal courier accrual details (business detail data) output by the risk model are then input into the two related models of "abnormal order brushing" and "fake order climbing" for further analysis to obtain the risk identification results of the two related models. Based on the risk identification results, it is determined whether there are risks of "abnormal order brushing" and "fake order climbing," and the business data details of the risks are obtained (such as the number of brushed orders and the operation details of brushing, etc.), providing factual basis for subsequent illegal accrual deductions.
[0095] This embodiment processes target business data using a first risk control model, quantifies data risk using quantitative indicators, provides early warnings of risks based on risk identification results, and records the quantified data in detail using business data. This is crucial for subsequent risk control model iteration and risk management decisions. Furthermore, this mechanism supports flexible adjustment and optimization, such as adjusting anomaly thresholds to adapt to different business environments and risk management strategies.
[0096] In some embodiments, step S300 may be followed by, but is not limited to, the following steps:
[0097] Risk warnings are issued for the process nodes corresponding to the N risk control models, and detailed business data corresponding to the N risk control models are output.
[0098] Based on the quantitative indicators and respective anomaly thresholds of N risk control models, we identify which process nodes pose risks when processing target business data, resulting in N (N≤M) identified process nodes with risks in processing target business data. These risky nodes are recorded to prepare for subsequent risk warnings.
[0099] For each node marked as having risk, a risk warning is generated and promptly communicated to relevant personnel via email, SMS, system notifications, etc. This risk warning includes, but is not limited to, risk level, risk description, and suggested countermeasures. Simultaneously, detailed business data is extracted from each risk control model that generates the warning, and the detailed business data related to these high-risk nodes is compiled and output. This detailed business data includes, but is not limited to, entity information (personnel, organization, item information, etc.), transaction information (transaction amount, time, location, type, participants, etc.), business process information (approval process, authorization process, operational process), and other relevant data.
[0100] In one implementation of this embodiment, if the risk model has multiple abnormal thresholds for indicating risk levels, the severity of the risk can be defined based on the quantitative indicators and the abnormal thresholds of the multiple risk levels.
[0101] By providing risk warnings and outputting relevant business details, we can not only promptly identify and warn of potential risks, but also provide detailed business data support to help relevant personnel quickly locate problems and take effective measures. This not only improves the efficiency of risk management, but also enhances the transparency and credibility of the system.
[0102] Figure 5 The overall solution flow diagram of this application embodiment is shown below. The specific execution flow of the risk control model is as follows:
[0103] 1. The risk control model is scheduled through timed tasks, and the time limit of the timed tasks can be set according to the actual business scenario.
[0104] 2. Input the business data into risk control model 1 through the data cleaning process. The data cleaning process removes noise, fills in missing values, and corrects errors in the business data to reduce the sample range and improve efficiency.
[0105] 3. The cleaned business data is analyzed and processed using risk control model 1, and quantitative indicators and detailed business data are output.
[0106] 4. Risk control model 1 combines quantitative indicators and preset model thresholds to determine whether the risk warning standard is met. If the risk warning standard is not met, the process ends. The risk warning standard is that a risk warning is issued when the quantitative indicator exceeds the preset model threshold.
[0107] 5. If the risk warning criteria are met, i.e. the current model issues a risk warning, then determine whether there is a related model; if there is no related model, then end the process.
[0108] 6. If the current model is associated with other models, the business details data output by the current model will be input into all associated models for the next step of risk analysis. The process will end when all associated risk models have been run.
[0109] This embodiment establishes multiple risk control models by combining business data and obtains the correlation between different risk control models based on the same business objects and upstream and downstream business relationships. The monitoring frequency of each risk control model is set as needed and scheduled by a corresponding timed task. Based on the preset anomaly threshold of the risk control model, it determines whether the current risk control model has any risk. If no risk is identified, the process ends. If a risk is identified, it determines whether the current model has any related models. If no related models exist, the process ends. If related models exist, the business details of the current model are input into all related models for further risk analysis until all related models have been run, ensuring that all related risks are identified and quantified. By establishing a systematic and quantifiable audit risk control system, potential hidden risks and upstream and downstream related risks can be identified. By quantifying and assessing risks, the impact of risks can be accurately determined. The automated risk identification and assessment process achieves comprehensiveness, accuracy, and timeliness in risk management, providing an effective method and tool for auditing complex businesses.
