WO2007068121A1 - Method and apparatus for monitoring corporate governance compliance - Google Patents

Method and apparatus for monitoring corporate governance compliance Download PDF

Info

Publication number
WO2007068121A1
WO2007068121A1 PCT/CA2006/002049 CA2006002049W WO2007068121A1 WO 2007068121 A1 WO2007068121 A1 WO 2007068121A1 CA 2006002049 W CA2006002049 W CA 2006002049W WO 2007068121 A1 WO2007068121 A1 WO 2007068121A1
Authority
WO
WIPO (PCT)
Prior art keywords
compliance
entity
subject
database
rules
Prior art date
Application number
PCT/CA2006/002049
Other languages
French (fr)
Inventor
Oscar A. Jofre
Warren Cabral
Sean Griffin
Randy Thompson
Ora Zabloski
David Cronin
Adrian Banica
Kenneth Parker
Valerian Pappes
Doug Kirillo
Andrew Chamberlain
Marshall Rosichuk
Original Assignee
Governanceglobal Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CA002534154A external-priority patent/CA2534154A1/en
Application filed by Governanceglobal Corp. filed Critical Governanceglobal Corp.
Publication of WO2007068121A1 publication Critical patent/WO2007068121A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Definitions

  • This invention is in the field of business information systems, and more particularly deals with systems and methods for the monitoring and enforcement of corporate governance rules and guidelines.
  • one of the present primary environmental objectives is to be able to economically or efficiently monitor the affairs of a company or other entity to ensure that that entity along with any related parties to that entity are in compliance with any various governance controls which are applicable to their activities. It is essential for a company or other organization to be able to ensure that the organization on an ongoing basis complies with all of the necessary governance controls or requirements imposed upon them either externally by legislative frameworks or other regulatory authorities, or even internally by virtue of certain restrictions or controls placed upon the operations or business of the organization.
  • Some of these controls may be pre-imposed by legislation, but some of the controls which a financial institution, stock exchange or other financial partner or related party might be interested in ensuring were complied with could be items which were peculiar to their own circumstances and which were not imposed by any particular legislation ⁇ and as such they might constitute a separate layer of controls or requirements in addition to the legislative requirements to which the organization might already be subject.
  • financial institutions are lenders may make lending arrangements which provide credit facilities to an organization on the basis of certain requirements being met either in terms of the makeup of the board of directors of a company for example, the number of directors or makeup of the audit committee of the organization, or even more specific capitalization requirements and the like.
  • medium-sized enterprises would benefit the shareholders and other stakeholders associated with those entities.
  • External advisors such as auditors and lawyers can also benefit from an additional level of comfort regarding the observance of governance controls or conditions by various entities.
  • the system was available which would allow those external advisors to streamline the process of monitoring for the sake of their own satisfaction the compliance of their clients with various controls, the obvious attraction to this type of system can be seen.
  • increasing risk exposure have led to the desired by individuals acting as directors either in a profit or nonprofit context, to be fully aware of the past records, history and activities of an entity before becoming involved, and that an ongoing basis to be able to have some level of comfort that the requirements imposed upon the entity which they are associated with are being followed our complied with.
  • Tt would obviously be a benefit to the funding agencies in question to the extent that they are largely involved with the funding of these entities on an ongoing basis, to monitor the compliance of these organizations with various governance controls or requirements, or even to be able to impose additional types of governance controls or conditions upon an entity in exchange for providing funding for certain projects or objectives.
  • Tt is the further object of the present invention to provide an ASP website system for the monitoring of compliance of various entities are related parties with internal or external governance controls which could, based upon the contents of the information in the system with respect to a particular entity or related party, trigger various procedural steps on behalf of or with respect to the entity or the individuals in question.
  • the invention a method of enforcing corporate governance compliance by entities who are subject to various governance controls accomplishes its objectives using a computer system containing an entity database in which entity data pertaining to at least one subject entity can be stored, and a rules database within which are stored a plurality of preset compliance rules.
  • the compliance rules are effectively the template governance controls which will be applied to the entity data in respect to particular subject entities to determine compliance.
  • Each compliance rule saved in the rules database will include a number of parameters or items, including at least one selection parameter which is used to determine, based on interaction with our application to entity data from the entity database in respect of the subject entity, whether or not the particular governance control and compliance rule in question applies to that particular subject entity.
  • each compliance rule within the rules database will also include at least one compliance parameter which is another formula or function which can be applied to entity data within the entity database to determine whether or not a particular subject entity to which it has been determined that the compliance rule in question should be applied is compliant with the governance control being tested by that particular compliance rule.
  • each compliance rule will have saved in association therewith at least one predefined workflow step — basically the compliance rule will have saved with it in the rules database the action to be implemented by the system of the present invention dependent upon the compliance result which is determined from time to time of the particular subject entity with the compliance rule and governance control in question.
  • the actual method of the present invention comprises two steps to be periodically and potentially independently executed.
  • the first step in the method of the present invention is a rules selection step, whereby with respect to a particular subject entity it is determined which of the compliance F&K 2210-05-01
  • the rules stored within the rules database apply to the subject entity in question.
  • the rules selection step upon initiation, will compare the entity data with respect to the subject entity in question to the selection parameters for each compliance rule in the rules database and determine on that basis which compliance rules are applicable to the subject entity in question.
  • the compliance rules which are identified to apply are the selected compliance rules.
  • the second step in the method and the most important step in terms of enforcing compliance an ongoing basis is the compliance assessments step.
  • the entity data with respect to the subject entity in question is compared to the compliance parameters for at least one of the select the compliance rules which have been previously determined to apply to the subject entity in question.
  • a compliance result can be determined which basically as an indicator of whether or not there is compliance by the particular subject entity with the compliance rule in question.
  • the final aspect of the compliance assessments step is that with respect to each compliance result reached or determined, there will be at least one predefined workflow step associated with the compliance rule in question stored within the rules database and the computer system which is used to implement the method of the present invention will initiate those at least one predefined workflow steps as a result of the reaching of a compliance result with respect to a particular subject entity and a particular compliance rule at a particular period of time.
  • Another aspect of the method of the present invention is to allow for a user of the computer system mentioned in the remainder of the method to provide or enter updated or new entity data into the entity database with respect to a new or existing subject entity.
  • the computer system which will be used to implement the system of the present invention will be a website system, and users will communicate with that website system via a user computer terminal or browser.
  • the rules selection step of the method wherein the applicability of certain compliance rules from the rules database to a subject entity F&K 2210-05-01
  • the rules selection step might only be conducted or initiated by a manual trigger or by a trigger from the remainder of the software operative on the computer system of the method.
  • the rules selection step might also be executed on a periodic frequency, or at any time that changes to the contents of either the entity database for the rules database are detected.
  • predefined workflow steps can be contemplated which could be programmed into the rules database to dictate the behavior of the system of the present invention upon the detection or determination of a particular compliance result with respect to a particular subject entity and a particular compliance rule.
  • the list of predefined workflow steps which could be triggered upon detection of a certain compliance result might include taking no action, notifying the user of the system of the compliance result, notifying someone other than the user of the system of the compliance result, generation of one or more documents, revising the entity data in the entity database with respect to the subject entity in question, forwarding entity data or other information to the user of the system, forwarding entity data or other information to someone other than the user of the system, or initiating the submission of an external information requirement to a third party.
  • Tt will be understood by those skilled in the art that there are any number of different additional predefined workflow steps which could be contemplated and which are understood to be within the scope of the present invention.
  • the compliance assessment step of the method of the present invention wherein the actual comparison of entity data pertaining to a subject entity is compared to the compliance parameters for at least one selected compliance rule from the rules database could again be triggered in any number of ways.
  • the compliance assessment step might in some fashion be manually triggered by a user of the computer system of the method, the compliance assessments step might be triggered on a periodic or predetermined time basis, or the compliance assessments step might also be triggered based upon the detection of some particular state or condition within either the F&K 2210-O 5 -Ol
  • entity database for the rules database including potentially upon the detection of any change in either the entity database or the rules database.
  • the website system of some embodiments of the method of the present invention might allow for a user to customize certain aspects of pre-existing compliance rules for application to a particular subject entity, or the system might also allow for a user to program their own compliance rules with respect to a particular subject entity which were not in anyway based upon any of the preset compliance rules previously programmed into the rules database.
  • One ofthe primary strengths ofthe system ofthe present invention is that the most up-to-date versions of all ofthe governance controls applicable to various subject entities will always be used across all of the subject entities who are subscribers to the system simply by virtue ofthe vendor or operator ofthe system programming any changes to governance controls or their related parameters or workflow requirements into the rules database, and then potentially upon the next application of the compliance rules to the entity data with respect to a particular subject entity the most up-to- date versions of any governance controls and codified compliance rules will be applied.
  • the compliance assessments step with respect to a particular subject entity it may be the case that all ofthe selected compliance rules applicable to that subject entity were considered or assessed for compliance, or it may also be the case in certain circumstances that a compliance assessment step might be conducted with respect to only one, or less than all, ofthe selected compliance rules applicable to that subject entity.
  • Some ofthe compliance rules contained within the rules database might relate to timelines pertaining to the completion of a scheduled governance activity, and at least one predefined workflow step associated with that compliance rule is a notification to an appropriate party ofthe status of completion of that scheduled governance activity on behalf of a subject entity to whom that compliance rule has been determined to apply.
  • the compliance rule is a scheduling rule of this fashion, the execution ofthe predefined workflow step or steps with respect to the compliance result thereof might include the initiation of at least one computer aided task by the computer system in support ofthe completion ofthe scheduled governance activity, in addition F&K 2210-O 5 -Ol
  • One of the key elements of the utility of the method and system of the present invention will be the keeping of an audit trail on the system which will not only keep on a trail that potentially outlines the users who have made changes or updates to entity data stored within the system but might also include previous versions of documents, reports or even historical assessments of the compliance results determined by the method of the present invention.
  • Subject entities of various legal structures are contemplated to be within the scope of the potential users of the system and method of the present invention.
  • Tt is also contemplated however that compliance rules could be set up in the rules database which would allow for the monitoring and enforcement of compliance in relationships between more than one subject entity being monitored by the system, where more than one subject entity existed in the entity database and at least two of those subject entities were related in some fashion.
  • the system and method of the present invention could be used to enforce governance compliance of relationships between entities in addition to enforcing compliance of the conduct of an individual entity.
  • the computer system used in the method of the present invention could also offer additional data viewing and reporting functions which users might find effective for examining compliance issues or other general business issues associated with a particular subject entity.
  • certain embodiments of the method of the present invention might include a compliance scoring step, whereby the system might be used to generate a compliance score with respect to the overall activities and entity data with respect to a particular subject entity stored within the entity database. It may be the case that any internal formula for the calculation of a compliance score would be used, or it may also be the case that an independent third-party compliance scoring formula could be programmed into the system to allow for the generation of a compliance score in accordance therewith.
  • a compliance scoring step whereby the system might be used to generate a compliance score with respect to the overall activities and entity data with respect to a particular subject entity stored within the entity database. It may be the case that any internal formula for the calculation of a compliance score would be used, or it may also be the case that an independent third-party compliance scoring formula could be programmed into the system to allow for the generation of a compliance score in accordance therewith.
  • the invention also accomplishes its objectives comprising a website system for use in the enforcement of governance compliance by entities subject to governance controls, said website system comprising at least one server containing at least one processor, a memory operatively coupled to the at least one processor, and a data storage device in communication with the other components of the server and the website system , said at least one server being operatively connected to a communications network whereby it is capable of communication with at least one user terminal computer; an entity database stored on the data storage device, within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement; a rules database stored on the data storage device, within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or noncom
  • the program module will be operative to at a selected time with respect to a particular subject entity, being a rule selection point, determining which compliance rules from the rules database pertain to governance controls applicable to that particular subject entity by applying the at least one selection parameter from the compliance rules in the rules database to entity data from the entity database pertaining to that subject entity.
  • the compliance rules being determined to apply being the selected compliance rules, said determination comprising a rule selection step; and at a selected time being a compliance assessment point, with respect to a subject entity and at least one selected compliance rule applicable thereto, conducting a compliance assessment step comprising determining the compliance or noncompliance of the subject entity with the at least one selected compliance rule by applying the at least one compliance parameter with respect to said compliance rule to the entity data stored within the entity database with respect to said subject entity, the results of said F&K 2210-O 5 -Ol
  • the program module is further capable of communication with a user via a user computer terminal in operative communication with the server and by virtue of said communication receives updated or new entity data for storage to the entity database in respect of a subject entity.
  • the rule selection point being the point in time at which the rule selection step of the method of the present invention is executed by the website system, can be triggered manually, or in accordance with some predetermined schedule or trigger event.
  • the primary trigger event which is contemplated would be the detection of a change of the contents of either the rules database or the entity database with respect to a particular subject entity.
  • the compliance assessment point being the point in time at which the compliance assessment step of the method of the present invention is executed by the website system, can be triggered manually, or in accordance with some predetermined schedule or trigger event.
  • the primary trigger event which is contemplated would be the detection of a change of the contents of either the rules database or the entity database with respect to a particular subject entity.
  • Communications between the user computer terminal or terminals and the server of the website system of the present invention are contemplated to potentially take place using a secure communications protocol.
  • the website system of the invention might offer various data viewing and data reporting functionality to users.
  • a governance compliance enforcement system product comprising a computer usable medium including a o computer readable program for use in the assessment and enforcement of compliance by entities with governance controls applicable thereto, wherein the computer program when executed on the server computer in communication with at least one user computer terminal and operatively connected to or containing an entity database within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement, and a rules s database within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or o noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity; and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity,
  • conducting a compliance assessment step comprising:
  • system and method of the present invention could be operated in respect of multiple entities, each of which may have some or all of the same corporate governance controls in place or alternatively in respect of each of which entities separate her individual customized corporate governance controls could also be monitored for compliance.
  • Tt will also be understood that the operation of the system of the present invention in a centrally hosted environment is specifically contemplated to be one of the major benefits of the system of the present invention in so far as it removes the requirement to physically host such a business information system from each of the individual subject entities or customers in question.
  • Figure 1 is a general architectural drawing of one embodiment of the website system in accordance with the present invention.
  • Figure 2 shows one embodiment of an entity database in accordance with the present invention
  • Figure 3 shows one embodiment of a rules database in accordance with the present invention
  • Figure 4 shows one embodiment of the method of the present invention wherein the monitoring of entity data with its back to the subject entity is conducted in a passive fashion
  • Figure 5 shows one embodiment of the method of the present invention wherein the monitoring of entity data with respect to a subject entity is conducted in an active fashion
  • Figure 6 is a flow chart demonstrating the steps of the creation of the necessary records and information for a new subject entity in one embodiment of the system of the present invention
  • Figure 7 is a flow chart demonstrating one embodiment of an entity data update transaction in respect of the system of the present invention
  • the general concept of the present invention is to provide a website system or a distributed computer system which can be used by more than one individual or business entity to monitor and enforce corporate governance compliance in respect of various entities and related parties, by allowing the users of the system to enter various information or entity data with respect to the entities in question into the website system, and the website system of the present invention F&K 2210-05-01
  • system and method of the present invention could be operated in respect of " multiple subject entities, each of which may have some or all of the same corporate governance controls in place or alternatively in respect of each of which entities separate or individual customized corporate governance controls could be monitored for compliance purposes. It will also be understood that the operation of the system of the present invention in a centrally hosted environment is specifically contemplated to be one of the major benefits of the system of the present invention in so far as it removes the requirement to physically host such a business information system from each of the individual subject entities or system users in question.
  • a corporation there might be any number of other related parties to that corporation who might either require information pertaining to the corporation, and/or in respect of whom there may be additional or supplemental information reporting or monitoring requirements which might make those parties themselves also be subject entities, to be monitored by the system and method of the present invention.
  • Related parties to a corporation might include the shareholders of that company, the directors of that company, or the officers of the corporation. There may even be overlap between these classes of individuals so that, for example, users of the system for information reporting or tracking purposes might also be subject entities who are being monitored within either independently or in relation to other subject entities in the system for the purpose of ensuring compliance.
  • the relational database structure of the proposed system and method of the present invention will allow for the aggregate treatment and propagation of various security permissions and properties amongst these different types of subject entities, users or related parties based upon such potential overlap in their effective business roles in relation to one or more subject entities.
  • Different classes of subject entities or users of the system and method of the present invention might have different informational requirements or needs.
  • the final group of individuals or entities who might be involved with the practice or operation of the method of the present invention are the users of the system.
  • the users of the system of the present invention are contemplated to be the individuals who would either be entering entity data into the system, or participating in compliance assessment steps based upon the ongoing assessment by the system of the compliance or noncompliance of certain subject entities with various governance controls.
  • Users of the system of the present invention might also be subject entities themselves, but it can be foreseen that certain users may not be subject entities.
  • present invention might be a user of the system for information retrieval purposes while at the same time being a subject entity being tracked by the system of the present invention in terms of relationships with one or more subject entities. It may be necessary to track information with respect to the shareholder in order to actually apply the governance monitoring and compliance method contemplated by the present invention both to the conduct of the corporation as a subject entity, but also to that shareholder as a separate subject entity, and the relationship between the shareholder in the corporation.
  • Certain non-related parties may also be given access to the system of the present invention for the sake of verifying the status of certain data or information contained therein on behalf of certain subject entities.
  • a particular subject entity may wish to grant access to the information contained within the system of the present invention to a particular capital partner or financial institution whereby that financial institution could on a discretionary basis access the system of the present invention to verify the compliance of the subject entity or entities with a particular governance control imposed thereon.
  • governance controls or restrictions which are in place with respect to particular subject entities, and their business or conduct.
  • a governance control is any rule or restriction placed upon the constitution or activities of a particular subject entity which might F&K 2210-05-01
  • governance controls which are applicable to subject entities may be classified or divided into two subcategories. namely externally imposed governance controls and secondly internally created or imposed governance controls.
  • Reference to different types of governance controls as either an external governance controls our internal governance controls will be used herein where necessary to segregate or identifier differentiate between governance controls which are externally imposed upon a subject entity such as legislatively imposed governance controls of the like, versus internally imposed governance controls which might be governance controls implemented by the shareholders or directors of a particular corporation or entity to monitor or enforce business restrictions which are desired from an internal organizational perspective.
  • An external governance control is a governance control, regulation or condition which is imposed upon the subject entity by an external party or governing authority.
  • legislative requirements with respect to the particular type of a business structure for a subject entity would be one type of an external governance control.
  • Tt may be the case that the corporation legislation in a jurisdiction or jurisdictions required that a certain number of shareholders were of a particular citizenship or residency, that the board of directors of this particular type of a subject entity consisted of a particular number of individuals or individuals with certain backgrounds or qualifications, or that any number of different conditions needed to be in existence or alternatively needed to be proacti vely avoided, in order to satisfy the good standing requirements with respect to that particular type of business entity within the jurisdiction in question.
  • a particular type of a business transaction such as a capital transaction or investment may require a subject entity to maintain a particular liquidity level to avoid offending the terms of the loan or other credit facility.
  • this is a governance condition, imposed by a third party or an external party such as a stock exchange or securities body, this would constitute another type of an external governance control to which a subject entity could be required to pay attention.
  • an external governance control Any particular type of an external governance condition or control, as that concept will be understood from the description elsewhere above, could be adapted for monitoring or control in accordance with the system of the present invention and on that basis it is all contemplated to be within the scope of the present invention.
  • Internally imposed governance controls are effectively any type of a governance control, limitation or condition which are imposed upon the constitution or governance of a particular subject entity from the inside, rather than by an external party or legislative regime.
  • Internally imposed governance controls are effectively any type of a governance control, limitation or condition which are imposed upon the constitution or governance of a particular subject entity from the inside, rather than by an external party or legislative regime.
  • the shareholders of a particular company might adopt a resolution that a particular number of people needed to be on the board of directors of the F&K 2210-05-01
  • governance controls might exist both with respect to the subject entity itself, or also with respect to the relationships between one or more subject entities. For example it is contemplated that there are any number of ongoing restrictions or requirements and securities legislation requiring specific types of relationships between specific types of subject entities to be publicly disclosed s or to be structured in some particular fashion. These types of inter-relational governance controls might apply equally to various subject entities monitored in accordance with the system of the present invention. Any particular type of a condition or control imposed either upon one subject entity, or at the relationship between more than one subject entity, is contemplated within the scope of the present invention. Overall, it is understood that governance controls as outlined 0 herein are intended to cover any type of a constitutional or governance limitation a requirement with respect to a particular subject entity and/or the relation of that subject entity to any other party being a subject entity for monitoring purposes.
  • the types of information which the system needs to track and maintain with respect to a subject entity include various types of entities data related to the Constitution or governance of the subject entity and or any related entities or parties and their ongoing conduct.
  • the entity data with respect to that subject entity which might be maintained within the entity database in the system of the present invention will include identifying information for the subject entity. It will also be necessary for the entity data in respect of a subject entity to identify the type of a business organization or entity which the subject entity is, since it is contemplated that in certain embodiments of the system of the present invention, the system could be capable of use with a number of different types of subject entity structures.
  • the entity data with respect to subject entity which would be entered into the entity database on the system of the present invention could include any information or data which was necessary to determine the applicable external legislative regimes or other regulations which might apply to the affairs of the subject entity, in order to determine the applicable external governance controls with respect to the affairs of a particular subject entity and to allow for the application in monitoring of those particular external governance controls in accordance with the system and method of the present invention.
  • the system of the present invention can then automatically determine which sets of governance rules for various jurisdictions apply to the subject entity in question, for the purpose of determining further entity data which was required to be maintained on the part of the subject entity in question, or for the use of such controls or rules in the determination of the validity or compliance of various entity data or entity activities related either to the subject entity itself or to related parties thereto.
  • the entity data which might be collected with respect to a particular subject entity might also include further detailed structural information with respect to the structure of the subject entity.
  • the entity data collected with respect to a particular subject entity might include the number of shareholders or directors of the entity or might even a more detailed level include very specific structures and roles pertaining to share structures are types of voting which were required by shareholders or directors or other related parties with respect to the subject entity in the context of approval of various types of business activities.
  • the type of entity data which would be captured with respect to any particular subject entity could be customized depending upon the level of governance compliance or monitoring which was requested or required by the particular subject entity in question.
  • the system of the present invention could offer different levels of corporate governance compliance monitoring or enforcement. If a corporation was simply going to use the system for internal comfort purposes, they may elect to use a lower level of data collection and compliance monitoring that if they were using the system of the present invention to satisfy external authorities or third parties as to the compliance of the corporation with certain governance controls or conditions.
  • the system could actually provide an option to the user to select these differing levels of data collection or control, or the level of data collection and control to be imposed upon a particular subject entity' could be automatically enforced are selected by the system of the present invention based upon some or all of the entity data with respect to that subject entity which were entered or saved within the entity database on the system. It will be understood that the provision of such F&K 2210-05-01
  • a further flexibility which is contemplated would be to provide or allow for "on-the-fly" adjustment or customization of the types of entity data which would be kept with respect to a particular subject entity, based upon the entry of selection of certain data types or data entries in the creation of the entity data pertaining to that subject entity. For example, it would be desirable to customize the types of entity data which would be maintained with respect to a particular subject entity based upon the legal structure of the entity. Different types of entity data might be kept for a corporation than for a partnership or a soul proprietorship.
  • the system could identify or recognize the relevant types of entity data which needed to be collected are maintained with respect to a particular subject entity based upon any type of information entered into the system with respect to a particular subject entity, including identification of entity type, jurisdictions in which business was being done or in which the subject entity was resident, the nature of business activities conducted by the subject entity requiring the capture and monitoring of different types of information, or even the capital status of the subject entity as a further example.
  • the external governance controls associated with that particular type of a reporting issuer and traded on a particular exchange could be applied to the treatment of the subject entity by the system of the present invention, and any additional information which was required to be captured in order to properly tracked and assess the compliance of the subject entity with those types of controls could also be required to be entered are maintained on the system of the present invention.
  • the entity data associated with a particular subject entity which could be captured or maintained by the system of the present invention could also include entity data in respect of other parties which might be related to a primary subject entity.
  • entity data For example shareholders, directors related companies or the like are all related parties to a particular subject entity, but may in and of themselves each form a subject entity which was separately desirable to be monitored in accordance with the system and method of the present invention.
  • Adjustment of the system of the present invention to capture any necessary types of entity data with respect to related parties have subject entities, which might potentially be subject entities themselves, will be an extension of the present invention which would be obvious to one skilled in the art and is contemplated within the scope of the claimed invention outlined herein.
  • the system could be adjusted or program to accommodate the entry details pertaining to the nature of relationships between related parties and the subject entity, for capturing the system is entity data in the entity database with respect to the subject entity.
  • entity data in the entity database with respect to the subject entity.
  • the scope of the type of entity data which could be captured with respect to a particular subject entity is simply illustrated bj the addition of this potential extra layer of entity data with respect to the details of relationships between related parties and subject entities track as separate entities within the system of the present invention.
  • the system of the present invention could be programmed to render certain types of entity data optional for entry into the database while other types of entity data which were related to a F&K 2210-05-01
  • Tt will be understood to one skilled in the art that validation or verification of the entity data with respect to a particular subject entity, as well as the automatic selection of particular types of entity data to be required entry versus optional entry fields, are all contemplated within the scope of the present invention.
  • each of the government controls in question is codified as a compliance rule within a rules database.
  • a compliance rule effectively represents a governance control which might be applicable to a particular type of a subject entity and would include at least one selection parameter which might be a formula or calculation which can be used or compare it against entity data in respect of one or more subject entities stored within an entity database to determine whether or not that particular compliance rule and its associated governance control even applies to the particular subject entity in question, and also at least one compliance parameter which might also be a formula or calculation which can be used in comparison against entity data in respect of a particular subject entity, from the entity database, to determine based upon the results of the rendering of that formula or calculation whether or not the subject entity in question, based upon the entity data used for the calculation, is in compliance with the particular governance control represented by that compliance rule.
  • the data verification, or comparison of applicable compliance rules to entity data in respect of the subject entity stored within the entity database may yield a binary result based upon the data fed to the formula or formulas in question — i.e. the test which is applied by the particular compliance rule in question will end up resulting in either an "compliant" or s "noncompliant” answer.
  • the result of the application of a particular compliance rule to the entity data stored within the entity database with respect to a subject entity is a compliance result.
  • the compliance result calculated by the system of the present invention could be stored to an audit trail, but more importantly could be used to activate or instigate particular predetermined workflow steps based upon that compliance result. 0
  • the compliance rules which might be applied to the entity data with respect to that particular subject entity might be as follows:
