AU2018100340A4 - Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. - Google Patents
Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. Download PDFInfo
- Publication number
- AU2018100340A4 AU2018100340A4 AU2018100340A AU2018100340A AU2018100340A4 AU 2018100340 A4 AU2018100340 A4 AU 2018100340A4 AU 2018100340 A AU2018100340 A AU 2018100340A AU 2018100340 A AU2018100340 A AU 2018100340A AU 2018100340 A4 AU2018100340 A4 AU 2018100340A4
- Authority
- AU
- Australia
- Prior art keywords
- application
- compliance
- blockchain
- technology
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
TECHNOLOGY RISK AUDIT REGULATORY COMPLIANj Technology ComphanceBlock chai-loT- i on-Patent TechnologyRisk Audit and Compliance TECRAC High Level Design An abstract solution showing - how an Blockchain & IoT platform connecting an example Financial institution (Westpac bank) and Its IT Systems (Data Center) & assets with its relevant IT vendors as well as its relevant Auditor (e.g. PWC) and Regulatory body (e.g. APRA)on permissioned private distributed ledger technology (Blockchain). As it a Private and Permissioned blockchain network set by the financial institution, the financial institution can decide and set agreed data read / write / view permissions between the parties involved. SOLUTION - THE TO-BE PROCESS - FOR AUDITING & COMPLIANCE Technology Risk Audit and Compliance - TECRAC TO-BE Model Blockchain enabled Using Blockchains DLT - A Decentralised compliance and regulation can eliminate duplications, increase transparency R"W~r Aand efficiency creating an environment where auditable Bank compliance data can be directly Rued nyRd O,;,y mma w * accessed by regulators and rules can be automatically executed with smart contracts. Eirte 3..d&W 1.*am Audtor Bm .l j[Internal Audit Team Blockchain + IoT Build Trust Reduce Cost Faster Transactions Imprae Cmpliance True Security
Description
Technology Risk Audit and Compliance -TECRAC ^*l,— www.tecrac.com
DESCRIPTION
The IT audit function has never held a more crucial role. From substantial cybersecurity, privacy and infrastructure challenges and management issues to the implementation of new technologies in the organization, IT auditors work closely with management and the board of directors to fulfil a vital role in helping maintain an effective control environment amid a changing business climate and dynamic global marketplace.
The current traditional compliance model in use were designed in a different era and with a different purpose in mind, largely as an enforcement arm for the legal function and is not adequate for todays changing business environment and its complexity in terms heavy reliant and use of technology as well as globalizations. The current regulatory compliance model has deficiencies on both sides of the equations, for regulatory / auditor and the auditee.
DESCRIPTION
Problem Definition: Auditee Regulatory Compliance Challenges
The current model offers a limited understanding of the business operations and underlying technology risk exposures, as well as of how to practically translate technology related regulatory compliance requirements into management actions.
The current compliance activities tend to be isolated, lacking a clear link to the broader risk-management framework, governance, and processes as well as the compliance testing & reporting program emphasize a bottom-up, subjective process of control testing versus a more objective, risk-based monitoring of material residual risks.
As banking & financial institutions now are predominantly technology run (and are moving toward a totally digital organisations), resulting in business & IT managers are left to their own devices to figure out what specific controls are required to address regulatory requirements, typically leading to a build-up of labour-intensive control activities with uncertain effectiveness.
To add to above current compliance challenges in the heavily-regulated banking & financial sector, each institution and with an institution each business unit maintains its own technology risk & compliance data records on its own ledger system to be used for reports to the regulatory authorities accordingly with compliance rules. This creates large duplication of efforts, lack of transparency and, unavoidably, inconsistencies.
