JP5138826B2 - Corporate risk sensitivity evaluation system - Google Patents

Description

  The present invention relates to an enterprise risk sensitivity evaluation system.

  In general, there is risk management as one of the business management methods of a company. This risk management aims to reduce or eliminate adverse effects (corporate risks) in various corporate activities at a minimum cost.

  Management consultants, etc., use this risk management method to analyze business risks due to unforeseen accidents and advise companies on measures (solutions) to deal with those risks. It is.

  For this reason, a company risk diagnosis support apparatus that quantitatively evaluates a company risk has been proposed (for example, see Patent Document 1).

  By the way, in recent years, the so-called new company law has been enacted, and the so-called Japanese version of the SOX law (the Financial Instruments and Exchange Law, the Investment Service Law) has been promulgated, and the establishment and introduction of an internal control system aimed at preventing corporate fraud It is expected to be required.

  The establishment and introduction of internal control systems (rules) will be required for large companies under the new company law, and the Japanese version of the SOX Law (Financial Instruments and Exchange Law) will be required for listed companies, including emerging markets. Legal internal control rules will be applied from the fiscal year ended April 1, 2008).

  The internal control rules are used to check a wide range of corporate management systems. There are various items such as whether employees comply with laws and regulations, whether they are dissatisfied with information management, and whether the board of directors has resolved important management decisions. The management confirms this, prepares a report, and submits it to the audit corporation along with an oath that there is no falsehood.

  The creation of this report is a heavy burden for the company, but if there is data for creating a “risk control matrix” (RCM) that describes the relationship between the company risk in the business and its response, the creation of such a report The amount of work can be reduced.

JP-A-9-114801

  However, the conventional corporate risk diagnosis support apparatus is a stand-alone, and the evaluation criteria for evaluating the corporate risk are artificially preset and fixed, so that the evaluation of the corporate risk is static. However, there is a problem that it is not possible to cope with actual corporate activities that change dynamically.

  For this reason, there is also a problem that it is not easy to provide data for creating a “risk control matrix” (RCM) corresponding to the internal control rules.

  Furthermore, even if measures are taken for individual company risks, there is also a problem that it is extremely difficult to determine whether or not the company's ability to respond to internal control is necessary and sufficient.

  The present invention has been made in consideration of such circumstances, and its purpose is a company that promptly evaluates a company's ability to respond to risks, such as crisis management ability against company risks, as a risk sensitivity in response to actual corporate activities. It is to provide a risk sensitivity evaluation system.

  The invention according to claim 1 is a first database in which a checklist having a plurality of questions for evaluating a company's ability to respond to a company risk, and the checklist can be read and browsed from the first database. In response to the answers provided by the company and the questions on this checklist, the points allocated in advance for each question are summed for each question for each company, and the risk for each company is determined based on the total score. An ASP server having a company-specific risk sensitivity evaluation means that calculates the evaluation score of the ability to respond to risk as a risk sensitivity and provides the evaluation point to a company-side terminal by the providing means, and the company-specific risk sensitivity evaluation means A second database that accumulates the calculated risk sensitivity evaluation score for each company, and the ASP server provided in the plurality of companies. A checklist provided via the Internet, a browsing means for browsing the risk sensitivity evaluation score for each company, and a terminal having an answer input means for inputting an answer to a question of the checklist, and the ASP server Extracts a plurality of company-specific risk sensitivity evaluation points calculated by the company-specific risk sensitivity evaluation means from the second database, and calculates an average value of at least one of the securities trading market and the industry to which the company belongs. Risk sensitivity evaluation point average value calculating means, risk sensitivity evaluation comparing means for comparing the risk sensitivity evaluation point for each company with an average value of at least one risk sensitivity evaluation point for each securities trading market and industry, and the company Risk factor analysis means for analyzing another risk sensitivity evaluation point for each risk factor, and the terminal belongs to the company A company risk sensitivity rating system characterized in that it comprises a viewing means viewable to another at least one of the average value by securities markets and industries in real time.

  The invention according to claim 2 is characterized in that the risk factor analysis means has a function of analyzing the risk sensitivity evaluation score for each company for each risk factor and for each attribute of the question answerer. 1 is a corporate risk sensitivity evaluation system according to 1.

