Electronic Transaction Governance: Implementing Risk Management

This is the fifth and final blog posts of the series of how to implement Electronic Transaction Governance in your custom software interfaces. We will also discuss how Wovenware implements Electronic Transaction Governance in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility, accountability, and governance to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.

electronic transaction governance risk management

In this blog post we will discuss the area of Risk Management. For the purpose of our discussion risk is anything that can affect the processing outcome of any electronic transaction message. The Risk Management area of Electronic Transaction Governance is the process of identifying and mitigating any risk that might affect our electronic transaction handling processes. Proper Risk Management helps in the identification of unforeseen vulnerabilities and allows for the mitigation of these threats.

An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., follows a process flow that usually depends on external systems. The availability and accuracy of these external systems is never certain. Thus, we need to carefully identify these possible failure points and mitigate them accordingly.

We start by creating a Risk Register. A Risk Register is a document that includes all the possible risks we can identify in our electronic transaction handling processes. The Risk Register should include:

  1. External System – This is the external system where we have identified vulnerability. (i.e. Relational Database System, FTP Server, etc.)
  2. Vulnerability – This is the risk we have identified. (i.e. Loss of connection to the Relational Database System, etc.)
  3. Risk Classification – All risks must be classified High, Medium, or Low depending on the impact it may cause.
  4. Mitigation Control – How are we going to mitigate the identified risk? (i.e. We will verify the Relational Database System availability before trying to insert a new record. If the system is unavailable we will wait 30 seconds and retry. We will retry 3 times. If after 3 times we are unable to connect we will send an email to the Administrator, log an exception to the System Log, and exit current processing.)

Once we have created the Risk Register, then we need to implement the mitigation controls. Risk identification and handling must be a continuous procedure. It is recommended that the Risk Register be updated at set time intervals or when new risks are identified. Whenever new risks are identified, mitigating controls should be promptly developed.

The Wovenware Integrator mitigates risks through the configuration of its Application Services. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. Wovenware has developed a Standard Risk Register that is reexamined and updated with each new electronic transaction message we implement. Some of the items included in our Standard Risk Register are:

  • Connection Loss to External System
  • Unavailable Relational Database System
  • Read File Errors

All the risks identified in the Standard Risk Register are mitigated by default on the Application Services implementation. By developing the mitigation controls on the Application Services implementation we assure that every electronic transaction message handling process in the Wovenware Integrator controls the risk properly.

Implemented Electronic Transaction Governance in your custom software interfaces? Let us know how it went.

Make sure to subscribe to our mailing list (just on the right) to get notified when our blog posts go out.

Why creating a Buyer’s Persona is so important for your business?

In previous posts we have talk about the importance of creating exceptional content for your blog so your potential customers and the existing ones can learn about your company and what you do. But we might say that there’s no content without purpose, you should aim to write useful information for every type of customer; that’s why we need to create Buyer’s Persona.

What?

You might be asking yourself what exactly is a buyer persona, well according to the Buyer Persona Institute “buyer personas are examples of real buyers who influence or make decisions about the products, services or solutions you market. They are a toll that builds confidence in strategies to persuade buyers to choose you rather than your competitor or the status quo.” Meaning what? This personas are examples of each one of us, is just that they are models that represent the wants and needs of every consumer and help companies understand better what people want.

Why?

Is important we have a clear image of what these personas are because if not we can create a non-existent person with misinterpreted needs and wants. Buyer personas are created as tools to help the company build a strategy in order to convince clients by gaining their confidence with relatable examples in a daily basis. You might think building this persona is an easy task but is not, you can’t create the same persona for all your segments. A buyer persona can have specifications about what motivates them, their desires, wants, needs, their behavior and reaction to certain things; buyer’s persona are meant to give an insight to your clients

How?