More often than not, the net result is primarily a dramatic increase in compliance-and-control spend with either limited or unproved impact on the residual risk profile of a bank resulting in: • More People • More Manual Process • More Spreadsheets • More Reporting with conflicting information • Increase Risk Exposer
DESCRIPTION
Problem Definition: Auditor Regulatory Compliance Challenges
The current regulatory and audit system is mostly manual right from A Regulatory body establishing and publishing the regulatory compliance guidelines on their website
To the actual audit performed by regulatory body and external / internal auditors
As all audits are manually conducted in-person and the audit can only be performed on a sample.
Due to audit evidence submission and review is mostly conducted manually the auditors have never been able to provide 100% assurance—that is why we always hear auditors talk about “reasonable” assurance instead. Sample selection methodology is common among most audit testing, which means that auditors typically just select a sample within the audit period and hope that their sample will show if there are any issues.
As current regulatory and compliance system is centralized with multiple parties are involved as shown in the figure on the right, they all maintains their own risk compliance data records on their own ledger, which are manually managed resulting in duplication of effort and more prone to errors and inconsistencies.
As current auditing process is conducted in person this requires business to block team to contribute time to audit by preparing evidence for submission and participate in presentations and review cycles - impacting business
DESCRIPTION
Solution TECRAC- A Blockchain, DLT, Smart Contract & IoT based Technology-Risk Compliance Management, Regulatory Compliance Reporting and Technology Asset Management Application for the banking & financial industry.
Through intelligent automation & optimisation as well as using the key features of Blockchain technology, banking & financial organisations are able to improve their approach to Technology risk management, gaining the agility they need to have a competitive advantage, reducing the cost & complexity of managing technology & IT security risk while maximising accuracy, speed and value.
From a IT systems Audit & Compliance perspective, blockchain based audit compliance system recoding all transaction to the IT assets in a structured, incorruptible & secure manner and the smart contract capability of a blockchain& using IoT would seem to lend itself to the automation of “rules-based” operation and maintenance functions, including: upgrades, events, alerts etc....
Only authorised parties or users can assess records through use of encryption.
Claims (9)
1. Claim-1: The 1st claim - A private permissioned blockchain & distributed ledger technology (DLT) based information technology regulatory compliance management / reporting application - eliminating duplications, increase transparency and efficiency creating an environment where auditable compliance data for technology risk can be directly accessed by all relevant parties such as regulators, auditors, auditees, vendors etc. and rules can be automatically executed with blockchain smart contracts and/or IoT triggered smart contracts all transaction information captured on the blockchain. Allowing better, improved, more live control of technology and IT asset’s regulatory & risk compliance By creating secure log created for devices and events in an organisation’s data centres Contained in private permissioned blockchain-based distributed ledger (DL) Daily log of all transactions added to DL (Or individual transactions) Each time event occurs on a IT asset, block is added to DL Then, copy of DL saved on each blockchain network node active within the application The application providing an access to auditable data which are verified and hard to tamper with, creating time-stamped, immutable and historical records; The application one of the key features, the ability to facilitate constitution of a transparencies & inter-operable environment where regulatory compliance rules can be implemented, enforced and adapted by monitoring their effects in real-time and by using feedback from the participants on the both sides (auditor and the auditee); Provision of instruments to monitor and quantify both the reliability and reputation of users; * Creation of a platform where rules can be encoded within the system -enabling automated review via the regulatory bodies and; Create a unique source of truth approved by the community via consensus. To further improved the regulatory compliance posture the application stops the companies facing a pending audit are not able to reverse engineer documentation in bulk to satisfy compliance
2 Claim-2: The 2nd claim - Application allowing a real-time, cryptographically secure assess to technology asset risk management & audit compliance data to all relevant parties based as per their approved valid membership and access privileges Based on agreed permissioned set within the application lets-regulator/s or auditor/s or IT vendor/s and internal staff to have read-only or read/write (where relevant), near real-time access into the private blockchain for technology risk compliance of an organizations. This application allows all relevant parities to play a more proactive role by letting them analyse information in real-time mode. This application brings them closer to becoming participants in the technology auditing and compliance process - rather than customers of -the audit and compliance process. Such a change will dramatically reduce the time and effort and therefore cost that financial institutions spend on regulatory reporting, as well as improving the quality, accuracy and confidence of and in the process. CLAIMS
3. Claim-3: The 3rd claim - Application has the functionality enabling the organisation to hook existing or future Internet of Things (IoT) sensors and platforms and can write all transaction and reporting data to the blockchain & decentralised application ledger.