  According to a third aspect of the present invention, the ASP server includes a chart generating means for generating a chart of the risk sensitivity evaluation score for each company, the comparison result by the risk sensitivity evaluation comparing means, and the analysis result by the risk factor analyzing means. The corporate risk sensitivity evaluation system according to claim 1 or 2, further comprising:

  According to the present invention, when a risk sensitivity check list for evaluating the ability to cope with a company risk such as a company's risk management ability is browsed by a terminal, and answers to a plurality of questions in this list are input from the terminal, the terminal belongs. A company's ability to respond to a risk is evaluated as a risk sensitivity by a company-specific risk sensitivity evaluation means of an ASP server. And this enterprise-specific risk sensitivity evaluation point can be browsed in real time by the browsing means of a terminal.

  In addition, these corporate risk sensitivity assessments contain data for creating a “risk control matrix (RCM)” necessary for the creation of reports that are scheduled to be mandated by the Japanese SOX Act, etc. This can reduce the burden of document creation.

The schematic diagram which shows the hardware constitutions of the company risk evaluation system and company risk sensitivity evaluation system which concern on this invention. The figure which shows a part of check sheet | seat shown in order to mainly explain the question of the check list of the company risk evaluation system shown in FIG. The figure which shows the check list [risk evaluation] screen displayed on the display of the terminal shown in FIG. The figure which shows the check sheet [risk evaluation] screen similarly displayed on the display of a terminal. The figure which shows an example of the calculation method of the risk evaluation point according to company of a company risk evaluation system. The figure which shows the evaluation radar chart classified by market of a company risk evaluation system. The figure which shows the evaluation radar chart classified by industry of a company risk evaluation system. The figure which shows the evaluation radar chart classified by item of a company risk evaluation system. The figure which shows the risk map of a company risk evaluation system. The figure which shows the risk map which shows transition of the risk factor of a company risk evaluation system. The figure which shows a part of evaluation score list according to division name of a company risk evaluation system. The figure which shows the worst risk ranking table according to map area of a company risk evaluation system. The figure which shows change rate ranking / best 10 table | surface of a company risk evaluation system. The figure which shows change rate ranking / worst 10 table | surface of a company risk evaluation system. The flowchart which shows the business flow of a company risk evaluation system and a company risk sensitivity evaluation system. The figure which shows a part of comprehensive ranking table of a corporate risk sensitivity evaluation system. The figure which shows an example of the calculation method of the risk sensitivity evaluation point according to company of a company risk sensitivity evaluation system. The figure which shows the evaluation radar chart classified by market of the enterprise risk sensitivity evaluation system, and the evaluation radar chart classified by industry. The figure which shows the radar graph (chart) frequency comparison display of a company risk evaluation system [total by company] screen. The figure which shows the radar chart and list showing the consciousness disparity by generation of the enterprise risk sensitivity evaluation system.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In addition, the same code | symbol is attached | subjected to the same or an equivalent part in several attached drawing.
FIG. 1 is a schematic diagram showing the overall configuration of a company risk evaluation system 1 according to the present invention.

  As shown in FIG. 1, a company risk evaluation system 1 includes an ASP (Application Service Provider) server 2, a plurality of terminals (clients) 3 a to 3 n respectively disposed in a plurality of companies A, B, C. A management PC (personal computer) 4 and a consultant PC 5 are connected via a gateway 6 and the Internet 7 so that bidirectional data communication is possible.

  Terminals 3a to 3n require, for example, 50 or more for each company A to N. For example, employees belonging to a plurality of departments such as the general affairs department, sales department, accounting department, public relations department, general affairs department, This is a personal computer (PC) used by employees with desirable attributes as a risk evaluator (risk respondent), such as managers such as section managers, men and women, employees of multiple ages. As a risk evaluator, it may be limited to the section manager or higher.

  That is, when the companies A to N conclude a use contract of at least one of the enterprise risk evaluation service and the enterprise risk sensitivity evaluation service with the ASP service provider, the system management PC 4 of the system administrator who is the ASP service provider An ID and a password (PW) for using the ASP server 2 are transmitted to all evaluators.

  On the other hand, the terminals 3a to 3n have an HTTP interface for communicating data and files with the ASP server 2 and browsing software such as an HTML browser for displaying the data and files from the ASP server 2 on the display screen. doing.