Creating a buyer persona takes research and a lot of analysis; this would give your company a better idea of who is your target market and audience. You need to collect as much data as possible so you can have all the information that might be relevant for your segment, this will help people associate better. They don’t limit to profiling, buyer personas go way deeper and is better if you create more than one persona. This method will help you understand well your target market and your clients will have more than one person to relate with. Also you can create keywords and content subjects specifically for each of them. Companies that aim to be successful should do more than observe and study their segments; they should conduct interviews and polls to know what are the topics people are interested, any patterns between people so in this way you can start segmenting in a proper way.

When?

There’s no exact time in which you should create a buyer persona, in fact you must have this personas created way before you start your marketing plan so you can incorporate them strategically to the plan. You must define your personas and your segments so your company can be ready for anything.  You never know when you could find new clients or where. It’s important that you include these personas in every marketing strategy you have, so yes you must create them immediately.

 

In conclusion we can say that creating buyer personas is essential for your company because it helps you understand what is that your customer wants. When you create these examples you are giving people insights on your product but from their perspective. Create a specific buyer persona for each one of those segments, try to make more than one persona and remember that at the end of the day you are still competing and your buyer personas are just another strategy to win over your competition. Remember that in order to be successful you must learn all about your clients so you can offer them what they need. Buyer personas are useful tools to understand your customers and establish a long lasting relationship with them.

Electronic Transaction Governance: Implementing Security Management

This is the fourth of a series of five blog posts detailing how to implement Electronic Transaction Governance in your custom software interfaces.  We will also discuss how Wovenware implements Electronic Transaction Governance in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility, accountability, and governance to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.

Electronic Transaction Governance Security Management

In this blog post we will discuss the area of Security Management. As the name suggests Security Management is the area of Electronic Transaction Governance that deals with security, specifically with information security, transport security, and communication security of the electronic transaction messages. Proper Security Management guarantees the data integrity of the electronic transaction message.

An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., follows a process flow. It is important that all aspects of the process flow and electronic message be secure as to only allow vetted individuals access to the information.

The process flows should be secured so that only individuals with the appropriate credentials have access to the message as it navigates through the business process flow. This means that the transaction staging points need to be secured. Staging points are the locations where the electronic message is stored as it moves through its business process flow. These locations could be the File System, FTP Server, SFTP Server, Database, Message Queue, etc. In order to implement proper Electronic Transaction Governance you must secure access to these locations and make sure only appropriate resources have access to these areas. Additionally, it is a best practice to log all access to these areas.The electronic message should be secured separately of the process flow security. The easiest way to implement electronic message security is to encrypt the message as it travels through the business process flow and only decrypt the electronic message once it is ready to be processed.

The Wovenware Integrator secures the electronic transaction message through the configuration of its Application Services implementation and Cerberus, Wovenware’s Security Application. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. An Application Service can be configured to encrypt and decrypt the electronic messages as needed. Thus for example, an electronic message can be encrypted before it is communicated or stored into a physical location.

Cerberus allows for the secure management of all components of the Wovenware Integrator. Additionally, it provides single sign on capability to help reduce end user confusion over multiple logins across different applications. Through Cerberus, the different staging points of the electronic transaction message are secured and access is logged.

In our next and final post we will discuss how to implement the Risk Management area of Electronic Transaction Governance.

Electronic Transaction Governance: Implementing Audit Trails

This is the third of a series of five blog posts detailing how to implement Electronic Transaction Governance in your custom software interfaces.  We will also discuss how Wovenware implements Electronic Transaction Governance in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility, accountability, and governance to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.

Electronic Transaction Governance: Audit Trails

In this blog post we will discuss the area of Audit Trails. Audit Trails are data logs, information breadcrumbs, which allow process flows (in our context software process flows) to be tracked trough their lifecycle. The importance of audit trails is that they allow for accountability and reporting of these process flows. Specifically for software process flows they are also excellent debugging tools.

Audit Trails is the area of Electronic Transaction Governance that require proper log messages are recorded for all electronic transaction messages handled by the processing software.