  • a) does the entity data with respect to that subject entity identified at least five individuals in relation to the subject entity who are members of the board of o directors thereof; b) of the individuals who are identified as board members of the subject entity, is the citizenship of at least three of those members of the board of directors identified as being Canadian; c) is there an individual identified within the entity data associated with the subject 5 entity as the auditor of the subject entity - i.e. has an auditor been appointed? d) does the entity data with respect to the related individual who is identified as the appointed auditor of the subject entity, if an auditor has been appointed, indicate that the auditor was appointed in advance of every 15th; and F&K 2210-05-01
  • fight sample compliance rules or governance controls outlined above are simply demonstrative of the types of tests or rules which could be codified into the compliance rules in the rules database of the system of the present invention and which could be applied to entity data within the entity database and the system of the present invention to determine or enforce the compliance of particular subject entities with particular governance controls.
  • each compliance rule in the rules database would not only encapsulate in the form of selection parameters and compliance parameters the necessary information for the system and method of the present invention to determine the applicability of a particular compliance rule to a subject entity as well as if applicable, the ability to determine whether or not the subject entity in question was complying or not with the governance control associated with that compliance rule, but the compliance rule through the rules database would also have at least one predefined workflow step associated with F&K 2210-05-01
  • the system could trigger the at least one predefined workflow step associated with it based upon the compliance or noncompliance with the particular compliance rule in question by the subject entity in question.
  • the predefined workflow step or steps associated with each compliance rule in the rules database might consist of anything from simple reporting of the status of compliance with a particular compliance rule by the subject entity in question to a predetermined or predefined party or user of the system through to the triggering of the automatic conduct or preparation of other mechanical steps, reporting or the like by the computer system of the present invention in support of compliance with the compliance rule by the subject entity in question.
  • predefined workflow steps which might be associated with compliance rules, it might be required that every time there is a change made in the constitution of the board of directors of a corporation, notice or change of directors needed to be filed with the corporate authorities in question within a certain period of time.
  • the compliance rule or records associated with the enforcement of this governance requirement upon the appropriate entities might contain predefined workflow indications that would trigger a notification to the subject entity or any predefined or preselected user associated with the subject entity that a notice of change of directors needed to be filed, when anyone entered new entity data into the system indicating that there had been a change in the constitution of the board of directors of the subject entity in question.
  • the system itself may also be able to generate the notice a change of directors for filing of the subject entity, or even in a further embodiment may be able to actually generate and electronically file a notice of change of directors on the behalf of the subject entity in question, and the document generation function or the automatic generation and filing of such a notification are two further examples of predefined workflow steps which might be associated with certain compliance rules within the rules database.
  • components of utility of the system of the present invention in so far as one of the primary objects of the present invention is to deliver a web-based corporate governance monitoring and enforcement system which would simplify the process of monitoring and ensuring compliance with various corporate governance controls by small to medium-sized enterprises.
  • Programming 5 such a system to automatically notify a user of existing or future requirements based upon the detection of certain conditions within the entity data stored within the entity database in respect of the particular subject entity, or a more extensive versions of the system of the present invention of you performing some following requirements are steps using a system itself, is contemplated within the scope of the present invention.
  • System and method of the present invention is seen to be a significant enhancement over systems currently available in the prior art for the purpose of monitoring or enforcing corporate s governance compliance.
  • the only systems which are known of in the prior arc with respect to the collection of corporate governance information or large, expensive systems which are really on this basis accessible only to the largest companies.
  • Tt is known in the prior art that there are systems which are effectively used to maintain an o electronic corporate record book.
  • the systems are hosted internally by their users and as such there are significant system and administrative overheads associated with the operation of such systems. These systems are more directed to use as document repositories and methods of distribution of documents and information amongst members of. for example, boards of directors of larger companies.
  • the delivery of the present system as an ASP or website model offers s significant cost and technical advantages enabling the rollout of a corporate governance enforcement system to smaller and medium-sized enterprises.
  • the ability of the prior art systems which are effectively electronic record books to actually test any entity data stored therein for compliance with various governance controls or rules is limited.
  • the provision of an effectively integrated system which will allow for the collection and analysis and action of o corporate governance information such as that outlined herein represents a significant improvement over the prior art internally hosted data collection systems.
  • the present invention includes a business method of monitoring or enforcing governance compliance for various types of entities.
  • the business method itself relies upon a computer system containing two databases along with a number of software components.
  • the first database contained by the computer system and required to accomplish the business method of the present invention is a rules database.
  • the rules database will contain a plurality of preset compliance rules — each compliance rule representing a governance control which is applicable to a certain type of subject entity. Tn terms of the actual specific data structure of the rules database that is discussed elsewhere herein, but the rules database will in respect of each governance control applicable to a certain type of subject entity contain information pertaining to a compliance rule associated therewith.
  • Each compliance rule contained within the rules database will include information pertaining to at least one selection parameter which can be used to determine the applicability of the related governance control to a particular subject entity based upon the use of the selection parameter and entity data pertaining to the subject entity.
  • the selection parameter might constitute a formula or some other test or validation which could be applied against entity data pertaining to a particular subject entity to determine whether or not the governance control in question and the related compliance rule applies to that particular subject entity in respect of which the entity data has been collected or not.
  • each compliance rule within the rules database will include at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity to which the compliance rule is applied with the related governance control.
  • each compliance rule would be associated with at least one predefined workflow steps toward in the rules database in Association with the compliance rule in question.
  • At least one predefined workflow step would be an instruction or indication to the system of the present invention as to what type of action if any was to be taken upon the determination of a particular compliance result.
  • the second database required for use in the business method of the present invention is an entity database, into which entity data pertaining to at least one subject entity can be placed and stored.
  • Entity data is the basic or advanced information pertaining to the affairs of a particular subject entity which is used to determine the applicability of or compliance with a particular governance control, via the compliance rule in question.
  • the business method of the present invention itself, in reliance upon a computer system containing an entity database as outlined above and a rules database as outlined above, first comprises a rules selection at step, wherein the computer system using components therein will select a subset of the compliance rules contained within the rules database which represents the governance controls which are applicable to a particular subject entity, being the selected compliance rules.
  • the selected compliance rules with respect to a particular subject entity for which there is entity data within the entity database will be identified using the entity data with respect to the subject entity in question along with the selection parameter or parameters in respect of the compliance rules memorialized within the rules database. Tt is easily foreseeable that not every compliance rule within the rules database will be applicable to every' subject entity and on this basis a rules selection step is required.
  • the rules selection step could either be conducted with respect to a subject entity and the results indicating the set of selected compliance rules saved within the memory of the remainder of the system for subsequent use, or the rules selection step could be performed with respect to a subject entity on an ongoing or dynamic basis, as outlined in further detail elsewhere herein.
  • the next step in the method of the present invention is a compliance assessment step during which at least one selected compliance rule in respect of a particular subject entity will be applied against the entity data stored in respect of that subject entity within the entity database, using the compliance parameter or parameters stored in association with that particular F&K 2210-O 5 -Ol
  • the compliance result in question may be a positive or a negative result and it is contemplated or understood that there may be different predefined workflow steps defined with respect to the compliance rule in question dependent upon whether a positive or a negative compliance result is reached with respect to the application of that particular compliance rule to the entity data in respect of a particular subject entity.
  • the list of predefined workflow steps which could be triggered upon detection of a certain compliance result might include taking no action, notifying the user of the system of the compliance result, notifying someone other than the user of the system of the compliance result, generation of one or more documents, revising the entity data in the entity database with respect to the subject entity in question, forwarding entity data or other information to the user of the system, forwarding entity data or other information to someone other than the user of the system, or initiating the submission of an external information requirement to a third party. It will be understood by those skilled in the art that there are any number of different additional predefined workflow steps which could be contemplated and which are understood to be within the scope of the present invention.
  • the rule selection step of the method of the present invention could be conducted in isolation and the results of that saved for further use at such point in time as the compliance assessment step in respect of some or all of the compliance rules determine to be applicable to a particular subject entity was being conducted, or alternatively the rule selection step could be conducted as a part of the compliance assessment step, in advance of determining the compliance results for particular compliance rules in respect of that subject entity at the time of execution of the compliance assessment step.
  • the method of the present invention can be implemented using a web site system which was capable of monitoring and applying various compliance rules to numerous subject entities and the related parties thereto at the same time.
  • the full gamut of functionality which is considered to be within the realizable scope of the web site system of the present invention, and which could be used in the practice of the business method of the present invention, is outlined elsewhere herein.
  • Figure 1 demonstrates the general architecture of a corporate governance monitoring and enforcement website system operating in accordance with the present invention. It includes a user computer 13 and a governance compliance enforcement web site system 15, which are linked together by the Internet 16.
  • the user computer 13 might be any type of computing device that would allow a user or customer to interactively browse web sites via a web browser 14.
  • the user computer 13 might be a personal computer running any one of the Microsoft Windows operating systems. It will be understood that other types of computing devices running other operating systems can also be used as the user computer 13, so long as they were able to connect to the Internet 16 and accommodate the perusal and interaction with the governance compliance enforcement web site system 15 by a web browser 14 installed therein, and that all such other devices are contemplated within the scope of the present invention.
  • the governance compliance enforcement web site system 15 includes at least one web server 17 which houses the server-side components of the web site system 15 of the present invention.
  • the governance compliance enforcement web site system 15 as shown also includes a content F&K 2210-O 5 -Ol
  • the web site system 15 includes an entity database 18 which contains entity data 9 with respect to subject entities 1.
  • the web site system 15 of the present invention would also include a rules database 20, which would contain a plurality of preset compliance rules corresponding to various governance controls applicable to entity data 9 contained within the entity database 18.
  • a rules database 20 which would contain a plurality of preset compliance rules corresponding to various governance controls applicable to entity data 9 contained within the entity database 18.
  • the various software components 30 contained within or operative upon the web site system 15 will be various database maintenance components including a software component 19 for the administration of the entity database 18, and a rules database software maintenance component 21 which is used to access and/or maintain the rules database 20.
  • Other unrelated databases or software may also be resident on the server computer. 5
  • the web site system 15 allows users 8 to enter and maintain entity data 9 with respect to one or more subject entities 1 into the central entity database 18.
  • the system 15 of the present invention can then monitor and/or enforce the compliance of the subject entities I in question with various internal or externally imposed governance controls each of which was codified in a 0 compliance rule within a rules database 20. Where the compliance or noncompliance of the subject entity 1 thereto with a particular applicable compliance rule and its associated governance control was detected by applying the parameters associated with the compliance rule in question to the entity data 9 stored within the entity database 18, various reporting functions or other actions could be triggered. S
  • the user 8 accesses the governance compliance monitoring web site of the present invention 15 using a standard web browser 14 and browsing protocol to communicate with the Web server 17.
  • the user 8 is able to interact with the system 15 of the present invention o from the browser 14.
  • the user 8 could, by way of various forms or data served between the browser 14 and server 17 enter and/or validate various F&K 2210-05-01
  • the web site system 15 could store the new or revised entity data 9 to the entity database 18 for subsequent use in the remainder of the system.
  • the system 15 of the present invention would trigger an alert or notification to one or more selected users 8 of the system 15 with respect to that particular subject entity I, or other functions or workflows could be triggered b> the detection of such a condition - such notifications or other workflow steps are contemplated as the predefined workflow steps which might be associated with the compliance rules stored within the rules database.
  • Various workflows are envisioned such as are outlined in further detail elsewhere herein, including the automatic notification of particular users 8 of the system 15 upon the detection or occurrence of a particular event or condition in the entity data 9 stored within the entity database 18 with respect to a particular subject entity 1.
  • Figure 1 shows three user computers 13, but it will be understood that any number of user computers 13 could be used to access the web site system 15 of the present invention and the only real limitation on the number of user computers 13 which could be used at one time to access the server or web site 15 of the present invention would be related more to the bandwidth available on the Internet or alternatively related more to the external serving or connection capacity of the server 17 rather than to any fixed number of user computers 13 and that any number of user computers 13 is contemplated within the scope of the present invention.
  • the corporate governance compliance system 15 of the present invention could also be a proprietary or closed computer network system through which users could enter data into a central entity database hosted on the system of the present invention, and that either publicly available Internet web site systems or alternatively other types of networked computer implementation of the method of the present invention are both contemplated within the scope hereof.
  • governance monitoring or enforcement There are various specific types of data capture and monitoring functions which it is contemplated fall within the umbrella of governance monitoring or enforcement.
  • the following sections are intended to outline in further detail some of the types of governance enforcement functionality which are contemplated to be possible based on a system in accordance with the present invention which has effectively captured or is used to maintain the corporate record, and upon which entity data other various business-related functions can be driven or based.
  • the entity database 18 would contain the entity data 9 with respect to one or more subject entities 1 and their related parties 2.
  • the server 17 of the web site system 15 of the present invention includes software 30 which, through various components, will carry out the administration and operation of the method and system of the present invention.
  • One aspect of the computer program/transaction processor instructions 30 could be an entity database maintenance component 19, which would be responsible for the upkeep of records in the entity database 18 pertaining to various types of entity data 9 related to subject entities 1.
  • the entity database 18 would be stored in the memory of the server 17 and the entity database maintenance component 19 could be any software component capable of accessing and administering this database 18. It will be understood that the precise structure of the database 18 could be any type of database structure which could be administered by a software component 19 in the server 17 and all types of data structures are contemplated within the scope of the present invention.
  • entity database maintenance component 19 could be to maintain or record any changes or additions made to records in the entity database 18 as a result of or during the various data entry or update transactions performed by users of the web site system 15. As well, the entity database maintenance component 19 could be responsible for serving information from F&K 2210-05-01
  • the entity database 18 either to other software components within the server 17 or to other network components or computers.
  • the information which might be contained within the entity database 18 might include the s following:
  • entity data 9 related to one or more subject entities 1 ;
  • entity data 9 related to the nature of relationships between more than one related o subject entity 1 ;
  • entity data 9 This is intended as only a demonstrative listing of the types of entity data 9 which could be saved 0 within an entity database 18 as contemplated within the scope of the present invention. It is contemplated that any type of entity data 9 which was required for the purposes of recordkeeping, maintenance and/or monitoring of governance compliance of a particular entity could be kept within the entity database 18.
  • the entity database 18 and the entity database maintenance component 19 might either be resident upon the server 17 or alternatively might be resident upon another computer system which was accessible by the server 17.
  • the entity database 18 may have a fixed table structure and design, or alternatively might be o customizable or customized by other software components within the server 17 or by the entity database maintenance component software 19 to adjust the nature or quantity of entity data 9 F&K 2210-05-01
  • the table structure of the entity database 18 could either be designed so as to contain all of the fields which might possibly be needed in any circumstance with respect to each subject entity 1 which might be loaded therein, and those fields could just be optionally accessed by the system 15 for data storage purposes as it should be determined that those were necessary, or alternatively the system could be devised to "on-the-fly" add fields or tables to the database with respect to a particular type of subject entity 1. to capture and maintain the entity data 9 kept in respect of that particular subject entity 1.
  • the system of the present invention could provide by way of its user interface the ability for a user 8 to adjust or modify the types of entity data 9 being kept by the system 15 of the present invention in respect of one or more subject entities 1.
  • a user 8 might wish to have the system of the present invention simply maintain or track some additional business information for them in addition to the entity data 9 which was required for the implementation or practice of the compliance enforcement method of the present invention.
  • the system could allow the user 8 to create additional fields in the entity database 18 and specify validation or requirement rules or exceptions with respect to those particular fields.
  • that added entity data 9 might either be maintained within the central entity database 18 or it will also be understood that a separate data structure could be contained either within the entity database 18 or elsewhere within the server 17 and its associated content repositories which could contain that added or nonessential entity data 9.
  • the entity database maintenance component 19 could either be a stand-alone software component or could form a part of a single larger software system 30 resident upon or accessible and executable by and upon the server 17.
  • Figure 2 demonstrates one embodiment of a data structure for an entity database 18 which would potentially be a relational database with multiple tables or repositories for different types of entity data 9. again dependent upon the determination that certain types of entity data 9 would need to be captured or maintained with respect to a particular subject entity 1 or its related parties.
  • the structure shown in Figure 2 might still be referred to by one skilled in the art as a unitary data structure but it is shown in this fashion for the purpose of demonstrating a relational database approach to the construction of an entity database 18 in accordance with the present invention).
  • FIG. 2 there is shown a main entity database 18, in which it is contemplated that the basic identifying information with respect to the various subject entities 1 monitored on the system would be resident or contained. There are then shown a plurality of additional tables within which various types of entity data 9 could be stored in respect of one or more subject entities 1 associated with the system 15 of the present invention.
  • the next table shown in Figure 4 beyond the related party entity data structure shown at 18G is a table in which entity data 9 would be stored in respect of corporate subject entities 1 - specifically there is shown a table 18A in which various types of entity data 9 specific to corporations could be stored.
  • a table 18A in which various types of entity data 9 specific to corporations could be stored.
  • the entity data 9 could be stored in respect of either home jurisdiction information, dependent upon the home jurisdiction of the corporate subject entity 1 (18AA), or there is also shown a table within which information 9 pertaining to the extra-jurisdictional business activities of a subject entity 1 could be stored as was determined applicable (18AB).
  • extra tables existed for storing shareholder or director information although those people might be set up as related parties in the related parties table 18G, and linked across to the corporate entity data structure 18A as appropriate.
  • Shown next at 18B is a separate table within which partnership information could be stored if a subject entity 1 was a partnership.
  • the data structure contained one or more subordinate tables or structures within which additional data could be stored including information pertaining to the members of the partnership, although again members of the partnership would likely be related parties represented within the related parties data structure 18G.
  • These two tables 18 A and 18B, in respect of corporate or partnership subject entities 1, will be understood to be only two types of entity structure specific data structures which could be resident within the entity database 18 of the present invention and it will be understood that any number of different modifications or structures will be obvious to one skilled in the art which are all contemplated within the scope of the present invention.
  • I 8C Shown next at I 8C is a separate table in which entity data could be maintained for subject entities which were publicly traded entities, as those would have different information capture and reporting or compliance requirements.
  • table 18C has been labeled as a securities entity data table.
  • Tt may also be the case that independent of entity structure, certain jurisdictions required certain data to be captured and recorded - a table 18D within which such jurisdiction specific data might be captured is demonstrated in the Figure.
  • Figure 2 finally demonstrates two additional customization aspects of the contemplated system.
  • ISE custom entity data structure
  • Customized compliance rules or compliance and monitoring settings could be kept in a custom compliance rules section 18F of the entity database 18.
  • the contents of 18F might alternately be resident in the rules database 2 outlined further below.
  • the rules database 20 would contain preset compliance rules 12 with respect to the different types of subject entities 1 in respect of whom the system of the present invention would be used, and internal or external governance controls applicable to the entities in question.
  • the rules database 20 may have a fixed table structure and design or alternatively might be customizable or customized by other software components within the server 17, if it were necessary to make adjustments to the table structure or database designed to accommodate particular types of custom compliance rules, either internal or external in nature.
  • the server 17 of the web site system 15 of the present invention includes software which through various components can carry out the administration and operation of the method and system of F&K 2210-O 5 -Ol
  • the present invention including a rules database maintenance component 21 which would be responsible for the upkeep of records in the rules database 20, pertaining to various types of compliance rules 12 related to subject entities 1 in their related parties 2.
  • the rules database 20 would be stored in a memory of the server 17 and the rules database maintenance component 21 5 could be any software component capable of accessing and administering this database 20. It will be understood that the precise structure of the database 20 could be any type of database structure which could be administered by a software component 21 in the server 17 and that all types of data structures are contemplated within the scope of the present invention.
  • One function of the rules database maintenance component 21 could be to maintain and record any changes or additions made with respect to compliance rules stored within the rules database 20 as a result of or during the update or changes of various legislative regimes or regulatory schemes to which various types of subject entities 1 might be subject.
  • the rules database maintenance component 21 could be responsible for serving information from the rules s database 20 either to other software components within the server 17 or to other network components or computers.
  • any type of compliance rules 12 which were required for the purposes of assessing the compliance of various subject entities I with the necessary governance controls o applicable to that subject entity I could be kept within the rules database 20 and that any necessary adjustments to the scope or format of such a database and/or its supporting software components are contemplated within the scope of the present invention.
  • the information which would be stored within the rules database 20 with respect to each compliance rule 12, corresponding to a governance control applicable to s some subject entity I would include at least one selection parameter, which would be the necessary information or formula to be used in conjunction with entity data stored in the entity database with respect to a particular subject entity to determine whether or not that particular compliance rule and its associated governance control was applicable to the subject entity in question, as well is at least one compliance parameter which could be used in comparison to her o along with entity data stored within the entity database with respect to the subject entity in question to determine the compliance or noncompliance of that subject entity with the related F&K 2210-O 5 -OI
  • Each compliance rule 12 is stored within the rules database 20 would have at least one predefined wo ⁇ kflow-step associated wrtrt it wh-ich- weukJ -al3O -be stored- with in the rules database 20 in respect of that compliance rule 12.
  • the predefined workflow step is contemplated to be anything from the details of a notification or alert process upon a s determination of a compliance result with respect to a particular subject entity and a particular compliance rule 12, through to or in addition to more elaborate workflow steps or items which might be enabled by or facilitated by the system of the present invention including upon the detection of a certain compliance result generating certain information or documentation through the system 15, sending out third-party notifications or information in an automated process, or o even upon detection of a certain predetermined compliance result in initiating the transfer of certain entity data 9 or other calculated information based on such entity data and the compliance rule in question to an external computer system.
  • the rules database maintenance component 21 might then also potentially have the capability to s accept and properly format from a user 8 accessing the web site 15 of the present invention through their browser 14, the parameters required to create additional records in the rules database 20 which would codify additional governance controls, either internal or external, which the user 8 wished to use in respect of one or more subject entities 1.
  • Tt might also be the case in certain circumstances the system allowed for customization of records in the rules 0 database 20 with respect to how they would be applied in respect of an individual subject entity 1 , so that even if the rule itself could not be adjusted in circumstances in which it was not desirable to provide that functionality, the actions triggered or undertaken by the system upon detection of a positive or negative result of the application of that particular compliance rule 12 to the entity data 9 in question could be adjusted by a user 8 with the appropriate security s clearance or settings.
  • Tn a circumstance where the system allowed for the customization of compliance rules 12 stored within the rules database 20.
  • the customizations which were applied to various rules 12 within the rules database 20 in respect of a particular subject entity 1 by a user 8 with the proper editing 0 privileges in respect of that subject entity 1 could either be stored in additional tables or records within the rules database 20, or in a supplemental data structure or elsewhere on the system of F&K 2210-O 5 -Ol
  • Tt will even be foreseen that in certain circumstances, compliance rule customizations could be stored in respect of a particular subject entity 1 within the entity database 18.
  • one of the major benefits of the system of the present invention is the fact that the actual compliance rules 12 within the rules database 20 have been preprogrammed or pre-created for use by users 8 of the system in respect of one or more subject entities 1 in respect of which those users 8 are responsible for data input or maintenance, it will be foreseen that allowing the user 8 to customize the parameters or predefined workflow steps associated with the application of one or more compliance rules 12 from the rules database 20 will be one major aspect of the system of the present invention.
  • FIG. 3 there is shown one embodiment of a rules database 20 in accordance with the present invention.
  • Figure 3 shows a main rules database 20 with a number of subordinate tables.
  • the rules database 20 will contain all of the necessary information and parameters to apply various compliance rules 12 to entity data 9 contained within the entity database 18 in respect of one or more subject entities 1.
  • selection parameters and compliance parameters which would allow for the actual application or testing of various compliance rules 12 against data contained in the entity F&K 2210-O 5 -Ol
  • the rules database 20 would contain in respect of each compliance rule 12 therein any necessary information regarding predefined workflow steps to be triggered by the system 15 of the present invention upon the detection of either a positive or negative compliance result in application of one or more compliance rules 12 to entity data 9 contained within the system in respect of a subject entity 1.
  • the table structure of the rules database 20 there could either be a single table containing all of the necessary information in respect of all of the compliance rules 12 programmed into the system 15, or alternatively there may be separate tables containing information pertaining to different types or sets of compliance rules 12 related to different types or sets of internal or external governance controls applicable to one or more subject entities. Any type of a data structure accomplishing the objective of allowing for the storage of the necessary information to apply various compliance rules 12 to the entity data 9 in respect of one or more subject entities 1 of one or more legal types maintained by the system 15 of the present invention is contemplated within the scope hereof.
  • compliance rules 12 As has been outlined elsewhere herein it is contemplated that one major determining factor in the type or nature of compliance rules 12 applicable to a particular subject entity 1 is the legal entity structure of that entity 1. As such there would be different sets of compliance rules 12 applicable to co ⁇ orations as subject entities I versus partnerships or other structures. Shown in the Figure with respect to the rules database 20 there is one table shown at 2OA which contains compliance rules pertaining to corporations.
  • a partnership compliance rules table 2OB which could contain the necessary information to apply partnership specific entity related compliance rules 12 to a partnership subject entity I and its entity data 9, and that table 2OB could also contain the necessary trigger or action information to allow for the system 15 of the present invention to react to the application of various compliance rules 12 to the entity data 9 in respect of a subject entity 1 which was a partnership.
  • the corporation from one state or province may be subject to different governance controls and compliance rules 12 the corporation from another state or province. There may also be some overlap in some of the compliance rules 12 between adjacent or multiple jurisdictions along with rules 12 that are exclusively applicable to corporations resident in our doing business in those particular jurisdictions. It will be understood that the data structure of the rules database 20 can accommodate these different sets of compliance rules 12 in respect of particular entity types either by the addition of further tables to the database or alternatively by the addition of further identifying information to compliance rules 12 and their related action items stored within the rules database 20 so as to delineate for the sake of the system which compliance rules 12 are applicable to entities of which type and from which jurisdiction.
  • Tt is also contemplated that the system 15 and the rules database 20 could similarly accommodate variations in compliance rules 12 in respect to particular types of subject entities 1 based on other factors beyond the entity type or status, or the jurisdiction in question and that similarly any modifications to the scope of the data which would be contained in the rules database 20 in this respect and any necessary but obvious attendant modifications to the programming required to maintain or applied these different compliance rules 12 is all contemplated within the scope of the present invention as well.
  • Tn respect of the table of corporate compliance rules 2OA shown in the rules database 20 there are also demonstrated in the Figure to subordinate tables or data structures which include home jurisdiction corporate compliance rules, shown at 20AA, or extra jurisdictional compliance rules shown at 20AB.
  • these two additional sets of compliance rules 12 could be selectively applied to the entity data 9 in respect of certain subject entities I in respect of which it was determined that they would apply.
  • custom compliance rules table 2OC in the Figure.
  • Tt will be understood that the data structure demonstrated in Figure 5 is simply shown in a demonstrative fashion to outline one way that the data might be structured within a rules database 20 in accordance with the system and method of the present invention. It will be understood that any data structure in a rules database 20 which accomplishes the goal of allowing for the storage of pre-coded compliance rules 12 which can be determined to apply, and can be applied, to the entity data 9 in respect of one or more particular subject entities I to be maintained or monitored by the system 15 of the present invention is contemplated to be within the scope of the present invention.
  • Tt will be understood that the compliance rules 12 as codified in the rules database 20 in accordance with the present invention would simply need to have sufficient information stored in respect thereof to allow for the application of the particular compliance rule 12 in question to the entity data 9 stored ⁇ vith respect to a particular subject F&K 2210-O 5 -Ol
  • the compliance rule 12 might also then have action or trigger items associated there with, either stored in the rules database 20 or stored in a separate event triggers database or the like, which outlined actions or reporting to be triggered by the system 15 of the present invention upon the detection of certain results in the application of the compliance rule 12 to the entity data 9 in respect of a subject entity 1 to which that particular rule was applicable.
  • rules database 20 and the rules database maintenance component 21 might either be resident upon the server 17 of the web site system 15 the present invention, or alternatively might be resident upon another computer system which was accessible by the server 17.
  • rules database 20 and the entity database 18 could be combined into a single database or data structure rather than being resident in the server 17 as two separate databases potentially requiring more than one database maintenance component.