  The ASP server 2 is installed in the data center 8, for example, and is managed and operated by a system administrator. The ASP server 2 has an application program for realizing a function for providing an enterprise risk evaluation service which is an ASP service. This application program is a program for providing a company risk evaluation service to the companies A to N, and provides files and data relating to the company risk evaluation service to the terminal programs of the terminals 3a to 3n of the companies A to N, while the terminal 3a. The files and data such as answers to the checklist questions input from .about.3n are stored in the database DB.

  The ASP server 2 includes a checklist providing unit 2a, a company-specific risk evaluation unit 2b, a risk evaluation average value calculation unit 2c, a risk evaluation comparison unit 2d, a risk factor analysis unit 2e, a chart generation unit 2f, and a database DB. The database DB stores attributes such as risk evaluators (respondents), their IDs and passwords, and various information for providing a company risk evaluation service. Further, the ASP server 2 and the database DB are provided with the backup ASP server 2B and the database DBB.

  Then, the ASP server 2 records programs for realizing the check list providing unit 2a to the chart generation unit 2f on a recording medium such as an HDD (Hard Disk Drive), and the programs are stored in a CPU (Central Processing Unit). These means 2a to 2f are realized by executing the above.

  The check list providing unit 2a is a unit that receives a check list browsing request from the terminals 3a to 3n, extracts a check list that meets the request from the database DB, and provides the check list to the terminals 3a to 3n. The checklist is composed of multiple questions (eg, 186) that are necessary for assessing corporate risk, including the attributes of respondents, ie, the name, department name and company name of the corporate risk assessor. Including.

  The company-specific risk evaluation means 2b responds to checklist questions at the end of input of a predetermined number of answers, or at the end of a predetermined evaluation input period (for example, two months) set by the system management PC 4 or the consultant PC 5. The risk evaluation score for each company is calculated by a calculation method to be described later based on the scores assigned in advance to these answers. The company-specific risk evaluation points are accumulated in the database DB.

  The risk evaluation average value calculating means 2c reads out the risk evaluation score for each company from the database DB for each securities market and each industry, obtains the average risk evaluation score for each company for each securities market and each industry, and accumulates them in the database DB. Is. The calculation of the average value for each securities market or industry by the risk evaluation average value calculation means 2c is almost the same as the evaluation score calculation of the risk evaluation means 2b for each company, and the answer to the checklist question is sent from the terminals 3a to 3h for each company. This is started when a predetermined number of inputs are completed or when the evaluation input period ends.

  Therefore, the average risk evaluation score by company for each securities market and industry is calculated based on the risk evaluation score from actual companies A to N, and is not a mere theoretical value. Information such as very important guidelines can be provided.

  FIG. 2 shows a part of the check sheet 9 describing the check list. Industry characteristics, surrounding environment, innovative changes (external factors), B. Criminal acts (external factors), C.I. Anthropogenic phenomena (external factors); Abnormal weather / natural disasters (external factors), Accidental phenomenon (external factor), F.R. Small damage accumulation (for example, accumulation of losses of less than 200,000 yen) (external factor), G. Financial risk …… R. There are risks related to accounting and finance (see Figure 8). These risk items A to R are a summary of small concept risk factors based on the required criteria, medium concept or large concept.

  Each risk item includes multiple questions (risk factors) such as the characteristics of the A-1 industry, the status of competitors, revision of the A-2 law, changes in regulations, A-3: economic environment, etc. For example, 186 questions are prepared.

  FIG. 3 shows a check list screen 10 displayed on the displays of the terminals 3a to 3n when risk is evaluated using this check list. The check list screen 10 includes columns for an evaluation button 10a, a question number, a question (risk), and an evaluation score.

  When the evaluation button 10a is pressed, the check sheet screen 11 shown in FIG. 4 is displayed, and a detailed explanation of the question and a check box for checking the influence degree and frequency are displayed. The degree of influence indicates the amount of damage (yen) when a company risk occurs, and the frequency indicates the frequency of occurrence of the company risk. The frequency has 6 levels of a to f and the impact level has 6 levels of 1 to 6.

