Upload
kathlyn-porter
View
216
Download
0
Embed Size (px)
Citation preview
1
Aggregation Engine Training
Schedule
Module 3
Configuring the Engine Creating Reports from
Spreadsheets Validations and Approvals Workflows and Subscriptions
Module 4
Deploying and upgrading configuration files
Application runtime options Authentication and
Authorization Plugin development
Module 1
Using the Engine Results, Formulas, Data
Sources Traceability History and Delta Views Audit Summary Source Summary
Module 2
Working with SCR and QRTs Scenarios and Simulations Digitally signed files
2
Aggregation Engine Training
Using the Engine
Browser basedhttp://cloud1.aae.asseco.dk
Server can have any number of engineshttp://cloud1.aae.asseco.dk/engine16
Login and password:training:training
Authentication (who are you) managed by web server, application server, external LDAP or AD
Authorization (what can you do) managed by application or external LDAP or AD.
Cloud1 - Demo and Training server engine1 - engine13: Solvency II SCR and QRT engine14: Example of restricted engine engine15: Custom reports engine18, engine20: Customized layout
3
Aggregation Engine Training
Results
List Results - varies by engine configuration Result
Name and link to configuration Array of values (spreadsheet-like) Download to Excel Elapse of call
Show Sources List formulas by domain List of links to those cache entries used Metadata - Valid from and to
Show Traceability List of element whose configuration was changed online List of elements unchanged since a file was uploaded List of data sources for this engine
4
Aggregation Engine Training
Formulas
Formulas emulate Excel, with some differences The engine implements a subset of all Excel functions
Eg, there is STDEV, but no DSTDEV, DSTDEVP, ... If needed, they can be quickly implemented Organizations can also implement their own function
libraries using the CALL plugin architecture There are engine-specific functions with no Excel
equivalent eg CACHE_METADATA, HISTORY, ...
Engine formulas generally allow and encourage range Domains
5
Aggregation Engine Training
Data Sources
Manual Data Sources User entry (online input or uploaded spreadsheet)
File Sources Fetched from local filesystem (eg, from FTP upload folder) Downloaded from remote server Format can be CSV, XML, Excel or Flat records
Database Sources Any JDBC-accessible datasource (Oracle, DB2, MS SQL, etc) Any SELECT statement Can be parameterized using another data element Soft and Hard validity to ensure continous timeline
Webservice Sources Specify an endpoint and a query string Transform the response XML using XSLT into AAE engine XML Can be parameterized Soft and Hard validity to ensure continous timeline
AAE Sources Any result provided by any other AAE engine is directly accessible as an input
6
Aggregation Engine Training
Traceability
Graphical view of element dependencies Shows Results (red triangles) Shows Sources (green triangles) Click to zoom in to element
Click Graphical Traceability again for a smaller tree From a source element, click Show sources >
Show Traceability to see provenance For AAE sources, click to follow traceability to
remote engine
7
Aggregation Engine Training
History and Delta Views
Element History shows all versions of an element The engine doesn't delete history unless asked to
Compare versions shows the difference between any two generations of a result Typically, the current and the previous Cache delta shows all cells (without charts).
Identical cells are greyed out changed cells shows the old and new values in red and green
Formulas delta shows only changed formulas For each delta shown, there are links to the two versions under comparison, labeled with the
elements' validity periods. Recursive Delta shows the all elements used in the calculation, where there were
differences. Some elements may be listed more than once, if there are different paths to it.
Graphical view shows the traceability tree, pruned to only those nodes where there were differences. Improved readability: Only one instance of each element is shown. The red dF(x) emblem indicates that the formulas were changed, not just the values. Click on the node to get to a detailed delta view for the element in question.
8
Aggregation Engine Training
Audit Summary
Complete overview of the provenance of all elements of a Result Both input data and formulas used
Elements uploaded from file are grouped in single line. Best practice for auditability is to use signed files
Manually updated elements are listed, Who edited them, when it happened, and a link to the element in
question. Input data is listed
Remote sources (Databases, web services, ...) provide a link to the metadata
Manual sources shows who entered the data, as well as a user comment, if available
9
Aggregation Engine Training
Source Summary
Intended as an aid to the Data Sourcing Projects that sets up the inputs
Examines each manual data source, and lists metrics and comments as provided in the configuration
Queries remote engines recursively, and provides a section for each engine, listing all necessary data sources from that engine.