  • the integration of the rules database 20 and the entity database 18 into a single database or data structure would be easily adjusted or accomplished by one skilled in the art of database design, the combination of those two database functions into a single data structure is also contemplated to be within the scope of the present invention.
  • the rules database maintenance component 21 could either be a stand-alone software component or could form a part of a single larger software system 30 resident upon or accessible and executable by and upon the server 17.
  • the system of the present invention can operate in either a "passive” or in an "active” fashion with respect to the application of various compliance rules 12 to the entity data 9 with respect to a subject entity I .
  • What is generally speaking intended or contemplated in the system of the present invention where it is operating in a "passive” fashion is that the web site system 15 of the present invention would effectively apply various compliance rules 12 from the rules database 20 to the entity data 9 stored within the entity database 18 only upon triggering of the compliance assessment step by a user 8 interacting with the web site 15 of the present invention.
  • Figure 4 demonstrates one embodiment of the method wherein the system would operate in a "passive" fashion as outlined above.
  • Step A in Figure 4 is that a user 8 would log onto the system 15 of the present invention via their browser 14.
  • the next step which is shown at letter B in the Figure is an authentication step.
  • the authentication step would provide not only a security level with respect to maintaining the integrity and/or confidentiality of the entity data 9 contained within the system 15 but would also allow the user 82 by virtue of use of the proper login credentials to access the entity data 9 with respect to the proper subject entity 1 , since one user 8 might be responsible for or have access to the entity data 1 with respect to more than one subject entity.
  • the user 8 could either through the authentication process or in a subsequent step identify the subject entity 1 and/or related parties 2 F&K 2210-05-01
  • the compliance assessment step would involve assessing the compliance of the subject entity in question with each of the selected compliance rules which were active compliance rules , which had been selected to be applicable to the subject entity based on the entity data contained within the entity database and the selection parameters associated with that particular compliance rule in the rules database, and which were selected to be assessed during that particular iteration of the compliance assessment step either automatically or by the user.
  • Steps E and F If the system 15 were programmed to trigger any other predefined workflow steps beyond the reporting of the results of a compliance assessment to the user 8. that step could be inserted before the end of the process as well.
  • Every selected compliance rule which was applicable to a particular subject entity would be an active compliance rule every time the compliance assessments step of the method of the present invention was conducted, whereby every time that the compliance assessment step was initiated, every compliance rule which was a selected compliance rule in so far as it was selected based on F&K 2210-05-01
  • the entity data and the selection parameters associated with the compliance rules in question would be considered or assessed for compliance purposes every time that the compliance assessment step was conducted.
  • certain compliance rules only needed to be considered at that time, meaning that with respect to the particular iteration of the compliance assessment step in question the active compliance rules would represent only a subset of the selected compliance rules which themselves represent a subset of the total compliance rules contained within the rules database, and the compliance assessment step in that particular iteration would only assess the compliance of the subject entity with a smaller number of selected compliance rules, since in that circumstance the active compliance rules would represent less than the complete number of selected compliance rules.
  • a compliance agent software component or the like resident on the system 15 of the present invention which would on an ongoing basis either on a time based routine or alternatively based upon the detection of any changes in the entity data 9 stored within the system 15 of the present invention automatically conduct the compliance assessment step of the method of the present invention with respect to one or more particular subject entities in an automated or agent fashion.
  • a compliance agent software component or the like resident on the system 15 of the present invention which would on an ongoing basis either on a time based routine or alternatively based upon the detection of any changes in the entity data 9 stored within the system 15 of the present invention automatically conduct the compliance assessment step of the method of the present invention with respect to one or more particular subject entities in an automated or agent fashion.
  • Figure 5 demonstrates an active embodiment of the compliance assessment step of the method of the present invention.
  • the active method which is shown in Figure 5 does not rely on an operator initiation of the compliance assessment step. Rather there is shown at Step A in Figure 5 the automatic triggering of the compliance assessment step by a compliance software agent or the like which would be a part of the general software components 30 resident upon the server of the web site system 15 of the present invention. Tt is contemplated that what would be done in an automated or active embodiment such as this would be that a compliance software agent or other software component would trigger or perform the compliance assessment step of the method of the present invention with respect to a particular subject entity.
  • the compliance software agent or other software components responsible for the periodic review of compliance of the subject entity or entities 1 resident on or monitored by the system 15 of the present invention could be triggered in a number of different ways.
  • the system might for example be programmed to have such a compliance software agent component or the like conduct the compliance assessment step on a time determined basis. Tt may be determined that the system should execute the compliance assessment step on a daily basis, weekly basis or some other predetermined basis. It might also be the case in another embodiment that particular subject entities I could select a particular time frequency within which they would like the compliance assessment step to take place.
  • the compliance assessment step could be triggered upon the detection of the entry of a change or update to any of the entity data 9 with respect to a subject entity 1. It will be understood that any number of different types of trigger conditions could be conceived, and that all such modifications or F&K 2210-05-01
  • the comparison software agent could either in its detection of a triggering condition or event run the compliance assessment step in respect of all of the subject entities 1 contained within the entity database in a single pass, or alternatively the active model could engage in multiple schedules or multiple different types of trigger conditions or events could be used to trigger the compliance assessment step with respect to a particular subject entity 1 at separate times or in separate fashions rather than in one single pass. Both such approaches are contemplated within the scope of the present invention.
  • the present invention it is the intention of the present invention to offer effectively a governance compliance monitoring and enforcement web site system and method which by virtue of its ASP model will provide a cost-effective solution which can be used by enterprises of various types to enforce the compliance of their organizations or entities with various governance controls placed thereon either by internal or external means.
  • the system of the present invention is scaled to host and/or monitor entity data 9 with respect to a plurality of subject entities 1, rather than for only a single entity 1. It will be understood that the hosting of any number of subject entities 1 and the entity data 9 related to those entities I and their related parties 2 is contemplated within the scope of the present invention.
  • the subject entities 1 which would be monitored by the system of the present invention could be of numerous different legal entity structures or types.
  • the first data function which a user would encounter would be the set up of a new subject entity on the system.
  • a new user could effectively access a "self-service" governance monitoring and F&K 2210-O 5 -OI
  • enforcement system in accordance with the present invention and could set up the necessary records on the system of the present invention to allow for the monitoring of a subject entity 1 on behalf of that user.
  • FIG. 6 there is shown a flow chart which demonstrates one embodiment of a data entry process via the system of the present invention, related to die setup of a new subject entity 1 for monitoring by the system 15 of the present invention.
  • the first step in the process A would be the accessing of the web site 15 by a user 8 via their browser 14, and upon the selection of the appropriate link or content in the web site 15 via the browser 14 the user 8 would be directed to a web form or web application through which the necessary information for the creation of a new subject entity 1 on the system of the present invention would be presented to the user 8 for them to fill in or complete.
  • Entry of the initial entity data 9 with respect to a new subject entity 1 is shown at Step B in-the Figure.
  • the web form or web application which might be presented to the user 8 to create a new subject entity 1 on the system 15 of the present invention might in fact consist of more than one form or page, since the first form or page presented to the user 8 might capture basic information related to the subject entity I itself, and then there may be following forms or pages which need to be filled in based upon the testing of the type of information provided by the user 8 in that first basic form with respect to the subject entity 1.
  • the system 15 may present different screens to the user for the entry of different required entity data 9 related to a corporation, than if the entity 1 in question was a partnership, joint venture, proprietorship or a business venture of some other particular legal structure.
  • Step B The filling in of the basic entity data 9 with respect to the entity 1 in question is shown at Step B in the flow chart of Figure 8.
  • Step C a data validation or error checking step, shown at Step C. with a view to verifying the integrity of the data against previous contents of the entity database 18, as well as to ensure that the entity data 9 F&K 2210-05-01
  • One of the flexibilities of the system of the present invention is that the system could, by the proper coding of various internal or external governance control regimes into the rules database 20. accommodate the proper data entry and capture as well as the proper governance monitoring of various types of entities in a single database application by virtue of the multiple entity design which is contemplated for the database in question. Specifically, whether it be different rule sets or control regimes which were stipulated by the legal structure of a subject entity 1. the jurisdiction of operation of a subject entity 1. or any number of different general classifications of subject entities 1. all of these different regimes could be programmed into the rules database 20 so that a single system could be used to monitor the compliance of the data in respect of various subject entities I regardless of their qualification under these categories.
  • this decision block shows that in the case of a corporation as the subject entity 1, additional entity data 9 could be collected in respect of shareholders, directors and officers of the corporation, versus if the subject entity I was a partnership or if the subject entity I was some other type of a business structure there might be other types of information which needed to be collected.
  • the types of information which are demonstrated in this Figure with respect to each different entity type are simply intended to be demonstrative of the type of a process which could be applied by the system of the present F&K 2210-O 5 -Ol
  • Step K in the Figure is the validation or error checking of any additional entity data 9 which has been captured with respect to the subject entity 1. That step also shows the writeback of that information to the entity database 18 once it s has been validated.
  • Step L the software components 30 within the system of the present invention could determine whether or not any additional entity data 9 was required to be entered by the user 8 to complete the setup of the subject entity I . For example, it might be determined that in respect of o a particular type of subject entity I in respect of which certain information had been entered by the user 8, that additional information was required in order to properly monitor the relationship between that entity 1 and another entity 1. Once it was determined that all of the necessary entity data 9 with respect to the new subject entity 1 had been entered, the data setup routine could be closed, as shown at Step M in the Figure.
  • the workflow shown in this Figure is only s demonstrative of one process by which a user 8 of the system 15 in accordance with the present invention could enter the necessary set up information and entity data with respect to a new subject entity 1 which it was desired to begin to monitor in accordance with the compliance monitoring system of the present invention.
  • One variation which is foreseen is that while the Figure shows a couple of separate data entry and database write steps, it will also be understood o that the software application or components used to capture all of the necessary entity data 9 with respect to a new subject entity 1 could capture all of the potential entity data 9 in advance of writing any of that information to the entity database 18.
  • the system of the present invention could trigger the rules elections step of the method whereby the o new entity data would be compared to the rules database to identify applicable or selected compliance rules. Following the completion of such a rule selection step either during or F&K 2210-O 5 -Ol
  • the system might also trigger a partial or complete compliance assessment step to review whether or not the entity data with respect to the subject entity in question was in compliance with the applicable compliance rules.
  • One of the key aspects of the system of the present invention would be the automation of the rule selection step wherein the compliance rules which applied to a particular subject entity are selected based upon the comparison of one or more selection parameters with respect to each compliance rules stored within the rule database against entity data pertaining to the subject entity in question from the entity database.
  • multiple layers or sets of compliance rules 12 may apply to different subject entities 1.
  • a particular set of corporate legislative compliance rules 12 from the rules database 20 were selected based upon the jurisdiction of incorporation of the subject entity 1 , but it may also be the case that the particular corporation in question was a reporting issuer under securities legislation in one or more jurisdictions and that on that basis additional sets of securities compliance rules 12 which were preprogrammed in the rules database 20 would also be selected for application to the subject entity 1.
  • This example is intended to demonstrate that individual compliance rules 12 or multiple compliance rules 12 in sets which were preprogrammed in the rules database 20 could be applied in aggregate to a subject entity 1.
  • Individual compliance rules may be parsed to a very basic level so that they effectively each comprised very simple and straightforward formulas or binary tests which could be applied to entity data 9 contained within the entity database 18.
  • the aggregation of multiple compliance rules 12 on this basis into sets would allow for the system to, either automatically or with user assistance,identify selected compliance rules 12 from the rules database 20 based upon a lesser number of data validation or verification tests being conducted on the entity data 9 contained in F&K 2210-05-01
  • the system might initially determine that a set of legislative corporate governance compliance rules 12 related to the jurisdiction of incorporation of the subject entity 1 for the province of Saskatchewan were applicable, and that there were sets of compliance rules s 12 in relation to both the provinces of Ontario and British Columbia related to corporations or other entities which were extra-provincially created but carried on business in those provinces which also needed to be applied to the particular subject entity 1 in question and the entity data 9 associated therewith in the entity database.
  • the system could automatically deselect the extra-provincial governance controls in respect of the province of British Columbia as well as at the same time adding the compliance rules 12 associated with the governance controls with respect to the province of Quebec to the aggregate of compliance rules 12 from the rules database 20 which needed to be applied in 5 respect of the particular subject entity I and monitored by the system 15 of the present invention.
  • the ability of the system and method of the present invention to automatically determine the applicability or inapplicability, as the case may be, of particular governance controls to a subject entity, and by extension thereof to determine the applicability or inapplicability of certain o compliance rules 12 stored within the compliance rules database 20. depends upon the proper selection of selection parameters which can result in the application or removal from F&K 2210-O 5 -Ol
  • One of the major benefits of the system and method of the present invention is that in addition to providing a means to actively monitor the compliance of a subject entity 1 with various internal or externally imposed governance controls, the system and method of the present invention will also allow on an ongoing basis for the creation of an up-to-date data repository of constitutional or governance related information with respect to the subject entity 1 which can act as a record for use by interested parties and/or for use by the entity itself in various functions or purposes.
  • FIG. 7 there is shown a flow chart of one embodiment of a data entry transaction in accordance with the system of the present invention, whereby a user 8 could enter new or updated entity data 9 with respect to an existing subject entity 1 already set up in the system.
  • the method shown in the Figure is a method which would be understood to one skilled in the art of database design or web site design whereby data resident in a database, in this case entity data 9 resident within an entity database 18, could be updated by a user 8 via a web site 15 and a user browser 14. Updating database contents via a browser interface in a client server environment will be understood to all skilled in the art.
  • the first step in the data flow demonstrated in Figure 7, shown at Step A. is the logon of the user 8 to the web site 15. Tn logging on to the web site 15. the user 8 would provide the necessary security credentials or otherwise to be authenticated or identified to the system 15 of the present invention, shown at F&K 2210-O 5 -Ol
  • Step B The logon credentials provided by the user 8 might automatically identify to the system 15 the subject entity 1 in respect of which the user 8 was authorized or wished to edit the entity data 9 on the system of the present invention, or alternatively if the user 8 was registered on the system 15 to access the entity data 9 for more than one entity 1.
  • a menu might be presented to the user 8 via the web site system 15, and through which the user 8 could specify the subject entity 1 in respect of which it was desired to either edit or upload additional entity data 9 to the entity database 18.
  • the user 8 would identify the desired subject entity I in respect of which it was desired to enter updates to the entity database 18, shown at Step C.
  • Step D Shown at Step D is the entry of the updates to the entity data 9 in question.
  • the web site system 15 of the present invention would serve the necessary data entry forms or the like to the browser 14 of the user 8, by which the user 8 could enter or edit the entity data 9 in question.
  • the system 15 could either loop back to seek alternate update information if the validation or error checking step failed, but if the information which had been provided by the user 8 passed any validation tests which it was subjected to it could be then written to the entity database 18, shown at Step F.
  • Step G is the triggering of the compliance workflow step by the system 15 based upon the recordal or posting of an update to the entity data 9 in respect of a particular subject entity 1 in the entity database 18.
  • the system could be programmed to automatically conduct a new compliance review upon the detection or completion of the writing of an entity data 9 update to the entity database 18.
  • the rule selection step might also be triggered by the writing of an entity data 9 update to the entity database 18.
  • the triggering of a rules selection step or a compliance assessment step based on the detection of data updates is an optional step, and the compliance assessment could also take place at a later time either in a periodic scheduled automatic review or alternatively in a triggered review which was triggered based upon a manual input from the user 8 of the system 15.
  • the ability of the system of the present invention to validate entity data 9 which is entered into the system for storage in the entity database 18 is key.
  • the system of the present invention can maximize the accuracy of the types of compliance rules from the compliance rules database 20 which were applied to the particular subject entity I in question.
  • the accuracy of the data would be essential.
  • Error checking or validation of entity data 9 or entity data updates could take many different forms and could be conducted to many different thresholds. Data validation techniques will be understood by those skilled in the art of computer programming and database design.
  • the inclusion of a rigid security model in the system 15 of the present invention will enhance its value and utility. For example, even from a workflow point of view, the system 15 could be set up so that only particular users 8 had data editing or entry privileges with respect to a particular subject entity 1. and that other users 8 were potentially allowed to view data with respect to that subject entity I but not allowed to make any changes.
  • One of the benefits of the system of the present invention is the ability to in certain implementations of the system capture a complete audit trail with respect to changes which have been made to the data over time. It may be desired for example to have a system which will capture the identity and details of individuals who may have updated or changed certain records in the system at certain periods in time. Implementation of an audit trail component to the database system of the present invention would be easily conceived by one skilled in the art and is intended to be contemplated within the scope of the present invention. And may also be desirable in certain circumstances to have a historical audit trail outlining the compliance results determined by the system with respect to one or more subject entities from time to time, over time.
  • Another aspect of the web site system 15 of the present invention which is foreseen to offer functional advantages to the users of the system 15 of the present invention would be the ability of the system 15 to automatically create certain entity data 9 in the entity database 18 based upon either the compliance rules 12 contained in the rules database 20 and/or the entity data 9 already contained within the entity database 18. Effectively it would be possible to program the system 15 of the present invention to automatically create certain updates or new entity data 9 for storage to the entity database 18 in respect of particular subject entities 1 on a periodic basis or as needed. For example, there may be certain types of entity data 9 which need to be maintained in the entity database 18 primarily tor the sake of recordkeeping.
  • the system could either be programmed to automatically recalculate this information for storage as either modified entity data 9 or new entity data 9 for storage to the entity database 18 in respect to one or more subject entities 1 or their related parties 2.
  • the far reach of the ability of the system 15 to calculate on an ongoing basis or as needed new entity data 9 in an unsupervised fashion for storage to the entity database 18 or for use by other aspects of the system 15 of the present invention will be understood by one viewing the overall functionality of the system, and there are various methods of implementing such a function.
  • a user 8 could log on to the web site 15 via their browser 14 and, provided that they had the appropriate security credentials, access a reporting menu from which they could select from preprogrammed report formats, queries or also specify ad hoc reporting if they wished to do so.
  • the user 8 could logon to the system and in respect of a subject o entity I extract a ⁇ eport with all the details of all the shareholders of the corporation, where the subject entity 1 was a corporation.
  • a report could be extracted which detailed the dates and details of the filings of the last 10 securities documents or regulatory filings with respect to a particular set of compliance rules applicable to that subject entity 1 from the rules database 20.
  • the parameters and details of the reports and the components necessary to extract and formulate reports for serving to users 8 through their browsers 14 could be a part of the general software components resident on the server 17, or alternatively it may be the case that there was a separate reporting engine or the like used. In either case, once the user had selected a report which they wished to view and that selection had been transmitted or communicated back to the server 17 o from the browser 14 of the user 8, the software components in the server 17 could action the creation of the necessary report for serving back to the browser 14 of the user 8.
  • a reporting step such as this would consist of querying the required data from the entity database 18 and/or the rules database 20 as might be appropriate and applying a report format to the extracted data contained in the query.
  • the reports in question could either be preprogrammed onto the system of the present invention 0 so that the software components 30 resident on the server 17 would know what to do to extract and formulate those reports for serving back to the browser 14 of the user 8. or it will also be F&K 2210-05-01
  • an ad hoc query and reporting interface could be provided whereby a user could on an ad hoc basis specify with more detail the nature and format of the data which they wished to extract from the entity database 18 and/or how they wished to have it displayed.
  • the system and method of the present invention can assist an organization or entity in maintaining the compliance of themselves or their entity with various internal or external governance controls by automatically triggering or forcing the occurrence of certain workflows or events upon the detection of certain conditions in the data maintained in the entity database with respect to that individual or the related entity.
  • the software components 30 on the server 17 would be capable of executing the compliance assessment step of the method with respect to at least one selected rule applicable to at least one subject entity either on demand or in an automated fashion, as has been outlined above. It is also contemplated that the compliance rules 12 themselves as stored in the rules database 20 would each include information regarding at least one predefined workflow step to be carried out upon the detection of either the completion or compliance of a subject entity 1 with a particular compliance rule.
  • a compliance monitoring agent software component has been discussed elsewhere in further detail above. Effectively it is contemplated that the system and method of the present invention could include some type of a software agent which could on some periodic or other trigger basis conduct the compliance assessment step of the method of the present invention in respect of one or more subject entities 1 and one or more selected compliance rules. Tn the
  • a compliance agent software component might not only conduct or trigger the compliance assessment step of the method of the invention, but that compliance agent software component might also be programmed to trigger any number of different types of other actions of which the system 15 might be capable including the generation of reports, sending of alerts or any other actions for which the system in question may be enabled.
  • the "active" versions of the method would automatically on some kind of a periodic or other trigger basis detect the arrival of a condition or state at which time a compliance assessment step in respect of a particular subject entity 1 with respect to at least one selected compliance rule applicable to that entity should be conducted.
  • the software of the system 15 of the present invention might include other workflow automation components which would, based upon entity data 9 contained within the system 15, actively conduct certain corporate governance tasks on behalf of the subject entity I in question.
  • the system 15 might identify certain future events which were required to take place based upon the nature or state of the entity data 9 with respect to a particular subject entity I stored within the entity database 18.
  • Actions to be taken as well as conditions within which those actions would be triggered, in respect of a particular type of a compliance rule or governance control, could all be programmed into the rules database 20 is further compliance rules 12.
  • the workflow aspect of the system including details of the types of conditions which would trigger certain workflow steps as well as the details of those workflow steps and cells might also be stored in a separate data structure apart from the rules database 20. Again such matters of database design are all contemplated within the scope of the present invention.
  • Certain compliance rules 12 stored within the rules database 20 might consist of certain timelines or fixed dates at which certain actions needed to be taken by a particular type of subject entity 1.
  • the system could either on a date specific or time specific basis monitor the entity data 9 in respect of that subject entity 1 to ascertain whether or not certain actions had been taken within an appropriate timeframe, or could also in a more extensive implementation based upon dates calculated by the system of the present invention actually trigger various workflows in respect of a subject entity including reminders of compliance deadlines or even triggering certain computer-based tasks to be undertaken at appropriate times.
  • That calendaring component might be a part of one of the other software components discussed elsewhere herein or might be a calendar specific condition monitoring engine or the like which could monitor on a date and time basis the present date and time against all of the outstanding upcoming deadlines in respect of one or more subject entities I hosted by or monitored by the system 15 of the present invention.
  • the various calendar dates or deadlines in this type of an embodiment could either be calculated on an active and ongoing basis based upon the compliance rules 12 from the rules database 20, or the structure of the databases within the system 15 of the present invention could be modified to add a specific table or structure within which upcoming deadlines could be maintained with respect to the subject entities monitored by the system of the present invention and the calendar agent or components would then simply need to monitor a specific table in the database for upcoming deadlines and trigger the appropriate actions based thereon.
  • compliance rule 12 Another type of compliance rule 12 which could be programmed into the rules database 20 and potentially monitored or enforced by the system 15 of the present invention would be a compliance rule or rules 12 related to the routing of corporate or entity data 9 to various parties requiring or entitled to receive such information. For example, where certain types of information or documents were loaded into the system 15 of the present invention as entity data 9 it may be the case that was information to which members of the board of directors of a subject entity 1 were entitled or were required to have and review in advance of a scheduled board of directors meeting.
  • the system could not only be programmed to remind the user or users 8 responsible for creating or uploading that information 9 to the database 18 in the first place, and continue to monitor the submission of that information in a timely fashion, or in advance of a deadline but also then upon the expiry of that deadline or upon receipt of the information which was required to be distributed, send around a notification or otherwise forward copies of that information or data 9 to the individuals in question.
  • the ability to automatically forward and circulate this information using the system 15 of the present invention in fact helps the subject entity 1 to gain or maintain compliance with the various governance controls applicable thereto, beyond just reporting the status or compliance of the entity 1 with the controls or compliance rules 12 in question.
  • the system 15 of the present invention could also be modified to provide effectively a corporate management dashboard or workspace within the web site 15 of the present invention, whereby a user 8 could access via their browser 14 all of the entity data 9 to which that particular individual is entitled with respect to one or more subject entities 1 or the related parties 2 thereto.
  • This type of a management dashboard or workspace could also include a work area within which users 8 could upload or download or view documents or other information contained within the entity database 18 or elsewhere in the content store of the system 15 related to the subject entity 1 in question.
  • the system could provide a document workspace in respect to the subject entity 1 being maintained by the system which would allow for users 8 to upload financial reports or other documents for secure access by entitled users 8.
  • Access permissions could be determined by a class based permission propagation method whereby based upon the attributes assigned to a particular user 8 the appropriate security permissions or security level could be established — i.e. a shareholder of a company could be set by default to access certain areas of the system 15 with respect to the subject entity I in question whereas a member of the board of directors of the subject entity I might have a different security level attached thereto entitling them to further or different information and access privileges to the work area and other aspects of the system of the present invention 15.
  • a permission propagation method which was conducted automatically based upon different attributes assigned to users 8. it would also be possible to provide a specific user interface by which an administrative user 8 with respect to subject entity 1 could set up or adjust the access permissions of different users 8 with respect to the entity data 9 of a particular subject entity I or its related parties 2.
  • system 15 could automatically generate certain reports and potential even file them with the necessary external authorities when it was determined to be required to do so based upon either a compliance result yielded from an iteration of the compliance assessment step of the method in respect of a particular selected rule pertaining to a subject entity. If it was determined for example that, based upon the entry of some new entity data 9 into the system 15.
  • the remainder of the software of the system of the present invention could be programmed to automatically generate a document for signature and manual filing by the appropriate individual associated with the entity 1 in question, or alternatively the system 15 could also be capable of electronically filing that information with the necessary authorities, without requiring any intervention all by the user. Either such approach is contemplated within the scope of the present invention,
  • Another major benefit which is foreseen in the system of the present invention is the fact that the users 8 of the system 15 will always have access to the most up-to-date programming of compliance rules 12, within the rules database 20, without the need to perform those updates or programming adjustments on their own, since the ASP provider of the system of the present invention would keep the rules database up-to-date with respect to at the very least the preset compliance rules programmed in the rules database.
  • the programming of the compliance rules pertaining to those particular governance controls F&K 2210-05-01
  • the up-to-date versions of the compliance rules could be adjusted, and subsequently during another rule selection step or compliance assessment step the up-to-date versions of the compliance rules, reflecting the up-to-date versions of the governance controls in question as well as the up-to-date parameters and action steps associated there with, would be used by the system. It would also be possible to program the system so as to provide the ability for historical or backdated compliance rules 12 to be applied in certain circumstances where that might be deemed appropriate either by the user or users 8, the operator of the system 15 or the purveyors or providers of various governance controls.
  • system and method of the present invention could also assemble a historical record that, in the proper circumstances where data integrity and security was maintained, could be used for enforcement purposes by government or other related parties or authorities.
  • Another aspect of the system and method of the present invention is the ability of the user of this system or method to automatically produce a compliance score or a compliance scorecard for a particular subject entity. It may be the case that in terms of overall comparison of information with respect to various subject entities it was desired to come up with some kind of a formula which would allow for the objective comparison of the compliance or performance of various subject entities with the compliance rules applicable to them.
  • a compliance scoring step could be added to the method of the present invention whereby a preset scoring formula would be applied to the entity data and compliance rules applicable to various subject entities or a single
  • Tt will be understood that in certain cases there may be an independent third-party scoring formula which would be desired to be codified in used for the sake of providing rankings of subject entities who were subscribing to the system of the present invention in accordance with an openly accepted and independently administered or created compliance scoring formula, or it may also be the case that the provider of the system or method of the present invention could design their own ranking or scoring formula to provide a compliance score to various subject entities at all such formulas or approaches to the rendering of a compliance score in respect of the subject entity who has entity data stored within the entity database of the present invention are contemplated within the scope hereof.
  • One of the major benefits to a system such as that offered by the present invention is the autonomous or independent nature of the system insofar as it is offered potentially by a third party information provider rather than being hosted internally by a particular corporation or entity.
  • the parties related to corporations such as banks, financial institutions, governments or other authorities may find the necessary comfort in the integrity of the system to accept the results and data maintained by the o system and/or to provide a means by which there could be a relatively rapid market spreader acceptance of the use of a corporate governance monitoring tools such as this threw out smaller to medium-sized enterprises who otherwise could not afford to make the necessary investment to properly capture and maintain this information.