4. Claim-4: The 4th claim - Application provides the smart contract capability of a blockchain as well as using IoT data triggered smart contract execution for the automation of “rules-based” technology management operation and maintenance functions, including: upgrades, maintenance request provisioning, events, alerts etc.... All the such transaction are recorded on the blockchain ledger
5. Claim-5: The 5th claim - The application’s use of blockchain technology lets the system use Blockchain technology’s immutability feature to also lends itself to the application of proof-of-process for technology risk and its regulatory compliance. The system provides functionality to keep track (record) of the steps required by regulation. Recording actions and their outputs immutably in a blockchain and creating an audit trail for regulators to verify compliance. CLAIMS
6. Claim-6: The 6th claim - The application has a in-build Artificial Intelligence (AI) and Machine Learning (ML) data-analytics functionality as well as a API to interact with the third party data-analytics tools and then uses the analytical output to generate various custom report and event / alarm triggers and forwards to the relevant intended party or user. These reports/ alarms / event triggers and the data within them all can be customized within the application. The application has the inbuilt functionality were all the reporting and event / alarm triggers thresholds can be programed in to the smart contracts with the application ready to be automatically executed with the application. * Since the blockchain has a database record for every single transaction, the applications data analytic function mine for patterns in real-time and greatly improve transparency in data analytics for its users. The application’s data analytics functionality, is an import key feature because the data rendered available by blockchain will be immense. The use of data visualization function with the application allows auditors to not only provide assurance over the systems, but it will also allow other consulting firms to assist with planning and decision making to the application using organisation/s. Through intelligent automation and optimisation, the applications using clients are able to improve their approach to IT risk management, gaining the agility they need to have a competitive advantage, reducing the cost and complexity of managing risk while maximising accuracy, speed and value when it comes to technology risk compliance and wining there customers and stakeholders confidence. CLAIMS
7 Claim-7: The 7th claim - The application has the ability to write the data using APIs from existing IT infrastructure management system, for example DCIM (Datacenter Infrastructure Management), CMDB (Configuration Management Database), SCDB (Service Composition Database), IAM (Identity & Access Management) legacy systems.
8. Claim-8: The 8th claim - The application has the ability to manage users (such as Regulators, Auditors, Vendors, various team units from the auditee) with their access to the application using inbuilt smarts and information from IAM and blockchain assess systems.
