1 Aggregation Engine Training Schedule Module 3 Configuring the Engine Creating Reports from Spreadsheets Validations and Approvals Workflows and Subscriptions

1

Aggregation Engine Training

Schedule

Module 3

Configuring the Engine Creating Reports from

Spreadsheets Validations and Approvals Workflows and Subscriptions

Module 4

Deploying and upgrading configuration files

Application runtime options Authentication and

Authorization Plugin development

Module 1

Using the Engine Results, Formulas, Data

Sources Traceability History and Delta Views Audit Summary Source Summary

Module 2

Working with SCR and QRTs Scenarios and Simulations Digitally signed files

2


Using the Engine

Browser basedhttp://cloud1.aae.asseco.dk

Server can have any number of engineshttp://cloud1.aae.asseco.dk/engine16

Login and password:training:training

Authentication (who are you) managed by web server, application server, external LDAP or AD

Authorization (what can you do) managed by application or external LDAP or AD.

Cloud1 - Demo and Training server engine1 - engine13: Solvency II SCR and QRT engine14: Example of restricted engine engine15: Custom reports engine18, engine20: Customized layout

3


Results

List Results - varies by engine configuration Result

Name and link to configuration Array of values (spreadsheet-like) Download to Excel Elapse of call

Show Sources List formulas by domain List of links to those cache entries used Metadata - Valid from and to

Show Traceability List of element whose configuration was changed online List of elements unchanged since a file was uploaded List of data sources for this engine

4


Formulas

Formulas emulate Excel, with some differences The engine implements a subset of all Excel functions

Eg, there is STDEV, but no DSTDEV, DSTDEVP, ... If needed, they can be quickly implemented Organizations can also implement their own function

libraries using the CALL plugin architecture There are engine-specific functions with no Excel

equivalent eg CACHE_METADATA, HISTORY, ...

Engine formulas generally allow and encourage range Domains

5


Data Sources

Manual Data Sources User entry (online input or uploaded spreadsheet)

File Sources Fetched from local filesystem (eg, from FTP upload folder) Downloaded from remote server Format can be CSV, XML, Excel or Flat records

Database Sources Any JDBC-accessible datasource (Oracle, DB2, MS SQL, etc) Any SELECT statement Can be parameterized using another data element Soft and Hard validity to ensure continous timeline

Webservice Sources Specify an endpoint and a query string Transform the response XML using XSLT into AAE engine XML Can be parameterized Soft and Hard validity to ensure continous timeline

AAE Sources Any result provided by any other AAE engine is directly accessible as an input

6


Traceability

Graphical view of element dependencies Shows Results (red triangles) Shows Sources (green triangles) Click to zoom in to element

Click Graphical Traceability again for a smaller tree From a source element, click Show sources >

Show Traceability to see provenance For AAE sources, click to follow traceability to

remote engine

7


History and Delta Views

Element History shows all versions of an element The engine doesn't delete history unless asked to

Compare versions shows the difference between any two generations of a result Typically, the current and the previous Cache delta shows all cells (without charts).

Identical cells are greyed out changed cells shows the old and new values in red and green

Formulas delta shows only changed formulas For each delta shown, there are links to the two versions under comparison, labeled with the

elements' validity periods. Recursive Delta shows the all elements used in the calculation, where there were

differences. Some elements may be listed more than once, if there are different paths to it.

Graphical view shows the traceability tree, pruned to only those nodes where there were differences. Improved readability: Only one instance of each element is shown. The red dF(x) emblem indicates that the formulas were changed, not just the values. Click on the node to get to a detailed delta view for the element in question.

8


Audit Summary

Complete overview of the provenance of all elements of a Result Both input data and formulas used

Elements uploaded from file are grouped in single line. Best practice for auditability is to use signed files

Manually updated elements are listed, Who edited them, when it happened, and a link to the element in

question. Input data is listed

Remote sources (Databases, web services, ...) provide a link to the metadata

Manual sources shows who entered the data, as well as a user comment, if available

9


Source Summary

Intended as an aid to the Data Sourcing Projects that sets up the inputs

Examines each manual data source, and lists metrics and comments as provided in the configuration

Queries remote engines recursively, and provides a section for each engine, listing all necessary data sources from that engine.