An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., follows a process flow. That is, the electronic transaction message is processed following a series of predetermined steps. An example of these steps could be:

Electronic Message Process Flow

To implement proper Electronic Transaction Governance, at least, one Audit Trail message should be logged for each step of the process flow. Using the example above , means we would need to log an audit message when the message is received, when it is decrypted, when its standard compliance is verified, when its data quality is tested, and finally when the electronic message is inserted into the core system. It is recommended that multiple audit messages be logged for each process flow. This way the message flow could be more thoroughly monitored.

The audit trail log must include all the necessary information to recreate the electronic message. Remember these audit logs will be your monitoring, accountability and reporting data. If log space is limited then at least all the critical information should be logged. Finally, audit trails have invaluable process flow information, as such store them in a secure environment for as long as possible.

The Wovenware Integrator logs audit trails through the configuration of its Application Services implementation and custom calls to the Wovenware Audit Log API. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. Inside the implementation of an Application Service defined task, audit messages are automatically logged thorough the process flow. The audit messages are logged to the Wovenware Integrator Audit Log Database Tables. Additional audit messages can be logged by adding custom calls to the Wovenware Audit Log API.

In our next post we will discuss how to implement the Security Management area of Electronic Transaction Governance.

Electronic Transaction Governance: Implementing Data Quality

This is the second of a series of five blog posts detailing how to implement Electronic Transaction Governance in your custom software interfaces.  We will also discuss how Wovenware implements Electronic Transaction Governance in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility and accountability to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.

Electronic Transaction Governance: Data Quality

In this blog post we will discuss the area of Data Quality. Data Quality is the area of Electronic Transaction Governance that verifies the data quality of the electronic transaction message. Not all fields of an electronic transaction message carry important data. Therefore, Data Quality limits its process to verifying the data quality of certain key fields of the electronic message exchange between partners.

An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., transmits critical and non-critical data in its fields. The determination of how to classify the importance of the data contained in a field must be done every time a new software interface is developed and whenever the message is to be transmitted to a new partner. Once critical fields are identified in the electronic transaction message we can perform data quality validation before the transmission is completed.

Lets continue using our previous post example. Partner A and Partner B decide to exchange new purchase orders through electronic messaging and they agree to exchange the messages using the following xml files:

Partner A Sends New Order Request:

<order>
     <item>
          <sku></sku>
          <quantity></quantity>
          <note></note>
     </item>
</order>

Partner B Responds with New Order Request Acknowledgment:

<order>
     <acknowledgment></acknowledgment>
     <item>
          <sku></sku>
          <quantity></quantity>
          <note></note>
          <price_per_item></<price_per_item>
     </item>
     <total_order_price></<total_order_price>
</order>

For our discussion we will use only the New Order Request message sent by Partner A. Data Quality dictates that we begin by determining which are the critical fields in our message. The critical fields in the New Order Request message are:

  • sku
  • quantity

The sku field must contain a valid sku and the quantity field must have a numerical value greater than zero.

To implement Data Quality a software process must exist to verify the data contained in the sku and quantity fields before the message is transmitted to Partner B. The process would validate that the value contained in the sku field is a valid sku. Similarly, the process would validate the quantity field to certify that the value in the field is a number greater than zero. If any of these validations fail, the process would notify and not allow the electronic transaction message to be sent.

The Wovenware Integrator handles this verification through the configuration of its Application Services implementation. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. One of the defined tasks of the business workflow is an Application Service that verifies the data quality of all configured critical fields of the electronic transaction message to be exchanged. If any of the verified fields fails validation, the electronic transaction message is not allowed to continue through the business workflow and a notification message is sent to the system administrator.

In our next post we will discuss how to implement the Audit Trails area of Electronic Transaction Governance.

Startup financial advice: Get your bookkeeping in order!

When I am not working with the founders of Wovenware (Carlos and Christian) on financial matters, I spend a lot of my time advising entrepreneurs structuring startups and business owners restructuring their companies and their processes. More often than not, many of them suffer from a common illness: lack of interest in their financials. It is easy for me to push for proper accounting, I am a finance and accounting geek… but I can provide several examples why having lousy bookkeeping will cost you… and it will cost you a lot!