  Therefore, a score evaluator who is a user of the terminals 3a to 3n puts a check in a check box for each question in consideration of the detailed explanation of the question. Then, the checklist screen 10 shown in FIG. 3 is displayed again, and the evaluation is displayed by the level (for example, any one of 1 to 6) in the evaluation score column of the degree of influence and frequency.

  FIG. 5 shows an example in which the overall risk assessment score for each company is calculated by the enterprise risk assessment means 2b. That is, when 50 evaluators have evaluated the degree of influence and frequency according to levels 1 to 6 and a to f with respect to one required question, for example, an evaluator who has evaluated (answered) the degree of influence as level 1. The number is 3 and the number of evaluators evaluated as level 2 is 5, the following are level 3-10, level 4-16, etc., and the number of evaluators evaluated as level a is 3 Hereinafter, in the case of evaluation with level b-5, level c-10,..., Level coefficients are first obtained.

In the case of the influence degree, this level coefficient is obtained by squaring the numerical values of the respective levels 1 to 6. That is, level 1 is 1 ² = 1, level 2 is 2 ² = 4, level 3 is 3 ² = 9, level 4 is 16 (4 ² ), level 5 is 25 (5 ² ), level 6 is 36 ( 6 ² ).

On the other hand, frequency level coefficients are preliminarily assigned, for example, a = 6 points, b = 5 points, c = 4 points, d = 3 points, e = 2 points, and f = 1 point. These points are set in response to questions based on years of experience in corporate risk assessment. Next, the level coefficient is obtained by squaring these points. Therefore, the level coefficient of a is 36 (6 ² ), hereinafter, b = 25 (5 ² ), c = 16 (4 ² ), d = 9 (3 ² ), e = 4 (2 ² ), f = 1 ( 1 ² ). These coefficients can be changed as appropriate.

  Next, these level coefficients are multiplied by the number of evaluators at each level to calculate evaluation points for each level 1-6. For example, in the case of the influence degree, 1 level is 3 (1 × 3 names), 2 levels = 20 (4 × 5 names), 3 levels = 90 (9 × 10 names), 4 levels = 256 (16 × 16 names), ......

  On the other hand, the evaluation score for each frequency level a to f is similarly obtained by multiplying each level coefficient by the number of evaluators of each level. Therefore, a level = 108 (36 × 3 names), b level = 125 (25 × 5 names), c level = 160 (16 × 10 names), and so on.

Next, the evaluation points for each level are summed for each degree of influence and frequency, and the total evaluation points are converted to a maximum of 1000 points according to the following equation (1).
[Equation 1]
Evaluation score converted to 1000 points = total evaluation ÷ number of evaluators ÷ maximum value of level coefficient × 1000 …… (1)

  Then, by adding the evaluation scores in terms of both the degree of influence and frequency in terms of 1000 points, dividing by “2” and rounding off after the decimal point, the total evaluation score per question (389≈ {452 + 327} ÷ 2) is calculated. By executing this calculation for all questions, it is possible to calculate an overall risk evaluation score for one company.

  The risk evaluation point average value calculating means 2c uses the company-specific risk evaluation points of the plurality of companies calculated by the company-specific risk evaluation means 2b in order to calculate the average value for each securities trading market and each industry.

  The securities trading market covers, for example, markets in Japan such as TSE 1st and 2nd, Mothers, JASDAQ, OSE 1st and 2nd, and Hercules. All industries, such as fisheries, agriculture and forestry, mining, construction, and food, are covered.

  The risk evaluation point comparison means 2d compares the average value of the risk evaluation points for each securities trading market and each industry, calculated by the risk evaluation point average value calculation means 2c, with the risk evaluation score of the required company, for example, FIG. These are displayed by a chart such as the radar charts 12 and 13 shown in FIG.

  The average risk evaluation score for each securities trading market and industry is calculated based on the actual self-assessment of each member company, and is not calculated based on theoretical values prepared in advance. Corporate activities are reflected in real time and are objective.

  In addition, non- (un) listed companies may want their own companies to compare their company's risk score with, for example, the company's risk score of the required company in the securities trading market that they wish to list. In order to be listed on the securities trading market, it can be used as a guide or guide for which risk factors are inferior and superior.