Abstract

A method of assisting in compliance by entities with various governance requirements using an independent third party information system. Entity data with respect to entities is entered for storage in a entity database in a computer memory. A rules database contains compliance rules codifying the internal or external governance controls applicable to the entity in question and predefined workflow events will be triggered, including the creation of alerts or information to users or subscribers of the system or the conduct of other specific tasks, based on the comparison of specific entity data uploaded to the entity database to the compliance rules and associated governance controls determined to apply to the entity in question. The independent nature of the system provides a level of comfort for parties relying on the data contained within the entity database. Apparatus and software for implementation is also disclosed.

Description

Method and Apparatus for Monitoring Corporate Governance Compliance
Jofre et al.
This invention is in the field of business information systems, and more particularly deals with systems and methods for the monitoring and enforcement of corporate governance rules and guidelines.
Background:
Ensuring the governance compliance of various corporate or nonprofit entities with respect to various legislation or other rules or regulations imposed upon them either internally or externally is an issue of present concern. As a result of several high-profile cases in which various entities have been found to have not complied with legislative, financial or other controls imposed upon them, statutes or regulations have been strengthened and are potentially being more uniformly enforced, adding a further layer of complexity and urgency to compliance for remaining companies or organizations.
With corporate governance and corporate governance compliance having become an issue of such major concern, one of the present primary environmental objectives is to be able to economically or efficiently monitor the affairs of a company or other entity to ensure that that entity along with any related parties to that entity are in compliance with any various governance controls which are applicable to their activities. It is essential for a company or other organization to be able to ensure that the organization on an ongoing basis complies with all of the necessary governance controls or requirements imposed upon them either externally by legislative frameworks or other regulatory authorities, or even internally by virtue of certain restrictions or controls placed upon the operations or business of the organization.
As the lines of business or activities of the organization change, the applicable controls or governance restrictions may also change. For example, the expansion of a business into another F&K 2210-05-01
geographical jurisdiction potential imposes another layer of corporate governance controls required by the local legislation in that jurisdiction to the activities of a company, and similarly the withdrawal of an organization from doing business in a particular jurisdiction may release that organization from the requirement to comply with controls applicable to that jurisdiction.
Beyond legislative controls, one area in which a significant degree of time and effort needs to be expanded in order to ensure the good health and legitimacy of the business affairs of the organization is in the area of capital, finance or banking. In the case of publicly traded companies, stock exchanges or regulator)' authorities in charge of the trading of the equities and that particular organization may impose certain specific reporting requirements or governance controls upon the organization. Tn the case of a closely held corporation or some other entity which was participating in any type of a credit arrangement with a bank or other financial institution, the financial institution may require the compliance of the organization with certain specific controls as well. Some of these controls may be pre-imposed by legislation, but some of the controls which a financial institution, stock exchange or other financial partner or related party might be interested in ensuring were complied with could be items which were peculiar to their own circumstances and which were not imposed by any particular legislation ~ and as such they might constitute a separate layer of controls or requirements in addition to the legislative requirements to which the organization might already be subject. For example, financial institutions are lenders may make lending arrangements which provide credit facilities to an organization on the basis of certain requirements being met either in terms of the makeup of the board of directors of a company for example, the number of directors or makeup of the audit committee of the organization, or even more specific capitalization requirements and the like.
It is even foreseeable that an external requirements of a corporation or business entity might include rules or conditions imposed upon the organization by customers or other related parties to the organization. The monitoring of such external compliance is a difficult job, requiring systems and administrative infrastructure beyond the ability of most small to medium-sized organizations. F&K 2210-O5-Ol
Similar to external controls, there are a number of internal controls which might also be imposed upon the activities our constitution of an organization. In a nonprofit context, a charitable organization may have an internal guideline or desire to always have individuals with particular professional backgrounds on their board of directors. Making sure that the makeup of the board of directors of that organization was monitored on an ongoing basis to ensure that this requirement was respected is one example of very simple internal governance control which could be set by an entity or organization. All manner of different kinds of internal governance controls which could be imposed upon an organization can be contemplated — internal governance controls might be imposed by the board of directors upon the entity, or by shareholders upon directors, or any number of different types of rules or controls could be placed or imposed upon different parties related to the business or conduct of a particular corporation, entity or other organization.
Monitoring the compliance of a business organization with legislative or other business controls has become even more difficult in the past number of years given the proliferation of a large number of complex business structures. While the governance problems which have arisen in the public eye have not typically been related to small or medium-sized businesses, but rather had been on a larger scale, the trickle down effect of the focus in the public on governance issues requires that small to medium-sized businesses also now be in a position to potentially monitor or ensure their compliance with various internal or external corporate governance controls.
Most at risk in the failure of the small to medium-sized enterprise and other similar entities to comply with various legislative or other governance controls or requirements are the shareholders, directors or other stakeholders related to those organizations. For example, shareholders and a closely held corporation may not at the present time have the same level of comfort that governance controls are being either imposed or monitored and enforced in their particular companies as shareholders are investors in larger publicly traded companies who have taken steps to install or design internal systems which could be used to monitor certain types of governance compliance information. Any type of a system which would provide the monitoring or enforcement of various corporate governance controls or requirements, which could effectively or potentially be used in an economically and resource efficient fashion by small to F&K 2210-05-01
medium-sized enterprises would benefit the shareholders and other stakeholders associated with those entities.
External advisors such as auditors and lawyers can also benefit from an additional level of comfort regarding the observance of governance controls or conditions by various entities. To the extent that the system was available which would allow those external advisors to streamline the process of monitoring for the sake of their own satisfaction the compliance of their clients with various controls, the obvious attraction to this type of system can be seen. Similarly, increasing risk exposure have led to the desired by individuals acting as directors either in a profit or nonprofit context, to be fully aware of the past records, history and activities of an entity before becoming involved, and that an ongoing basis to be able to have some level of comfort that the requirements imposed upon the entity which they are associated with are being followed our complied with. As such the production of a method or system in which corporate governance compliance could be monitored for the safety and comfort of the individuals involved in directorship positions with these entities would also provide a benefit justifying or legitimizing the development of some type of a governance compliance system which could be used economically in a small to medium-sized enterprise. Similarly in the nonprofit context, one of the major stakeholders who would also be interested in such a system would be external funding agencies. Many charitable organizations rely primarily upon external funding, and are primarily staffed or directed by volunteers who may or may not have the best record-keeping practices or experience. Tt would obviously be a benefit to the funding agencies in question to the extent that they are largely involved with the funding of these entities on an ongoing basis, to monitor the compliance of these organizations with various governance controls or requirements, or even to be able to impose additional types of governance controls or conditions upon an entity in exchange for providing funding for certain projects or objectives.
There are purpose built computer software and programs in the marketplace that can be used, typically by larger entities, to monitor and retain various information used in corporate governance activities or contexts. However, the systems are too large and too expensive for the small to medium-sized enterprise to employ, and require significant administrative and systems overhead and infrastructure to be in place and to be maintained, which may be beyond the F&K 2210-05-01
resources or capabilities of such a small to medium-sized enterprise. Tn addition to the fact that these existing systems are cumbersome and cost prohibitive to smaller enterprises, the majority of the products in the marketplace at the present time do not provide much beyond a computerized minute book solution or the like, wherein die act primarily as a data repository. There are no systems in the marketplace at the present time which actually can be used to apply and enforce a corporate governance workflow model against the activities of a particular organization or its related parties.
The major issue in the prior art which is seen as a problem which needs to be addressed in the commercial market at the present time as the need to provide a corporate governance monitoring and compliance solution which small to medium-sized entities could use cost effectively to monitor the compliance of their organizations, shareholders, directors or other related parties with any type of an external or internal governance control or requirements imposed upon them. The system which would provide for the efficient administration and tracking of such information, as well as the positive application of workflow to such governance compliance activities, without the imposition of significant administrative or systems overhead would be beneficial in the marketplace particularly to small and medium-sized entities.
Summary of the invention:
It is the object of the present invention to provide a business information system for the monitoring and enforcement of corporate governance controls or requirements in respect of various business entities or parties associated therewith, that overcomes problems in the prior art.
It is the further object of the present invention to provide a website system which can be used to monitor and enforce corporate governance compliance in respect of various entities and related parties by allowing users of the system to enter various information with respect to the entity or related parties in question into the website system, and the website system of the present invention would monitor the contents of that information to ensure that various internal or external governance requirements or conditions were being met. F&K 2210-05-01
Tt is the further object of the present invention to provide an ASP website system for the monitoring of compliance of various entities are related parties with internal or external governance controls which could, based upon the contents of the information in the system with respect to a particular entity or related party, trigger various procedural steps on behalf of or with respect to the entity or the individuals in question.
The invention, a method of enforcing corporate governance compliance by entities who are subject to various governance controls accomplishes its objectives using a computer system containing an entity database in which entity data pertaining to at least one subject entity can be stored, and a rules database within which are stored a plurality of preset compliance rules. The compliance rules are effectively the template governance controls which will be applied to the entity data in respect to particular subject entities to determine compliance. Each compliance rule saved in the rules database will include a number of parameters or items, including at least one selection parameter which is used to determine, based on interaction with our application to entity data from the entity database in respect of the subject entity, whether or not the particular governance control and compliance rule in question applies to that particular subject entity. Secondly in addition to at least one selection parameter each compliance rule within the rules database will also include at least one compliance parameter which is another formula or function which can be applied to entity data within the entity database to determine whether or not a particular subject entity to which it has been determined that the compliance rule in question should be applied is compliant with the governance control being tested by that particular compliance rule. Finally, each compliance rule will have saved in association therewith at least one predefined workflow step — basically the compliance rule will have saved with it in the rules database the action to be implemented by the system of the present invention dependent upon the compliance result which is determined from time to time of the particular subject entity with the compliance rule and governance control in question.
The actual method of the present invention comprises two steps to be periodically and potentially independently executed. The first step in the method of the present invention is a rules selection step, whereby with respect to a particular subject entity it is determined which of the compliance F&K 2210-05-01
rules stored within the rules database apply to the subject entity in question. The rules selection step, upon initiation, will compare the entity data with respect to the subject entity in question to the selection parameters for each compliance rule in the rules database and determine on that basis which compliance rules are applicable to the subject entity in question. The compliance rules which are identified to apply are the selected compliance rules.
The second step in the method and the most important step in terms of enforcing compliance an ongoing basis is the compliance assessments step. In a compliance assessment step of the method, the entity data with respect to the subject entity in question is compared to the compliance parameters for at least one of the select the compliance rules which have been previously determined to apply to the subject entity in question. By comparing the entity data in the entity database with respect to the particular subject entity to the compliance parameter or parameters stored in Association with the compliance rule in the rules database, a compliance result can be determined which basically as an indicator of whether or not there is compliance by the particular subject entity with the compliance rule in question. The final aspect of the compliance assessments step is that with respect to each compliance result reached or determined, there will be at least one predefined workflow step associated with the compliance rule in question stored within the rules database and the computer system which is used to implement the method of the present invention will initiate those at least one predefined workflow steps as a result of the reaching of a compliance result with respect to a particular subject entity and a particular compliance rule at a particular period of time.
Another aspect of the method of the present invention is to allow for a user of the computer system mentioned in the remainder of the method to provide or enter updated or new entity data into the entity database with respect to a new or existing subject entity. It is specifically contemplated that the computer system which will be used to implement the system of the present invention will be a website system, and users will communicate with that website system via a user computer terminal or browser.
In terms of the timing of the two steps of the method, the rules selection step of the method wherein the applicability of certain compliance rules from the rules database to a subject entity F&K 2210-05-01
might be conducted during the compliance assessment step, which would imply that the rules selection step was repeatedly applied or conducted which would result in by virtue of its continual operation the most up-to-date assessment of which compliance rules were applicable to a subject entity by virtue of the continued execution of this step of the method. Alternatively, the rules selection step might only be conducted or initiated by a manual trigger or by a trigger from the remainder of the software operative on the computer system of the method. The rules selection step might also be executed on a periodic frequency, or at any time that changes to the contents of either the entity database for the rules database are detected.
Many different types of predefined workflow steps can be contemplated which could be programmed into the rules database to dictate the behavior of the system of the present invention upon the detection or determination of a particular compliance result with respect to a particular subject entity and a particular compliance rule. Without limiting the generality of the foregoing, the list of predefined workflow steps which could be triggered upon detection of a certain compliance result might include taking no action, notifying the user of the system of the compliance result, notifying someone other than the user of the system of the compliance result, generation of one or more documents, revising the entity data in the entity database with respect to the subject entity in question, forwarding entity data or other information to the user of the system, forwarding entity data or other information to someone other than the user of the system, or initiating the submission of an external information requirement to a third party. Tt will be understood by those skilled in the art that there are any number of different additional predefined workflow steps which could be contemplated and which are understood to be within the scope of the present invention.
The compliance assessment step of the method of the present invention, wherein the actual comparison of entity data pertaining to a subject entity is compared to the compliance parameters for at least one selected compliance rule from the rules database could again be triggered in any number of ways. The compliance assessment step might in some fashion be manually triggered by a user of the computer system of the method, the compliance assessments step might be triggered on a periodic or predetermined time basis, or the compliance assessments step might also be triggered based upon the detection of some particular state or condition within either the F&K 2210-O5-Ol
entity database for the rules database including potentially upon the detection of any change in either the entity database or the rules database.
In addition to providing preset or predetermined compliance rules programmed in the rules database, the website system of some embodiments of the method of the present invention might allow for a user to customize certain aspects of pre-existing compliance rules for application to a particular subject entity, or the system might also allow for a user to program their own compliance rules with respect to a particular subject entity which were not in anyway based upon any of the preset compliance rules previously programmed into the rules database. One ofthe primary strengths ofthe system ofthe present invention is that the most up-to-date versions of all ofthe governance controls applicable to various subject entities will always be used across all of the subject entities who are subscribers to the system simply by virtue ofthe vendor or operator ofthe system programming any changes to governance controls or their related parameters or workflow requirements into the rules database, and then potentially upon the next application of the compliance rules to the entity data with respect to a particular subject entity the most up-to- date versions of any governance controls and codified compliance rules will be applied.
During the compliance assessments step with respect to a particular subject entity, it may be the case that all ofthe selected compliance rules applicable to that subject entity were considered or assessed for compliance, or it may also be the case in certain circumstances that a compliance assessment step might be conducted with respect to only one, or less than all, ofthe selected compliance rules applicable to that subject entity.
Some ofthe compliance rules contained within the rules database might relate to timelines pertaining to the completion of a scheduled governance activity, and at least one predefined workflow step associated with that compliance rule is a notification to an appropriate party ofthe status of completion of that scheduled governance activity on behalf of a subject entity to whom that compliance rule has been determined to apply. Where the compliance rule is a scheduling rule of this fashion, the execution ofthe predefined workflow step or steps with respect to the compliance result thereof might include the initiation of at least one computer aided task by the computer system in support ofthe completion ofthe scheduled governance activity, in addition F&K 2210-O5-Ol
to party notification, upon determination of a compliance result indicating that the timeline for said scheduled governance activity has not yet been met.
One of the key elements of the utility of the method and system of the present invention will be the keeping of an audit trail on the system which will not only keep on a trail that potentially outlines the users who have made changes or updates to entity data stored within the system but might also include previous versions of documents, reports or even historical assessments of the compliance results determined by the method of the present invention.
Subject entities of various legal structures are contemplated to be within the scope of the potential users of the system and method of the present invention. Tt is also contemplated however that compliance rules could be set up in the rules database which would allow for the monitoring and enforcement of compliance in relationships between more than one subject entity being monitored by the system, where more than one subject entity existed in the entity database and at least two of those subject entities were related in some fashion. Basically the system and method of the present invention could be used to enforce governance compliance of relationships between entities in addition to enforcing compliance of the conduct of an individual entity.
The computer system used in the method of the present invention could also offer additional data viewing and reporting functions which users might find effective for examining compliance issues or other general business issues associated with a particular subject entity.
It is also contemplated that certain embodiments of the method of the present invention might include a compliance scoring step, whereby the system might be used to generate a compliance score with respect to the overall activities and entity data with respect to a particular subject entity stored within the entity database. It may be the case that any internal formula for the calculation of a compliance score would be used, or it may also be the case that an independent third-party compliance scoring formula could be programmed into the system to allow for the generation of a compliance score in accordance therewith. F&K 2210-05-01
Beyond the method of governance compliance and enforcement contemplated within the present invention, the invention also accomplishes its objectives comprising a website system for use in the enforcement of governance compliance by entities subject to governance controls, said website system comprising at least one server containing at least one processor, a memory operatively coupled to the at least one processor, and a data storage device in communication with the other components of the server and the website system , said at least one server being operatively connected to a communications network whereby it is capable of communication with at least one user terminal computer; an entity database stored on the data storage device, within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement; a rules database stored on the data storage device, within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity: and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity; and a program module stored in the memory of the serveT operative for providing instructions to the at least one processor responsive to the instructions of the program module. The program module will be operative to at a selected time with respect to a particular subject entity, being a rule selection point, determining which compliance rules from the rules database pertain to governance controls applicable to that particular subject entity by applying the at least one selection parameter from the compliance rules in the rules database to entity data from the entity database pertaining to that subject entity. the compliance rules being determined to apply being the selected compliance rules, said determination comprising a rule selection step; and at a selected time being a compliance assessment point, with respect to a subject entity and at least one selected compliance rule applicable thereto, conducting a compliance assessment step comprising determining the compliance or noncompliance of the subject entity with the at least one selected compliance rule by applying the at least one compliance parameter with respect to said compliance rule to the entity data stored within the entity database with respect to said subject entity, the results of said F&K 2210-O5-Ol
application being a compliance result; and executing the at least one predetermined workflow step corresponding to the compliance result associated with the selected compliance rule.
In certain iterations of the website system of the present invention, the program module is further capable of communication with a user via a user computer terminal in operative communication with the server and by virtue of said communication receives updated or new entity data for storage to the entity database in respect of a subject entity.
The rule selection point, being the point in time at which the rule selection step of the method of the present invention is executed by the website system, can be triggered manually, or in accordance with some predetermined schedule or trigger event. The primary trigger event which is contemplated would be the detection of a change of the contents of either the rules database or the entity database with respect to a particular subject entity.
The compliance assessment point, being the point in time at which the compliance assessment step of the method of the present invention is executed by the website system, can be triggered manually, or in accordance with some predetermined schedule or trigger event. The primary trigger event which is contemplated would be the detection of a change of the contents of either the rules database or the entity database with respect to a particular subject entity.
As outlined with respect to the method of the invention above, a number of different types of predefined workflow steps might be associated with compliance rules stored within the rules database.
As well, again with respect to the website system of the present invention as with the method outlined above it is specifically contemplated that either the parameters or workflow steps associated with the predefined compliance rules stored within the rules database could be customized by an authorized user with respect to a particular subject entity, or fully customized compliance rules might also be set up by an authorized user for use in respect of a particular subject entity. F&K 2210-05-01
Communications between the user computer terminal or terminals and the server of the website system of the present invention are contemplated to potentially take place using a secure communications protocol.
s The website system of the invention might offer various data viewing and data reporting functionality to users.
Also capable of accomplishing the objectives of the present invention is a governance compliance enforcement system product comprising a computer usable medium including a o computer readable program for use in the assessment and enforcement of compliance by entities with governance controls applicable thereto, wherein the computer program when executed on the server computer in communication with at least one user computer terminal and operatively connected to or containing an entity database within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement, and a rules s database within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or o noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity; and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity, will cause the computer to:
5 I . At a selected time with respect to a particular subject entity, being a rule selection point, determining which compliance rules from the rules database pertain to governance controls applicable to that particular subject entity by applying the at least one selection parameter from the compliance rules in the rules database to entity data from the entity database pertaining to that subject entity, the compliance rules being 0 determined to apply being the selected compliance rules, said determination comprising a rule selection step; and F&K 2210-05-01
2. At a selected time being a compliance assessment point, with respect to a subject entity and at least one selected compliance rule applicable thereto, conducting a compliance assessment step comprising:
a. Determining the compliance or noncompliance of the subject entity with the at least one selected compliance rule by applying the at least one compliance parameter with respect to said compliance rule to the entity data stored within the entity database with respect to said subject entity, the results of said application being a compliance result; and
b. Executing the at least one predetermined workflow step corresponding to the compliance result associated with the selected compliance rule.
As a website system or independently hosted third-party service, it is specifically contemplated that the system and method of the present invention could be operated in respect of multiple entities, each of which may have some or all of the same corporate governance controls in place or alternatively in respect of each of which entities separate her individual customized corporate governance controls could also be monitored for compliance. Tt will also be understood that the operation of the system of the present invention in a centrally hosted environment is specifically contemplated to be one of the major benefits of the system of the present invention in so far as it removes the requirement to physically host such a business information system from each of the individual subject entities or customers in question.
Description of the figures:
While the invention as claimed in the concluding portions of this document, preferred embodiments are illustrated in the accompanying detailed description which may be best understood in conjunction with the accompanying diagrams or figures, where like parts in each of the several figures are labeled with like numbers, and where: F&K 2210-05-01
Figure 1 is a general architectural drawing of one embodiment of the website system in accordance with the present invention;
Figure 2 shows one embodiment of an entity database in accordance with the present invention;
Figure 3 shows one embodiment of a rules database in accordance with the present invention;
Figure 4 shows one embodiment of the method of the present invention wherein the monitoring of entity data with its back to the subject entity is conducted in a passive fashion;
Figure 5 shows one embodiment of the method of the present invention wherein the monitoring of entity data with respect to a subject entity is conducted in an active fashion;
Figure 6 is a flow chart demonstrating the steps of the creation of the necessary records and information for a new subject entity in one embodiment of the system of the present invention;
Figure 7 is a flow chart demonstrating one embodiment of an entity data update transaction in respect of the system of the present invention
Detailed description of illustrated embodiments:
The general concept of the present invention is to provide a website system or a distributed computer system which can be used by more than one individual or business entity to monitor and enforce corporate governance compliance in respect of various entities and related parties, by allowing the users of the system to enter various information or entity data with respect to the entities in question into the website system, and the website system of the present invention F&K 2210-05-01
would monitor the contents of that entity data to ensure that various applicable internal or external governance requirements \veτe being met. Based upon the contents of the entity data in the system with respect to a particular subject entity, various compliance assessment steps could be engaged or undertaken on behalf of the entity or the individuals in question by the system of the present invention, or at the very least notifications or alerts could be provided to appropriate parties as to the compliance for failure to comply with various controls or requirements by a subject entity tracked in the s>stem of the present invention.
As a website system or an independently hosted third-party service, it is specifically contemplated that the system and method of the present invention could be operated in respect of" multiple subject entities, each of which may have some or all of the same corporate governance controls in place or alternatively in respect of each of which entities separate or individual customized corporate governance controls could be monitored for compliance purposes. It will also be understood that the operation of the system of the present invention in a centrally hosted environment is specifically contemplated to be one of the major benefits of the system of the present invention in so far as it removes the requirement to physically host such a business information system from each of the individual subject entities or system users in question.
Subject entities:
Tn order to enable a complete understanding of the scope of the present invention, it is necessary to outline the terminology to be used in describing various entities or individuals engaged with or involved in the operation of the proposed system or method.
Insofar as the entity at the center of a governance compliance process is being monitored for its compliance with various governance controls to which it is subject, that individual, corporation or other entity is referred to in this document as a "subject entity". With the necessary adjustments to the types of information which can be captured in the system or method of the present invention, all types of ventures or structures could be considered as subject entities and all modifications which would might be required in order to do so are contemplated within the scope of the present invention. F&K 2210-05-01
To use the example of a corporation as a subject entity , there might be any number of other related parties to that corporation who might either require information pertaining to the corporation, and/or in respect of whom there may be additional or supplemental information reporting or monitoring requirements which might make those parties themselves also be subject entities, to be monitored by the system and method of the present invention. Related parties to a corporation might include the shareholders of that company, the directors of that company, or the officers of the corporation. There may even be overlap between these classes of individuals so that, for example, users of the system for information reporting or tracking purposes might also be subject entities who are being monitored within either independently or in relation to other subject entities in the system for the purpose of ensuring compliance. The relational database structure of the proposed system and method of the present invention will allow for the aggregate treatment and propagation of various security permissions and properties amongst these different types of subject entities, users or related parties based upon such potential overlap in their effective business roles in relation to one or more subject entities. Different classes of subject entities or users of the system and method of the present invention might have different informational requirements or needs. There are also outside professional advisors to some subject entities, such as legal counsel, auditors or the like whose relationships to a subject entity might need to be monitored in accordance with the method of the present invention, but who might also require information or require participation in certain governance workflow steps which will be applied or enforced by the system and method of the present invention.
The final group of individuals or entities who might be involved with the practice or operation of the method of the present invention are the users of the system. The users of the system of the present invention are contemplated to be the individuals who would either be entering entity data into the system, or participating in compliance assessment steps based upon the ongoing assessment by the system of the compliance or noncompliance of certain subject entities with various governance controls. Users of the system of the present invention might also be subject entities themselves, but it can be foreseen that certain users may not be subject entities. A shareholder of a corporation which was being monitored for compliance using the system of the F&K 2210-O5-OI
present invention might be a user of the system for information retrieval purposes while at the same time being a subject entity being tracked by the system of the present invention in terms of relationships with one or more subject entities. It may be necessary to track information with respect to the shareholder in order to actually apply the governance monitoring and compliance method contemplated by the present invention both to the conduct of the corporation as a subject entity, but also to that shareholder as a separate subject entity, and the relationship between the shareholder in the corporation.
Shareholders of a corporation, where the corporation is the type of subject entity structure being discussed, are only one group of related parties who could also be subject entities in addition to being users of the system. Directors, officers or outside consultants are all also potentially users of the system who might have access privileges to access entity data and other information stored within the system of the present invention in respect of one or more subject entities and on that basis would effectively be "users" of the system in addition to being subject entities themselves for whom certain information may need to be captured or kept in order to monitor or ensure governance compliance.
Certain non-related parties may also be given access to the system of the present invention for the sake of verifying the status of certain data or information contained therein on behalf of certain subject entities. For example a particular subject entity may wish to grant access to the information contained within the system of the present invention to a particular capital partner or financial institution whereby that financial institution could on a discretionary basis access the system of the present invention to verify the compliance of the subject entity or entities with a particular governance control imposed thereon.
Governance controls:
At the heart of the system and method of the present invention are the particular types of governance controls or restrictions which are in place with respect to particular subject entities, and their business or conduct. From a business perspective, a governance control is any rule or restriction placed upon the constitution or activities of a particular subject entity which might F&K 2210-05-01
need to be monitored or controlled by that subject entity in order to ensure that the subject entity remains in good standing or does not offend any externally imposed or internally created guidelines or requirements or limitations upon their business activities or relationships.
For the sake of the discussion herein, governance controls which are applicable to subject entities may be classified or divided into two subcategories. namely externally imposed governance controls and secondly internally created or imposed governance controls. Reference to different types of governance controls as either an external governance controls our internal governance controls will be used herein where necessary to segregate or identifier differentiate between governance controls which are externally imposed upon a subject entity such as legislatively imposed governance controls of the like, versus internally imposed governance controls which might be governance controls implemented by the shareholders or directors of a particular corporation or entity to monitor or enforce business restrictions which are desired from an internal organizational perspective.
An external governance control is a governance control, regulation or condition which is imposed upon the subject entity by an external party or governing authority. For example, legislative requirements with respect to the particular type of a business structure for a subject entity would be one type of an external governance control. Tt may be the case that the corporation legislation in a jurisdiction or jurisdictions required that a certain number of shareholders were of a particular citizenship or residency, that the board of directors of this particular type of a subject entity consisted of a particular number of individuals or individuals with certain backgrounds or qualifications, or that any number of different conditions needed to be in existence or alternatively needed to be proacti vely avoided, in order to satisfy the good standing requirements with respect to that particular type of business entity within the jurisdiction in question.
External governance controls, even insofar as they may be legislatively mandated or imposed, might be more activity related rather than structure related. For example, a particular type of a business structure might be required to make certain reporting to shareholders or unitholders on a particular periodic frequency or basis. Some companies or organizations are required to make F&K 2210-O5-Ol
certain types of regulatory filings from time to time, for example pursuant to securities legislation or the like, in order to maintain a good standing and it might be necessary to monitor the timeframe within which such material needed to be prepared and filed. Another perfect example of government filings which need to be made from time to time in order to ensure compliance by the organization is that of the timely filing of government tax remittances, which is a protective measure which is often times of great importance to members of the board of directors of a particular subject entity. Legislative or regulatory frameworks to which a particular subject entity was subject are a first obvious source of an external governance condition or control to which that particular subject entity might be subject. However, it will be understood that any other number of different types of externally created governance controls or conditions could be imposed upon a particular subject entity. For example, a particular type of a business transaction such as a capital transaction or investment may require a subject entity to maintain a particular liquidity level to avoid offending the terms of the loan or other credit facility. Insofar as this is a governance condition, imposed by a third party or an external party such as a stock exchange or securities body, this would constitute another type of an external governance control to which a subject entity could be required to pay attention.
Any type of a business restriction, condition or rule such as this which was created in a relationship between a subject entity and an external party or regime is contemplated to be within the scope of the term "an external governance control" is that is used herein. Any particular type of an external governance condition or control, as that concept will be understood from the description elsewhere above, could be adapted for monitoring or control in accordance with the system of the present invention and on that basis it is all contemplated to be within the scope of the present invention.
