Operational Risk
QR Systems are web applications delivered in secure browsers. All actions taken on a browser are under security restrictions and control, and all actions are fully audited for
posterity. Quite simply every button and graphical control on the interface is wrapped in security tags limiting their use to those with permission, and every time any user clicks
any button the action is recorded. Nothing goes unnoticed.
QR Audit Trail
Audit Trail always records all actions done by any user (or automated demon) in the system. Audit Trail is a core functionality inextricably linked to all systems at all levels. Tampering with the system without detection is impossible.
Whenever any user clicks any button, uses any feature, enters any data, changes any value, … the auditor stores who, when, from what machine, which action and even actual data that was changed. So there is also a complete history of all intermediate versions of all objects in the system.
Configuring auditor is easy. System is seen as composed of resources (objects) and possible actions that can be done on them.
Click image for a larger view.
QR Constraints Monitor
This device runs live at the deepest core of the QR Trading and QR Scheduling systems. It monitors all trading/bidding activity and checks all fields for possible limit violations.
It is made of checkers and automated robots monitoring processes, data and actions. It allows you to define a wide range of trading constraints.
The limits are enforced by disallowing submission of bids/trades when they violate your market rules. Violations are detected and reports auto generated and emailed.
Click image for a larger view.
QR Security Monitor
User Access is regulated by unique user ID numbers, usernames and passwords stored in the db. User Access to every page of the system is also restricted by appropriate security measures.
User permissions are granted using a role-based model. Users are assigned to a role and privileges are granted to that role. Permissions are based on user security groups. Users are assigned to many different security groups at the discretion of the system administrator.
Some Examples of compliance monitoring are:
Portfolio Monitoring based on Metrics
Each portfolio can be monitored for min and max values on, MTM, VaR and Total Volume.
For example suppose you are a utility with 6 pricing plans in your retail book, and you want a max total volume of 65 MWh across a subset of 3 plans, say Fixed Rate, Fuel Index and Rebate.
This is easily done by creating a simple portfolio with 3 subfolders for the above plans, and a folder containing them. Then the desired limit can be defined on the aggregate folder with a user friendly dialog.
Click image for a larger view.
Trade Monitoring based on Attributes
Each trade can be categorized by any fields defining it (can be as many as 60+). Wherever applicable numerical limits can be put on them. There can even be combined limits, e.g. the duration which is the difference of the start and end dates.
The categories can be regions (derived from the market node of a deal), counterparty, client, company, asset class, portfolio/fund type, market, business objective, position (buy long or sell short), term or duration, volume, price, … and many others.