Once switched to automatic sourcing, elements no longer show up in the report Can be used as a checklist during successive data

sourcing project workshops.

10


Working with SCR and QRTs (1/3)

Assuming the initial deployment is done Configurations loaded to Test and Production 'zero data' entered to allow initial resolution

Work one Risk Module at a time Work in Test Starting bottom up

Use the Source Summary to get a list of required data Use the links in the report to navigate to the input pages. Small datasets (a few cells) can be typed in. Large datasets (balance sheet etc) can be uploaded from

spreadsheets. Use the 'get as XML' icon to download a template file to edit and

upload back.

11



Verify that the risk component calculates correctly. Eg, compare with a recent QIS excercise spreadsheet. Correct or accept any differences.

Continue for each risk component, ending with the SCR result component.

Continue with the QRT reporting module. Determine which reports are relevant for the undertaking, delete the rest. For each report, determine which (if any) inputs it requires that are not

available from the SCR calculation. Verify that the reports are satisfactory for use with the local regulators. Correct any discrepancies.

Get the complete set of manual inputs as XML files, optionally sign them, and upload them to the production environment.

12



Determine process for updating the inputs Consider frequency of distribution of results

Yearly for many QRTs Quarterly for some QRTs Daily for business dashboard inputs On Request by Regulators

Consider the validity of inputs Some inputs (eg, mortality shock effects on life insurance) are calculated in external systems,

and should be valid until a new version is provided Some inputs (eg, assets portfolio) can be updated daily, if automation is set up to support it Model parameters (EIOPA standard formula and undertaking-specific parameters) are valid 'until

changed'. Set up default validity for the data sources to match the requirements Set up workflows

reports to list status of inputs and user/group responsible for input Set up workflow reports to list inputs about to become invalid, and set up subscriptions to alert

supervisors to take action when this happens.

13


Scenarios and Simulations

A Simulation examines the impact on the SCR when the input data changes Set up a simulation environment

Copy all relevant configurations from the production environment (one engine, several or all) Get copy of current production inputs (snapshot input) Deploy to empty engines, load with data and verify result Run Simulation

Change the simulation parameters (altering inputs, data or model parameters) Re-calculate and note effect Revert to initial state.

Repeat as needed Permanent Scenarios allows continuous comparisons

Set up a simulation environment as above; Don't use the snapshot input. Set up the same sources for the simulation environment as for the production environment

In particular, export all manual production sources as engine results, and source the simulations from those - ensuring one entry only.

Change the simulation environment according to scenario The simulation result is now automatically calculated and available on the same schedule as the

production result. Repeat for as many scenarios as desired.

14


Digitally Signed Files

External countersigning A manual input can be prepared as an XLS file by a junior employee The XLS file can be approved and digitally signed by a supervisor employee The file can be uploaded by the junior employee, and the audit trail will reflect

both the act of uploading and the supervisors signature Non-repudiation

A digitally signed file can with high degree of certainty be assumed to originate from the signer

Trusted Configurations Configuration developers (Asseco, users own organization or third parties) can

digitally sign configurations prior to distribution. The provider of the configuration (and the extent to which it has been changed)

is listed in the audit summary. An auditor will then only need to review a particular configuration for correctness

once.

15


Configuring the Engine

All results, calculations and sources are Configuration, and can be changed by suitably authorized end-users at runtime

Each data element is conceptually equivalent to a spreadsheet page Each engine configuration is then equivalent to a workbook Creating a result from scratch

Configuration > Create new Element Fill in name and provide a Result name Fill in formulas, labels and styles as desired for layout Resolve result and verify it looks correct.