Corporations or other types of subject entities are also potentially subject to internally imposed governance controls. Internally imposed governance controls are effectively any type of a governance control, limitation or condition which are imposed upon the constitution or governance of a particular subject entity from the inside, rather than by an external party or legislative regime. For example, the shareholders of a particular company might adopt a resolution that a particular number of people needed to be on the board of directors of the F&K 2210-05-01
company at all times onto some other restriction be placed on the makeup of the audit committee, for example. Insofar as these would be controls or restrictions placed upon the activities of the subject entity by an internal adoption of the restriction, rather than by virtue of an external imposition of this control, this will be understood to demonstrate the use of the term s "internal governance control" herein. It will be understood that any type of a constitutional or governance control, limitation or condition on the activities of an entity which could be imposed by that entity itself or from an internally located resource or related party, is contemplated within the scope of the internal governance controls outlined herein, again all of which could be addressed by and handled by the system and method of the present invention. 0
Governance controls might exist both with respect to the subject entity itself, or also with respect to the relationships between one or more subject entities. For example it is contemplated that there are any number of ongoing restrictions or requirements and securities legislation requiring specific types of relationships between specific types of subject entities to be publicly disclosed s or to be structured in some particular fashion. These types of inter-relational governance controls might apply equally to various subject entities monitored in accordance with the system of the present invention. Any particular type of a condition or control imposed either upon one subject entity, or at the relationship between more than one subject entity, is contemplated within the scope of the present invention. Overall, it is understood that governance controls as outlined 0 herein are intended to cover any type of a constitutional or governance limitation a requirement with respect to a particular subject entity and/or the relation of that subject entity to any other party being a subject entity for monitoring purposes.
Entity data: 5
Having discussed the types of subject entities in respect of which various types of data might need to be maintained in order to practice the method of the present invention, we are now able to describe in further detail the types of entity data which are required or desired to be captured or maintained by the system and method of the present invention to allow for its full exploitation o or utility. Insofar as the system of the present invention is intended to act as a monitoring or compliance system with respect to various governance controls or conditions imposed upon the F&K 2210-O5-Ol
activities of the subject entity, the types of information which the system needs to track and maintain with respect to a subject entity include various types of entities data related to the Constitution or governance of the subject entity and or any related entities or parties and their ongoing conduct.
With respect to a subject entity', it is contemplated that the entity data with respect to that subject entity which might be maintained within the entity database in the system of the present invention will include identifying information for the subject entity. It will also be necessary for the entity data in respect of a subject entity to identify the type of a business organization or entity which the subject entity is, since it is contemplated that in certain embodiments of the system of the present invention, the system could be capable of use with a number of different types of subject entity structures. For example, different types of external governance controls applicable to corporations, partnerships, charitable organizations or the like could all be stored in the rules database in the system of the present invention and selectively applied in monitoring governance compliance of various subject entities on the basis of the selection of the proper type of subject entity or entity structure in the setup of the entity data with respect to that subject entity on the entity database within the system of the present invention.
The entity data with respect to subject entity which would be entered into the entity database on the system of the present invention could include any information or data which was necessary to determine the applicable external legislative regimes or other regulations which might apply to the affairs of the subject entity, in order to determine the applicable external governance controls with respect to the affairs of a particular subject entity and to allow for the application in monitoring of those particular external governance controls in accordance with the system and method of the present invention.
For example, with respect to the application of various types of legislative external governance controls to the activities of the subject entity, it is specifically contemplated that one major determining factor in terms of deciding what types of external governance controls are applicable to the activities of the subject entity, beyond the legal structure of the entity itself, is the jurisdiction or jurisdictions in which the subject entity is either resident or conducting business. F&K 2210-05-01
By requiring system users to enter this jurisdictional information as entity data with respect to a subject entity, the system of the present invention can then automatically determine which sets of governance rules for various jurisdictions apply to the subject entity in question, for the purpose of determining further entity data which was required to be maintained on the part of the subject entity in question, or for the use of such controls or rules in the determination of the validity or compliance of various entity data or entity activities related either to the subject entity itself or to related parties thereto.
Beyond basic entity type and jurisdictional data, it is contemplated that the entity data which might be collected with respect to a particular subject entity might also include further detailed structural information with respect to the structure of the subject entity. For example, the entity data collected with respect to a particular subject entity might include the number of shareholders or directors of the entity or might even a more detailed level include very specific structures and roles pertaining to share structures are types of voting which were required by shareholders or directors or other related parties with respect to the subject entity in the context of approval of various types of business activities.
The type of entity data which would be captured with respect to any particular subject entity could be customized depending upon the level of governance compliance or monitoring which was requested or required by the particular subject entity in question. For example, the system of the present invention could offer different levels of corporate governance compliance monitoring or enforcement. If a corporation was simply going to use the system for internal comfort purposes, they may elect to use a lower level of data collection and compliance monitoring that if they were using the system of the present invention to satisfy external authorities or third parties as to the compliance of the corporation with certain governance controls or conditions. The system could actually provide an option to the user to select these differing levels of data collection or control, or the level of data collection and control to be imposed upon a particular subject entity' could be automatically enforced are selected by the system of the present invention based upon some or all of the entity data with respect to that subject entity which were entered or saved within the entity database on the system. It will be understood that the provision of such F&K 2210-05-01
an option, namely to provide for varying degrees of monitoring or control, is contemplated within the scope of the present invention.
It will be understood that some one skilled in the art could determine the necessary modifications if any of the would need to be made to the entity database or to the remainder of the system of the present invention in order to accommodate any types of entity data which it was desired to store within the system, and on this basis it is understood that any such necessary database or system changes which were required to maintain various types or formats of entity data related to either a subject entity or some party related thereto are also contemplated within the scope of the present invention.
A further flexibility which is contemplated would be to provide or allow for "on-the-fly" adjustment or customization of the types of entity data which would be kept with respect to a particular subject entity, based upon the entry of selection of certain data types or data entries in the creation of the entity data pertaining to that subject entity. For example, it would be desirable to customize the types of entity data which would be maintained with respect to a particular subject entity based upon the legal structure of the entity. Different types of entity data might be kept for a corporation than for a partnership or a soul proprietorship. The system could identify or recognize the relevant types of entity data which needed to be collected are maintained with respect to a particular subject entity based upon any type of information entered into the system with respect to a particular subject entity, including identification of entity type, jurisdictions in which business was being done or in which the subject entity was resident, the nature of business activities conducted by the subject entity requiring the capture and monitoring of different types of information, or even the capital status of the subject entity as a further example. For example, where the entity data identified the subject entity was publicly traded on a particular stock exchange, the external governance controls associated with that particular type of a reporting issuer and traded on a particular exchange could be applied to the treatment of the subject entity by the system of the present invention, and any additional information which was required to be captured in order to properly tracked and assess the compliance of the subject entity with those types of controls could also be required to be entered are maintained on the system of the present invention. F&K 2210-O5-Ol
The entity data associated with a particular subject entity which could be captured or maintained by the system of the present invention could also include entity data in respect of other parties which might be related to a primary subject entity. For example shareholders, directors related companies or the like are all related parties to a particular subject entity, but may in and of themselves each form a subject entity which was separately desirable to be monitored in accordance with the system and method of the present invention. Adjustment of the system of the present invention to capture any necessary types of entity data with respect to related parties have subject entities, which might potentially be subject entities themselves, will be an extension of the present invention which would be obvious to one skilled in the art and is contemplated within the scope of the claimed invention outlined herein.
We are different types of subject entities or related parties are required to be tracked by the system of the present invention in order to enforce the compliance of the subject entity or entities or the related parties with any governance controls placed upon them, changes could be made in the types of entity data to be captured and tracked with respect to certain types of related parties. It may be the case that in certain circumstances the actual nature of the relationship between two subject entities being tracked in the system of the present invention, or a subject entity being tracked in the present system along with information pertaining to other related parties which were not being tracked separately as another subject entity in the system of the present invention, would also be entity data within the scope of the term as used herein. In such a circumstance again the system could be adjusted or program to accommodate the entry details pertaining to the nature of relationships between related parties and the subject entity, for capturing the system is entity data in the entity database with respect to the subject entity. The scope of the type of entity data which could be captured with respect to a particular subject entity is simply illustrated bj the addition of this potential extra layer of entity data with respect to the details of relationships between related parties and subject entities track as separate entities within the system of the present invention.
The system of the present invention could be programmed to render certain types of entity data optional for entry into the database while other types of entity data which were related to a F&K 2210-05-01
subject entity or other parties related thereto could be required data entry. Tt will be understood to one skilled in the art that validation or verification of the entity data with respect to a particular subject entity, as well as the automatic selection of particular types of entity data to be required entry versus optional entry fields, are all contemplated within the scope of the present invention.
Compliance rules:
Internal and external governance controls, which have been outlined above, at the actual business level rules which will drive the system of the present invention or which even in a conventional method are required to be monitored foτ compliance in order to ensure that a particular subject entity is meeting all of the legislative or governance requirements imposed thereon. Tn terms of both internal and external governance controls what is contemplated is that a set of conditional logic or monitoring formulas could be written or controlled by testing the presence of our sufficiency of entity data within the entity database pertaining to a particular subject entity or parties related to that entity room any type of a governance controller condition either internal or external which could be monitored in this fashion, which is virtually anything, is contemplated within the scope of the present invention.
Tn the creation of the system of the present invention, each of the government controls in question is codified as a compliance rule within a rules database. A compliance rule effectively represents a governance control which might be applicable to a particular type of a subject entity and would include at least one selection parameter which might be a formula or calculation which can be used or compare it against entity data in respect of one or more subject entities stored within an entity database to determine whether or not that particular compliance rule and its associated governance control even applies to the particular subject entity in question, and also at least one compliance parameter which might also be a formula or calculation which can be used in comparison against entity data in respect of a particular subject entity, from the entity database, to determine based upon the results of the rendering of that formula or calculation whether or not the subject entity in question, based upon the entity data used for the calculation, is in compliance with the particular governance control represented by that compliance rule. On F&K 2210-O5-OI
its most basic level the data verification, or comparison of applicable compliance rules to entity data in respect of the subject entity stored within the entity database, may yield a binary result based upon the data fed to the formula or formulas in question — i.e. the test which is applied by the particular compliance rule in question will end up resulting in either an "compliant" or s "noncompliant" answer. The result of the application of a particular compliance rule to the entity data stored within the entity database with respect to a subject entity is a compliance result. The compliance result calculated by the system of the present invention could be stored to an audit trail, but more importantly could be used to activate or instigate particular predetermined workflow steps based upon that compliance result. 0
For example if a statute in a particular jurisdiction required that a corporation needed to have at least five members on the board of directors and at least three needed to be Canadian residents, the corporation needed to appoint an auditor by February 15 of each year, and at least one representative of the auditor needed to be a member of the board of directors of the corporation, s the compliance rules which might be applied to the entity data with respect to that particular subject entity might be as follows:
a) does the entity data with respect to that subject entity identified at least five individuals in relation to the subject entity who are members of the board of o directors thereof; b) of the individuals who are identified as board members of the subject entity, is the citizenship of at least three of those members of the board of directors identified as being Canadian; c) is there an individual identified within the entity data associated with the subject 5 entity as the auditor of the subject entity - i.e. has an auditor been appointed? d) does the entity data with respect to the related individual who is identified as the appointed auditor of the subject entity, if an auditor has been appointed, indicate that the auditor was appointed in advance of every 15th; and F&K 2210-05-01
e) Is the auditor who is identified within the entity data with respect to the subject entity also indicated to be a member of the board of directors of the subject entity?
The creation of a compliance rules as is contemplated within the scope of the present invention, which will be able to be used by the computer system and software of the present invention if it is determined that those particular compliance rules and the governance controls they represent are applicable to a particular subject entity, will be a concept understood by one skilled in the art of the creation of computer data verification testing procedures and as such all such necessary adjustments or modifications to the system and overall concept of the present invention to accomplish this are contemplated within the scope of the present invention. The fight sample compliance rules or governance controls outlined above are simply demonstrative of the types of tests or rules which could be codified into the compliance rules in the rules database of the system of the present invention and which could be applied to entity data within the entity database and the system of the present invention to determine or enforce the compliance of particular subject entities with particular governance controls.
In a binary fashion, if the application of any of these formulas to the entity data stored within the entity database with respect to the subject entity or related individuals in question yields a negative result, a certain action could be triggered by the system and conversely if a positive result was determined in the application of such form in our tests, certain other actions could be triggered.
The triggering of certain compliance assessment actions by the system of the present invention is the second aspect of the compliance rules themselves. Each compliance rule in the rules database would not only encapsulate in the form of selection parameters and compliance parameters the necessary information for the system and method of the present invention to determine the applicability of a particular compliance rule to a subject entity as well as if applicable, the ability to determine whether or not the subject entity in question was complying or not with the governance control associated with that compliance rule, but the compliance rule through the rules database would also have at least one predefined workflow step associated with F&K 2210-05-01
it, whereby upon the determination of compliance with a particular compliance rule, and its associated governance control, the system could trigger the at least one predefined workflow step associated with it based upon the compliance or noncompliance with the particular compliance rule in question by the subject entity in question. The predefined workflow step or steps associated with each compliance rule in the rules database might consist of anything from simple reporting of the status of compliance with a particular compliance rule by the subject entity in question to a predetermined or predefined party or user of the system through to the triggering of the automatic conduct or preparation of other mechanical steps, reporting or the like by the computer system of the present invention in support of compliance with the compliance rule by the subject entity in question.
To provide one example of predefined workflow steps which might be associated with compliance rules, it might be required that every time there is a change made in the constitution of the board of directors of a corporation, notice or change of directors needed to be filed with the corporate authorities in question within a certain period of time. The compliance rule or records associated with the enforcement of this governance requirement upon the appropriate entities might contain predefined workflow indications that would trigger a notification to the subject entity or any predefined or preselected user associated with the subject entity that a notice of change of directors needed to be filed, when anyone entered new entity data into the system indicating that there had been a change in the constitution of the board of directors of the subject entity in question. The system itself may also be able to generate the notice a change of directors for filing of the subject entity, or even in a further embodiment may be able to actually generate and electronically file a notice of change of directors on the behalf of the subject entity in question, and the document generation function or the automatic generation and filing of such a notification are two further examples of predefined workflow steps which might be associated with certain compliance rules within the rules database.
Programming of predefined workflow steps with respect to various compliance rules into the system of the present invention, along with the necessary data tests or formulas to be applied to entity data captured on the system with respect to subject entity to determine the applicability or compliance of a particular governance control to a subject entity, represents one of the major F&K 2210-O5-OI
components of utility of the system of the present invention in so far as one of the primary objects of the present invention is to deliver a web-based corporate governance monitoring and enforcement system which would simplify the process of monitoring and ensuring compliance with various corporate governance controls by small to medium-sized enterprises. Programming 5 such a system to automatically notify a user of existing or future requirements based upon the detection of certain conditions within the entity data stored within the entity database in respect of the particular subject entity, or a more extensive versions of the system of the present invention of you performing some following requirements are steps using a system itself, is contemplated within the scope of the present invention. 0
Prior art:
System and method of the present invention is seen to be a significant enhancement over systems currently available in the prior art for the purpose of monitoring or enforcing corporate s governance compliance. The only systems which are known of in the prior arc with respect to the collection of corporate governance information or large, expensive systems which are really on this basis accessible only to the largest companies.
Tt is known in the prior art that there are systems which are effectively used to maintain an o electronic corporate record book. The systems are hosted internally by their users and as such there are significant system and administrative overheads associated with the operation of such systems. These systems are more directed to use as document repositories and methods of distribution of documents and information amongst members of. for example, boards of directors of larger companies. The delivery of the present system as an ASP or website model offers s significant cost and technical advantages enabling the rollout of a corporate governance enforcement system to smaller and medium-sized enterprises. As well, the ability of the prior art systems which are effectively electronic record books to actually test any entity data stored therein for compliance with various governance controls or rules is limited. The provision of an effectively integrated system which will allow for the collection and analysis and action of o corporate governance information such as that outlined herein represents a significant improvement over the prior art internally hosted data collection systems. F&K 2210-05-01
Business method - enforcing corporate governance compliance:
The present invention includes a business method of monitoring or enforcing governance compliance for various types of entities. The business method itself relies upon a computer system containing two databases along with a number of software components. The first database contained by the computer system and required to accomplish the business method of the present invention is a rules database. The rules database will contain a plurality of preset compliance rules — each compliance rule representing a governance control which is applicable to a certain type of subject entity. Tn terms of the actual specific data structure of the rules database that is discussed elsewhere herein, but the rules database will in respect of each governance control applicable to a certain type of subject entity contain information pertaining to a compliance rule associated therewith. Each compliance rule contained within the rules database will include information pertaining to at least one selection parameter which can be used to determine the applicability of the related governance control to a particular subject entity based upon the use of the selection parameter and entity data pertaining to the subject entity. The selection parameter might constitute a formula or some other test or validation which could be applied against entity data pertaining to a particular subject entity to determine whether or not the governance control in question and the related compliance rule applies to that particular subject entity in respect of which the entity data has been collected or not. Tn addition to at least one selection parameter, each compliance rule within the rules database will include at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity to which the compliance rule is applied with the related governance control. Again, entity data collected with respect to the subject entity in question would be used in conjunction with the one or more compliance parameters associated with a particular compliance rule to determine whether or not a subject entity is in compliance w ith the related governance control or not. The determination of whether or not the subject entity in question is in compliance with the governance control related to the particular compliance rule is a compliance result. Finally each compliance rule would be associated with at least one predefined workflow steps toward in the rules database in Association with the compliance rule in question. The at F&K 2210-O5-Ol
least one predefined workflow step would be an instruction or indication to the system of the present invention as to what type of action if any was to be taken upon the determination of a particular compliance result.
The second database required for use in the business method of the present invention is an entity database, into which entity data pertaining to at least one subject entity can be placed and stored. Entity data, as discussed in further detail elsewhere herein, is the basic or advanced information pertaining to the affairs of a particular subject entity which is used to determine the applicability of or compliance with a particular governance control, via the compliance rule in question.
The business method of the present invention itself, in reliance upon a computer system containing an entity database as outlined above and a rules database as outlined above, first comprises a rules selection at step, wherein the computer system using components therein will select a subset of the compliance rules contained within the rules database which represents the governance controls which are applicable to a particular subject entity, being the selected compliance rules. The selected compliance rules with respect to a particular subject entity for which there is entity data within the entity database will be identified using the entity data with respect to the subject entity in question along with the selection parameter or parameters in respect of the compliance rules memorialized within the rules database. Tt is easily foreseeable that not every compliance rule within the rules database will be applicable to every' subject entity and on this basis a rules selection step is required.
The rules selection step could either be conducted with respect to a subject entity and the results indicating the set of selected compliance rules saved within the memory of the remainder of the system for subsequent use, or the rules selection step could be performed with respect to a subject entity on an ongoing or dynamic basis, as outlined in further detail elsewhere herein.
The next step in the method of the present invention is a compliance assessment step during which at least one selected compliance rule in respect of a particular subject entity will be applied against the entity data stored in respect of that subject entity within the entity database, using the compliance parameter or parameters stored in association with that particular F&K 2210-O5-Ol
compliance rule in the rules database. A determination of whether or not the compliance rule is or is not being met, and thus whether or not the related governance control is or is not being complied with, is a compliance result. Dependent upon the compliance result reached with respect to each active compliance rule considered during the compliance assessment step, at least one predefined workflow step will be executed, and more than one predefined workflow step associated with the compliance rule in question in the rules database may be executed or facilitated based upon a compliance result being reached. The compliance result in question may be a positive or a negative result and it is contemplated or understood that there may be different predefined workflow steps defined with respect to the compliance rule in question dependent upon whether a positive or a negative compliance result is reached with respect to the application of that particular compliance rule to the entity data in respect of a particular subject entity. The list of predefined workflow steps which could be triggered upon detection of a certain compliance result might include taking no action, notifying the user of the system of the compliance result, notifying someone other than the user of the system of the compliance result, generation of one or more documents, revising the entity data in the entity database with respect to the subject entity in question, forwarding entity data or other information to the user of the system, forwarding entity data or other information to someone other than the user of the system, or initiating the submission of an external information requirement to a third party. It will be understood by those skilled in the art that there are any number of different additional predefined workflow steps which could be contemplated and which are understood to be within the scope of the present invention.
As outlined above, the rule selection step of the method of the present invention could be conducted in isolation and the results of that saved for further use at such point in time as the compliance assessment step in respect of some or all of the compliance rules determine to be applicable to a particular subject entity was being conducted, or alternatively the rule selection step could be conducted as a part of the compliance assessment step, in advance of determining the compliance results for particular compliance rules in respect of that subject entity at the time of execution of the compliance assessment step. F&K 2210-05-01
By testing the entity data entered by users or captured or calculated otherwise in respect of various subject entities to ensure the compliance of that data, or the noncompliance of that data as the case may be, with various compliance rules stored with a rules database, and designing the appropriate actions or follow-up based upon the positive or negative results of the application of those tests to the entity data in question, not only can various reporting be generated for users which would indicate the compliance or noncompliance of the entity or parties in question with various compliance rules, but in a more active fashion the system or method could also effectively enforce various governance controls or compliance rules in respect of a particular entity or its related parties by triggering certain actions based upon the detection of conditions within the entity data stored or calculated in respect of the subject entity in question.
As the entity data in respect of a subject entity stored within the entity database was changed it would likely be optimal to reexecute the rule selection step since certain changes to the entity data stored within the entity database will alter the contents of the selected compliance rules in respect of a subject entity.
The method of the present invention can be implemented using a web site system which was capable of monitoring and applying various compliance rules to numerous subject entities and the related parties thereto at the same time. The full gamut of functionality which is considered to be within the realizable scope of the web site system of the present invention, and which could be used in the practice of the business method of the present invention, is outlined elsewhere herein.
Overview of system components and operation:
One of the primary benefits of the system of the present invention, insofar as it is delivered as a website or networked computer system which is hosted by a third party rather than internally by a subject entity who is using the system, is that the necessity for the associated computer overhead and the like is removed. By removing the requirement for anything but client or browser computers from the user or the subject entity, the need for significant technical F&K 2210-O5-OI
overheads is minimized such that not only the cost spoke the support requirements for such a system at the subject entity level are minimized. It is specifically contemplated that delivery of the system of the present invention as an ASP website system will be one optimal method of delivery of the corporate governance enforcement system of the present invention but it will also be understood that there could be conceived by one skilled in the art other alternative physical implementations of a client/server system which could be used to enable the corporate governance enforcement and monitoring method of the present invention and whether the system of the present invention was delivered as a hosted website via the Internet, or via some other proprietary or closed communications protocol between the server hosting the software in question and a client interface for use by users or subject entities, but both such approaches are contemplated within the scope of the present invention.
Reference will now be made to the Figures where in the details of operation of the business method and website system of the present invention can be described in further detail. Figure 1 demonstrates the general architecture of a corporate governance monitoring and enforcement website system operating in accordance with the present invention. It includes a user computer 13 and a governance compliance enforcement web site system 15, which are linked together by the Internet 16.
The user computer 13 might be any type of computing device that would allow a user or customer to interactively browse web sites via a web browser 14. For example, the user computer 13 might be a personal computer running any one of the Microsoft Windows operating systems. It will be understood that other types of computing devices running other operating systems can also be used as the user computer 13, so long as they were able to connect to the Internet 16 and accommodate the perusal and interaction with the governance compliance enforcement web site system 15 by a web browser 14 installed therein, and that all such other devices are contemplated within the scope of the present invention.
The governance compliance enforcement web site system 15 includes at least one web server 17 which houses the server-side components of the web site system 15 of the present invention.
The governance compliance enforcement web site system 15 as shown also includes a content F&K 2210-O5-Ol
store 31 which contains various static or dynamic content, such as a plurality of HTML documents or similar content, which are used and served to the user's web browser 14 during the completion of various data entry, review or other transactions in accordance with the system and method of the present invention, s
The web site system 15 includes an entity database 18 which contains entity data 9 with respect to subject entities 1. The web site system 15 of the present invention would also include a rules database 20, which would contain a plurality of preset compliance rules corresponding to various governance controls applicable to entity data 9 contained within the entity database 18. Amongst o the various software components 30 contained within or operative upon the web site system 15 will be various database maintenance components including a software component 19 for the administration of the entity database 18, and a rules database software maintenance component 21 which is used to access and/or maintain the rules database 20. Other unrelated databases or software may also be resident on the server computer. 5
The web site system 15 allows users 8 to enter and maintain entity data 9 with respect to one or more subject entities 1 into the central entity database 18. The system 15 of the present invention can then monitor and/or enforce the compliance of the subject entities I in question with various internal or externally imposed governance controls each of which was codified in a 0 compliance rule within a rules database 20. Where the compliance or noncompliance of the subject entity 1 thereto with a particular applicable compliance rule and its associated governance control was detected by applying the parameters associated with the compliance rule in question to the entity data 9 stored within the entity database 18, various reporting functions or other actions could be triggered. S
In operation, the user 8 accesses the governance compliance monitoring web site of the present invention 15 using a standard web browser 14 and browsing protocol to communicate with the Web server 17. Through the web site 15 and the associated web server 17 and software components and content, the user 8 is able to interact with the system 15 of the present invention o from the browser 14. In a data entry transaction for example, the user 8 could, by way of various forms or data served between the browser 14 and server 17 enter and/or validate various F&K 2210-05-01
information for storage as entity data 9 with respect to a particular subject entity I in the entity database 18. Upon completion of the client/server transaction between the user at the browser 14 and the server 17, the web site system 15 could store the new or revised entity data 9 to the entity database 18 for subsequent use in the remainder of the system.
Based upon the detected compliance or noncompliance of a particular subject entity 1 with one or more compliance rules stored within the rules database 20, the system 15 of the present invention would trigger an alert or notification to one or more selected users 8 of the system 15 with respect to that particular subject entity I, or other functions or workflows could be triggered b> the detection of such a condition - such notifications or other workflow steps are contemplated as the predefined workflow steps which might be associated with the compliance rules stored within the rules database. Various workflows are envisioned such as are outlined in further detail elsewhere herein, including the automatic notification of particular users 8 of the system 15 upon the detection or occurrence of a particular event or condition in the entity data 9 stored within the entity database 18 with respect to a particular subject entity 1.
Figure 1 shows three user computers 13, but it will be understood that any number of user computers 13 could be used to access the web site system 15 of the present invention and the only real limitation on the number of user computers 13 which could be used at one time to access the server or web site 15 of the present invention would be related more to the bandwidth available on the Internet or alternatively related more to the external serving or connection capacity of the server 17 rather than to any fixed number of user computers 13 and that any number of user computers 13 is contemplated within the scope of the present invention.
It will also be understood that rather than the web site system 15 offered over the publicly available Internet 16, the corporate governance compliance system 15 of the present invention could also be a proprietary or closed computer network system through which users could enter data into a central entity database hosted on the system of the present invention, and that either publicly available Internet web site systems or alternatively other types of networked computer implementation of the method of the present invention are both contemplated within the scope hereof. F&K 2210-05-01
There are various specific types of data capture and monitoring functions which it is contemplated fall within the umbrella of governance monitoring or enforcement. The following sections are intended to outline in further detail some of the types of governance enforcement functionality which are contemplated to be possible based on a system in accordance with the present invention which has effectively captured or is used to maintain the corporate record, and upon which entity data other various business-related functions can be driven or based.
Entity database:
The entity database 18 would contain the entity data 9 with respect to one or more subject entities 1 and their related parties 2. The server 17 of the web site system 15 of the present invention includes software 30 which, through various components, will carry out the administration and operation of the method and system of the present invention. One aspect of the computer program/transaction processor instructions 30 could be an entity database maintenance component 19, which would be responsible for the upkeep of records in the entity database 18 pertaining to various types of entity data 9 related to subject entities 1.
The entity database 18 would be stored in the memory of the server 17 and the entity database maintenance component 19 could be any software component capable of accessing and administering this database 18. It will be understood that the precise structure of the database 18 could be any type of database structure which could be administered by a software component 19 in the server 17 and all types of data structures are contemplated within the scope of the present invention.
One function of the entity database maintenance component 19 could be to maintain or record any changes or additions made to records in the entity database 18 as a result of or during the various data entry or update transactions performed by users of the web site system 15. As well, the entity database maintenance component 19 could be responsible for serving information from F&K 2210-05-01
the entity database 18 either to other software components within the server 17 or to other network components or computers.
The information which might be contained within the entity database 18 might include the s following:
a) entity data 9 related to one or more subject entities 1 ;
b) entity data 9 related to the nature of relationships between more than one related o subject entity 1 ;
c) Security and permissions data associated with various users 8 of the system who would be entitled to access and/or update information on the system with respect to one or more subject entities 1 ; 5 d) Audit trail information with respect to the currency and past updates of various entity data 9 contained within the entity database 18.
This is intended as only a demonstrative listing of the types of entity data 9 which could be saved 0 within an entity database 18 as contemplated within the scope of the present invention. It is contemplated that any type of entity data 9 which was required for the purposes of recordkeeping, maintenance and/or monitoring of governance compliance of a particular entity could be kept within the entity database 18.
5 The entity database 18 and the entity database maintenance component 19 might either be resident upon the server 17 or alternatively might be resident upon another computer system which was accessible by the server 17.