  1. You don’t know where you stand – many companies think they are doing fine because they feel busy. Heck! They’re so busy, they don’t have time to invest in proper bookkeeping… While that may earn you bragging rights amongst your competition, colleagues and friends, this is a definite way to ruin an otherwise healthy company. Being busy has nothing to do with properly monitoring your cash flow. You may have clients, but if you cannot pay your employees, suppliers and vendors, you’re pretty much going nowhere fast. I have seen this plenty a time: great visionaries providing great service, yet not having proper bookkeeping resulting in: forgetting to invoice clients and recording accounts receivables, improper invoice management, duplicating vendor payments, amongst other issues… All of these draining cash and if you’re hearing this for the first time: Cash Is fact! Profit is a matter of opinion.
  2. Strategy – You wouldn’t go to war without knowing how strong you compare to your opponent, would you? What makes you think you can tackle your competitors if you don’t know your strengths? Financial strength that is.
  3. That which you don’t measure, you cannot improve – many initial reviews start with analyzing previous financial performance. Analyzing and dissecting trends, asking questions regarding expenses leads to obtaining great insights about a company’s operations.
  4. Expensive financing – many entrepreneurs go to the bank believing that having a huge box of invoices is enough to get them a loan approved from the credit officer. Nothing is farther from the truth. Credit officers analyze the whole scenario. They need to know that you are on top of your game and that you know how your cash flow behaves. Not showing up with an update set of financials will make you look like a fool in front of the credit officer… and even if they believe you have the cash flow to service the debt, they will charge several percentage points higher than if you had proper and timely accounting.
  5. Expensive investment terms – Just like reason #3, raising that Seed or Series A round is the same as raising debt. And not having a set of financials, bank statements and all other schedules reconciled will bring up red flags. This will put you and your company in a disadvantage when negotiating terms. You can expect the investor to feel less certain about investing in you, if you don’t have your game on.
  6. Tax planning – I have seen this many times. Clients are making money, but pay as much as 100% more in income tax at any given year, just because they are not taking advantages of tax planning strategies available to them, depending on their industry, structure or financial performance. In some occasions I have sat down with entrepreneurs and identified anywhere from $500 up to $50,000 in savings in just one year. $50K? That’s a lot of money, even for a millionaire.
  7. Monitor Fraud – if you’re not paying attention to your finances, someone will steal from you. It is not a matter of “if”… it’s a matter of “when”.

While I do recommend focusing mostly on your company’s core offering, I definitely believe proper financial recording and bookkeeping is a must for every company out there. And there’s no excuse, there are many accounting systems that fit the profile of all firms. There are a bunch of web-apps that adjust to any type of business (freelancers, manufacturing, service, etc.) and many offer a free trial, if it’s not free. With as little as one hour a week, you can have your books in order. If you are someone that absolutely despises accounting, then hire an outsourced accountant to perform all the accounting functions… You’ll just have to answer a couple of questions a month, in order to clear some doubts. Just make sure that the accountant is performing monthly reconciliations and sitting down with you once a month to go over the monthly, quarterly and annual performance of your firm. This will let you anticipate road blocks, know when to hire for growth, save / protect cash and invest in the right clients and projects.

Make sure you don’t go into ruins because you run out of cash, or worst yet, scare away a great investors that can help you reach your next level… just because you were reckless with your bookkeeping. Invest as little as an hour a week in your accounting, to make sure that you are monitoring everything you need from a financial perspective. “Lean” doesn’t mean cutting on data, lean is actually about following the insight you derive from your data. Data comes from proper bookkeeping, among other things.

Let me know how much of a burden it is for you to manage your accounting! Maybe I can point you in the right direction.

 

Make sure to subscribe to our mailing list (just on the right) to get notified when our blog posts go out.