Don Goodenow
Director, Product Management, Reinsurance & Collections
StoneRiver
In my last post we looked at three common services that can be found in an SOA-based processing suite. Today we’ll look at three more.
Security services can provide a single point for managing access to and use of system components. A user management service can control user identification and sign-on authentication, and can include assigning users to teams and defining components to which they have access. User access can be controlled at the transaction level and individual field level depending on user profiles and view/update authorities. Individual and cumulative limits can be established to manage the extent of a user’s authority.
Why is Security functionality important?
SOX / MAR require that an organization provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements. (This process also enables a company to address the PCI requirement that an organization “Monitor login failures to financial data-sources, and monitor activity by user when logins are successful, provide reports of account activity including new and disabled accounts.”)
With Security as the system access gatekeeper, and Party functionality as a supporting resource, an organization has a single component through which every process can be controlled. No one can access system components or process a transaction without having first been defined as a Party, and then defined as a User within the Security process.
Security-related functionality should include logging the creation and deletion of users, and granting and removing user rights. The service should also create auditable logs so a company can track system activity, tightly control problem areas and quickly identify unusual processing activity.
Distribution Services can provide a mechanism for controlling an organization’s producer relationships. This service builds on information captured in the Enterprise Configuration and Party components to identify agencies and agents and define the extent to which they are authorized to represent the company. It enables the setup of agency commissions and billing plans, and the tracking of licensing.
Why is Distribution Services functionality important?
SOX / MAR require that an organization establish and maintain financial controls that “… (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;” and that an organization provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements.
Distribution Services controls the establishment of commissions payable, their actual payment, and the reporting of this information via 1099s. All transactions should be date- and time-stamped for audit purposes. No corporate funds should be disbursed as commission payments unless they have been established as due in Distribution Services.
Notepad can be a system-wide note capture tool, with function-specific notes accessible by authorized users from any business function system. Authority to create notes can be controlled as part of a user’s rights.
Why is Notepad functionality important?
SOX / MAR require that an organization maintain “… records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets.”
Notes capture the reasons for certain transactions. A notepad component can assure that these notations are properly captured and maintained, and available to users who need the information. The creator of a note and the date and time of its creation are logged.
I hope these posts help you see the benefits of common system services. If you have any questions or comments, please let me know. Next time, we’ll review three more services: Workflow, Documents and Business Intelligence.