Document Sample
LOVE Powered By Docstoc
					        Enhancing Workflow Automation in Insurance Underwriting Processes
                          with Web Services and Alerts
           Raymond C.M. Lee, Kai Pan Mark, and Dickson K.W. Chiu, Senior Member, IEEE
                       Department of Computing, The Hong Kong Polytechnic University

                    Abstract                                    ty processes are necessary to assess the degree of risks
                                                                associated with each application of life insurance. Under-
    Underwriting is one of the important processes in in-       writing (which is also known as “new business”) is a
surance operations. The applicant's information, including      process of assessing and classifying the degree of risk
various kinds of medical information, must be evaluated         represented by a prospective client and making a decision
before the insurance company can decide to accept the           to accept or decline the insured.
application. These activities are usually supported by              The world of electronic collaboration is developing ra-
process automation facility. However, the support of ex-        pidly, introducing new technology and new ways of colla-
ception handling mechanism and the monitoring of turna-         boration. The success of collaboration often depends on
round time in those process automation solutions are            the ability of a corporation not only to make sure that their
usually inadequate. This results in a low efficiency of the     applications are dynamic, but also to maintain a high de-
underwriting operations or even loss of business opportun-      gree of interoperability with collaboration partners.
ities. To address the problem, this paper presents an Alert-        In this paper, we present an Alert-enhanced Underwrit-
enhanced Underwriting System (AUS), which handles the           ing System (AUS) as a collaboration platform for stream-
exception events and monitors the turnaround time with          lining the workflow of insurance underwriting processes.
the concept of alerts. We further illustrate how Web ser-       AUS makes use of an Event-Condition-Action (ECA) col-
vices facilitate workflow integration and process commu-        laboration model [13] to manage event handling, process
nications.                                                      integration, and alert/exception management for the
                                                                process flow of the underwriting operations.
1. Introduction                                                     The rest of the paper is organized as follows. Section 2
                                                                discusses some related work and background requirements.
                                                                Section 3 describes system design and implementation for
    Life insurance provides protection against the econom-
                                                                our AUS. Section 4 concludes our paper with our continue
ic loss caused by the death of the person whose life is in-
                                                                research work that look forwards to possible enhance-
sured [1]. Because of its popularity, it is a business where
many insurance companies allocate many resources in
order to gain more market share. A life insurance policy
defines the terms and conditions for the prospective client,    2. Background and Related Work
particularly the situations under which the insurance com-          Electronic Data Interchange (EDI) essentially defined
pany promises to pay a benefit upon death [2]. Since life       the technology of electronic collaboration in the past.
insurance products can provide a stable “cash inflow” for       However, EDI is an expensive solution, due to its high
an insurance company, there is a trend that insurance           cost of network infrastructure and system integration. In
companies market various life products, such as invest-         addition, security issues of EDI also limited corporations
ment-linked life products, savings life products and critical   from directly accessing the computing resources of its
illness protection, in order to attract more customers with     trading partners, which used "firewall-unfriendly" proto-
different needs.                                                cols. Therefore, developers start to find other technologies
    Although life insurance business can generate financial     which have a low cost, flexible software solution that al-
benefits to the insurance company, the company still needs      lows corporations to build new applications in response to
to bear financial responsibility to pay the insured under       changing business needs while adhering to a defined elec-
some agreed conditions, e.g., the insured dies during a         tronic business standard [10].
specified period. The insurance will face the consequence           Recently, numerous vendors have offered solutions to
of financial loss if the company accepts prospective clients,   support both XML (eXtensible Markup Language) and
who present extremely high risks and when some of these         EDI formats for collaboration. One of the solutions is the
insured persons die soon after policy issuance. High quali-     transformation of information between companies: XML-
to-EDI. Transformation is critical to an "edge" integration                                                           processing
strategy that brings together B2B collaboration and enter-                                                       5.   Quality Check (QC) and Indexing on the scanned
prise application at the boundary of an enterprise in order                                                           documents
to enable the back-end connectivity and workflow re-                                                             6.   Release of the validated and scanned documents im-
quired to support a complete business process [11].                                                                   ages into workflow engine for further processing
    In the XML world, e-Business XML (ebXML) [12] is
a modular suite of specifications which are initiatively                                                             In the traditional way of performing the activities 1 to
designed for electronic interoperability. The strength of                                                        5 without any automation processes, it incurs high cost in
the ebXML architecture is that it provides a framework for                                                       human resource, storage cost, and paper work, together
electronic business collaboration. The architecture enables                                                      with a high turnaround time. That means it causes the un-
businesses to work together to specify business process,                                                         derwriter to spend a long time to handle a new application.
discover one another, negotiate collaboration agreements,                                                        This affects the insurance company’s reputation and may
and execute business processes. However, although                                                                further induces financial losses or even legal penalties.
ebXML implementations are already being announced, the                                                               With the advent of information technology, most of the
rate of deployment of ebXML is not quickly accelerated.                                                          above activities are linked together to streamline the
Many companies are taking a "wait-and-see" approach                                                              workflow for processing a new business, starting from
until ebXML becomes a mainstream in the market.                                                                  receiving documents from an agent, ending at the under-
                                                                                                                 writer getting the case from workflow system and issuing
2.1. Key Processes and Integration
                                                                                                                 new policy if approved.
                                                                                                                     Some benefits accrued to the business for automating
            Branch/Zone Offices                                                 Head Office
                                                                                                                 the entire underwriting processes:
                                           Policy Dispatch                                                        Improvement of the service quality (such as turna-
                                                                                                                      round time)
                                                                                                                  Reduce of the risk of losing submitted documents