9 Claim-9: The 9th claim - The application has the functionality to load and work with the regulatory compliance framework and checklist from international regulatory bodies, for example MAS (Monetary Authority of Singapore), APRA (Australian Prudential Regulation Authority), RBA (Reserve Bank of Australia).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2018100340A AU2018100340A4 (en) | 2018-03-20 | 2018-03-20 | Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2018100340A AU2018100340A4 (en) | 2018-03-20 | 2018-03-20 | Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2018100340A4 true AU2018100340A4 (en) | 2018-05-10 |
Family
ID=62089495
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2018100340A Ceased AU2018100340A4 (en) | 2018-03-20 | 2018-03-20 | Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2018100340A4 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111652458A (en) * | 2020-04-09 | 2020-09-11 | 南京审计大学 | Engineering auditing method based on block chain technology |
| CN111652525A (en) * | 2020-06-16 | 2020-09-11 | 深圳前海微众银行股份有限公司 | Risk tail end client analysis method, device, equipment and computer storage medium |
| US10841178B2 (en) | 2018-11-26 | 2020-11-17 | International Business Machines Corporation | Cognitive balancing IT ecosystems |
| CN112910974A (en) * | 2021-01-21 | 2021-06-04 | 贵州电网有限责任公司 | System and method based on block chain system architecture |
| US11210751B2 (en) | 2020-01-14 | 2021-12-28 | International Business Machines Corporation | Targeting energy units in a blockchain |
-
2018
- 2018-03-20 AU AU2018100340A patent/AU2018100340A4/en not_active Ceased
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10841178B2 (en) | 2018-11-26 | 2020-11-17 | International Business Machines Corporation | Cognitive balancing IT ecosystems |
| US11210751B2 (en) | 2020-01-14 | 2021-12-28 | International Business Machines Corporation | Targeting energy units in a blockchain |
| CN111652458A (en) * | 2020-04-09 | 2020-09-11 | 南京审计大学 | Engineering auditing method based on block chain technology |
| CN111652458B (en) * | 2020-04-09 | 2023-09-26 | 南京审计大学 | Engineering auditing method based on blockchain technology |
| CN111652525A (en) * | 2020-06-16 | 2020-09-11 | 深圳前海微众银行股份有限公司 | Risk tail end client analysis method, device, equipment and computer storage medium |
| CN111652525B (en) * | 2020-06-16 | 2024-05-03 | 深圳前海微众银行股份有限公司 | Method, device, equipment and computer storage medium for analyzing risk tail end customer |
| CN112910974A (en) * | 2021-01-21 | 2021-06-04 | 贵州电网有限责任公司 | System and method based on block chain system architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2018100340A4 (en) | Private Permissioned Blockchain, Distributed Ledger Technology (DLT), Smart Contract & IoT based Technology Risk Compliance Management, Regulatory Compliance Reporting and IT Asset Management solutions for the banking & financial industry. | |
| US11436613B2 (en) | Computer-guided corporate governance with document generation and execution | |
| US20230076019A1 (en) | Smart pest trap as iot in policy fabric and sharing system for enabling multi-party data processing in an iot environment | |
| Khan et al. | A distributed-ledger consortium model for collaborative innovation | |
| US20180315145A1 (en) | Managing school systems on a blockchain | |
| Desplebin et al. | To be or not to be: blockchain and the future of accounting and auditing | |
| US20220051261A1 (en) | Processes and systems of blockchain with verification through a consortium of stakeholders | |
| US20150220757A1 (en) | System and Method for Providing a Standardized Data Sharing Platform | |
| US11507291B2 (en) | Data block-based system and methods for predictive models | |
| US20210081549A1 (en) | Systems and methods for sharing data assets via a computer-implemented data trust | |
| US20200058163A1 (en) | System and Method for Mapping a Virtual Building Model | |
| US11798085B2 (en) | Real-time equity financing planner | |
| Church et al. | Forecast cloudy—Fair or stormy weather: Cloud computing insights and issues | |
| US20140304009A1 (en) | System and method for management of insurable assets | |
| Subramanian et al. | Blockchain regulations and decentralized applications: panel report from AMCIS 2018 | |
| CN111402045A (en) | Account data supervision method and device | |
| US10872314B2 (en) | Portable computerized interactive training profile | |
| US20210312555A1 (en) | Computer-Guided Corporate Financing with Document Generation and Execution | |
| US20210082061A1 (en) | Data governance system, model and process for multi-source financial reference data using automated business logic | |
| Kraus et al. | Management of BAIS: technological trends and digital iInitiatives 4.0 | |
| Backer | Trust Platforms: The Digitalization of Corporate Governance and the Transformation of Trust in Polycentric Space | |
| Velibor | Managing information security in healthcare | |
| US20220180443A1 (en) | Investment Entity Management | |
| Lukita et al. | Integrated Academic Service Digitalization at Universities Utilizing Blockchain Technology | |
| Yuliyanto | Cloud payroll system as the model of the fourth industry revolution (industry 4.0) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |