Audit in Fenergo
The Audit domain contains all of the data that the other domains (Entity, Journey etc) have identified as being required for auditing purposes.
At present Audit functionality is implemented at both the Entity and Journey level and also at Screening Task Level. To view the Audit trail, the user must have the required Permissions & relevant Access Layers.
- Entity Level Audit: If the user has the required permissions, the Audit button will be visible and can be accessed from the ‘Entity Profile’ page. Upon clicking the Audit button, the Audit drawer is exposed and includes three tabs: "Data Changes", "Product" and "Access Log". Note: At the time of writing (July '23), in line with the deployment of the new Entity Profile, the "Product" tab will be included.
- The "Data Changes" tab displays the up to date ‘Verified’ and ‘Draft’ Audit data for Entity Related data, such as ‘LE Name’, ‘FirstName’, ‘LastName’, for the entity in profile.
- The "Product" tab displays the up to date ‘Verified’ and ‘Draft’ Audit data for Product related data, such as 'Product Type', 'Product Family', for those Products associated to the Entity in Profile. Users with the required Product Access Permissions will be able to view this tab.
- The "Access Log" Tab records the Users who have clicked onto the Entity Profile page.
- Journey Level Audit: This includes journey related data, such as when the journey was created or completed, and also the tasks and statuses within that journey. With the required permissions, the user can access Journey Level Audit from the Journey Hub page.
- Task Level Audit: Currently available for the Screening domain only and captures changes at task level to ‘Match Status’, ‘Match Type’ and ‘Comments’. With the required permissions, the user can access Screening Task Level Audit from the Screening Results page.
Human vs System Activity
The audit trail across the application captures both user-initiated actions and system-generated events. When an action is performed by a human user (e.g. completing a task), the GUID of that user will be captured. In our UI, we will then render the username attached to that ID for a better user-experience. This will be contextually displayed based on where you are viewing this audit entry. As an example within Journey Audit, this will display as "Changed By".
In the event that an action is performed automatically by the application - such as a system task like "Verify Entity" running, a conditional value being applied or a task being dynamically assigned to a team - the "Changed By" will show as "System". This is so that we can accurately capture the actions taken by a user versus those taken by the system.
In some cases, the "Changed By" may be shown as "Unknown". "Unknown" is used for scenarios where attribution metadata is not available or is not recorded. An example of this may be in the case of an integration established by a client, where no user ID is ever passed. These "Unknown" entries are valid and expected. They do not indicate a fault or missing data.
Please note that if you are adopting the Fenergo Digital Agents, the relevant action will always be captured by the respective agent. For example, if a Screening Hit was marked as a Non-Match, the Screening Audit will show that action as having been done by the "Screening Agent".
Configuring the Audit Fenergo Feature
Audit Permissions
Configuring Audit Permissions
To enable Audit permissions the user must have selected ‘Audit Access & Search’, in the ‘Security Configuration’ Screen, for their relevant Teams.
If the above permissions are not selected the user will not see the Audit Icon Button on the Right Hand Side of the Entity Profile Page.
If the Audit permissions have previously been selected, and are then de-selected without the Security Configuration page being refreshed, the Audit Icon Button will remain visible, but an error message will appear and no audit data will be shown when the button is clicked.
If the User logs out and back in again the Audit Icon button will not be visible until the Audit permissions are selected and saved again.
Access Layers
In order for a user to view Audit entries, they must also have the relevant Access Layers. (See the Access Layers user guide for more information on how to configure Access Layers)
If the users Access Layer configuration does not match the Entity or Journey they are trying to view the Audit trail for, they will not be able to see the Audit trail until their Access Layers match.
Security Configuration Level Audit
The Audit trail is now available to view from a Team's 'Security Configuration' screen. It returns data from the Audit Database that has been captured as an Audit event by the Security Configuration domain.
Given the user has the necessary Permissions and Access Layers, the Audit button will appear on the right-hand side of a Team's Security Configuration Screen.