The entity database 18 may have a fixed table structure and design, or alternatively might be o customizable or customized by other software components within the server 17 or by the entity database maintenance component software 19 to adjust the nature or quantity of entity data 9 F&K 2210-05-01
which could be maintained with respect to one or more subject entities I , based upon differing requirements for data with respect to certain subject entities 1. The table structure of the entity database 18 could either be designed so as to contain all of the fields which might possibly be needed in any circumstance with respect to each subject entity 1 which might be loaded therein, and those fields could just be optionally accessed by the system 15 for data storage purposes as it should be determined that those were necessary, or alternatively the system could be devised to "on-the-fly" add fields or tables to the database with respect to a particular type of subject entity 1. to capture and maintain the entity data 9 kept in respect of that particular subject entity 1. Either type of approach, namely to simply create a larger database which automatically has the capability on the basis of a static field and table structure to accommodate any and all different types of entity data 9, or alternatively a database design which includes amongst the software components therein the ability to add or modify fields or tables in the structure of the database in respect to particular subject entities 1 as those subject entities 1 are created, are both contemplated within the scope of the present invention.
Beyond the ability of the system 15 of the present invention to on an ongoing basis adjust the types of entity data 9 being maintained in respect of a particular subject entity I , it is also contemplated the system of the present invention could provide by way of its user interface the ability for a user 8 to adjust or modify the types of entity data 9 being kept by the system 15 of the present invention in respect of one or more subject entities 1. For example, a user 8 might wish to have the system of the present invention simply maintain or track some additional business information for them in addition to the entity data 9 which was required for the implementation or practice of the compliance enforcement method of the present invention. The system could allow the user 8 to create additional fields in the entity database 18 and specify validation or requirement rules or exceptions with respect to those particular fields. Those additional custom fields could then be used by the user 8 or by the system 15 in various reporting or other actions. The ability of the system to allow a user to create additional fields in the entity database 18 is an optional extension of the basic embodiments of the present invention which would have some significant utility to users of the system of the present invention. Where the system of the present invention allowed users to specify additional entity data 9 beyond that required by the system to be tracked or maintained in respect of one or more subject entities 1 or F&K 2210-05-01
related parties 2, that added entity data 9 might either be maintained within the central entity database 18 or it will also be understood that a separate data structure could be contained either within the entity database 18 or elsewhere within the server 17 and its associated content repositories which could contain that added or nonessential entity data 9.
The entity database maintenance component 19 could either be a stand-alone software component or could form a part of a single larger software system 30 resident upon or accessible and executable by and upon the server 17.
Figure 2 demonstrates one embodiment of a data structure for an entity database 18 which would potentially be a relational database with multiple tables or repositories for different types of entity data 9. again dependent upon the determination that certain types of entity data 9 would need to be captured or maintained with respect to a particular subject entity 1 or its related parties. (The structure shown in Figure 2 might still be referred to by one skilled in the art as a unitary data structure but it is shown in this fashion for the purpose of demonstrating a relational database approach to the construction of an entity database 18 in accordance with the present invention).
Referring to Figure 2 there is shown a main entity database 18, in which it is contemplated that the basic identifying information with respect to the various subject entities 1 monitored on the system would be resident or contained. There are then shown a plurality of additional tables within which various types of entity data 9 could be stored in respect of one or more subject entities 1 associated with the system 15 of the present invention.
For example it is contemplated that there would virtually always be related parties 2 associated with subject entities I . The information pertaining to the related parties 2 of a particular subject entity 1 could be stored within table I 8G, and could be used or accessed as necessary by the system for monitoring or enforcement of various compliance rules 12 against the entity data 9 contained within the entity database 18. When related party information was added or updated it would be stored to table 18G in the database 18, to the extent that such a data structure or format were used. F&K 2210-05-01
The next table shown in Figure 4 beyond the related party entity data structure shown at 18G is a table in which entity data 9 would be stored in respect of corporate subject entities 1 - specifically there is shown a table 18A in which various types of entity data 9 specific to corporations could be stored. There is actually shown for demonstrative purposes two subtables 18AA and 18AB, in which the entity data 9 could be stored in respect of either home jurisdiction information, dependent upon the home jurisdiction of the corporate subject entity 1 (18AA), or there is also shown a table within which information 9 pertaining to the extra-jurisdictional business activities of a subject entity 1 could be stored as was determined applicable (18AB). It may also be the case that extra tables existed for storing shareholder or director information, although those people might be set up as related parties in the related parties table 18G, and linked across to the corporate entity data structure 18A as appropriate.
Shown next at 18B is a separate table within which partnership information could be stored if a subject entity 1 was a partnership. As in the case of the corporate structure 18A above, it may also be the case that the data structure contained one or more subordinate tables or structures within which additional data could be stored including information pertaining to the members of the partnership, although again members of the partnership would likely be related parties represented within the related parties data structure 18G. These two tables 18 A and 18B, in respect of corporate or partnership subject entities 1, will be understood to be only two types of entity structure specific data structures which could be resident within the entity database 18 of the present invention and it will be understood that any number of different modifications or structures will be obvious to one skilled in the art which are all contemplated within the scope of the present invention.
Shown next at I 8C is a separate table in which entity data could be maintained for subject entities which were publicly traded entities, as those would have different information capture and reporting or compliance requirements. In this particular case table 18C has been labeled as a securities entity data table. F&K 2210-O5-OI
Tt may also be the case that independent of entity structure, certain jurisdictions required certain data to be captured and recorded - a table 18D within which such jurisdiction specific data might be captured is demonstrated in the Figure.
Figure 2 finally demonstrates two additional customization aspects of the contemplated system. Firstly there is shown a custom entity data structure at ISE which could effectively be a table or structure within which users 8 could set up or specify additional types of entity data 9 to be kept in respect of their subject entities. Customized compliance rules or compliance and monitoring settings, as will be discussed further below under the heading of the rules database, could be kept in a custom compliance rules section 18F of the entity database 18. The contents of 18F might alternately be resident in the rules database 2 outlined further below.
The creation of a functional relational database structure for use in accordance with the system of the present invention will be understood by one skilled in the art of database design, and any data structure capable of use in accordance with the system of the present invention and the remainder of the software and hardware components outlined herein is contemplated within the scope of the present invention.
Rules database:
The rules database 20 would contain preset compliance rules 12 with respect to the different types of subject entities 1 in respect of whom the system of the present invention would be used, and internal or external governance controls applicable to the entities in question. The rules database 20 may have a fixed table structure and design or alternatively might be customizable or customized by other software components within the server 17, if it were necessary to make adjustments to the table structure or database designed to accommodate particular types of custom compliance rules, either internal or external in nature.
The server 17 of the web site system 15 of the present invention includes software which through various components can carry out the administration and operation of the method and system of F&K 2210-O5-Ol
the present invention including a rules database maintenance component 21 which would be responsible for the upkeep of records in the rules database 20, pertaining to various types of compliance rules 12 related to subject entities 1 in their related parties 2. The rules database 20 would be stored in a memory of the server 17 and the rules database maintenance component 21 5 could be any software component capable of accessing and administering this database 20. It will be understood that the precise structure of the database 20 could be any type of database structure which could be administered by a software component 21 in the server 17 and that all types of data structures are contemplated within the scope of the present invention.
o One function of the rules database maintenance component 21 could be to maintain and record any changes or additions made with respect to compliance rules stored within the rules database 20 as a result of or during the update or changes of various legislative regimes or regulatory schemes to which various types of subject entities 1 might be subject. As well, the rules database maintenance component 21 could be responsible for serving information from the rules s database 20 either to other software components within the server 17 or to other network components or computers.
It is contemplated that any type of compliance rules 12 which were required for the purposes of assessing the compliance of various subject entities I with the necessary governance controls o applicable to that subject entity I could be kept within the rules database 20 and that any necessary adjustments to the scope or format of such a database and/or its supporting software components are contemplated within the scope of the present invention. As outlined elsewhere herein, it is contemplated that the information which would be stored within the rules database 20 with respect to each compliance rule 12, corresponding to a governance control applicable to s some subject entity I , would include at least one selection parameter, which would be the necessary information or formula to be used in conjunction with entity data stored in the entity database with respect to a particular subject entity to determine whether or not that particular compliance rule and its associated governance control was applicable to the subject entity in question, as well is at least one compliance parameter which could be used in comparison to her o along with entity data stored within the entity database with respect to the subject entity in question to determine the compliance or noncompliance of that subject entity with the related F&K 2210-O5-OI
governance control. Each compliance rule 12 is stored within the rules database 20 would have at least one predefined woτkflow-step associated wrtrt it wh-ich- weukJ -al3O -be stored- with in the rules database 20 in respect of that compliance rule 12. The predefined workflow step is contemplated to be anything from the details of a notification or alert process upon a s determination of a compliance result with respect to a particular subject entity and a particular compliance rule 12, through to or in addition to more elaborate workflow steps or items which might be enabled by or facilitated by the system of the present invention including upon the detection of a certain compliance result generating certain information or documentation through the system 15, sending out third-party notifications or information in an automated process, or o even upon detection of a certain predetermined compliance result in initiating the transfer of certain entity data 9 or other calculated information based on such entity data and the compliance rule in question to an external computer system. While we speak of at least one predefined workflow stepping associated with each compliance rule stored within the rules database 20, it is contemplated that there could be more than one predefined workflow step associated with a s compliance rule both insofar as the detection nor determination of a certain compliance result with respect to a particular subject entity and a particular compliance rule of a specific period of time might trigger more than one predefined workflow step ~ for example upon detection of a certain compliance status notification might be sent to a user, a document might be generated for execution by a particular individual and subsequent recordkeeping, additional information could o be generated for archiving to the website system of the present invention or another computer system of the customer, and electronic submission of certain formatted data to third-party systems such as reporting databases or systems for publicly traded companies might be initiated based upon the detection of a certain condition with respect to a compliance rule. It might also be the case that in terms of at least one predefined workflow step being associated with a 5 compliance rule 12 stored within the rules database 20, that there would be predefined workflow steps assigned the to more than one compliance result related to the compliance rule 12 in question. For example, there could be one predefined workflow step assigned to the compliance rule 12 and stored within the rules database 20 which would be triggered or initiated upon the detection of a positive compliance result in respect of the particular compliance rule in question o at the time that the compliance assessment step was conducted in the method of the present invention, and there might be another alternative predefined workflow step assigned to the F&K 2210-O5-Ol
compliance rale 12 and stored within the rules database 20 which would be triggered or initiated upon the detection of a negative compliance result in respect of the particular compliance rule in question.
s It is contemplated in terms of the rules database 20 that external governance controls which might be applicable to a subject entity 1 would to the greatest extent possible be preprogrammed into the rules database 20 so that one or more of these external governance controls, when it was determined that they should apply to a particular subject entity or its related parties, could be applied to the entity data 9 by simply applying those particular compliance rules 12 which were o already programmed into the rules database 20 against the entity data 9 in question. However it will be foreseen that there will be circumstances within which one or more users 8 of the system might wish to program or customize compliance rules 12 with respect to one or more subject entities 1 in respect of which they are responsible for the entry or maintenance of entity data 9. The rules database maintenance component 21 might then also potentially have the capability to s accept and properly format from a user 8 accessing the web site 15 of the present invention through their browser 14, the parameters required to create additional records in the rules database 20 which would codify additional governance controls, either internal or external, which the user 8 wished to use in respect of one or more subject entities 1. Tt might also be the case in certain circumstances the system allowed for customization of records in the rules 0 database 20 with respect to how they would be applied in respect of an individual subject entity 1 , so that even if the rule itself could not be adjusted in circumstances in which it was not desirable to provide that functionality, the actions triggered or undertaken by the system upon detection of a positive or negative result of the application of that particular compliance rule 12 to the entity data 9 in question could be adjusted by a user 8 with the appropriate security s clearance or settings.
Tn a circumstance where the system allowed for the customization of compliance rules 12 stored within the rules database 20. the customizations which were applied to various rules 12 within the rules database 20 in respect of a particular subject entity 1 by a user 8 with the proper editing 0 privileges in respect of that subject entity 1 could either be stored in additional tables or records within the rules database 20, or in a supplemental data structure or elsewhere on the system of F&K 2210-O5-Ol
the present invention, Tt will even be foreseen that in certain circumstances, compliance rule customizations could be stored in respect of a particular subject entity 1 within the entity database 18. Thus it can be seen that while one of the major benefits of the system of the present invention is the fact that the actual compliance rules 12 within the rules database 20 have been preprogrammed or pre-created for use by users 8 of the system in respect of one or more subject entities 1 in respect of which those users 8 are responsible for data input or maintenance, it will be foreseen that allowing the user 8 to customize the parameters or predefined workflow steps associated with the application of one or more compliance rules 12 from the rules database 20 will be one major aspect of the system of the present invention.
Similarly in terms of customization, the ability for a user 8 to program customized compliance rules 12 into the rules database 20 or into an associated data structure will be understood by one skilled in the art in terms of the method of implementation, and again this level of customization would provide a great benefit to the users 8 to the system 15 of the present invention. It may also be in certain circumstances that where a user 8 wished to program certain types of customized compliance rules 12 into the rules database 20 or the associated data structure, such as one or more compliance rules 12 associated with a customized or individualized internal governance control it may also be the case that the user 8 would wish to or would need to specify the capture and maintenance of additional types of entity data 9 by the system 15 of the present invention in respect of the subject entity 1 in question so that the compliance rules 12 in question could be properly applied from time to time as they would be triggered. The ability to adjust or specify the types of entity data 9 being kept in respect of a subject entity 1 in order to apply customized compliance rules 12, is contemplated within the scope of the present invention.
Referring to Figure 3 there is shown one embodiment of a rules database 20 in accordance with the present invention. As was shown in Figure 2 with respect to the entity database 18, Figure 3 shows a main rules database 20 with a number of subordinate tables. The rules database 20 will contain all of the necessary information and parameters to apply various compliance rules 12 to entity data 9 contained within the entity database 18 in respect of one or more subject entities 1. In addition to the selection parameters and compliance parameters which would allow for the actual application or testing of various compliance rules 12 against data contained in the entity F&K 2210-O5-Ol
database 18. it is also contemplated to the rules database 20 would contain in respect of each compliance rule 12 therein any necessary information regarding predefined workflow steps to be triggered by the system 15 of the present invention upon the detection of either a positive or negative compliance result in application of one or more compliance rules 12 to entity data 9 contained within the system in respect of a subject entity 1.
It will be understood that in the table structure of the rules database 20 there could either be a single table containing all of the necessary information in respect of all of the compliance rules 12 programmed into the system 15, or alternatively there may be separate tables containing information pertaining to different types or sets of compliance rules 12 related to different types or sets of internal or external governance controls applicable to one or more subject entities. Any type of a data structure accomplishing the objective of allowing for the storage of the necessary information to apply various compliance rules 12 to the entity data 9 in respect of one or more subject entities 1 of one or more legal types maintained by the system 15 of the present invention is contemplated within the scope hereof.
As has been outlined elsewhere herein it is contemplated that one major determining factor in the type or nature of compliance rules 12 applicable to a particular subject entity 1 is the legal entity structure of that entity 1. As such there would be different sets of compliance rules 12 applicable to coφorations as subject entities I versus partnerships or other structures. Shown in the Figure with respect to the rules database 20 there is one table shown at 2OA which contains compliance rules pertaining to corporations. In addition to the corporate compliance rules table 2OA shown in the Figure, there is also shown a partnership compliance rules table 2OB which could contain the necessary information to apply partnership specific entity related compliance rules 12 to a partnership subject entity I and its entity data 9, and that table 2OB could also contain the necessary trigger or action information to allow for the system 15 of the present invention to react to the application of various compliance rules 12 to the entity data 9 in respect of a subject entity 1 which was a partnership.
As outlined elsewhere above, it will also be understood that the compliance rules 12 in respect of a particular entity type could vary by jurisdiction. In the example of a corporate subject entity, a F&K 2210-O5-Ol
corporation from one state or province may be subject to different governance controls and compliance rules 12 the corporation from another state or province. There may also be some overlap in some of the compliance rules 12 between adjacent or multiple jurisdictions along with rules 12 that are exclusively applicable to corporations resident in our doing business in those particular jurisdictions. It will be understood that the data structure of the rules database 20 can accommodate these different sets of compliance rules 12 in respect of particular entity types either by the addition of further tables to the database or alternatively by the addition of further identifying information to compliance rules 12 and their related action items stored within the rules database 20 so as to delineate for the sake of the system which compliance rules 12 are applicable to entities of which type and from which jurisdiction.
Tt is also contemplated that the system 15 and the rules database 20 could similarly accommodate variations in compliance rules 12 in respect to particular types of subject entities 1 based on other factors beyond the entity type or status, or the jurisdiction in question and that similarly any modifications to the scope of the data which would be contained in the rules database 20 in this respect and any necessary but obvious attendant modifications to the programming required to maintain or applied these different compliance rules 12 is all contemplated within the scope of the present invention as well.
Tn respect of the table of corporate compliance rules 2OA shown in the rules database 20, there are also demonstrated in the Figure to subordinate tables or data structures which include home jurisdiction corporate compliance rules, shown at 20AA, or extra jurisdictional compliance rules shown at 20AB. As outlined above, these two additional sets of compliance rules 12 could be selectively applied to the entity data 9 in respect of certain subject entities I in respect of which it was determined that they would apply. Again these added tables or data structures within the rules database 20 are simply shown to demonstrate the different types of compliance rules 12 which could be stored in the rules database 20 although it will be understood that information contained in table such as these can also be contained or aggregated in the either the corporate compliance rules table 2OA, or in the case where all of the compliance rules 12 in the rules database 20 were contained within a single table that information could also be rolled up into that single table as well. F&K 2210-O5-Ol
Finally with respect to Figure 5 there is shown a custom compliance rules table 2OC in the Figure. The custom compliance rules stored within the rules database 20, as shown in this separate table 2OC, might include any custom compliance rules 12 created by a user 8 in the implementation or codification of one or more internal governance controls in respect of a subject entity 1, as well as his table might also include any user specific customizations to the action items contained within the database with respect to other hardcoded compliance rules 12. For example, if a particular user 8 in respect of a particular subject entity 1 or its related parties 2 had programmed in their own settings that they wanted particular actions to take place upon the positive or negative determination of the application of a particular compliance rule 12 to the entity data 9 in respect of that entity 1 or its related parties 2, those custom settings could be programmed into the rules database 20 and stored in a table such as that shown at 2OC, either in place of or to override the default settings which would otherwise potentially be contained within the database 20. As has been outlined elsewhere above, it is also possible in the case of custom compliance rules 12 or customized settings programmed by a particular user and 8 with respect to the application of particular compliance rules 12 to a subject entity I or its related parties 2 that those may be stored in the entity database 18 rather than in a rules database 20 and that this type of the data structure or approach is also contemplated within the scope of the present invention.
Tt will be understood that the data structure demonstrated in Figure 5 is simply shown in a demonstrative fashion to outline one way that the data might be structured within a rules database 20 in accordance with the system and method of the present invention. It will be understood that any data structure in a rules database 20 which accomplishes the goal of allowing for the storage of pre-coded compliance rules 12 which can be determined to apply, and can be applied, to the entity data 9 in respect of one or more particular subject entities I to be maintained or monitored by the system 15 of the present invention is contemplated to be within the scope of the present invention. Tt will be understood that the compliance rules 12 as codified in the rules database 20 in accordance with the present invention would simply need to have sufficient information stored in respect thereof to allow for the application of the particular compliance rule 12 in question to the entity data 9 stored λvith respect to a particular subject F&K 2210-O5-Ol
entity I or its related parties 2. as well as potentially having the necessary information codified there with to allow for the actual determination by the system 15 of the applicable it is that particular compliance rule 12 to the type of subject entity 1 in question. For example if a compliance rule 12 was designed to test the compliance of some particular aspect of the entity data 9 with respect to a corporation from a particular province or state, the compliance rule in its most basic form would need to have the necessary formula or information to actually test the compliance of the entity data 9 with respect to that entity I, and would also need to in some fashion identified the circumstance or applicability of the compliance rule 12 in question — for example not only would the formula need to stipulate the type of a test to be applied to the entity data 9 but the database 20 would also need to have the necessary information stored in respect to that particular compliance rule 12 to specify that that particular compliance rule 12 was only to be applied to corporations as subject entities 1 , being from the particular state or province in question. The compliance rule 12 might also then have action or trigger items associated there with, either stored in the rules database 20 or stored in a separate event triggers database or the like, which outlined actions or reporting to be triggered by the system 15 of the present invention upon the detection of certain results in the application of the compliance rule 12 to the entity data 9 in respect of a subject entity 1 to which that particular rule was applicable.
Tt will be understood that the rules database 20 and the rules database maintenance component 21 might either be resident upon the server 17 of the web site system 15 the present invention, or alternatively might be resident upon another computer system which was accessible by the server 17.
It will also be understood to one skilled in the art that the rules database 20 and the entity database 18 could be combined into a single database or data structure rather than being resident in the server 17 as two separate databases potentially requiring more than one database maintenance component. Insofar as the integration of the rules database 20 and the entity database 18 into a single database or data structure would be easily adjusted or accomplished by one skilled in the art of database design, the combination of those two database functions into a single data structure is also contemplated to be within the scope of the present invention. F&K 2210-05-01
The rules database maintenance component 21 could either be a stand-alone software component or could form a part of a single larger software system 30 resident upon or accessible and executable by and upon the server 17.
Active versus passive system operation:
The system of the present invention can operate in either a "passive" or in an "active" fashion with respect to the application of various compliance rules 12 to the entity data 9 with respect to a subject entity I . What is generally speaking intended or contemplated in the system of the present invention where it is operating in a "passive" fashion is that the web site system 15 of the present invention would effectively apply various compliance rules 12 from the rules database 20 to the entity data 9 stored within the entity database 18 only upon triggering of the compliance assessment step by a user 8 interacting with the web site 15 of the present invention. For example there could be more than one user 8 of the system with respect to a particular subject entity 1 who was tasked with the job of entering or updating entity data 9 onto the system 15 on an ongoing basis. It may be desirable that in order to apply the applicable compliance rules 12 from the rules database 20 to that entity data 9 to determine the compliance or noncompliance of the subject entity 1 with the various compliance rules, that a user 8 needed to effectively trigger the compliance assessment step.
Figure 4 demonstrates one embodiment of the method wherein the system would operate in a "passive" fashion as outlined above. What is specifically contemplated, referring to Step A in Figure 4, is that a user 8 would log onto the system 15 of the present invention via their browser 14. The next step which is shown at letter B in the Figure is an authentication step. The authentication step would provide not only a security level with respect to maintaining the integrity and/or confidentiality of the entity data 9 contained within the system 15 but would also allow the user 82 by virtue of use of the proper login credentials to access the entity data 9 with respect to the proper subject entity 1 , since one user 8 might be responsible for or have access to the entity data 1 with respect to more than one subject entity. The user 8 could either through the authentication process or in a subsequent step identify the subject entity 1 and/or related parties 2 F&K 2210-05-01
thereto with respect to which it was desired to review compliance issues. This is shown at Step C in the Figure.
Once the user 8 had selected the compliance monitoring function which they wished to initiate. which in a basic embodiment would likely be a single compliance assessment step which would go through all of the selected compliance rules 12 from the rules database 20 which were applicable to the particular subject entity I and compare those selected compliance rules 12 to the entity data 9 stored within the system to identify the compliance or noncompliance of the subject entity 1 or its related parties 2 with the selected compliance rules 12. As outlined elsewhere herein, the compliance assessment step would involve assessing the compliance of the subject entity in question with each of the selected compliance rules which were active compliance rules , which had been selected to be applicable to the subject entity based on the entity data contained within the entity database and the selection parameters associated with that particular compliance rule in the rules database, and which were selected to be assessed during that particular iteration of the compliance assessment step either automatically or by the user.
Once the computer system had compared the active compliance rules 12 with the entity data 9 in question, reports could be produced to the user 8 which would indicate the compliance result determined with respect to the governance control associated with each active compliance rule as it was assessed by the system. The comparison of the entity data 9 with the compliance rules 12 in question, and the subsequent reporting of the results of that comparison to the user 8, are shown at Steps E and F. If the system 15 were programmed to trigger any other predefined workflow steps beyond the reporting of the results of a compliance assessment to the user 8. that step could be inserted before the end of the process as well.
One important point to be made with respect to the flexibility and functionality of the system and method of the present invention is that it is specifically contemplated that it may be the case that every selected compliance rule which was applicable to a particular subject entity would be an active compliance rule every time the compliance assessments step of the method of the present invention was conducted, whereby every time that the compliance assessment step was initiated, every compliance rule which was a selected compliance rule in so far as it was selected based on F&K 2210-05-01
the entity data and the selection parameters associated with the compliance rules in question would be considered or assessed for compliance purposes every time that the compliance assessment step was conducted. In other circumstances either by the selection of the user or because based upon the data contained within the rules database with respect to the compliance rules in question which were the selected compliance rules with respect to the subject entity in question it was determined that at the particular point in time that the compliance assessment step was going to be initiated in the method of the present invention that certain compliance rules only needed to be considered at that time, meaning that with respect to the particular iteration of the compliance assessment step in question the active compliance rules would represent only a subset of the selected compliance rules which themselves represent a subset of the total compliance rules contained within the rules database, and the compliance assessment step in that particular iteration would only assess the compliance of the subject entity with a smaller number of selected compliance rules, since in that circumstance the active compliance rules would represent less than the complete number of selected compliance rules. Situations where not every selected compliance rule needed to be applied every time that the compliance assessment step was completed might include circumstances where a particular selected compliance rule needed to only be assessed on a periodic basis or upon the occurrence of some particular event in the entity data pertaining to the subject entity in question, whereas there may be other selected compliance rules which need to be conducted or assessed on a more ongoing basis. Tt will be understood that it is intended to cover both approaches within the scope of the claims of the present patent, namely that when the compliance assessment step is conducted in the method of the present invention, the active compliance rules considered in that particular iteration of the compliance assessment step may or may not be all of the selected business rules which potentially apply to the subject entity in question.
In an "active" embodiment, there may be a compliance agent software component or the like resident on the system 15 of the present invention which would on an ongoing basis either on a time based routine or alternatively based upon the detection of any changes in the entity data 9 stored within the system 15 of the present invention automatically conduct the compliance assessment step of the method of the present invention with respect to one or more particular subject entities in an automated or agent fashion. In the longer term it is anticipated that the F&K 2210-05-01
"active" embodiment of the system of the present invention would have greater utility and market acceptance but it will be understood that the operation of a system in accordance with the method of the present invention in either an active or a passive fashion is contemplated within the scope of the present invention.
Figure 5 demonstrates an active embodiment of the compliance assessment step of the method of the present invention. Where the passive method outlined in Figure 4 above relies upon a user 8 triggering the compliance assessment step, the active method which is shown in Figure 5 does not rely on an operator initiation of the compliance assessment step. Rather there is shown at Step A in Figure 5 the automatic triggering of the compliance assessment step by a compliance software agent or the like which would be a part of the general software components 30 resident upon the server of the web site system 15 of the present invention. Tt is contemplated that what would be done in an automated or active embodiment such as this would be that a compliance software agent or other software component would trigger or perform the compliance assessment step of the method of the present invention with respect to a particular subject entity.
The compliance software agent or other software components responsible for the periodic review of compliance of the subject entity or entities 1 resident on or monitored by the system 15 of the present invention could be triggered in a number of different ways. The system might for example be programmed to have such a compliance software agent component or the like conduct the compliance assessment step on a time determined basis. Tt may be determined that the system should execute the compliance assessment step on a daily basis, weekly basis or some other predetermined basis. It might also be the case in another embodiment that particular subject entities I could select a particular time frequency within which they would like the compliance assessment step to take place.
Rather than a time based schedule being the triggering event for the compliance assessment step, other trigger events or trigger conditions might also be defined. For example the compliance assessment step could be triggered upon the detection of the entry of a change or update to any of the entity data 9 with respect to a subject entity 1. It will be understood that any number of different types of trigger conditions could be conceived, and that all such modifications or F&K 2210-05-01
triggering events and any related or attendant software modifications are contemplated to come within the scope of the present invention.
In this active model it is also envisioned that the comparison software agent could either in its detection of a triggering condition or event run the compliance assessment step in respect of all of the subject entities 1 contained within the entity database in a single pass, or alternatively the active model could engage in multiple schedules or multiple different types of trigger conditions or events could be used to trigger the compliance assessment step with respect to a particular subject entity 1 at separate times or in separate fashions rather than in one single pass. Both such approaches are contemplated within the scope of the present invention.
Entry of a new subject entity:
As outlined elsewhere herein, it is the intention of the present invention to offer effectively a governance compliance monitoring and enforcement web site system and method which by virtue of its ASP model will provide a cost-effective solution which can be used by enterprises of various types to enforce the compliance of their organizations or entities with various governance controls placed thereon either by internal or external means. The system of the present invention is scaled to host and/or monitor entity data 9 with respect to a plurality of subject entities 1, rather than for only a single entity 1. It will be understood that the hosting of any number of subject entities 1 and the entity data 9 related to those entities I and their related parties 2 is contemplated within the scope of the present invention. As has been outlined elsewhere herein it is also specifically contemplated that the subject entities 1 which would be monitored by the system of the present invention could be of numerous different legal entity structures or types.
The first data function which a user would encounter would be the set up of a new subject entity on the system. A new user could effectively access a "self-service" governance monitoring and F&K 2210-O5-OI
enforcement system in accordance with the present invention and could set up the necessary records on the system of the present invention to allow for the monitoring of a subject entity 1 on behalf of that user.
Referring to Figure 6. there is shown a flow chart which demonstrates one embodiment of a data entry process via the system of the present invention, related to die setup of a new subject entity 1 for monitoring by the system 15 of the present invention. The first step in the process A would be the accessing of the web site 15 by a user 8 via their browser 14, and upon the selection of the appropriate link or content in the web site 15 via the browser 14 the user 8 would be directed to a web form or web application through which the necessary information for the creation of a new subject entity 1 on the system of the present invention would be presented to the user 8 for them to fill in or complete. Entry of the initial entity data 9 with respect to a new subject entity 1 is shown at Step B in-the Figure.
The web form or web application which might be presented to the user 8 to create a new subject entity 1 on the system 15 of the present invention might in fact consist of more than one form or page, since the first form or page presented to the user 8 might capture basic information related to the subject entity I itself, and then there may be following forms or pages which need to be filled in based upon the testing of the type of information provided by the user 8 in that first basic form with respect to the subject entity 1. For example, if it was indicated to the system 15 via these forms that the new subject entity 1 which was desired to be set up was a corporation, at a later step in the data entry process the system may present different screens to the user for the entry of different required entity data 9 related to a corporation, than if the entity 1 in question was a partnership, joint venture, proprietorship or a business venture of some other particular legal structure.
The filling in of the basic entity data 9 with respect to the entity 1 in question is shown at Step B in the flow chart of Figure 8. Once the initial data entry, as shown at Step B. has taken place, it is contemplated that the next step in the process as is shown in this flow chart would be a data validation or error checking step, shown at Step C. with a view to verifying the integrity of the data against previous contents of the entity database 18, as well as to ensure that the entity data 9 F&K 2210-05-01
which had been entered complied with any requirements for the monitoring of that particular type of an entity as might be outlined in the rules database 20. Provided that the entity data 9 which had been entered by the user 8 was at this point free of errors, or following the correction of identified errors by the user 8 upon prompting by the system 15, the system could record that entity data 9 to the entity database 18 in respect of the new subject entity 1. Writing of this new entity data 9 in respect of the new subject entity 1 to the entity database 18 is shoλvn at Step D.