Configuration > element > Create Input Element Fill in name, the range(s) to externalize as inputs and an input name

Manual Entry > input Fill in values

Resolve result Configurations intended for distribution should be enhanced with sourcing

guidelines (METRIC and COMMENT styles on input elements)

16


Creating Reports from Spreadsheets

Converting an existing Spreadsheet-based report to an Engine configuration Allows construction and design in the users preferred tool Allows migration of legacy spreadsheet-based processes into

engine control Create new element > Upload from XLS

Resolves first sheet Fix any unsupported functions

Configuration > element > Create input element Select the range(s) to be inputs Source inputs manually or set up automation Make adjustments for variable-sized inputs (lists)

17


Validations

Validations are rules for proper inputs Use any formula to establish correctness

Numeric, in a particular range etc. Determine failure mode

Defaultable - pick a valid default if the value is invalid Error - mark the cell as in error and resolve the rest of the element normally Failure - do not resolve or persist the element

Tool-supported quick definition of validation rule Configuration > element > Create Pipeline element Enable 'Create Validation element' Optionally enter a Result name, for a separate Validation result which can

resolve even if the invalid element does not Some validations are pre-configured, but most are enterprise-specific

No need to validate known clean data

18


Approvals

A manual data source element can be configured to depend on another element

When the depended-upon element is invalidated, the depending element is also invalidated.

A result that depends on both these elements is effectively an approved element

Configure an element that requires human approval Configuration > element > Create pipeline element Enter name for the Approval source Manual entry > approval name

Shows the manual entry field that allows an approver to write an arbitrary text Also shows the currently valid value for the element depended-upon (the value to

approve) The element now named element is enhanced with a statement about its

approval status. This can be changed to a failure mode if needed.

19


Workflows and Subscriptions

The application includes a tool to generate Workflow status reports from results. The workflow status determines all inputs to a result using the

current resolution dependencies. For each input, list the name, type and validity status (currently

valid, expires at). For UI sources, list the role authorized to enter data.

Modify the workflow report to make a report that only changes content when the aggregate workflow status changes from 'OK', to 'About to expire', to 'Invalid'. Enhance with link to workflow report, guidance text etc.

Supervisor users can now subscribe to this report, and be alerted when they need to take action on overdue data.

20


Deploying and Upgrading (1/2)

Configurations are provided by Asseco Denmark, localized by the local Asseco

organization Baseline EIOPA-regulation compliant calculations and

reports The organization itself

Permanent scenarios Local model changes Utility or performance calculations

Third parties Any third party that provides engine configurations.

21


Deploying and Upgrading (2/2)

New configurations are deployed to a test environment first

Once verified, they are promoted to the production environment

Engines can be upgraded in place, without destroying historical data.

Multiple configurations can be deployed to the same engine, for convenience The engine attempts to fix name clashes (eg where two

elements have the same name) but this only works when there are no calculated names.

22


Application Runtime Options

Options to plan for when deploying one or more engines: Security model

Authentication, Authorization, Trusted Root Certificates, Server Certificates Frequency of background task execution

Too frequent imposes unnecessary load Too seldom increases the risk of seeing invalid/expired data presented as valid data.

Supported databases JDBC drivers must be deployed for the supported databases

Plugins Any organization-specific plugins must be packaged and deployed along with the

application Styling

The application support localized CSS stylesheets for individualized logos, colors etc.

23


Authentication and Authorization

Users and Rights Determine Authentication and Authorization strategy Authentication and authorization from LDAP or AD

Recommended - Allows centralized user management and single password support

Authentication by web server, authorization by application

Authentication by application server, authorization by application

PKI infrastructure to support signed uploads. Add additional trusted root certificates?

24


Plugin Development

Organizations with special requirements can be accomodated with custom plugins A plugin is called as part of normal resolution, thorugh the use of the CALL function A plugin can do anything a normal java class can do, such as

Perform complex calculations Read from non-standard input sources Write to non-standard outputs

The application ships with an Eclipse project set up to develop plugins, as well as an Eclipse project containing a few sample plugins ThousandsPlugin examines all cells in its input, and if the cell is numeric, it divides it by 1000. MortalityPlugin calculates (much faster than the engine) a probability of survival to age y, as a

function of age x. DumpElementPlugin demonstrates non-standard outputs by writing the input to an external

file. StochasticPlugin is fairly complex, allowing the user to set up arbitrary stochastic

experiments, in order to do Monte Carlo simulation of complex interaction. The application metadata also lists the version(s) of the plugin(s) used to calculate

the element.

Documents

1 Aggregation Engine Training Schedule Module 3 Configuring the Engine Creating Reports from Spreadsheets Validations and Approvals Workflows and Subscriptions