  Further, the risk evaluation point comparison means 2d also has a function of appropriately comparing risk evaluation points for the required number of times (for example, three times) in the same company. FIG. 19 shows an example of displaying risk evaluation points by company for the same company, for example, when the evaluation time is changed a plurality of times and the plurality of times (three times in FIG. 19) are superimposed on one radar chart 32. Is shown. According to the radar chart 32, changes or changes in risk factors (items) for three times (three years) of risk evaluation points for each company can be listed.

  The risk factor analysis means 2e analyzes the risk evaluation score for each company calculated by the risk evaluation means for each company 2b for each risk factor.

  FIG. 8 shows an example of a radar chart 14 that analyzes and displays risk evaluation points (overall) by company for each risk item composed of a plurality of risk factors. According to the radar chart 14, as the risk evaluation point is larger, the risk included in each risk item (risk factor) is higher, and the risk items with higher risk can be almost confirmed in a list.

  The chart generating means 2f generates a risk map 16 showing the transition of the risk evaluation score for each company shown in FIG. 10 and the risk map 15 shown in FIG. 9 and the radar map 12-14 shown in FIGS.

  Further, these risk maps 15 and 16 are roughly divided into four risk areas e1, e2, e3, and e4 by, for example, a cross-shaped partition line 17 in accordance with the degree of influence and frequency of the risk evaluation points. The area e1 in the upper right of the figure has a high risk evaluation score for both the degree of influence and frequency, and is a high risk area. Therefore, the area e1 is colored red according to the red of the danger signal, and then has the highest risk evaluation point. The risk area e2 may be colored yellow, the third risk area e3 with a high risk score may be colored blue, and the risk area e4 with a low risk score may be colored white. According to this, the size of the risk evaluation points can be listed by color of the risk areas e1 to e4.

  Further, in the chart generating means 2f, the cross-shaped partition line 17 that divides the risk areas e1 to e4 of the risk maps 15 and 16 indicates the intersection point O between the horizontal axis 17x and the vertical axis 17y, and the influence direction of the Y axis. Alternatively, it has a function of translating separately or simultaneously in the frequency direction of the X axis. Thereby, by appropriately controlling the size of each risk area e1 to e4, for example, it is possible to easily determine the risk factor having the highest risk evaluation in the fourth risk area e4 having the lowest risk evaluation. Become.

  Further, the chart generating means 2f includes the section name evaluation score list 18 shown in FIG. 11, the worst risk ranking tables 19, 20, 21 by map area shown in FIG. 12, and the rate change rate ranking / best 10 shown in FIG. It has a function capable of generating Tables 22, 23, and 24.

  11 shows a list of evaluation scores by division name according to divisions, in which the risk factors within one required company are sequentially arranged in the vertical direction in the table, while the risk evaluation points by division name of the company are arranged in a matrix in the horizontal direction. A configured list 18 is shown. In this list 18, the risk factors are classified into red, yellow, etc. according to the ranking of the company-wide risk evaluation point height (high risk). For example, the list 18 displays rankings 1 to 10 in red, 11 to 20 in orange, and 21 to 30 in yellow.

  For this reason, according to this list 18, it is possible to easily list risk factors having high risk evaluation points by department name. For example, among risk factors having a high risk ranking for each company, it is possible to easily and quickly find a risk factor having the highest risk evaluation score for each department name (department).

  The list 19-19 of the worst risk ranking by map area shown in FIG. 12 is listed in descending order from the risk evaluation score by company for each risk item (risk factor), so insurance coverage that can hedge the risk In addition, it is possible to clarify measures and responses such as the above, and it is possible to extract a risk factor of serious concern relating to, for example, Article 362 (Internal Control Rules) of the New Company Law.

  The change rate ranking / best 10 tables 22 to 24 shown in FIG. 13 show that the risk evaluation point is the lowest due to the change in the risk evaluation point at the time of evaluation of the risk evaluation point by company and the previous time, that is, the negative change rate is large. In other words, the best 10 risk factors that have been improved are shown separately for the overall evaluation score, the degree of influence, and the frequency. For this reason, it is easy to find the risk factor that has been remarkably improved this time by the degree of influence and the frequency.

  On the other hand, the change rate ranking / worst 10 table 25 to 27 shown in FIG. 14 shows the worst score having the highest risk due to the change in the risk rating score at the time of evaluation of the risk rating score according to the previous time and this time, the overall rating score, the impact Shown by degree and frequency. For this reason, it is easy to find a risk factor that has been remarkably deteriorated this time.