Functionality:
To view the audited events within a Team’s Security Configuration, click on the Audit icon button to expose the Audit Drawer. The audited event types here are:
- Team Created
- Team Updated
- User Added
- User Removed
The captured data for a Team will be visible from the Audit drawer and displayed as follows:
- Event: The name of the event that the audit is captured for. Eg. 'Team Created'
- Changed by: The name of the user the change was made by
- Updated on: The date and time when the update was made
Sorting is available for each of the displayed columns, by clicking on the hidden arrow to the right of each column name.
To view the Audit History of a Security Configuration event for a Team, the user must click the chevron presented to the left of each event name to expose the 'History' card.
The History card for each event will present the captured data for every event:
- Field: The captured field value as determined by the Security Configuration domain
- Old Value: The value for that field before the change was made
- New Value: The value for the field after the change was made
Users can also filter searches within the audit for Security Configuration. With this, users can easily locate specific information based on Event Types and Date Ranges. The user can input "From" and "To" dates to narrow down the search results in the Audit drawer. They can also select an Event type, further refining their search.
User Management Level Audit
The Audit trail is now available to view from the 'User Management' Configuration screen. It returns data from the Audit Database that has been captured as an Audit event by the User Management domain. Audit in the user details will show details of user creation and all updates made to the user profile. Given the user has the necessary Permissions and Access Layers, the Audit button will appear on the right-hand side of the User Management configuration screen once they click the 'Edit Teams & Access Layers' button.
Functionality:
To view the audited events within a User Management configuration, click on the Audit icon button to expose the Audit drawer. The audited event types here are:
- Team Added
- Team Removed
- Access Layer Added
- Access Layer Removed
The captured data for a user will be visible from the Audit Drawer and displayed as follows:
- Event: The name of the event that the audit is captured for. Eg. 'Team Added'
- Value: The name of the Team or Access Layer
- Changed by: The name of the user the change was made by
Sorting is available for each of the displayed columns, by clicking on the hidden arrow to the right of each column name.
Users can also filter searches within the audit for User Management configuration. With this, users can easily locate specific information based on Event types and Date Ranges. The user can input "From" and "To" dates to narrow down the search results in the Audit drawer. They can also select an Event type, further refining their search.
Entity Level Audit
The Audit trail is available to view from the ‘Entity Profile’ Page. It returns data from the Audit Database, that has been captured as an Audit event by the Entity domain.
Data that has been captured as an Audit Event and stored in the Audit database will be available to view in the Audit trail. Additionally, Fenergo SaaS will Audit the Users who have clicked onto an Entity Profile Page.
After creating a Legal Entity, provided the User has the correct Permissions and Access Layers configuration, the Audit Icon button will appear, tagged to the right hand side of the Screen, on the ‘Entity Profile’ Page.
Functionality:
To view the Audit trail, click on the Audit Icon button to expose the Audit drawer. The drawer extends from the side of the page, and the underlying ‘Entity Profile’ page is darkened out.
The captured Audit data for the newly created entity will be visible in the "Data Changes" tab and is displayed as follows
- ‘Field Name’: The name of the field that the audit record is captured for, eg First Name.
- ‘Current Verified Value’: The current verified value for that field (non draft).
- ‘Last Updated By’: The username (email address) of the person who last updated the field. Can also be ‘System’.
- ‘Last Updated’: The date & time when the last update was made (yyyy-mm-dd)
Sorting is available for each of the diplayed columns, by clicking on the hidden arrow to the right of each column name. To view the Audit History for any field, the user must click on the down arrow to the left of each field name to expose the ‘History’ Card.