One of the flexibilities of the system of the present invention is that the system could, by the proper coding of various internal or external governance control regimes into the rules database 20. accommodate the proper data entry and capture as well as the proper governance monitoring of various types of entities in a single database application by virtue of the multiple entity design which is contemplated for the database in question. Specifically, whether it be different rule sets or control regimes which were stipulated by the legal structure of a subject entity 1. the jurisdiction of operation of a subject entity 1. or any number of different general classifications of subject entities 1. all of these different regimes could be programmed into the rules database 20 so that a single system could be used to monitor the compliance of the data in respect of various subject entities I regardless of their qualification under these categories.
The applicability of separate sets of governance controls, as a result of which also separate types of entity data 9 need to be captured in respect of a particular type of a subject entity 1 is demonstrated next in Figure 8. There is shown a decision block at Step E, wherein it is shown that one of the data checking tests which is applied to the initial entity data 9 entered in respect of a new subject entity 1 could be to determine the additional types of entity data 9 which might be required in respect of that subject entity 1 based upon the legal entity type of that subject entity 1. For the sake of demonstration here this decision block shows that in the case of a corporation as the subject entity 1, additional entity data 9 could be collected in respect of shareholders, directors and officers of the corporation, versus if the subject entity I was a partnership or if the subject entity I was some other type of a business structure there might be other types of information which needed to be collected. The types of information which are demonstrated in this Figure with respect to each different entity type are simply intended to be demonstrative of the type of a process which could be applied by the system of the present F&K 2210-O5-Ol
invention. They are not intended in any way to demonstrate exhaustively the types of information which would be captured. Shown at Step K in the Figure is the validation or error checking of any additional entity data 9 which has been captured with respect to the subject entity 1. That step also shows the writeback of that information to the entity database 18 once it s has been validated.
In Step L, the software components 30 within the system of the present invention could determine whether or not any additional entity data 9 was required to be entered by the user 8 to complete the setup of the subject entity I . For example, it might be determined that in respect of o a particular type of subject entity I in respect of which certain information had been entered by the user 8, that additional information was required in order to properly monitor the relationship between that entity 1 and another entity 1. Once it was determined that all of the necessary entity data 9 with respect to the new subject entity 1 had been entered, the data setup routine could be closed, as shown at Step M in the Figure. The workflow shown in this Figure is only s demonstrative of one process by which a user 8 of the system 15 in accordance with the present invention could enter the necessary set up information and entity data with respect to a new subject entity 1 which it was desired to begin to monitor in accordance with the compliance monitoring system of the present invention. One variation which is foreseen is that while the Figure shows a couple of separate data entry and database write steps, it will also be understood o that the software application or components used to capture all of the necessary entity data 9 with respect to a new subject entity 1 could capture all of the potential entity data 9 in advance of writing any of that information to the entity database 18. The use of some type of a temporary data structure or a different approach to the data capture such as this is again all contemplated within the scope of the present invention insofar as the same result is accomplished namely to 5 capture all of the necessary entity data 9 in respect of the entity 1 in question for validation and storage to the entity database 18.
Once the necessary entity data 9 had been entered in respect of the new subject entity 1 , the system of the present invention could trigger the rules elections step of the method whereby the o new entity data would be compared to the rules database to identify applicable or selected compliance rules. Following the completion of such a rule selection step either during or F&K 2210-O5-Ol
following the initial setup of the subject entity to which the entity data in question was related in the entity database, the system might also trigger a partial or complete compliance assessment step to review whether or not the entity data with respect to the subject entity in question was in compliance with the applicable compliance rules.
Automatic application of multiple sets of governance controls and compliance rules:
One of the key aspects of the system of the present invention would be the automation of the rule selection step wherein the compliance rules which applied to a particular subject entity are selected based upon the comparison of one or more selection parameters with respect to each compliance rules stored within the rule database against entity data pertaining to the subject entity in question from the entity database.
It will be understood that multiple layers or sets of compliance rules 12 may apply to different subject entities 1. For example in respect of a particular subject entity 1, it may be the case that a particular set of corporate legislative compliance rules 12 from the rules database 20 were selected based upon the jurisdiction of incorporation of the subject entity 1 , but it may also be the case that the particular corporation in question was a reporting issuer under securities legislation in one or more jurisdictions and that on that basis additional sets of securities compliance rules 12 which were preprogrammed in the rules database 20 would also be selected for application to the subject entity 1. This example is intended to demonstrate that individual compliance rules 12 or multiple compliance rules 12 in sets which were preprogrammed in the rules database 20 could be applied in aggregate to a subject entity 1.
Individual compliance rules may be parsed to a very basic level so that they effectively each comprised very simple and straightforward formulas or binary tests which could be applied to entity data 9 contained within the entity database 18. The aggregation of multiple compliance rules 12 on this basis into sets would allow for the system to, either automatically or with user assistance,identify selected compliance rules 12 from the rules database 20 based upon a lesser number of data validation or verification tests being conducted on the entity data 9 contained in F&K 2210-05-01
the entity database 18. Parsing the compliance rules 12 into smaller parts would allow for the greatest degree of customization in terms of the types of actions which could be driven off of the results of certain compliance rule testing conducted by the system of the present invention.
s Beyond the ability to automatically select one or more sets of compliance rules 12 from the rules database 20 for application in respect of a particular subject entity 1, another extension of this aspect of the system and method of the present invention is that based upon the subsequent periodic execution of the rule selection step by the system, compliance rules could be removed or deactivated at future points when it was determined that they no longer applied to a particular o subject entity. For example, in the situation where a corporation subject entity 1 which was incorporated in the province of Saskatchewan was doing business in the provinces of Ontario and British Columbia, the system might initially determine that a set of legislative corporate governance compliance rules 12 related to the jurisdiction of incorporation of the subject entity 1 for the province of Saskatchewan were applicable, and that there were sets of compliance rules s 12 in relation to both the provinces of Ontario and British Columbia related to corporations or other entities which were extra-provincially created but carried on business in those provinces which also needed to be applied to the particular subject entity 1 in question and the entity data 9 associated therewith in the entity database. If it was later indicated in the entity data 9 with respect to this subject entity 1 that the subject entity 1 had ceased doing business in the province o of British Columbia but had also commenced doing business in the province of Quebec at the same time, the system could automatically deselect the extra-provincial governance controls in respect of the province of British Columbia as well as at the same time adding the compliance rules 12 associated with the governance controls with respect to the province of Quebec to the aggregate of compliance rules 12 from the rules database 20 which needed to be applied in 5 respect of the particular subject entity I and monitored by the system 15 of the present invention.
The ability of the system and method of the present invention to automatically determine the applicability or inapplicability, as the case may be, of particular governance controls to a subject entity, and by extension thereof to determine the applicability or inapplicability of certain o compliance rules 12 stored within the compliance rules database 20. depends upon the proper selection of selection parameters which can result in the application or removal from F&K 2210-O5-Ol
consideration of particular compliance rules 12 from the rules database 20 in respect of the subject entity 1 in question and its related entity data 9.
It will be understood that there are many specific means by which this type of a functionality can be achieved in a computer database programming context and that any means which might be used to accomplish the goal of allowing for the proper selection or de-selection of particular compliance rules or sets of compliance rules in the rules database 20 herein in respect of a subject entity based upon the entity data 9 stored within the entity database 18 are contemplated within the scope of the present invention.
Data entry function:
One of the major benefits of the system and method of the present invention is that in addition to providing a means to actively monitor the compliance of a subject entity 1 with various internal or externally imposed governance controls, the system and method of the present invention will also allow on an ongoing basis for the creation of an up-to-date data repository of constitutional or governance related information with respect to the subject entity 1 which can act as a record for use by interested parties and/or for use by the entity itself in various functions or purposes.
Referring to Figure 7, there is shown a flow chart of one embodiment of a data entry transaction in accordance with the system of the present invention, whereby a user 8 could enter new or updated entity data 9 with respect to an existing subject entity 1 already set up in the system. Effectively the method shown in the Figure is a method which would be understood to one skilled in the art of database design or web site design whereby data resident in a database, in this case entity data 9 resident within an entity database 18, could be updated by a user 8 via a web site 15 and a user browser 14. Updating database contents via a browser interface in a client server environment will be understood to all skilled in the art. The first step in the data flow demonstrated in Figure 7, shown at Step A. is the logon of the user 8 to the web site 15. Tn logging on to the web site 15. the user 8 would provide the necessary security credentials or otherwise to be authenticated or identified to the system 15 of the present invention, shown at F&K 2210-O5-Ol
Step B, The logon credentials provided by the user 8 might automatically identify to the system 15 the subject entity 1 in respect of which the user 8 was authorized or wished to edit the entity data 9 on the system of the present invention, or alternatively if the user 8 was registered on the system 15 to access the entity data 9 for more than one entity 1. a menu might be presented to the user 8 via the web site system 15, and through which the user 8 could specify the subject entity 1 in respect of which it was desired to either edit or upload additional entity data 9 to the entity database 18. The user 8 would identify the desired subject entity I in respect of which it was desired to enter updates to the entity database 18, shown at Step C.
Shown at Step D is the entry of the updates to the entity data 9 in question. The web site system 15 of the present invention would serve the necessary data entry forms or the like to the browser 14 of the user 8, by which the user 8 could enter or edit the entity data 9 in question. Upon the validation or error checking of the updates or information entered by the user 8, shown at Step E, the system 15 could either loop back to seek alternate update information if the validation or error checking step failed, but if the information which had been provided by the user 8 passed any validation tests which it was subjected to it could be then written to the entity database 18, shown at Step F.
There is shown in optional step, Step G, in the Figure which is the triggering of the compliance workflow step by the system 15 based upon the recordal or posting of an update to the entity data 9 in respect of a particular subject entity 1 in the entity database 18. Effectively the system could be programmed to automatically conduct a new compliance review upon the detection or completion of the writing of an entity data 9 update to the entity database 18. The rule selection step might also be triggered by the writing of an entity data 9 update to the entity database 18. The triggering of a rules selection step or a compliance assessment step based on the detection of data updates is an optional step, and the compliance assessment could also take place at a later time either in a periodic scheduled automatic review or alternatively in a triggered review which was triggered based upon a manual input from the user 8 of the system 15.
Data validation: F&K 2210-05-01
One of the major target audiences of the system of the present invention, smaller to medium- sized enterprises who do not have the system or infrastructure in place to maintain an onerous governance monitoring system, the ability of the system of the present invention to validate entity data 9 which is entered into the system for storage in the entity database 18 is key. By validating new entity data 9 before it was entered into the entity database 18, the system of the present invention can maximize the accuracy of the types of compliance rules from the compliance rules database 20 which were applied to the particular subject entity I in question. Furthermore, insofar as any of the entity data 9 which is stored in the entity database 18 with respect to a particular subject entity I or its related parties 2 was going to be used in subsequent workflow or document generation type processes, the accuracy of the data would be essential.
Error checking or validation of entity data 9 or entity data updates could take many different forms and could be conducted to many different thresholds. Data validation techniques will be understood by those skilled in the art of computer programming and database design.
Restricting data changes to authorized users:
Tn addition to ensuring that new entity data 9 which is entered into the system 15 of the present invention is validated to maximize its accuracy, it is also contemplated that the inclusion of a rigid security model in the system 15 of the present invention will enhance its value and utility. For example, even from a workflow point of view, the system 15 could be set up so that only particular users 8 had data editing or entry privileges with respect to a particular subject entity 1. and that other users 8 were potentially allowed to view data with respect to that subject entity I but not allowed to make any changes.
The provision of a system whereby only particular authorized users 8 could make data entry or modification changes to the entity data 9 maintained within the system 15, potentially coupled with an audit trail capability in the system, will provide for an integrity in the corporate record which is created and maintained by the system of the present invention which can enhance the F&K 2210-O5-OI
value of the data contained within the entity database 18. Tn terms of the means by which the ability of certain users 8 to access or modify entity data 9 from the entity database 18 with respect to one or more subject entities 1 can be restricted or controlled, it will be understood that there are many different authentication or identity determining methods which are available for use with web site systems which could be used to properly identify a user 8 through their browser 14 to the server 17, and based upon which identification or authentication the remainder of the users access to the web site 15 could be based or limited. Any method of authenticating users so that access to various functions of a web site system such as that of the present invention can be limited or restricted will be understood to be within the scope of the present invention.
Audit trail:
One of the benefits of the system of the present invention is the ability to in certain implementations of the system capture a complete audit trail with respect to changes which have been made to the data over time. It may be desired for example to have a system which will capture the identity and details of individuals who may have updated or changed certain records in the system at certain periods in time. Implementation of an audit trail component to the database system of the present invention would be easily conceived by one skilled in the art and is intended to be contemplated within the scope of the present invention. And may also be desirable in certain circumstances to have a historical audit trail outlining the compliance results determined by the system with respect to one or more subject entities from time to time, over time.
The addition of a robust audit trail component, along with the necessary security restrictions for data access and changes, would enhance the value or utility of the data captured in the system 15 of the present invention to individuals outside of the subject entity. For example, the provision of a web site system 15 for the monitoring of governance compliance might be accepted and/or found useful by third parties in respect of certain subject entities if those third parties had the additional security or comfort of proper audit trails and/or that the appropriate security model was in place to allow only audnorized individuals to update or change data in the system. F&K 2210-O5-Ol
Additional commercial success is thought to be found for a system such as that disclosed herein where on this "independent" basis the integrity of the corporate "record" contained therein can be guaranteed.
Creation of entity data by the system:
Another aspect of the web site system 15 of the present invention which is foreseen to offer functional advantages to the users of the system 15 of the present invention would be the ability of the system 15 to automatically create certain entity data 9 in the entity database 18 based upon either the compliance rules 12 contained in the rules database 20 and/or the entity data 9 already contained within the entity database 18. Effectively it would be possible to program the system 15 of the present invention to automatically create certain updates or new entity data 9 for storage to the entity database 18 in respect of particular subject entities 1 on a periodic basis or as needed. For example, there may be certain types of entity data 9 which need to be maintained in the entity database 18 primarily tor the sake of recordkeeping. The system could either be programmed to automatically recalculate this information for storage as either modified entity data 9 or new entity data 9 for storage to the entity database 18 in respect to one or more subject entities 1 or their related parties 2. The far reach of the ability of the system 15 to calculate on an ongoing basis or as needed new entity data 9 in an unsupervised fashion for storage to the entity database 18 or for use by other aspects of the system 15 of the present invention will be understood by one viewing the overall functionality of the system, and there are various methods of implementing such a function.
On-demand data searching function:
The capture of various entity data 9 to the entity database 18 in respect of a subject entity I is simply the first step in a workflow product which allows for the automatic or periodic triggering of certain functions based on that entity data 9 stored within the entity database 18. On a fairly basic level, one function which is foreseen to be desirable for use by certain users 8 of the system F&K 2210-05-01
15 of the present invention would be effectively an ad hoc or on-demand reporting system wherein a user S could logon to the system 15 of the present invention to their browser 14 and in respect of a particular subject entity 1 could access reports or information based on or stored in the entity database 18 with respect to a particular subject entity 1 or its related parties 2. s
It is contemplated that a user 8 could log on to the web site 15 via their browser 14 and, provided that they had the appropriate security credentials, access a reporting menu from which they could select from preprogrammed report formats, queries or also specify ad hoc reporting if they wished to do so. For example, the user 8 could logon to the system and in respect of a subject o entity I extract a τeport with all the details of all the shareholders of the corporation, where the subject entity 1 was a corporation. A report could be extracted which detailed the dates and details of the filings of the last 10 securities documents or regulatory filings with respect to a particular set of compliance rules applicable to that subject entity 1 from the rules database 20.
s The parameters and details of the reports and the components necessary to extract and formulate reports for serving to users 8 through their browsers 14 could be a part of the general software components resident on the server 17, or alternatively it may be the case that there was a separate reporting engine or the like used. In either case, once the user had selected a report which they wished to view and that selection had been transmitted or communicated back to the server 17 o from the browser 14 of the user 8, the software components in the server 17 could action the creation of the necessary report for serving back to the browser 14 of the user 8. Typically a reporting step such as this would consist of querying the required data from the entity database 18 and/or the rules database 20 as might be appropriate and applying a report format to the extracted data contained in the query. Once the user 8 obtained the report that they wished to s view and were finished with that report they could loop back to select other reports or data entry or modification functions which they might wish to undertake, or they could exit from the web site 15.
The reports in question could either be preprogrammed onto the system of the present invention 0 so that the software components 30 resident on the server 17 would know what to do to extract and formulate those reports for serving back to the browser 14 of the user 8. or it will also be F&K 2210-05-01
understood that an ad hoc query and reporting interface could be provided whereby a user could on an ad hoc basis specify with more detail the nature and format of the data which they wished to extract from the entity database 18 and/or how they wished to have it displayed.
Trigger conditions:
Beyond simply acting as a corporate "minute book", the system and method of the present invention can assist an organization or entity in maintaining the compliance of themselves or their entity with various internal or external governance controls by automatically triggering or forcing the occurrence of certain workflows or events upon the detection of certain conditions in the data maintained in the entity database with respect to that individual or the related entity. The software components 30 on the server 17 would be capable of executing the compliance assessment step of the method with respect to at least one selected rule applicable to at least one subject entity either on demand or in an automated fashion, as has been outlined above. It is also contemplated that the compliance rules 12 themselves as stored in the rules database 20 would each include information regarding at least one predefined workflow step to be carried out upon the detection of either the completion or compliance of a subject entity 1 with a particular compliance rule.
Compliance agent:
The use of a compliance monitoring agent software component has been discussed elsewhere in further detail above. Effectively it is contemplated that the system and method of the present invention could include some type of a software agent which could on some periodic or other trigger basis conduct the compliance assessment step of the method of the present invention in respect of one or more subject entities 1 and one or more selected compliance rules. Tn the
"active" motive the method of the present invention, whereby a periodic compliance assessment step is conducted without user intervention, those periodic assessments could be triggered by, or conducted by, such a software agent. It will be understood that any type of the software agent or F&K 2210-05-01
modification to the remainder of the database programming in support of the method outlined herein which would accomplish the objective of providing for an agent capable of triggering periodic actions by the system of the present invention is contemplated within the scope of the present invention. A compliance agent software component might not only conduct or trigger the compliance assessment step of the method of the invention, but that compliance agent software component might also be programmed to trigger any number of different types of other actions of which the system 15 might be capable including the generation of reports, sending of alerts or any other actions for which the system in question may be enabled.
Active notification and reporting function:
The "active" versions of the method would automatically on some kind of a periodic or other trigger basis detect the arrival of a condition or state at which time a compliance assessment step in respect of a particular subject entity 1 with respect to at least one selected compliance rule applicable to that entity should be conducted.
Another active aspect of the system of the present invention which is contemplated is that beyond in either manual or automated fashion comparing compliance rules 12 which were preprogrammed into a rules database 20 or other data structure as outlined herein to the entity data 9 in an entity database 18 in respect of one or more subject entities 1 , the software of the system 15 of the present invention might include other workflow automation components which would, based upon entity data 9 contained within the system 15, actively conduct certain corporate governance tasks on behalf of the subject entity I in question. For example, the system 15 might identify certain future events which were required to take place based upon the nature or state of the entity data 9 with respect to a particular subject entity I stored within the entity database 18. and on that basis the system might calendar those events, send out reminders or undertake other certain types of actions including even automatically triggering certain tasks to be conducted by the system 15 of the present invention at certain future times as might be determined to be appropriate. Some of the automated workflow extensions or workflow F&K 2210-05-01
components which are contemplated to potentially be within the scope of the present invention are outlined below and herein.
Actions to be taken as well as conditions within which those actions would be triggered, in respect of a particular type of a compliance rule or governance control, could all be programmed into the rules database 20 is further compliance rules 12. It will also be understood however that where an extensive workflow aspect is contemplated in a particular implementation of a system or method of the present invention, the workflow aspect of the system including details of the types of conditions which would trigger certain workflow steps as well as the details of those workflow steps and cells might also be stored in a separate data structure apart from the rules database 20. Again such matters of database design are all contemplated within the scope of the present invention.
Calendaring of time-related governance requirements:
One of the major workflow capabilities which is contemplated to be within the scope of the present method and invention is the addition of a time-based or calendar based condition detection component or engine to the software of the present invention. Certain compliance rules 12 stored within the rules database 20 might consist of certain timelines or fixed dates at which certain actions needed to be taken by a particular type of subject entity 1. By the addition of a calendar component or aspect to the system of the present invention, the system could either on a date specific or time specific basis monitor the entity data 9 in respect of that subject entity 1 to ascertain whether or not certain actions had been taken within an appropriate timeframe, or could also in a more extensive implementation based upon dates calculated by the system of the present invention actually trigger various workflows in respect of a subject entity including reminders of compliance deadlines or even triggering certain computer-based tasks to be undertaken at appropriate times. For example, if a particular type of government paperwork needed to be filed every year by March 15 in order to comply with a certain governance regulation or control, as March 15 of the year approached reminders can be triggered to the subject entity to undertake compliance with this rule 12 in respect of this entity was updated to F&K 2210-O5-OI
reflect that this item had been taken care of. or alternatively the system might even be prepared or programmed to automatically satisfy that condition by the automated filing of certain information or documents with the appropriate authorities at the appropriate timeframe.
It will be understood that many different types of functionality and workflow will be significantly strengthened or enabled by the addition of such a calendaring component to the system and software of the present invention. That calendaring component might be a part of one of the other software components discussed elsewhere herein or might be a calendar specific condition monitoring engine or the like which could monitor on a date and time basis the present date and time against all of the outstanding upcoming deadlines in respect of one or more subject entities I hosted by or monitored by the system 15 of the present invention.
The various calendar dates or deadlines in this type of an embodiment could either be calculated on an active and ongoing basis based upon the compliance rules 12 from the rules database 20, or the structure of the databases within the system 15 of the present invention could be modified to add a specific table or structure within which upcoming deadlines could be maintained with respect to the subject entities monitored by the system of the present invention and the calendar agent or components would then simply need to monitor a specific table in the database for upcoming deadlines and trigger the appropriate actions based thereon.
Document generation capabilities:
One of the added benefits available to users of the system of the present invention, based upon the fact that by its nature the system of the present invention would end up assembling a robust central repository of data with respect to the constitutional makeup or governance of one or more subject entities, would be that this data could in turn be used to generate various documents either automatically or upon user request. As a central data repository which would presumably be kept up-to-date by the administration of a subject entity, this type of a reporting facility would provide again a very simple and straightforward mechanism by which companies or other F&K 2210-05-01
entities using a system such as that outlined herein could simplify fee requirements to obtain such reports or information from time to time.
Enforcing workflows or routine of corporate information:
Another type of compliance rule 12 which could be programmed into the rules database 20 and potentially monitored or enforced by the system 15 of the present invention would be a compliance rule or rules 12 related to the routing of corporate or entity data 9 to various parties requiring or entitled to receive such information. For example, where certain types of information or documents were loaded into the system 15 of the present invention as entity data 9 it may be the case that was information to which members of the board of directors of a subject entity 1 were entitled or were required to have and review in advance of a scheduled board of directors meeting. The system could not only be programmed to remind the user or users 8 responsible for creating or uploading that information 9 to the database 18 in the first place, and continue to monitor the submission of that information in a timely fashion, or in advance of a deadline but also then upon the expiry of that deadline or upon receipt of the information which was required to be distributed, send around a notification or otherwise forward copies of that information or data 9 to the individuals in question.
Beyond a convenient and streamlined method of circulating such information, where the circulation or provision of such information to various parties such as members of the board of directors of a subject entity 1 was required by internal or external governance controls, the ability to automatically forward and circulate this information using the system 15 of the present invention in fact helps the subject entity 1 to gain or maintain compliance with the various governance controls applicable thereto, beyond just reporting the status or compliance of the entity 1 with the controls or compliance rules 12 in question.
Providing corporate management dashboard or workspace: F&K 2210-05-01
As an extension of the ability of a system 15 embodiment of the present invention to as required circulate data 9 from the entity database 18 to the affected or entitled parties or users 8, the system 15 of the present invention could also be modified to provide effectively a corporate management dashboard or workspace within the web site 15 of the present invention, whereby a user 8 could access via their browser 14 all of the entity data 9 to which that particular individual is entitled with respect to one or more subject entities 1 or the related parties 2 thereto. This type of a management dashboard or workspace could also include a work area within which users 8 could upload or download or view documents or other information contained within the entity database 18 or elsewhere in the content store of the system 15 related to the subject entity 1 in question. For example, the system could provide a document workspace in respect to the subject entity 1 being maintained by the system which would allow for users 8 to upload financial reports or other documents for secure access by entitled users 8.
Access permissions could be determined by a class based permission propagation method whereby based upon the attributes assigned to a particular user 8 the appropriate security permissions or security level could be established — i.e. a shareholder of a company could be set by default to access certain areas of the system 15 with respect to the subject entity I in question whereas a member of the board of directors of the subject entity I might have a different security level attached thereto entitling them to further or different information and access privileges to the work area and other aspects of the system of the present invention 15. Rather than a permission propagation method which was conducted automatically based upon different attributes assigned to users 8. it would also be possible to provide a specific user interface by which an administrative user 8 with respect to subject entity 1 could set up or adjust the access permissions of different users 8 with respect to the entity data 9 of a particular subject entity I or its related parties 2.
Automatic filing of external information requirements:
One of the predefined workflow steps which is foreseen to be easily possible in the scope of the present invention would be to provide for the automatic generation and filing of certain external F&K 2210-05-01
informational requirements. Effectively it is contemplated that the system 15 could automatically generate certain reports and potential even file them with the necessary external authorities when it was determined to be required to do so based upon either a compliance result yielded from an iteration of the compliance assessment step of the method in respect of a particular selected rule pertaining to a subject entity. If it was determined for example that, based upon the entry of some new entity data 9 into the system 15. a new member had been appointed to the board of directors of a corporation which was a subject entity 1 within the system 15 of the present invention, the recognition of this change to the constitution of the subject entity during the next compliance assessment step with respect to that particular set of compliance rules pertaining to the constitution of the board of directors of the corporation could trigger the automatic submission to the relevant corporate authorities of the notice of the change of membership of the board of that company. Upon detection of the occurrence of a condition within the entity database 18 requiring such an external filing or action to take place, the remainder of the software of the system of the present invention could be programmed to automatically generate a document for signature and manual filing by the appropriate individual associated with the entity 1 in question, or alternatively the system 15 could also be capable of electronically filing that information with the necessary authorities, without requiring any intervention all by the user. Either such approach is contemplated within the scope of the present invention,
Automatic application of the most up-to-date legislative or control data:
Another major benefit which is foreseen in the system of the present invention is the fact that the users 8 of the system 15 will always have access to the most up-to-date programming of compliance rules 12, within the rules database 20, without the need to perform those updates or programming adjustments on their own, since the ASP provider of the system of the present invention would keep the rules database up-to-date with respect to at the very least the preset compliance rules programmed in the rules database. As such when the particular nature of one or more governance controls which might be applicable to certain subject entities 1 was changed, the programming of the compliance rules pertaining to those particular governance controls F&K 2210-05-01
could be adjusted, and subsequently during another rule selection step or compliance assessment step the up-to-date versions of the compliance rules, reflecting the up-to-date versions of the governance controls in question as well as the up-to-date parameters and action steps associated there with, would be used by the system. It would also be possible to program the system so as to provide the ability for historical or backdated compliance rules 12 to be applied in certain circumstances where that might be deemed appropriate either by the user or users 8, the operator of the system 15 or the purveyors or providers of various governance controls.
Creation of a historical record:
Use of the system and method of the present invention to maintain corporate governance data and constitutional information with respect to any subject entity 1 can result in the creation of a robust historical record as to the past governance compliance or past corporate activities of a particular entity 1 or its related parties 2. Particularly where the appropriate security and audit trail functionality is added to the system and method of the present invention to satisfy the integrity requirements of third parties, the historical record which might be created by the use of the system of the present invention by one or more subject entities 1 would be an added major benefit to the operation and use of the system of the present invention. For example again if a person was being courted to become a director of a corporation, for example, which corporation was using the system or method of the present invention to collect and/or monitor their compliance with various governance information on data, that individual could be allowed access to the historical record contained within the entity database 18 on the system 15 for the purpose of assessing the compliance, firsthand, of the entity I with any assorted applicable compliance rules 12. Similarly, government authorities, tax authorities, securities authorities or exchanges, or any number of other third parties or related individuals might require or benefit from the use of a system such as that of the present invention and the historical record of corporate activities or business activities in respect of one or more business entities 1 which the system and method of the present invention could be used to collect. F&K 2210-05-01
As a logical extension of the collection of a historical record with respect to a particular subject entity by the system or method of the present invention, the system and method of the present invention could also assemble a historical record that, in the proper circumstances where data integrity and security was maintained, could be used for enforcement purposes by government or other related parties or authorities.
Compliance scorecard:
Another aspect of the system and method of the present invention is the ability of the user of this system or method to automatically produce a compliance score or a compliance scorecard for a particular subject entity. It may be the case that in terms of overall comparison of information with respect to various subject entities it was desired to come up with some kind of a formula which would allow for the objective comparison of the compliance or performance of various subject entities with the compliance rules applicable to them. A compliance scoring step could be added to the method of the present invention whereby a preset scoring formula would be applied to the entity data and compliance rules applicable to various subject entities or a single
user, provide up to a third party, or used in various data viewing or reporting functions. Tt will be understood that in certain cases there may be an independent third-party scoring formula which would be desired to be codified in used for the sake of providing rankings of subject entities who were subscribing to the system of the present invention in accordance with an openly accepted and independently administered or created compliance scoring formula, or it may also be the case that the provider of the system or method of the present invention could design their own ranking or scoring formula to provide a compliance score to various subject entities at all such formulas or approaches to the rendering of a compliance score in respect of the subject entity who has entity data stored within the entity database of the present invention are contemplated within the scope hereof.
Independent third party nature of the system: F&K 2210-05-01
One of the major benefits to a system such as that offered by the present invention is the autonomous or independent nature of the system insofar as it is offered potentially by a third party information provider rather than being hosted internally by a particular corporation or entity. In this respect, provided that the appropriate types of security and historical data 5 functions or searches are provided with the system, it is hoped that effectively by offering a corporate governance monitoring system in a web site or ASP model, hosted and operated by a third party who can guarantee the integrity of the data to a third party, the parties related to corporations such as banks, financial institutions, governments or other authorities may find the necessary comfort in the integrity of the system to accept the results and data maintained by the o system and/or to provide a means by which there could be a relatively rapid market spreader acceptance of the use of a corporate governance monitoring tools such as this threw out smaller to medium-sized enterprises who otherwise could not afford to make the necessary investment to properly capture and maintain this information. The use of an ASP system or web site system operated and guaranteed by a remote third party to capture, monitor and assess the compliance of s various information with respect to different internal or external corporate governance controls upon a particular type of entity is in its broadest sense what is contemplated as comprising the present invention.
o Conclusion:
The foregoing is considered as illustrative only of the principles of the invention. Furthermore, since numerous changes and modifications will readily occur to those skilled in the art, it is not desired to limit the invention to the exact construction and operation shown and described, and s accordingly, any such suitable changes or modifications in structure or operation which may be resorted to are intended to fall within the scope of the outlined and claimed invention.