                                                                                 Print Server
                                                                                                                      during delivery
                                                                                                                  Transfer of applications to the next step of the process
  Agent          Cashier      Data Entry                                                Approved

                                                                                                                  Better control of risk management such that some

                                           Transfer Module                      Workflow Engine                       cases (i.e., excess of coverage limit) can only be ap-
                 Scanning   Index & QC                                                      Case
                                                             File Server
                                                                                         Assignment                   proved by senior underwriters

                                                                                                                     The key integration of the processes between the
             warehouse                                           Workstations    Workstations     Workstations
                                                                                                                 agents and the underwriters are as follows.
                                                                                                                     Images and Data Transfer Process – This activity is
                                                                                                                 an automated process and does not involve any manual
                                                                                                                 operation unless the sub-system is down or errors / incon-
Figure 1. A typical underwriting process                                                                         sistency occurred during the transfer. The purpose of this
                                                                                                                 process is to transfer the scanned images and indexed data
   Figure 1 illustrates a typical underwriting process,                                                          from a branch or zone office to the central office for im-
which usually consists of the following four key activities:                                                     porting into the workflow system. If the network linkage
   A. Performing field underwriting,                                                                             between a branch or zone office and the central office is a
   B. Reviewing the application for insurance,                                                                   private connection (i.e., leased line), the operation is just a
   C. Gathering additional information to make a                                                                 simple transfer of document images into the file server in
         sound decision, and                                                                                     the central office with an XML file including all the in-
   D. Making an underwriting decision on the case [3]                                                            dexed data. If the network connection between both sides
                                                                                                                 is public (i.e., the Internet) and it is not a Virtual Private
    However, before a new case is sent to an underwriter                                                         Network (VPN) connection, then the interactions require
for processing, there are other activities involved:                                                             other security measures as described in later sections.
1. Packing application forms and other documents from                                                                Import Robot and Workflow Engine – They are lo-
     the agent                                                                                                   cated at the central office of an insurance company. The
2. Initial premium payment through the cashier entry                                                             engine waits for the image files and XML data to be up-
     system                                                                                                      loaded from the branch or zone office and verify the XML
3. Data entry of new application in a branch or zone                                                             data integrity with the appropriate XML Schema. The im-
     office                                                                                                      ported document images and indexed data are installed
4. Scanning documents into images for workflow
into the existing workflow routing engine for case assign-                                                                            initial premium and put a premium receipt record in a
ment to appropriate underwriters for further case approval.                                                                           “Premium Collection System.” The Cashier Entry also
                                                                                                                                      files the application forms and documents for data entry.
2.2. Requirements Overview of Stakeholders
                                                                                                                                          Data Entry – A user in branch/zone office enters the
    In automated underwriting processes architecture, a                                                                               information recorded on the application form, such as the
workflow engine (e.g., eistream [9]) is deployed at the                                                                               policy owner information, proposed insured information
central office. This engine can efficiently route job as-                                                                             or medical information, etc., into the underwriting front-
signments to appropriate underwriters. The processing                                                                                 end input system.
performed with the workflow engine is usually referred to                                                                                 Scanning Officer – When a scanning officer receives
as post-processing of the workflow. There are many pre-                                                                               the documents, including application form, from an agent,
processing activities, which must be completed before                                                                                 he/she will try to sort and classify the documents into dif-
those new insurance applications can be imported into the                                                                             ferent document types (such as health certificates, identity
workflow engine for further underwriting. Figure 2 depicts                                                                            proofs), and then scan them into images for auditable
a use case diagram of the underwriting process. The key                                                                               backup as well as indexing and quality check (QC). The
stakeholders involved are discussed as follows.                                                                                       application form is scanned just for auditable backup be-
                                                                                                                                      cause the data has already been entered.
                                                                                                                                          Index and QC Officer – After the submitted docu-
                                                                                                              Issue Policy            ments have been scanned into images, the index and QC
                                                                                                                                      officers (it may involve two individuals) will try to index
                                                                                                                                      the fields on several regions of a scanned image and save
    Agent                                                                                                                Decline
                      Docs/Payment      Cashier
                                                                                                                        Application   the indexed data into the database, so that the indexed data

                                                                                                                                      can be adhered with the corresponding images and im-
                 Missing Docs
                                Data Entry
                                                                                                           Assign jobs to             ported into the workflow system. If the index officer dis-
                                                        Input                                              work queues
                                                                          Scanning Officer
                                                                                                                                      covers that the image quality of scanned document is not
                                                                                                                                      good, the document must be rescanned until the image
                                                                                              image quality
                                                                                                                                      quality of the document is acceptable for indexing.
                                                     into system

                                                                            Index Officer
                                                                                                                                          Underwriter – An underwriter is assigned with a case
                                                        Index                                     Check index
                                                                                                                  Workflow Engine     (new or pending case) by the workflow engine. The un-
                                                      document                                     accuracy
       Check Batch
        Problems                                       images                                                                         derwriter carries out an assessment process by considering
                                  document                                   QC Officer                                               the submitted documentations, medical information, other
                                 images for
                                   upload                                                                                             personal factors like age, driving history, tobacco use,
                                                                                                           Import data and
                                                           Upload data
                                                          and images to
                                                                                                            images into
                                                                                                           workflow engine
                                                                                                                                      career nature, and financial factors of the potential client,
              Transfer Module                              file server
                                                                                                                                      etc. Then, the underwriter will determine whether the ap-
  MIS Staff                          Verify Upload
                                                                                   Import Robot
                                                                                                                                      plication is approved, pended for additional proofs or do-
                                                                                                                                      cumentation, counter-offered to the applicant, or rejected.