  FIG. 15 is a business flow diagram of the company risk evaluation system 1. First, when the manager of the company (clients) A to N and the consultant conclude a contract for providing a company risk assessment service, the system administrator who received the instruction from the consultant will receive company information such as the company name and the risk assessor. Personal information such as necessary attributes such as the names of all employees is input from the system management PC 4 and registered as a user in the database DB of the ASP server 2.

  Furthermore, the ID and password (PW) of all the risk evaluators are transmitted from the system management PC 4 to the terminals 3a to 3n of the company via the Internet 7. The system management PC 4 and the consultant PC 5 can change or edit the checklist questions, etc., and the risk evaluation period can be appropriately set for the ASP server 2.

  After this, on the company side, the risk evaluator inputs the ID and password to the terminals 3a to 3n, logs in to the ASP server 2 remotely, browses the check list from the ASP server 2, and asks the check list by the terminals 3a to 3n. Enter the answer to. Files and data such as answers are stored in the database DB. Thereby, the ASP server 2 evaluates the risk of the company by calculating the risk evaluation score for each company by the risk evaluation means 2b for each company.

  At this time, the manager on the company side manages the progress of risk assessment by using any of the terminals 3a to 3n, inputs his own risk assessment, traces the risk assessment of other employees, and consults the consultant. Inquiries can be made.

  The consultant PC 5 can respond to inquiries from companies, trace risk assessments, and manage progress. The system management PC 4 can respond to inquiries from the consultant PC 5 and trace the risk assessment of the company.

  When the risk assessment input is completed on the company side, the ASP server 2 automatically calculates the company-specific risk evaluation score by the company-specific risk evaluation means 2a. The risk evaluation average value calculation means 2c, when the calculation of the company-specific risk evaluation points by the company-specific risk evaluation means 2a is completed, based on the company-specific risk evaluation points of other companies such as the same industry accumulated at this time. Calculate the average risk rating score for each industry by industry or securities market. The risk evaluation comparing means 2b compares the average value of the risk evaluation score for each company by industry or the securities market with the risk evaluation score for each company.

  Therefore, when the company risk rating score for the required company is calculated, the average value for each securities market or industry is calculated based on the company-specific risk rating score for other companies already accumulated. It can be calculated based on the risk assessment score for each company. Furthermore, the chart generation means 2f automatically generates various charts such as risk maps and radar charts based on the company-specific risk evaluation points, accumulates these data in the database DB, and allows browsing from the terminals 3a to 3n. To.

  Among these terminals 3a to 3n, those used by the manager of the company can input necessary comments (opinions) on the comment sheet and make inquiries to the consultant PC 5 and the system administrator PC 4.

  Further, the consultant PC 5 can automatically read out data on risk evaluation from the database DB of the ASP server 2 and automatically generate a paper analysis report analyzing the risk evaluation.

  For this reason, the companies A to N can browse the data related to the company's own risk evaluation points from the ASP server 2 in real time, and further obtain them offline as a paper analysis report printed on paper.

  Next, the corporate risk sensitivity evaluation system 1A according to the first embodiment of the present invention will be described. Since the hardware configuration of the enterprise risk sensitivity evaluation system 1A is almost the same as the configuration shown in FIG. 1, the redundant description is omitted or briefly described.

  That is, the company risk sensitivity evaluation system 1A includes a server 2A, which is substantially the same as the ASP server 2 having the database DB, and a plurality of terminals (clients) 3a ... 3n respectively arranged in the companies A, B, C,. A system administrator PC 4 and a consultant PC 5 are connected to the gateway 6 via the Internet 7 so that bidirectional data communication is possible. Further, the ASP server 2A includes the same database DBB as the backup ASP server 2B.

  However, the company risk sensitivity evaluation system 1A provides a company risk sensitivity evaluation service to the companies A to N, and does not provide a company risk evaluation service like the company risk evaluation system 1, so the ASP server 2A Has a program for providing enterprise risk sensitivity evaluation services to enterprises A to N.

