| CPC G06Q 10/0633 (2013.01) [G06F 3/0486 (2013.01); G06F 11/3428 (2013.01); G06F 16/252 (2019.01); G06Q 10/0635 (2013.01); H04L 67/02 (2013.01)] | 18 Claims |
|
1. A computer system for internal audit and internal control management, the system comprising:
a platform for integrated internal audit and internal control management, the platform comprising a development environment, a run-time environment, and a management environment;
a plurality of data sources stored in databases and related to auditable processes subject to the internal audit;
a plurality of repositories storing data associated with controls and rules related to the control management;
a plurality of interconnected computer subsystems having programming routines executable in at least one of the environments, the computer subsystems comprising first, second, and third sets of subsystems;
wherein each of said subsystems for all of said environments are user-accessible through a thin client comprising an internet browser, the thin client having a graphical user interface with selectable fields corresponding to each of said subsystems of each of said three environments simultaneously displayed on an associated user-perceptible screen;
wherein the first set of subsystems is executable in the development environment, the first set of subsystems comprising a data on-boarder, connection adapters, GRC forms, and a control designer;
wherein the second set of subsystems is executable in the run-time environment and comprises a data integration server;
wherein the third set of subsystems is executable in the management environment and comprises incident management, issue management, scheduling, monitoring, and security;
a RESTful application programming interface generated by, and having user-selectable fields associated with, the first set of subsystems in the development environment;
a plurality of dashboards generated by, and having user-selectable fields associated with, the third set of subsystems in the management environment;
wherein the dashboards comprise a control monitoring scoreboard, the scoreboard simultaneously displaying key performance indicators determined in real time by the third set of subsystems of the management environment, the key performance indicators comprising controls failed, related records scanned, tests performed, and associated risk scores, the foregoing determinations displayed on the scoreboard as user-perceptible indicia;
the scoreboard having programming for displaying detail records of respective ones of the key performance indicators in response to user selection of an associated field on the scoreboard;
wherein the data on-boarder comprises programming capable of performing the following computer-implemented steps in response to user input through the RESTful application programming interface:
create a first data flow mapping corresponding to a first data source object to be on-boarded;
edit a second data flow mapping previously created by the data on-boarder, the second data flow mapping corresponding to a second data source object;
drag and drop at least one of the data source objects to be on-boarded into a first logical work space accessible from the RESTful application programming interface;
select a predetermined connection for the dropped source object from a plurality of the connections determined by the connection adapters;
generate a source qualifier and default select query for the dropped source object;
develop and validate the data flow mappings using transformation objects selected from the group consisting of Joiner, Filter, Lookup, Router, Cache, Expression, and JAVA/Scala/Python/R transformations;
connect to target definitions after validation of the data flow mappings;
execute the data flow mappings to generate associated run statistics, and
display in real-time first indicia corresponding to the execution of the data flow mappings;
wherein the steps of dragging and dropping and connecting to the target definitions are executable in a manner agnostic to script language associated with the source object and the target definition;
wherein the control designer subsystem of the first set of subsystems comprises programming capable of performing the following computer-implemented steps, in response to user-input:
access one of the databases to retrieve an existing control name having a first control mapping associated therewith and defined in the GRC forms in a tree view folder associated with a control category;
edit a second control mapping previously designed by the control designer subsystem;
transfer at least one of the control mappings to a second logical workspace accessible from the RESTful application programming interface;
drag and drop at least one of the data source objects into the second logical workspace;
develop and validate the control mapping using transformation objects selected from the group consisting of control mapper, SQL control, and control result sets;
connect to a control result set after validation of at least one of the control mappings;
execute the control mappings to generate a log associated with the controls of the executed control mappings;
display in real-time second indicia corresponding to the execution of the control mappings;
wherein the control mapper comprises programming capable of maintaining control logic associated with the corresponding one of the control mappings, irrespective of substitution of one of the data source objects of the corresponding control mapping with another one of the data source objects retrieved from the databases.
|