                                                                                                                                      2.3. Alert and Exception Handling
Figure 2. Use Case diagram for the underwriting
workflow processes
                                                                                                                                          Although most of the activities starting from submit-
    Agent – He/she is an authorized representative to sell                                                                            ting documents in branch or zone office to the back-end
insurance products on behalf of an insurance company.                                                                                 underwriting processes are automated, there are still many
The agents have the responsibilities to perform a simple                                                                              events, both business-oriented and technology-oriented,
check first by gathering initial information about prospec-                                                                           must be handled in order to streamline and speed up the
tive clients and screening applications who have requested                                                                            entire underwriting process.
coverage [4]. They have to gather required documents                                                                                      Exceptions are events that can drive not only reactions
(such as health certificate) from the prospective client in                                                                           performed by business parties [6], but also information
order to speed up the underwriting process. Email access                                                                              exchanged within an organization, across physical boun-
or Internet portal are the prompt means for agents to                                                                                 daries (e.g., departments located in different geographical
communicate with an insurance company.                                                                                                areas) or within (e.g., underwriting department and print-
    Cashier Entry – For a new application of life insur-                                                                              ing service department located in the same building) indi-
ance, the prospect client is required to pay the initial pre-                                                                         vidual organizational boundary. In order to handle the
mium in the form of cash or check. The amount of pre-                                                                                 exceptions and monitor the exception handling process,
mium is also dependent on the payment mode of the pro-                                                                                (especially those important and / or with urgency require-
posed policy. The agent has to submit the initial premium                                                                             ments), Chiu et al. [6] proposed the use of alerts to model
with the application. The cashier entry will collect the                                                                              and implement this. The key differences between alerts
and exceptions are that alerts represents messages sent to a       Images and Data Transfer Process – A “Transfer”
target, usually with time and urgency constraints, and that    exception can be triggered if the transfer process of im-
alerts are monitored and tracked. That means, to handle an     ages and XML data to the central office file server is not
exception, an Alert Management System (AMS) sends an           completed or failed/aborted at some points (because of the
alert message to a handler (human or system) and keeps         stability of network connection). An alert can then notify
track of the process until the handling job is finished.       the MIS staff in the branch or zone office to investigate
    In this application, the main objective of applying        the root cause of transfer failure and resume the transfer
alerts is the concern about the turnaround time in the in-     process as soon as possible. An alert can be triggered after
surance application process. Some key exceptions and           the transfer process of the branch or zone office is com-
alerts generated by the main stakeholders are listed as fol-   pleted successfully, so that the import robot resided on the