The History Card for each field will display the captured audit data for those fields
- ‘Value’: The captured field value
- ‘Data Type’: the type of data, can be ‘Draft’ or ‘Verified’
- ‘Changed By’: The person who made the change, can also be ‘System’
- ‘Updated On’: When the change was made (yyyy-mm-dd)
- ‘Journey’: The journey where the change was made (empty if change was made outside of a journey)
Note: Journey names displayed in the Audit Drawer are presented as hyperlinks. Selecting a Journey name opens the corresponding Journey Hub, where the full context of the change can be reviewed.
Show Draft Values:
To show or hide ‘Draft’ values from the audit display the user can toggle the ‘Show Draft Values’ toggle switch. Fig 5 shows a Draft value for the ‘First Name’ field.
To hide the Draft value, the ‘Show Draft Values’ switch is toggled off (Fig 6 ).
Show System Fields:
To show or hide System Fields from the audit display the user can toggle the ‘Show System Fields’ toggle switch. Fig 7 shows the System Fields in the audit display.
To hide the System Fields the ‘Show System Fields’ switch is toggled off (Fig 8 ).
Audit Entity Data Search:
To search for specific data in the returned audit records, the User can use the search functionality located at the top of the Audit display. The user can search by 'Field Name', 'Current Value', 'Last Updated by' or 'Last Updated'. Partial matching is supported.
Access Log:
The "Access Log" Tab provides an audit record of the list of Users who have viewed the Entity Profile Page, and a timestamp of when this event occurred. The tab contains two columns: "Username" and "Last Viewed". There are filters available in the form of a "Username" dropdown, which will display all of the Users within the Tenant, and date-picker fields of "From" and "To" that allow a User to select the date range the read events should be returned from.
The "Access Log" events have an indefinite retention period. Finally, there is deduplication logic with regards to the recording of multiple visits to an Entity Profile Page from the same User within a short time-span. This is to prevent the creation of irrelevant, duplicate data in the "Access Log" tab. Fenergo SaaS will only record a single event if a User visits an Entity Profile Page multiple times in succession, up to a 30 minute limit. For example: John Doe (User) visits the Entity Profile Page of "Tesco LTD" at 11:11:24, 11:23:54, 11:26:41, 11:32:10 and 12:04:32. Only the Read Events of "11:11:24" and "12:04:32" will be recorded.
Product
Where the Product domain is enabled in a tenant and the user has Product Access permissions, an additional "Product" tab will appear in the Entity Audit drawer. This will return data for products associated with the entity in profile from the Audit Database, that has been captured as an Audit event by the Product domain.
As products are associated with an entity and updated within a journey, the corresponding audit data will appear in the "Product" audit tab. The functionality of this follows the pattern of the "Data Changes" tab but with one additional layer. Upon selecting the "Product" tab, the user will be presented with those associated products, and displays as follows
- ‘Product Type’: The product that the audit record is captured for.
- ‘Last Updated By’: The username (email address) of the person who last updated the product. Can also be ‘System’.
- ‘Last Updated’: The date & time when the last update was made (yyyy-mm-dd).
Sorting is available for each of the displayed columns, by clicking on the hidden arrow to the right of each column name.
By selecting the down arrow to the left of the Product Type, the user is able to view the Audit data associated to that product. From here the Audit data will follow the same pattern as "Data Changes" for the entity. Once the down arrow is selected, the user will be presented with 'Field Changes' as follows, with sorting also available:
- ‘Field Name’: The name of the field that the audit record is captured for, eg Product Type.
- ‘Current Verified Value’: The current verified value for that field (non draft).
- ‘Last Updated By’: The username (email address) of the person who last updated the field. Can also be ‘System’.