Claims

F&K 2210-O5-Ol
Claims:
We claim:
3. A method of enforcing governance compliance by entities subject to governance controls, said method using a computer system containing:
a. an entity database in which entity data pertaining to at least one subject entity can be stored; and
b. a rules database storing a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity: at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity; and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity;
said method comprising:
c. A rule selection step wherein the selected compliance rules corresponding to governance controls applicable to a subject entity are selected based upon application of the selection parameters from compliance rules in the rules database to entity data from the entity database pertaining to that subject entity;
d. A compliance assessment step, performed with respect to at least one subject entity and at least one selected compliance rule applicable thereto, the at least one F&K 2210-05-01
selected compliance rule in respect of which the compliance assessment step is being performed being an active compliance rule, wherein:
i. the compliance of the at least one subject entity with the governance control related to the at least one active compliance rule is determined by application of the compliance parameters associated with the at least one active compliance rule to entity data from the entity database pertaining to the subject entity, said determination of compliance being a compliance result; and
ii. triggering at least one predefined workflow step based upon each compliance result.
4. The method of Claim 1 further comprising a data capture step wherein new or revised entity data with respect to a subject entity is captured and stored to the entity database in advance of the compliance assessment step.
5. The method of Claim I wherein the rule selection step is conducted during the compliance assessment step.
6. The method of Claim 1 wherein the rule selection step is conducted after storage of
7. The method of Claim I wherein the rule selection step is conducted following any change to the compliance rules stored within the rules database.
8. The method of Claim 1 wherein the at least one predefined workflow step associated with at least one compliance rule in the rule database is selected from the group of:
a. Taking no action; b. Notifying the user of the system of the compliance result; F&K 2210-05-01
c. Notifying someone other than the user of the system of the compliance result; d. Generation of one or more documents; e. Revising the entity data in the entity database with respect to the subject entity in question; f. Forwarding entity data or other information to the user of the system; g. Forwarding entity data or other information to someone other than the user of the system; h. Initiating the submission of an external information requirement to a third party;
9. The method of Claim I wherein the compliance assessment step is triggered by a user.
10. The method of Claim 1 wherein the compliance assessment step is conducted at a predetermined time.
1 1. The method of Claim I wherein the compliance assessment step is conducted on a predetermined periodic interval.
12. The method of Claim I wherein the compliance assessment step in respect of a particular selected rule and particular selected entity is triggered by any change to the relevant entity data in the entity database.
13. The method of Claim 1 wherein at least one governance control represented by a rule in the rules database is an external governance control.
14. The method of Claim I wherein at least one governance control represented by a rule in the rules database is an internal governance control.
15. The method of Claim 1 further comprising allowing the addition of customized compliance rules to the rules database. F&K 2210-O5-OI
16. The method of Claim I wherein any of the selection parameter, compliance parameter or the predefined workflow steps associated with at least one preset compliance rule are customized for use in respect of a particular subject entity.
5 17. The method of Claim 1 wherein all of the selected compliance rules applicable to a subject entity are active compliance rules assessed for compliance each time that the compliance assessment step in respect of that subject entity is executed.
18. The method of Claim I wherein not all of the selected compliance rules applicable to o a subject entity are active compliance rules assessed for compliance each time that the compliance assessment step in respect of that subject entity is executed.
19. The method of Claim 1 wherein at least one governance control represented by a compliance rule in the rules database relates to a timeline pertaining to the completion s of a scheduled governance activity, and at least one predefined workflow step associated with that compliance rule is a notification to an appropriate party of the status of completion of that scheduled governance activity on behalf of a subject entity to whom that compliance rule has been determined to apply.
o 20. The method of Claim 17 further comprising the initiation of at least one computer aided task by the computer system in support of the completion of the scheduled governance activity, in addition to party notification, upon determination of a compliance result indicating that the timeline for said scheduled governance activity has not yet been met. 5
21. The method of Claim I further comprising retaining an audit trail on the computer system regarding the details of changes made to the entity data with respect to a particular subject entity stored within the entity database.
0 22. The method of Claim 19 wherein the audit trail indicates what user of the system made a particular change to the entity data. F&K 2210-05-01
23. The method of Claim 19 wherein the audit trail retains previous versions of entity data within the entity database.
5 24. The method of Claim 1 wherein a plurality of subject entities are related, and at least one selected compliance rule pertains to enforcing compliance of the relationships between said related subject entities to at least one governance control.
25. The method of Claim I further comprising in subsequent compliance assessment o steps after the first changing the subset of selected rules for application to a subject entity based upon changes to the entity data in respect of the subject entity.
26. The method of Claim 1 wherein the number of subject entities for which entity data is stored within the entity database is more than one. 5
27. The method of Claim I wherein the rules database and the entity database are resident upon, and the method is conducted by, a website system accessible to users over a computer network.
o 28. The method of Claim 25 wherein communications between a user and the website system are conducted using a secure communications protocol.
29. The method of Claim 1 wherein the computer system includes the necessary components to offer users a data viewing function whereby entity data from the entity s database can be viewed by users.
30. The method of Claim I wherein the computer system includes the necessary components to offer users a data reporting function whereby entity data from the entity database can be queried and reports created by users. 0 F&K 2210-05-01
31. The method of Claim 28 further comprising a compliance scoring step, wherein an overall compliance score will be calculated with respect to a subject entity and the entity data and selected compliance rules applicable to that subject entity and reported to a user of the system.
32. The method of Claim 29 wherein the overall compliance score is calculated in accordance with a third-party formula.
33. The method of Claim 29 wherein the overall compliance score is calculated in accordance with an internally programmed formula.
34. The method of Claim 1 wherein the computer system includes the necessary components to offer users a calendaring function whereby users can calendar deadlines for the handling of compliance rule deadlines or other deadlines.
35. The method of Claim I wherein, in respect of a particular compliance rule and its application to a particular subject entity, any of the following can be customized:
a. The at least one selection parameter;
b. The at least one compliance parameter; or
c. The at least one predefined workflow step.
36. A website system for use in the enforcement of governance compliance bv entities subject to governance controls, said website system comprising:
a. At least one server containing at least one processor, a memory operatively coupled to the at least one processor, and a data storage device in communication with the other components of the server and the website system . said at least one F&K 2210-O5-Ol
server being operatively connected to a communications network whereby it is capable of communication with at least one user terminal computer;
b. An entity database stored on the data storage device, within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement;
c. A rules database stored on the data storage device, within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity; and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity:
d. A program module stored in the memory of the server operative for providing instructions to the at least one processor responsive to the instructions of the program module, said program module operative for:
i. At a selected time with respect to a particular subject entity, being a rule selection point, determining which compliance rules from the rules database pertain to governance controls applicable to that particular subject entity by applying the at least one selection parameter from the compliance rules in the rules database to entity data from the entity database pertaining to that subject entity, the compliance rules being determined to apply being the selected compliance rules, said determination comprising a rule selection step; and F&K 2210-O5-Ol
ii. At a selected time being a compliance assessment point, with respect to a subject entity and at least one selected compliance rule applicable thereto, conducting a compliance assessment step comprising:
5 1. Determining the compliance or noncompliance of the subject entity with the at least one selected compliance rule by applying the at least one compliance parameter with respect to said compliance rule to the entity data stored within the entity database with respect to said subject entity, the results of said application being a o compliance result; and
2. Executing the at least one predetermined workflow step corresponding to the compliance result associated with the selected compliance rule. 5
37. The system of Claim 34 wherein the program rnoduie-is further capable of communication with a user via a user computer terminal in operative communication with the server and by virtue of said communication receives updated or new entity data for storage to the entity database in respect of a subject entity. 0
38. The system of Claim 34 wherein a compliance assessment point is a manual trigger received from a user computer terminal.
39. The system of Claim 34 were in a compliance assessment point is programmed to be s triggered at a predetermined specific time.
40. The system of Claim 34 wherein a compliance assessment point is programmed to be triggered on a predetermined periodic frequency.
0 41. The system of Claim 34 wherein a compliance assessment point is programmed to be triggered upon entry of any new or revised entity data to the entity database. F&K 2210-05-01
42. The system of Claim 34 wherein a rule selection point is programmed to be triggered upon entry of any change to the compliance rules stored within the rules database.
43. The system of Claim 34 wherein a rule selection point is programmed to be triggered upon entry of any new or revised entity data to the entity database.
44. The system of Claim 34 wherein with respect to a particular subject entity the rule selection step will take place within the compliance assessment step, whereby the selected compliance rules applicable to a particular subject entity will be reselected in advance of completion of the remainder of the compliance assessment step.
45. The system of Claim 34 wherein the at least one predefined workflow step associated with at least one compliance rule in the rule database is selected from the group of: a. Taking no action; b. Notifying the user of the system of the compliance result; c. Notifying someone other than the user of the system of the compliance result; d. Generation of one or more documents; e. Revising the entity data in the entity database with respect to the subject entity in question; f. Forwarding entity data or other information to the user of the system; g. Forwarding entity data or other information to someone other than the user of the system; h. Initiating the submission of an external information requirement to a third party;
46. The system of Claim 34 wherein the program module will allow an authorized user of the system to add customized compliance rules to the rules database for subsequent application to a subject entity and the entity data associated therewith.
47. The system of Claim 34 wherein any of the selection parameter, compliance parameter or the predefined workflow steps associated with at least one preset F&K 2210-05-01
compliance rule can be customized by an authorized user for use in respect of a particular subject entity.
48. The system of Claim 34 wherein all of the selected compliance rules applicable Co a s subject entity are assessed for compliance each time that a compliance assessment step in respect of that subject entity is executed.
49. The system of Claim 34 wherein not all of the selected compliance rules applicable to a subject entity are assessed for compliance each time that a compliance assessment o step in respect of that subject entity is executed.
50. The system of Claim 34 wherein at least one governance control represented by a compliance rule in the rules database relates to a timeline pertaining to the completion of a scheduled governance activity, and at least one predefined workflow step s associated with that compliance rule is a notification to an appropriate party of the status of completion of that scheduled governance activity on behalf of a subject entity to whom that compliance rule has been determined to apply.
51. The system of Claim 34 wherein the program module will also store to the data o storage device an audit trail regarding the details of changes made to the entity data with respect to a particular subject entity.
52. The system of Claim 34 wherein a plurality of subject entities are related, and at least one selected compliance rule pertains to enforcing compliance of the relationships s between said related subject entities to at least one governance control.
53. The system of Claim 34 wherein communications between the user computer terminal and the server are conducted using a secure communications protocol.
o 54. The system of Claim 34 wherein the program module will, via communication between the remainder of the components of the server and a user computer terminal, F&K 2210-05-01
allow users of user computer terminals a data viewing function whereby entity data from the entity database can be viewed.
55. The system of Claim 34 wherein the program module will, via communication between the remainder of the components of the server and a user computer terminal, allow users of user computer terminals a data reporting function whereby entity data from the entity database can be queried and reports created by users.
56. The system of Claim 34 wherein the program module will also, as required, calculate an overall compliance score with respect to a subject entity and the entity data and selected compliance rules applicable to that subject entity.
57. The system of Claim 34 wherein the program module will offer calendaring
F&K 2210-O5-Ol
with at least one user computer terminal, and operatively connected to or containing an entity database within which is stored entity data pertaining to at least one subject entity which is to be monitored for compliance enforcement, and a rules database within which are stored a plurality of preset compliance rules, wherein each compliance rule represents a governance control applicable to certain subject entities and includes at least one selection parameter which can be used to determine the applicability of the related governance control to a subject entity, based on entity data pertaining to the subject entity; at least one compliance parameter which can be used to determine the compliance or noncompliance of a subject entity with the related governance control, based on entity data pertaining to the subject entity: and at least one predefined workflow step associated with compliance or noncompliance with the related governance control by a subject entity, will cause the computer to:
a. At a selected time with respect to a particular subject entity, being a rule selection point, determining which compliance rules from the rules database pertain to governance controls applicable to that particular subject entity by applying the at least one selection parameter from the compliance rules in the rules database to entity data from the entity database pertaining to that subject entity, the compliance rules being determined to apply being the selected compliance rules, said determination comprising a rule selection step; and
b. At a selected time being a compliance assessment point, with respect to a subject entity and at least one selected compliance rule applicable thereto, conducting a compliance assessment step comprising:
i. Determining the compliance or noncompliance of the subject entity with the at least one selected compliance rule by applying the at least one compliance parameter with respect to said compliance rule to the entity data stored within the entity database with respect to said subject entity, the results of said application being a compliance result: and F&K 2210-05-01
ii. Executing the at least one predetermined workflow step corresponding to the compliance result associated with the selected compliance rule.
60. The product of Claim 57 further operative to allow a user via a user computer terminal in operative communication with the server to post updated or new entity data to the entity database in respect of a subject entity.
61. The product of Claim 57 wherein a compliance assessment point is a manual trigger received from a user computer terminal.
62. The product of Claim 57 wherein a compliance assessment point is programmed to be triggered at a predetermined specific time.
63. The product of Claim 57 wherein a compliance assessment point is programmed to be triggered on a predetermined periodic frequency.
64. The product of Claim 57 wherein a compliance assessment point is programmed to be triggered upon entry of any new or revised entity data to the entity database.
65. The product of Claim 57 wherein a rule selection point is programmed to be triggered upon entry of any change to the compliance rules stored within the rules database.
66. The product of Claim 57 wherein a rule selection point is programmed to be triggered upon entry of any new or revised entity data to the entity database.
67. The product of Claim 57 wherein with respect to a particular subject entity the rule selection step will take place within the compliance assessment step, whereby the selected compliance rules applicable to a particular subject entity will be reselected in advance of completion of the remainder of the compliance assessment step. F&K 2210-0S-01
68. The product of Claim 57 wherein the at least one predefined workflow step associated with at least one compliance rule in the rule database is selected from the group of: a. Taking no action; b. Notifying the user of the system of the compliance result;
5 c. Notifying someone other than the user of the system of the compliance result; d. Generation of one or more documents; e. Revising the entity data in the entity database with respect to the subject entity in question: f. Forwarding entity data or other information to the user of the system; o g. Forwarding entity data or other information to someone other than the user of the system: h. Initiating the submission of an external information requirement to a third party;
69. The product of Claim 57 further operative to allow an authorized user of the system, s via a user computer terminal, to add customized compliance rules to the rules database for subsequent application to a subject entity and the entity data associated therewith.
70. The product of Claim 57 wherein any of the selection parameter, compliance parameter or the predefined workflow steps associated with at least one preset 0 compliance rule can be customized by an authorized user for use in respect of a particular subject entity.
71. The product of Claim 57 wherein all of the selected compliance rules applicable to a subject entity are assessed for compliance each time that a compliance assessment s step in respect of that subject entity is executed.
72. The product of Claim 57 wherein not all of the selected compliance rules applicable to a subject entity are assessed for compliance each time that a compliance assessment step in respect of that subject entity is executed. 0 F&K 2210-05-01
73. The product of Claim 57 wherein at least one governance control represented by a compliance rule in the rules database relates to a timeline pertaining to the completion of a scheduled governance activity, and at least one predefined workflow step associated with that compliance rule is a notification to an appropriate party of the status of completion of that scheduled governance activity on behalf of a subject entity to whom that compliance rule has been determined to apply.
74. The product of Claim 57 further operative to store an audit trail regarding the details of changes made to the entity data with respect to a particular subject entity .
75. The product of Claim 57 wherein a plurality of subject entities are related, and at least one selected compliance rule pertains to enforcing compliance of the relationships between said related subject entities to at least one governance control.
76. The product of Claim 57 further operative to provide, via a user computer terminal, a data viewing function whereby entity data from the entity database can be viewed.
77. The product of Claim 57 further operative to provide, via a user computer terminal, a data reporting function whereby entity data from the entity database can be queried and reports created by users.
78. The product of Claim 57 further operative to calculate an overall compliance score with respect to a subject entity and the entity data and selected compliance rules applicable to that subject entity, in accordance with a predetermined formula.
79. The product of Claim 57 further operative to provide calendaring functionality to users via a user computer terminal and remaining components of the server, whereby users can calendar deadlines for the handling of compliance rule deadlines or other deadlines.
PCT/CA2006/002049 2005-12-16 2006-12-15 Method and apparatus for monitoring corporate governance compliance WO2007068121A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US75116405P 2005-12-16 2005-12-16
CA002534154A CA2534154A1 (en) 2005-12-16 2005-12-16 Method and apparatus for monitoring corporate governance compliance
CA2534154 2005-12-16
US60/751,164 2005-12-16

Publications (1)

Publication Number Publication Date
WO2007068121A1 true WO2007068121A1 (en) 2007-06-21

Family

ID=38162526

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2006/002049 WO2007068121A1 (en) 2005-12-16 2006-12-15 Method and apparatus for monitoring corporate governance compliance

Country Status (1)

Country Link
WO (1) WO2007068121A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10699226B1 (en) 2013-12-31 2020-06-30 Governance Sciences Group, Inc. Systems and methods for automatically generating and providing a compliance notification for a docment in response to a compliance request received from an electronic device via a network

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6154731A (en) * 1997-08-01 2000-11-28 Monks; Robert A. G. Computer assisted and/or implemented process and architecture for simulating, determining and/or ranking and/or indexing effective corporate governance using complexity theory and agency-based modeling
US20040181665A1 (en) * 2003-03-12 2004-09-16 Houser Daniel D. Trust governance framework
US20050144022A1 (en) * 2003-12-29 2005-06-30 Evans Lori M. Web-based system, method, apparatus and software to manage performance securely across an extended enterprise and between entities
US20050149375A1 (en) * 2003-12-05 2005-07-07 Wefers Wolfgang M. Systems and methods for handling and managing workflows
US20050197952A1 (en) * 2003-08-15 2005-09-08 Providus Software Solutions, Inc. Risk mitigation management
WO2005106721A1 (en) * 2004-05-05 2005-11-10 80-20 Software Pty. Limited Corporate control management software
US20060095915A1 (en) * 2004-10-14 2006-05-04 Gene Clater System and method for process automation and enforcement
US20060136922A1 (en) * 2004-12-20 2006-06-22 Michael Zimberg System and method for task management of rule geverned tasks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6154731A (en) * 1997-08-01 2000-11-28 Monks; Robert A. G. Computer assisted and/or implemented process and architecture for simulating, determining and/or ranking and/or indexing effective corporate governance using complexity theory and agency-based modeling
US20040181665A1 (en) * 2003-03-12 2004-09-16 Houser Daniel D. Trust governance framework
US20050197952A1 (en) * 2003-08-15 2005-09-08 Providus Software Solutions, Inc. Risk mitigation management
US20050149375A1 (en) * 2003-12-05 2005-07-07 Wefers Wolfgang M. Systems and methods for handling and managing workflows
US20050144022A1 (en) * 2003-12-29 2005-06-30 Evans Lori M. Web-based system, method, apparatus and software to manage performance securely across an extended enterprise and between entities
WO2005106721A1 (en) * 2004-05-05 2005-11-10 80-20 Software Pty. Limited Corporate control management software
US20060095915A1 (en) * 2004-10-14 2006-05-04 Gene Clater System and method for process automation and enforcement
US20060136922A1 (en) * 2004-12-20 2006-06-22 Michael Zimberg System and method for task management of rule geverned tasks

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
"Acertus Governance 3.2.2-S Installation Manual", SECURAC INC., 2004, pages 1 - 27, XP003014147, Retrieved from the Internet <URL:http://www.securac.net/ArticleDocuments/Acertus%20Governance%20Installation%20manual3%5B1%5D.2.2-SAP.pdf> *
"Coca-Cola HBC Acertus Governance for Operational", SECURAC CORPORATION. NEWS RELEASE, 15 December 2005 (2005-12-15), pages 1 - 2, XP003014145, Retrieved from the Internet <URL:http://www.riskgovernance.com/press/CocaCola%20HBC_DEC%2015-2005.pdf> *
"Compliance", SECURAC INC., pages 1 - 2, XP003014150, Retrieved from the Internet <URL:http://www.securac.net/ArticleDocuments/Compliance-ISO.pdf> *
"Governance", SECURAC INC., pages 1, XP003014149, Retrieved from the Internet <URL:http://www.securac.net/ArticleDocuments/Governance.pdf> *
"Secura's Acertum Governance Achieves Powered by SAP NetWeaver Status", SECURAC CORPORATION. NEWS RELEASE, 28 April 2005 (2005-04-28), pages 1 - 2, XP003014146, Retrieved from the Internet <URL:http://www.securac.net/Press%20Releases/Securac%2005Apr28%205AP_Acertus%20Governance%20release.pdf> *
ANONYMOUS: "Corporate Governance Guidelines", OFFICE OF THE SUPERINTENDENT OF FINANCIAL INSTITUTIONS CANADA, January 2003 (2003-01-01), pages 1 - 17, XP003014151, Retrieved from the Internet <URL:http://www.osfi-bsif.gc.ca/DocRepository/1/eng/guidelines/sound/guidelines/CGG_Guideline_e.pdf> *
ANONYMOUS: "Governance Dashboard iView", pages 1 - 2, XP003014148, Retrieved from the Internet <URL:http://www.securac.net/ArticleDocuments/Acertus%20Governance%20Dashboard%20iView.pdf> *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10699226B1 (en) 2013-12-31 2020-06-30 Governance Sciences Group, Inc. Systems and methods for automatically generating and providing a compliance notification for a docment in response to a compliance request received from an electronic device via a network

Similar Documents

Publication Publication Date Title
Dowlatshahi* Strategic success factors in enterprise resource-planning design and implementation: a case-study approach
US8799243B1 (en) System and method providing for regulatory compliance
US20080215474A1 (en) Systems and methods for management of intangible assets
US9741078B2 (en) Dashboard interface, platform, and environment for automated negotiation, benchmarking, compliance, and auditing
US20080208873A1 (en) Method for communicating confidential, educational information
US20100250409A1 (en) Computer-implemented method and system for posting journal entries to general ledger
US20130018812A1 (en) System for Regulation of Continuing Education Requirements
US8799117B2 (en) Record retention and post-issuance compliance system and method for municipal bonds
Kelly Institutional investors as environmental activists
US11636168B2 (en) System and method of administering and managing experiential learning opportunities
US20070219886A1 (en) System and method for managing data relating to non-traditional investments
US8352381B2 (en) System and method for reimbursement of tuition expenses
AU2010206013A1 (en) A property scheme management system and method
US20150221029A1 (en) System and method to create and operate an electronic marketplace of trusted banks for participation in commercial loans too large for an individual bank
Council Transaction processing performance council
US20080195625A1 (en) Interactive credential system and method
US20210312555A1 (en) Computer-Guided Corporate Financing with Document Generation and Execution
WO2007068121A1 (en) Method and apparatus for monitoring corporate governance compliance
Giannozzi et al. Strengthening governance of social safety nets in East Asia
Kotlyar et al. E-filing Asset Declarations
Misra et al. Modelling change management and risk management in a financial organization due to information system adoption
Uddin Prospects and challenges of e-procurement in government purchases: a study on e-procurement in LGED, Narayanganj District
Halaychik et al. Licensing Electronic Resources in Academic Libraries: A Practical Handbook
WO2007149551A2 (en) System and methods for managing intangible assets
CA2534154A1 (en) Method and apparatus for monitoring corporate governance compliance

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 30.09.2008

122 Ep: pct application non-entry in european phase

Ref document number: 06840476

Country of ref document: EP

Kind code of ref document: A1