lows.                                                          workflow engine can start the data verification process and
    Agent – Cancellation of an insurance application can       import the images and data into workflow system. This
trigger an alert to the central office so that the workflow    helps to shorten the total time for processing of new appli-
system can change the application status (if it has been       cations and monitor pending cases.
imported into workflow engine) into pending status and no          Import Robot and Workflow Engine – A “Data In-
more human resource will be wasted on this application.        consistency” alert is sent to the agent if the import robot
The application will ultimately be cancelled after the can-    checks that the XML data uploaded from the branch or
cellation form is scanned and imported into the workflow       zone office contains inconsistency after validating with
system. The AMS can therefore make sure that the case is       XML schema. This alert urges the agent to repeat or fix
closed within a reasonable time limit.                         the images and data upload process.
    Cashier Entry – An alert can be generated when the             Workflow Engine - An “Application Pending” alert is
agent submits an initial premium payment for the new           triggered to the agent who submitted an application for
applicant but only part of initial premium has been settled.   his/her client when the underwriter changes the new appli-
The alert can notify the central office underwriter to solve   cation status to “pending” because additional documenta-
the application case if the case has been pended for the       tion is required. This alert urges the agent to contact its
reason of insufficient premium.                                customer for the relevant documents before he receives an
    Scanning Officer – Exceptions can be generated if the      official “document request” letter from the insurance
agent submits unknown type of documents or forms. If the       company, as applicants may need time to present docu-
workflow automation system does not know how to han-           ments, like health certificates or financial statements is-
dle the unknown type documents or forms, then “unknown         sued by banks.
document” alert can notify the corresponding agent about
this issue and urge him/her to fix this within a certain pe-   2.4. Relationship management requirements
    Index and QC Officer – A “Document Rescan” alert               Alerts and exceptions are not only dedicated to han-
can be generated to the scanning officer if the index offic-   dling abnormal or unexpected events. These can be used to
er finds the document image quality is too poor to be in-      enhance the relationship between insurance company and
dexed. A QC officer can also generate a “Reindex” alert if     potential customers (B2C). For example:
he/she found that an index officer did not correctly index         Applicants can be notified by email with the progress
the fields on document images. QC officer can also trigger     of its life insurance application. On the other hand, the
“Document Rescan” alert if he/she found the quality of         agent can contact his applicants promptly after he receives
document image is unacceptable even the index officer has      an acknowledgement email. Reminder alerts can be sent to
accepted the quality of document image.                        the agent in the form of SMS to remind him/her to contact
    Underwriter – An “Insufficient Initial Premium” alert      his/her applicant to collect required additional documents
can be generated so that the agent can be notified that the    to process a “pending” application. This helps reduce the
initial premium must be settled before the policy can be       risk of insurance application being cancelled after an ap-
issued even all the underwriting checks are passed for the     plication has been pending for some time. This is because
case. This situation may occur when the client paid the        the customer may not know that insurance company re-
initial premium with check but the check could not be          quests more additional documents from him in case the
cleared.                                                       agent does not contact him. This also reduces the chance
                                                               of giving a negative image to the potential customers of
    On the other hand, exceptions and alerts can be gener-     poor services.
ated by automated processes, such as the following:
                                           Agent                        MIS Staff