- ‘Last Updated’: The date & time when the last update was made (yyyy-mm-dd)
The Audit History for each field can be viewed by selecting the down arrow to the left of the field name to expose the 'History' card. The History Card for each field will display the captured audit data for those fields
- ‘Value’: The captured field value
- ‘Type’: the type of data, can be ‘Draft’ or ‘Verified’
- ‘Changed By’: The person who made the change, can also be ‘System’
- ‘Updated On’: When the change was made (yyyy-mm-dd)
- ‘Journey’: The journey where the change was made (empty if change was made outside of a journey)
Where the History Card is for a data group the audit data captured will be:
- ‘Updated On’: When the change was made (yyyy-mm-dd)
- ‘Type’: the type of data, can be ‘Draft’ or ‘Verified’
- ‘Updated On’: When the change was made (yyyy-mm-dd)
- ‘Journey’: The journey where the change was made (empty if change was made outside of a journey)
There will be an additional drop down arrow here to display the field changes for the data group entry:
- ‘Value’: The name of the field that the audit record is captured for, eg Product Type.
- ‘Old Value’: The previous verified value, if it existed
- ‘New Value’: The captured field value
Audit Product Data Search is available within the "Product" audit tab and aligns to the functionality of the Audit Entity Data Search. Similarly, the "Show Draft Values" and "Show System Fields" toggles are also available and align to the functionality mentioned above for Entity Data.
Journey Level Audit
The Audit trail is also available to view from the ‘Journey Hub’ Page. It returns data from the Audit Database, that has been captured as an Audit event by the Journey domain.
From inside the Journey Hub and provided the user has the correct Permissions and Access Layers configuration, the Audit Icon button will appear, tagged to the right hand side of the Screen.
Functionality:
To view the Audit trail, click on the Audit Icon button to expose the Audit drawer. The drawer extends from the side of the page, and the underlying ‘Journey Hub’ page is darkened out.
The captured Audit data for the newly created entity will be visible and is displayed as follows
- ‘Event’: The name of the event that the audit record is captured for, eg ‘Task Completed’.
- ‘Task’: The Task at which the audit record was captured at eg ‘Basic Details’
- ‘Stage’: The Stage at which the audit record was captured at eg ‘New Request’
- ‘Last Updated’: The date & time when the last update was made
Sorting is available for each of the diplayed columns, by clicking on the hidden arrow to the right of each column name. To view the Audit History for any journey event, the user must click on the down arrow to the left of each event name to expose the ‘History’ Card.
The History Card for each event will display the captured audit data for those events
- ‘Field’: The captured field value as determined by the journey domain.
- ‘Old Value’: The value for that field before a change was made.
- ‘New Value’: The value for that field after the change was made.
- ‘Changed By’: Who made the change, can be a User or ‘System’ change.
- ‘Updated On’: When the change was made (yyyy-mm-dd).
Show System Tasks:
To show or hide System Tasks from the audit display the user can toggle the ‘Show System Tasks’ toggle switch. Fig 13 shows the System Tasks when toggled on.
To hide the System tasks, the ‘Show System Tasks’ switch is toggled off (Fig 14).
Task Level Audit
Functionality:
The latest release supports Task level Audit in the Screening domain only. Task level audit can be accessed by clicking on the Audit Icon while inside the Screening Results Task.
When the Audit Icon is clicked, the Audit drawer opens out. There will be no audit details captured until a Match update has been actioned by the user.
When the user has resolved a Match the Audit display will show the ‘MatchesUpdated’ Event Type and other high level audit information such as the ‘Legal Entity Name’, ‘Last Updated By’ and ‘Last Updated’ columns.
The User then has the option to view further audit information by clicking on the dropdown icon beside the ‘MatchesUpdated’ event.
For an Individual this will expose information such as the ‘Match Name’, ‘The Entity Type’, ‘Date(s) of Birth’ ‘Nationality’ and ‘Source’. For a Company, the ‘Date(s) of Birth’ and ‘Nationality’ fields will not be populated.
The User can further explore the audit trace by clicking the dropdown beside the ‘Match Name’. This will expose the User actions associated with resolving the Match. It shows the ‘Field’ name, the ‘Old Value’ and ‘New Value’.
Screening Task Level Audit is available for both the main Entity and any Related Parties that are captured in the Screening task. Search functionality exists at the top of the Audit screen, similar to Entity and Journey level.