  The Company Risk Sensitivity Assessment Service creates a checklist of risks in the current state of the company, for example, from the perspective of crisis management capability, construction of internal control systems, information management and compliance, etc. It is expressed as a rating and identifies weaknesses peculiar to companies.

  This service uses, for example, a five-level evaluation as a method for comprehensive assessment of risk sensitivity, and uses percentages as a method to show details of each item. 125 questions including 50 executive officers including executive officers as evaluators The answer to this question is obtained and verified and analyzed. However, the number of evaluators may be 50 or more and 50 or less, and the number of questions, the contents of the questions, and the evaluation stage may be appropriately changed. In addition, since each group is divided and analysis of discrepancies in consciousness disparity and understanding of policies, it can also be used as an index to grasp the level of recognition and the thoroughness in system development.

  The ASP server 2A includes a checklist providing unit 2a, a company-specific risk sensitivity evaluation unit 2g, a risk sensitivity evaluation average value calculation unit 2h, a risk sensitivity evaluation comparison unit 2i, and a chart creation unit 2j. The ASP server 2 records programs for realizing the means 2a, 2g, 2h, 2i, and 2j on a recording medium such as an HDD, and executes these programs by a CPU (Central Processing Unit). These means 2a, 2g, 2h, 2i, 2j are realized.

  The check list providing unit 2a is a unit that receives requests from the terminals 3a to 3n, extracts a check list that meets the requests from the database DB, and provides the terminals 3a to 3n so that they can be viewed.

  When a predetermined number of answers are input to the checklist questions, the company-specific risk sensitivity evaluation means 2g uses the calculation method described later to calculate the company-specific risk sensitivity evaluation points. Is to be calculated. The company-specific risk sensitivity evaluation points are accumulated in the database DB.

  The risk sensitivity evaluation average value calculating means 2h reads out the risk sensitivity evaluation point by company from the database DB, and obtains the average risk sensitivity evaluation point value by company for each securities market and industry, respectively. It accumulates in.

  Therefore, the average risk sensitivity evaluation score by company for each securities market and industry is calculated based on the risk sensitivity evaluation score from actual companies A to N, and is not a mere theoretical value. It can provide information such as guidelines that are very important to the activity.

  FIG. 16 shows the general ranking table 28. This ranking table 28 is a table listing the questions with the lowest appropriate answer rate in 125 questions in the checklist in ascending order.

  A question is answered with YES or NO, and when the answer matches an appropriate answer predetermined on the question side for each question, a predetermined score is given for each question. As evaluators, for example, employees who belong to multiple departments such as the general affairs department, sales department, accounting department, public relations department, general affairs department, managers such as department managers, men and women, employees who belong to multiple ages, etc. Employees with desirable attributes as risk assessors (risk respondents).

  FIG. 17 is an answer result sheet 29 in which a part of the answer results for one company is omitted. The ID number of the evaluator of the company is arranged on the leftmost vertical axis, and all questions Q001 to Q125 (for example, on the horizontal axis) 125), and scores (scores) for all questions Q001 to Q125 by all evaluators are shown. Here, the scores (scores) when matching the appropriate answer are assigned in advance to Q001 = 10, Q002 = 9, Q003 = 9, Q004 = 8... Q125 = 10.

  The risk sensitivity total score (point) for one company is calculated by adding the total evaluator per evaluator for all the evaluators for all evaluators. Next, the total evaluation score (points) of risk sensitivity is calculated by dividing the total evaluation score of all members by the total number of evaluators (25626 ÷ 50 = 513). Moreover, since this risk sensitivity overall evaluation score 513 is within the range of 401 to 660 of level 3, the risk (crisis) sensitivity level is 3 (see FIG. 17).

  FIG. 18 shows radar charts 30 and 31 showing comparison between company risk sensitivity evaluation and market evaluation, and comparison with the same industry evaluation. The market-specific evaluation radar chart 30 includes a radar chart 30a generated by the chart creation unit 2j based on the risk sensitivity comprehensive evaluation point of a required company (for example, ABC) calculated by the company-specific risk sensitivity evaluation unit 2g, The sensitivity evaluation average value calculating means 2h concentrically overlaps the radar chart 30b generated based on the average value of the risk sensitivity comprehensive evaluation points of a plurality of companies in the securities trading market (for example, JASDAQ) to which the company ABC belongs. It is displayed so that it can be compared. These radar charts 30 and 31 analyze the risk sensitivity evaluation score for each company as a risk item by analyzing the score for each question item, that is, for each risk sensitivity factor. Risk items include, for example, management's crisis (risk) management capabilities, contact with stakeholders, corporate culture / structure / badness, information management and compliance, etc. (see Fig. 18). Based on the criteria of the above, it is summarized in medium concept or large concept.