                                 Desktop                      Mobile                PDA            Clients

                     Branch /
                      Zone                                                XSLT Processor Agent
                     Offices                                                                                    Adaptor               Head
    Scan Officer/
    Index Officer/                                                                                            MSMQ
                      Cashier      SOAP                                      Message
      QC Officer                                                                                             Message

                                                   Web Services Agent     MSMQ                                 MSMQ
                                                                                                                                                          ECA rules
                                   SOAP                                  Message    Message Server            Message           Alert
                     Scanning                                                                                                                         Event Repository
                                                                                       (MSMQ)                                Management
                      System                                                                                                                        Event Subscribers List
                                                                                                                                                      Business Entities
                      Index &
                                                                                       Existing Enterprise Systems and Workflow Engine
                                                                                      Data and                                      Printing            Other
                                                                                    Image Import                                    System            Enterprise
                      Transfer                                                         Robot                                        Servers            Systems


 Figure 3. System Architecture for AUS

                                                                                                              intranet, within or outside the firewall. For example,
3. System Design and Implementation                                                                           some processes like document scanning or image in-
                                                                                                              dexing may be located in the central office or out-
    In this section, we present the system design and im-                                                     sourced to other service providers.
plementation for our AUS, which includes the system ar-                                                      Less development time is required to deploy Web
chitecture, various system components, Web services se-                                                       service features from existing application, especially
curity, and an example scenario.                                                                              with the tools and libraries provided.
                                                                                                             It supports synchronous (RPC) and asynchronous
3.1. System Architecture                                                                                      messaging.
                                                                                                             SOAP has been implemented on many different
    Figure 3 shows the overall system architecture for our                                                    hardware and software platforms.
AUS. We add on top of the existing enterprise information                                                    SOAP can be protected under the Web Service securi-
systems four main components in the backend AUS: Web                                                          ty [7] standard.
Services Agent, Message Server, Alert Management Sys-
tem (AMS), and Event-Condition-Action (ECA) rules
                                                                                                      3.2. Web Services Agent
database that defines the actions to be triggered under
some predefined conditions. We discuss the functionalities
                                                                                                          In our system, Web services technology is chosen to
of these components in the following subsections.
                                                                                                      support the communication between the AUS backend
    One of the main problems in the current process auto-
                                                                                                      systems and other front-end, sub-systems in branches and
mation is the effectiveness of communication among dif-
                                                                                                      zone offices, as well as external agents and clients. The
ferent stakeholders and systems involved in the entire
                                                                                                      Web Services Agent transforms the incoming messages,
process of underwriting. Based on the above discussions,
                                                                                                      which are in the form of XML data embedded in SOAP
we design an AUS based on exceptions and alerts as the
                                                                                                      (Simple Object Access Protocol) [14], into native message
unifying communication platform within the entire under-
                                                                                                      formats that can be sent into the queues of the central mes-
writing processes. On this platform, we choose to use Web
                                                                                                      sage server. The Web Services Agent also transforms the
Services with SOAP protocol for the communication and
                                                                                                      alerts and exceptions from the form of native message
Message Server (such as Microsoft MSMQ [8]) for the
                                                                                                      format into the XML/SOAP format and uses HTTP proto-
underlying message (exceptions and alerts) processing.
                                                                                                      col to send the XML message to the branch/zone offices
The reasons why we choose Web services with SOAP
                                                                                                      systems through respective Web services.
protocol in our platform are as follows:
 Web services can be invoked over the Internet or
    A sample SOAP messages from a client system is                              target (subscribed) parties. For example, when the Trans-
shown in Figure 4. This message describes the indexed                           fer Module sends a Web service message to the AUS, the
data and images to be uploaded to the file server in the                        message is put into two waiting queues: one for the Import
insurance headquarter after scanning operations have been                       Robot and another for the AMS (so that the AMS can
performed on the submitted documents in branch and zone                         monitor the progress of the Import Robot). When the Im-
offices. Figure 5 shows a response message from the AUS                         port Robot has verified the integrity of uploaded data and
that describes an alert from the Transfer Module in a                           images, it sends a message to inform the AMS of job
branch or zone office and notifies the MIS staff to handle                      completion, or a “Data Inconsistency” alert in case of data
the exception.                                                                  inconsistency. These messages triggers events so that the
                                                                                AMS issues new alert/exception messages upon on the
 Request SOAP Message                                                           conditions in the event repository database to related par-
                                                                                ties for further actions (as discussed in Section 2.3)
 <?xml version="1.0"?>
                                                                                based on the ECA rules defined by the administrators.
 xmlns:soap=""                               The reasons why we choose the Message Server as a
 soap:encodingStyle="">                  core component in managing data communication are as
 <soap:Body xmlns:m="">                      follows:
   <m:System SYSID="TRANSFER_MODULE" FUNCID="UPLOAD">                            Most of the message servers support Web service
     <m:Policy>                                                                      functionality.
       <m:PolicyNo>B100000101</m:PolicyNo>                                       Message servers support guaranteed message delivery.
           <m:DocumentID DocID="F10001">
           <m:ImageFilename>B100000101_1.TIF</m:ImageFilename>                   Asynchronous message communication as well as
           <m:ImagePages>4</m:ImagePages>                                            publish-and-subscribe can be supported.
           <m:IndexField FieldID="OWNER">JOHN LEE</m:IndexField>
           <m:IndexField FieldID="INSURED">MARY CHAN</m:IndexField>
           <m:SignatureFilename>B100000101_SIG.TIF</m:SignatureFilename>        3.4. Alert Management System (AMS)
     <m:Policy>                                                                     The main role of the AMS is to manage the alerts. It
                                                                                also captures the events and exceptions (i.e., MSMQ na-
   </m:System>                                                                  tive message format) submitted by other parties. Alerts are
 </soap:Body>                                                                   generated based on the ECA rules specified in database to
                                                                                the appropriate parties. It further transforms the alerts into
                                                                                a MSMQ message and put it on the waiting queue for Web
Figure 4. Request SOAP Message                                                  Services Agent for the delivery. Further details of the me-
                                                                                chanism of the AMS, including descriptions of the ECA
 Response SOAP message                                                          rules, can be found in our earlier paper [6]. We apply the
 <?xml version="1.0"?>                                                          same AMS module except that we include a message
 <soap:Envelope                                                                 server component to further increase the messaging relia-
 soap:encodingStyle="">                  bility.
 <soap:Body xmlns:m="">
   <m:System SYSID="AUS" FUNCID="EXCEPTION"                                     3.5. Example Scenario
     <m:ErrorMsg>Upload Batch 10A was rejected because the missing files
                                                                                    In this subsection, we use a scenario to illustrate the
         found in the following policy images. Please upload the batch again.   system flow in our AUS. Figure 6 depicts the process flow
     <m:ErrorMsg>B100000101_1.TIF was missing in file server.<m:/ErrorMsg>
                                                                                for this scenario. First, a Scan Station prepares a XML
     ......                                                                     data file which contains the policy number and other in-
   </m:System>                                                                  dexed data for the scanned documents. When the XML
                                                                                file is ready, the Transfer Module uploads the XML file
                                                                                and document image files into the central file server. Upon
Figure 5. Response SOAP Message                                                 completion, the Transfer Module generates a SOAP mes-
                                                                                sage, which details the uploaded data to Web Services
3.3. Message Server                                                             Agent in order to notify the Import Robot to verify the
                                                                                integrity of uploaded data and images.
   The message server comprises of application queues                               After the verification, the Import Robot generates the
and system queues and the server manages the received                           verification result event and the AMS captures the “data
data (i.e., incoming XML/SOAP messages, internal                                uploaded” event from the Transfer Module together with
MSMQ messages from other enterprise systems, and alert                          the event generated by the Import Robot, and returns the
messages from the AMS and routes the messages to the
appropriate events back to the Scan Station and Scan Of-
                                                                                                    <soap:Envelope soap:xmlsn="">
ficer based on ECA rules processing.
                    Scan Station generates XML data for upload process
       Start                                                                                         ...
                     Upload XML data and Image files into File Server                                  <x:Policy PolicyNo="B100000200" x:xmlns="">
                                                                                                         <x:Payment Type="CreditCard">
                                                                                                           <x:CreditCard Type="Visa">
                      Generate SOAP Message to Web Service Agent                                            <x:CardNumber>4404119200931293</CardNumber>
        Import Robot verifies the data and images          AMS captures event                               <x:Currency>HKD</x:Currency>
             Generate Verification event
                       AMS analyzes and generate response message