Once switched to automatic sourcing, elements no longer show up in the report Can be used as a checklist during successive data
sourcing project workshops.
10
Aggregation Engine Training
Working with SCR and QRTs (1/3)
Assuming the initial deployment is done Configurations loaded to Test and Production 'zero data' entered to allow initial resolution
Work one Risk Module at a time Work in Test Starting bottom up
Use the Source Summary to get a list of required data Use the links in the report to navigate to the input pages. Small datasets (a few cells) can be typed in. Large datasets (balance sheet etc) can be uploaded from
spreadsheets. Use the 'get as XML' icon to download a template file to edit and
upload back.
11
Aggregation Engine Training
Working with SCR and QRTs (2/3)
Verify that the risk component calculates correctly. Eg, compare with a recent QIS excercise spreadsheet. Correct or accept any differences.
Continue for each risk component, ending with the SCR result component.
Continue with the QRT reporting module. Determine which reports are relevant for the undertaking, delete the rest. For each report, determine which (if any) inputs it requires that are not
available from the SCR calculation. Verify that the reports are satisfactory for use with the local regulators. Correct any discrepancies.
Get the complete set of manual inputs as XML files, optionally sign them, and upload them to the production environment.
12
Aggregation Engine Training
Working with SCR and QRTs (3/3)
Determine process for updating the inputs Consider frequency of distribution of results
Yearly for many QRTs Quarterly for some QRTs Daily for business dashboard inputs On Request by Regulators
Consider the validity of inputs Some inputs (eg, mortality shock effects on life insurance) are calculated in external systems,
and should be valid until a new version is provided Some inputs (eg, assets portfolio) can be updated daily, if automation is set up to support it Model parameters (EIOPA standard formula and undertaking-specific parameters) are valid 'until
changed'. Set up default validity for the data sources to match the requirements Set up workflows
reports to list status of inputs and user/group responsible for input Set up workflow reports to list inputs about to become invalid, and set up subscriptions to alert
supervisors to take action when this happens.
13
Aggregation Engine Training
Scenarios and Simulations
A Simulation examines the impact on the SCR when the input data changes Set up a simulation environment
Copy all relevant configurations from the production environment (one engine, several or all) Get copy of current production inputs (snapshot input) Deploy to empty engines, load with data and verify result Run Simulation
Change the simulation parameters (altering inputs, data or model parameters) Re-calculate and note effect Revert to initial state.
Repeat as needed Permanent Scenarios allows continuous comparisons
Set up a simulation environment as above; Don't use the snapshot input. Set up the same sources for the simulation environment as for the production environment
In particular, export all manual production sources as engine results, and source the simulations from those - ensuring one entry only.
Change the simulation environment according to scenario The simulation result is now automatically calculated and available on the same schedule as the
production result. Repeat for as many scenarios as desired.
14
Aggregation Engine Training
Digitally Signed Files
External countersigning A manual input can be prepared as an XLS file by a junior employee The XLS file can be approved and digitally signed by a supervisor employee The file can be uploaded by the junior employee, and the audit trail will reflect
both the act of uploading and the supervisors signature Non-repudiation
A digitally signed file can with high degree of certainty be assumed to originate from the signer
Trusted Configurations Configuration developers (Asseco, users own organization or third parties) can
digitally sign configurations prior to distribution. The provider of the configuration (and the extent to which it has been changed)
is listed in the audit summary. An auditor will then only need to review a particular configuration for correctness
once.
15
Aggregation Engine Training
Configuring the Engine
All results, calculations and sources are Configuration, and can be changed by suitably authorized end-users at runtime
Each data element is conceptually equivalent to a spreadsheet page Each engine configuration is then equivalent to a workbook Creating a result from scratch
Configuration > Create new Element Fill in name and provide a Result name Fill in formulas, labels and styles as desired for layout Resolve result and verify it looks correct.