  The comparative radar chart 30 can also be applied to a case where a required company is compared with a different average for each securities market. For example, a company-specific risk sensitivity evaluation radar chart for unlisted companies and a company-specific risk sensitivity evaluation radar chart for listed companies such as TSE may be displayed so as to be comparable.

  In addition, the industry-specific evaluation radar chart 31 is a radar chart generated based on the average value for each industry (for example, food) in addition to the radar chart 31a generated based on the overall risk sensitivity evaluation score of a required company (for example, ABC). 31b is superimposed and displayed concentrically.

  The chart generating means 2j can also generate a radar chart and a table showing the consciousness disparity between genders, generations, workplaces, job types, and hierarchies among risk sensitivity evaluators in the same company.

  Further, the chart generating means 2j can also generate a ranking table in which questions and numerical values of appropriate answer rates are arranged in ascending or descending order according to the magnitude of the appropriate answer rate for all questions (125 questions). In addition, the company risk sensitivity evaluation system 1A can analyze the risk sensitivity evaluation point for each company for each risk factor, and evaluate the evaluation as shown in the same chart 34 as the radar chart 33 showing the difference in consciousness by generation shown in FIG. You may comprise so that it may analyze for every person's attribute.

DESCRIPTION OF SYMBOLS 1 Corporate risk evaluation system 1A Corporate risk sensitivity evaluation system 2 ASP server 2A ASP server 2a Check list providing means 2b Risk assessment means 2c for each company 2c Risk evaluation average value calculating means 2d Risk evaluation comparing means 2e Risk factor analyzing means 2f Chart generating means 2g Company-specific risk sensitivity evaluation means 2h Risk sensitivity evaluation average value calculation means 2i Risk sensitivity evaluation comparison means 2j Chart generation means 3a to 3n Terminals (clients)
4 PC for system management
5 PC for consultant
7 Internet 8 Data Center

Claims (3)

A first database storing a checklist having a plurality of questions for evaluating a company's ability to respond to corporate risks;
Receiving means for reading the checklist from the first database and providing the checklist for viewing, and a response from the company to the checklist questions, the points allocated in advance for each question are assigned to each question for each company. Based on this total score, the risk assessment score for each company is calculated as a risk sensitivity, and the risk sensitivity assessment means for each company is provided by the provision means to the company terminal. An ASP server,
A second database for accumulating enterprise risk sensitivity evaluation points calculated by the enterprise risk sensitivity evaluation means;
A checklist provided in a plurality of companies and provided from the ASP server providing means via the Internet, a browsing means for browsing the risk sensitivity evaluation score for each company, and an answer input means for inputting an answer to a checklist question A device with
Comprising
The ASP server extracts a plurality of risk sensitivity evaluation points for each company calculated by the risk sensitivity evaluation means for each company from the second database, and averages at least one of the securities transaction market and the industry to which the company belongs. Means for calculating the average value of risk sensitivity evaluation points,
A risk sensitivity evaluation comparing means for comparing the risk sensitivity evaluation score for each company with an average value of at least one risk sensitivity evaluation score for each stock trading market and each industry;
A risk factor analysis means for analyzing the risk sensitivity evaluation score for each company for each risk factor,
The company risk sensitivity evaluation system characterized in that the terminal comprises browsing means capable of browsing in real time at least one average value for each securities market and type of industry to which the company belongs. 2. The enterprise risk sensitivity evaluation system according to claim 1, wherein the risk factor analysis means has a function of analyzing the enterprise risk sensitivity evaluation point for each risk factor and for each attribute of the question answerer. . The ASP server comprises a chart generating means for generating a chart of the company-specific risk sensitivity evaluation point, the comparison result by the risk sensitivity evaluation comparing means, and the analysis result by the risk factor analyzing means. The enterprise risk sensitivity evaluation system according to claim 1 or 2.