[0110] The systematic risk control model for auditing in this application can also be applied to the following scenarios:
[0111] 1. Risk quantification, risk management, and identification of associated risks in audit engagements.
[0112] 2. Risk quantification, risk management, and identification of associated risks related to risk control.
[0113] 3. Quantification of indicators, relationship management, and analysis of related impacts in various related scenarios.
[0114] This application embodiment establishes multiple risk control models based on business data. By setting the monitoring frequency and scheduled tasks for each risk control model, it processes the target business data and identifies process nodes with potential risks. During processing, if a risk control model detects a risk, it triggers further analysis from other related risk control models. The correlation between risk control models is based on the sequence of process nodes or common business objects, until all related models have completed evaluation or no new risks are found. The system will issue risk warnings based on the nodes with risks and output detailed business data for further analysis and action. This application embodiment can automatically identify and highlight related potential risks, preventing risk oversights; through quantifiable risk models, it can quickly assess the impact of risks and make rapid decisions; it transforms risk handling from post-event patching to in-process intervention and pre-event warning, preventing risks before they occur; it reduces the burden on auditors and improves the efficiency of risk handling; it helps identify systemic risks and provides factual basis for business system optimization; it defines the basic structure and operation mode of a systematic and quantitative risk control model based on big data; and it can also provide a reference for the basic structure and operation mode of other correlation analysis frameworks. This multi-model collaborative mechanism can identify potential hidden risks and upstream and downstream related risks, achieving comprehensiveness, accuracy and timeliness in risk management, and providing effective methods and tools for auditing complex businesses.
[0115] Please see Figure 6 This application embodiment also provides a risk identification device 600, which can implement the above-mentioned risk identification method. The device includes:
[0116] Module 10 is used to acquire target business data to be processed;
[0117] Processing module 20 is used to process the target business data according to the correlation between M risk control models to obtain target information output by N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N. The correlation between the M risk control models is obtained according to at least one of the following: the execution order of the M process nodes; the M risk control models involve the same business objects.
[0118] The identification module 30 is used to identify the process nodes corresponding to the N risk control models as nodes that pose a risk when processing the target business data.
[0119] In some implementations, the acquisition module 10 may include:
[0120] The frequency setting unit is used to set M monitoring frequencies for the M risk control models, with each risk control model corresponding to one monitoring frequency;
[0121] The task configuration unit is used to perform the following processing for each of the risk control models: configure a timed task for the risk control model according to the monitoring frequency corresponding to the risk control model, wherein the timed task is used to acquire business data according to the monitoring frequency.
[0122] In some implementations, the processing module 20 may include:
[0123] The response unit is configured to perform the following processing for any one of the M risk control models: in response to a timed task of the first risk control model, input the target business data into the first risk control model to obtain target information output by the first risk control model; the target information output by the risk control model includes the risk identification result and business detail data output by the risk control model; the process of the first risk control model processing the target business data includes: processing the target business data according to the processing rules corresponding to the first risk control model to obtain a first quantitative indicator and business detail data of the first risk control model; if the first quantitative indicator of the first risk control model is greater than the first anomaly threshold corresponding to the first risk control model, it is determined that the risk identification result output by the risk control model indicates that the process node corresponding to the first risk control model has a risk when processing the target business data; if the first quantitative indicator is less than or equal to the first anomaly threshold, it is determined that the risk identification result output by the risk control model indicates that the process node corresponding to the first risk control model has no risk when processing the target business data;
[0124] The acquisition unit is used to perform the following processing on any one of the M risk control models: when the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, the second risk control model is acquired. The second risk control model is another risk control model among the M risk control models that has a relationship with the first risk control model and has not output target information.
[0125] The input unit is used to perform the following processing on any one of the M risk control models: input the business detail data of the first risk control model into the second risk control model to obtain the target information output by the second risk control model;
[0126] An iteration unit is used to perform the following processing on any one of the M risk control models: taking the second risk control model as the first risk control model, and executing the step of obtaining the second risk control model when the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, until a preset iteration stop condition is met. The iteration stop condition includes: the risk identification result of the first risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data, or all the risk control models among the M risk control models that are related to the first risk control model have output target information.
[0127] In some implementations, the identification module 30 may include:
[0128] The early warning unit is used to provide risk warnings for the process nodes corresponding to the N risk control models and output the business detail data corresponding to the N risk control models.
[0129] The specific implementation of this risk identification device is basically the same as the specific implementation of the risk identification method described above, and will not be repeated here.
[0130] This application also provides an electronic device, which includes a memory and a processor. The memory stores a computer program, and the processor executes the computer program to implement the aforementioned risk identification method. This electronic device can be any smart terminal, including tablet computers, in-vehicle computers, etc.
[0131] Please see Figure 7 , Figure 7 The hardware structure of an electronic device according to another embodiment is illustrated. The electronic device includes:
[0132] The processor 701 can be implemented using a general-purpose CPU (Central Processing Unit), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits, and is used to execute relevant programs to implement the technical solutions provided in the embodiments of this application.
[0133] The memory 702 can be implemented as a read-only memory (ROM), a static storage device, a dynamic storage device, or a random access memory (RAM). The memory 702 can store the operating system and other application programs. When the technical solutions provided in the embodiments of this specification are implemented through software or firmware, the relevant program code is stored in the memory 702 and is called and executed by the processor 701 using the risk identification method of the embodiments of this application.
[0134] The input / output interface 703 is used to implement information input and output;
[0135] The communication interface 704 is used to enable communication and interaction between this device and other devices. Communication can be achieved through wired means (such as USB, Ethernet cable, etc.) or wireless means (such as mobile network, WIFI, Bluetooth, etc.).
[0136] Bus 705 transmits information between various components of the device (e.g., processor 701, memory 702, input / output interface 703, and communication interface 704);
[0137] The processor 701, memory 702, input / output interface 703, and communication interface 704 are connected to each other within the device via bus 705.
[0138] This application also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the above-described risk identification method.
[0139] Memory, as a non-transitory computer-readable storage medium, can be used to store non-transitory software programs and non-transitory computer-executable programs. Furthermore, memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory may optionally include memory remotely located relative to the processor, and these remote memories can be connected to the processor via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
[0140] The risk identification method, device, electronic equipment, and storage medium provided in this application acquire target business data to be processed and analyze it using M predefined risk control models. Each model corresponds to a specific business process node. Based on the correlation between the M risk control models, when one model detects a risk, it can trigger other related models to conduct further in-depth checks, ultimately obtaining the output target information of N (N≤M) risk control models. According to the risk identification results output by each risk control model, it determines which process nodes have risks when processing the target business data, thereby achieving effective risk identification. By constructing a systematic risk control model, the accuracy of risk identification can be improved, and correlation analysis and quantitative assessment of risk points can be achieved, thereby realizing pre-warning and in-process intervention, effectively improving the efficiency and effectiveness of risk management.
[0141] The embodiments described in this application are for the purpose of more clearly illustrating the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided by the embodiments of this application. As those skilled in the art will know, with the evolution of technology and the emergence of new application scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.
[0142] Those skilled in the art will understand that the technical solutions shown in the figures do not constitute a limitation on the embodiments of this application, and may include more or fewer steps than shown, or combine certain steps, or different steps.
[0143] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs.
[0144] Those skilled in the art will understand that all or some of the steps in the methods disclosed above, as well as the functional modules / units in the systems and devices, can be implemented as software, firmware, hardware, or suitable combinations thereof.
[0145] The terms “first,” “second,” “third,” “fourth,” etc. (if present) in the specification and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms “comprising” and “having,” and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.
[0146] It should be understood that in this application, "at least one (item)" means one or more, and "more than" means two or more. "And / or" is used to describe the relationship between related objects, indicating that three relationships can exist. For example, "A and / or B" can represent three cases: only A exists, only B exists, and both A and B exist simultaneously, where A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects are in an "or" relationship. "At least one (item) of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one (item) of a, b, or c can represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", where a, b, and c can be single or multiple.
[0147] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of the units described above is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.
[0148] The units described above as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0149] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0150] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes multiple instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of this application. The aforementioned storage medium includes various media capable of storing programs, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0151] The preferred embodiments of the present application have been described above with reference to the accompanying drawings, but this does not limit the scope of the claims of the present application. Any modifications, equivalent substitutions, and improvements made by those skilled in the art without departing from the scope and substance of the embodiments of the present application shall be within the scope of the claims of the present application.
Claims
1. A risk identification method, characterized in that, The method includes: Obtain the target business data to be processed; The target business data is processed according to the correlation between M risk control models to obtain target information output by N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N. The process nodes corresponding to the N risk control models are identified as nodes where risks exist when processing the target business data.
2. The method according to claim 1, characterized in that, Before acquiring the target business data to be processed, the method further includes: M monitoring frequencies are set for the M risk control models, with each risk control model corresponding to one monitoring frequency; For each of the aforementioned risk control models, the following processing is performed: Based on the monitoring frequency corresponding to the risk control model, a timed task is configured for the risk control model. The timed task is used to acquire business data according to the monitoring frequency.
3. The method according to claim 2, characterized in that, The target information output by the risk control model includes the risk identification results and business detail data output by the risk control model. Based on the correlation between M risk control models, the target business data is processed to obtain target information output by N risk control models, including: For any one of the M risk control models, the following processing is performed: In response to the timed task of the first risk control model, the target business data is input into the first risk control model to obtain the target information output by the first risk control model; If the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, a second risk control model is obtained. The second risk control model is another risk control model among the M risk control models that is related to the first risk control model and has not output target information. The business details data of the first risk control model are input into the second risk control model to obtain the target information output by the second risk control model; The second risk control model is used as the first risk control model. When the risk identification result of the first risk control model indicates that there is a risk in the process node corresponding to the first risk control model when processing the target business data, the step of obtaining the second risk control model is executed until the preset iteration stop condition is met.
4. The method according to claim 3, characterized in that, The iteration stopping conditions include: the risk identification result of the first risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data, or, all the risk control models among the M risk control models that are related to the first risk control model have output the target information.
5. The method according to claim 3, characterized in that, The process by which the first risk control model processes the target business data includes: The target business data is processed according to the processing rules corresponding to the first risk control model to obtain the first quantitative indicator and the business detail data of the first risk control model; If the first quantitative indicator of the first risk control model is greater than the first anomaly threshold corresponding to the first risk control model, then it is determined that the risk identification result output by the risk control model indicates that the process node corresponding to the first risk control model has a risk when processing the target business data. If the first quantitative indicator is less than or equal to the first anomaly threshold, then the risk identification result output by the risk control model indicates that there is no risk in the process node corresponding to the first risk control model when processing the target business data.
6. The method according to claim 1, characterized in that, The correlation between the M risk control models is obtained based on at least one of the following: The execution order of M process nodes; The M risk control models involve the same business objects.
7. The method according to claim 1, characterized in that, After identifying the process nodes corresponding to the N risk control models as process nodes where risks exist when processing the target business data, the method further includes: Risk warnings are issued for the process nodes corresponding to the N risk control models, and detailed business data corresponding to the N risk control models are output.
8. A risk identification device, characterized in that, The device includes: The acquisition module is used to acquire the target business data to be processed. The processing module is used to process the target business data according to the correlation between M risk control models to obtain the target information output by N risk control models. The M risk control models correspond one-to-one with the M process nodes included in the business process. The business process is used to process the target business data. M and N are both positive integers, and M is greater than or equal to N. The identification module is used to identify the process nodes corresponding to the N risk control models as nodes that pose a risk when processing the target business data.
9. An electronic device, characterized in that, The electronic device includes a memory and a processor, the memory storing a computer program, and the processor executing the computer program to implement the risk identification method according to any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by a processor, it implements the risk identification method according to any one of claims 1 to 7.