The importance of a Central Audit Trail for Evidence Management
When it comes to audits, disputes, cases, the first and sometimes more difficult task is to provide the evidence. The evidence must contain the exact information gathered from multiple sources in detail with timestamps.
Coming to software, finding evidence of audit trails from across multiple systems can be a huge challenge. These disparate systems could be completely standalone, being managed by different vendors. Gathering evidence from multiple systems will surely then be a huge nightmare, time consuming and a very costly affair.
Let’s take a look at 3 kinds of evidence - API logs, communication logs, rules execution logs. These are required in all companies while trying to find root cause analysis, resolve disputes, answer auditors’ questions, and provide to the legal team to fight cases.
The objective is - identify in the lowest possible time duration, by an L1 support person.
API logs
API logs are recorded when one system interacts with another, and there is some exchange of information/documents between them. But when a company has say more than 50 systems, maintaining these API logs in 1 single place, in 1 single format is extremely crucial to be able to find evidence of the interactions happening between different systems.
This is where an API gateway comes in.
Celusion provides CONNECT, a marketplace API gateway, that not just helps integrate with the company’s existing systems, but also all 3rd party external systems.
All API calls across the company are recorded centrally in 1 location in 1 single format.
Use case:
A customer onboarding system was implemented 1 year ago. It allows a new customer to apply for a personal loan in less than under 5 min. The company has onboarded 3,000 new customers in the last 1 year and disbursed more than 100 CR using the system.
Suddenly one day, customer onboarding has dropped and complaints are being received that the onboarding system is working very slow. 1 such customer has even posted on social media saying “My application number is 84736, and I’m stuck. The system is too slow. How do I get my loan today?!”
The customer onboarding system is integrated with 14 different systems, and the issue could be lying in any of these. Now the IT team needs to quickly find where the latency is exactly occurring, and resolve it.
With CONNECT, the IT team is able to quickly locate application number 84736 in the centralized API logs and get a list of all API calls that were made for this application.
It was identified that 1 of the integrations was failing with a core system for DeDuplication, and thus the customer was stuck at the Proof of identity stage itself and wasn't able to proceed from there. The log entry had the exact request & response, timestamp and source system details.
Identification of the exact API integration’s log entry took less than 2 min, and was done by an L1 support person.
Communication (notification) logs
Across a customer’s entire lifecycle with the company, multiple communications are sent to the customer, in terms of automated notifications from various systems via channels of SMS, email, WhatsApp, push notifications.
What if you get all notification logs details in 1 place, that are sent to a particular customer, from across multiple systems, via multiple channels.
Gathering any evidence will then be extremely easy, fast, and at no extra cost.
Use case:
A customer keeps complaining that he does not receive an OTP ever, and files a suit against your company.
Using Celusion’s NOTIFY, you will get a history of all notifications sent to that customer from the entire company, across all channels.
Simply search for the customer based on his mobile/email, get logs of all notifications sent to that customer easily, and show evidence of the OTPs sent out with the delivery status of each.
Produce this evidence and there’s no further discussion needed!
Identification of the exact customer’s OTP log entries took less than 2 min, and was done by an L1 support person.
Rules/Decisions execution logs
Using a business rules engine to manage all your decisioning rules, helps you get a detailed log of why a particular decision was taken by the system, when and for that purpose.
This is exactly where Celusion’s DECIDE comes in.
Use case:
In an NBFC, a large loan account that was disbursed 11 years ago, has gone into NPA bearing big questions on the risk & credit teams’ policies. Corrective actions need to be taken to ensure that such an event does not occur again.
The senior management asks the risk & credit team to produce details of the case file and on what basis was the loan file approved.
Traditionally, the team will need to, 1) Go back to the physical file of the customer 2) Find the policy that was live at that point in time 3) Compare and figure out exactly on what basis was the file approved.
Using Celusion’s DECIDE, the risk/credit team’s person simply searched for the LAN number, found the log entry, and was easily able to get the above details, all in 1 single place.
Identification of this took less than 2 min, and was done by any member of the risk/credit team, without the need of any tech support involvement.
Conclusion
It is clear that systems that enable central management and logs across the company, help save a lot of time, effort and cost in post-mortem activities.
Contact Celusion to get a deeper understanding of these systems,
CONNECT - Marketplace API gateway
NOTIFY - Automate personalized notifications
DECIDE - No-code/Low-code Business Rules Engine
Send us an email on sales@celusion.com