This is the fifth and final blog posts of the series of how to implement Electronic Transaction Governance in your custom software interfaces. We will also discuss how Wovenware implements Electronic Transaction Governance in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility, accountability, and governance to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.
In this blog post we will discuss the area of Risk Management. For the purpose of our discussion risk is anything that can affect the processing outcome of any electronic transaction message. The Risk Management area of Electronic Transaction Governance is the process of identifying and mitigating any risk that might affect our electronic transaction handling processes. Proper Risk Management helps in the identification of unforeseen vulnerabilities and allows for the mitigation of these threats.
An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., follows a process flow that usually depends on external systems. The availability and accuracy of these external systems is never certain. Thus, we need to carefully identify these possible failure points and mitigate them accordingly.
We start by creating a Risk Register. A Risk Register is a document that includes all the possible risks we can identify in our electronic transaction handling processes. The Risk Register should include:
- External System – This is the external system where we have identified vulnerability. (i.e. Relational Database System, FTP Server, etc.)
- Vulnerability – This is the risk we have identified. (i.e. Loss of connection to the Relational Database System, etc.)
- Risk Classification – All risks must be classified High, Medium, or Low depending on the impact it may cause.
- Mitigation Control – How are we going to mitigate the identified risk? (i.e. We will verify the Relational Database System availability before trying to insert a new record. If the system is unavailable we will wait 30 seconds and retry. We will retry 3 times. If after 3 times we are unable to connect we will send an email to the Administrator, log an exception to the System Log, and exit current processing.)
Once we have created the Risk Register, then we need to implement the mitigation controls. Risk identification and handling must be a continuous procedure. It is recommended that the Risk Register be updated at set time intervals or when new risks are identified. Whenever new risks are identified, mitigating controls should be promptly developed.
The Wovenware Integrator mitigates risks through the configuration of its Application Services. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. Wovenware has developed a Standard Risk Register that is reexamined and updated with each new electronic transaction message we implement. Some of the items included in our Standard Risk Register are:
- Connection Loss to External System
- Unavailable Relational Database System
- Read File Errors
All the risks identified in the Standard Risk Register are mitigated by default on the Application Services implementation. By developing the mitigation controls on the Application Services implementation we assure that every electronic transaction message handling process in the Wovenware Integrator controls the risk properly.
Implemented Electronic Transaction Governance in your custom software interfaces? Let us know how it went.