Configuration > element > Create Input Element Fill in name, the range(s) to externalize as inputs and an input name
Manual Entry > input Fill in values
Resolve result Configurations intended for distribution should be enhanced with sourcing
guidelines (METRIC and COMMENT styles on input elements)
16
Aggregation Engine Training
Creating Reports from Spreadsheets
Converting an existing Spreadsheet-based report to an Engine configuration Allows construction and design in the users preferred tool Allows migration of legacy spreadsheet-based processes into
engine control Create new element > Upload from XLS
Resolves first sheet Fix any unsupported functions
Configuration > element > Create input element Select the range(s) to be inputs Source inputs manually or set up automation Make adjustments for variable-sized inputs (lists)
17
Aggregation Engine Training
Validations
Validations are rules for proper inputs Use any formula to establish correctness
Numeric, in a particular range etc. Determine failure mode
Defaultable - pick a valid default if the value is invalid Error - mark the cell as in error and resolve the rest of the element normally Failure - do not resolve or persist the element
Tool-supported quick definition of validation rule Configuration > element > Create Pipeline element Enable 'Create Validation element' Optionally enter a Result name, for a separate Validation result which can
resolve even if the invalid element does not Some validations are pre-configured, but most are enterprise-specific
No need to validate known clean data
18
Aggregation Engine Training
Approvals
A manual data source element can be configured to depend on another element
When the depended-upon element is invalidated, the depending element is also invalidated.
A result that depends on both these elements is effectively an approved element
Configure an element that requires human approval Configuration > element > Create pipeline element Enter name for the Approval source Manual entry > approval name
Shows the manual entry field that allows an approver to write an arbitrary text Also shows the currently valid value for the element depended-upon (the value to
approve) The element now named element is enhanced with a statement about its
approval status. This can be changed to a failure mode if needed.
19
Aggregation Engine Training
Workflows and Subscriptions
The application includes a tool to generate Workflow status reports from results. The workflow status determines all inputs to a result using the
current resolution dependencies. For each input, list the name, type and validity status (currently
valid, expires at). For UI sources, list the role authorized to enter data.
Modify the workflow report to make a report that only changes content when the aggregate workflow status changes from 'OK', to 'About to expire', to 'Invalid'. Enhance with link to workflow report, guidance text etc.
Supervisor users can now subscribe to this report, and be alerted when they need to take action on overdue data.
20
Aggregation Engine Training
Deploying and Upgrading (1/2)
Configurations are provided by Asseco Denmark, localized by the local Asseco
organization Baseline EIOPA-regulation compliant calculations and
reports The organization itself
Permanent scenarios Local model changes Utility or performance calculations
Third parties Any third party that provides engine configurations.
21
Aggregation Engine Training
Deploying and Upgrading (2/2)
New configurations are deployed to a test environment first
Once verified, they are promoted to the production environment
Engines can be upgraded in place, without destroying historical data.
Multiple configurations can be deployed to the same engine, for convenience The engine attempts to fix name clashes (eg where two
elements have the same name) but this only works when there are no calculated names.
22
Aggregation Engine Training
Application Runtime Options
Options to plan for when deploying one or more engines: Security model
Authentication, Authorization, Trusted Root Certificates, Server Certificates Frequency of background task execution
Too frequent imposes unnecessary load Too seldom increases the risk of seeing invalid/expired data presented as valid data.
Supported databases JDBC drivers must be deployed for the supported databases
Plugins Any organization-specific plugins must be packaged and deployed along with the
application Styling
The application support localized CSS stylesheets for individualized logos, colors etc.
23
Aggregation Engine Training
Authentication and Authorization
Users and Rights Determine Authentication and Authorization strategy Authentication and authorization from LDAP or AD
Recommended - Allows centralized user management and single password support
Authentication by web server, authorization by application
Authentication by application server, authorization by application
PKI infrastructure to support signed uploads. Add additional trusted root certificates?
24
Aggregation Engine Training
Plugin Development
Organizations with special requirements can be accomodated with custom plugins A plugin is called as part of normal resolution, thorugh the use of the CALL function A plugin can do anything a normal java class can do, such as
Perform complex calculations Read from non-standard input sources Write to non-standard outputs
The application ships with an Eclipse project set up to develop plugins, as well as an Eclipse project containing a few sample plugins ThousandsPlugin examines all cells in its input, and if the cell is numeric, it divides it by 1000. MortalityPlugin calculates (much faster than the engine) a probability of survival to age y, as a
function of age x. DumpElementPlugin demonstrates non-standard outputs by writing the input to an external
file. StochasticPlugin is fairly complex, allowing the user to set up arbitrary stochastic
experiments, in order to do Monte Carlo simulation of complex interaction. The application metadata also lists the version(s) of the plugin(s) used to calculate
the element.