                                                                                                    Figure 7. Unprotected SOAP Message

 Web Servies Agent transfers the message into SOAP message         Generate SMS/Email               <soap:Envelope soap:xmlsn=""
            Send SOAP Message to Scan Station            Send SMS/Email to Scan Officer/MIS Staff    xmlns:wsse="">
                              Upload XML data and image again                                               <xenc:DataReference URI="#PaymentID"/>
                                                                                                       </wsse:Security> ...
Figure 6. Activity flow between Transfer Module and                                                  </soap:Header>
Import Module                                                                                        <soap:Body>
                                                                                                     <xenc:EncryptedData Id="PaymentID">
3.6. Web Service Security                                                                                Algorithm= ""
    Web services integrate applications inside and outside                                               …..
the organization. However, distributed computing always
has a challenging set of security issues. Identities and mes-                                            <xenc:CipherValue>...</CipherValue>
sages are two of the greatest security challenges brought                                              </xenc:CipherData>
on by Web services. Web services transport potential un-                                             </xenc:EncryptedData>
known entities into your organization and messages are                                               <Signature xmlns="">
transported from one place to another place through an                                                 <SignedInfo>
unsecured channel, the Internet. Therefore, actions must                                               </SignedInfo>
be taken to safeguard the information exchanged among                                                  <SignatureValue>
the authenticated parties. XML Encryption and XML Sig-                                                         Y4MhHzBYz+CBdAz1LhAFjy6QxQoKJoA7l2eG45QV0hDIJrmXwLEG
nature are used to address the protection of sensitive data                                            </SignatureValue>
and the identification of identity of data sender respective-                                          <KeyInfo>
ly [15]. Figure 7 shows an unprotected SOAP message                                                    </KeyInfo>
that contains payment information for an insurance policy.                                           </Signature>
Figure 8 shows how encrypted messages and signature are                                                ...
put in a SOAP envelop.                                                                               </soap:Body>

                                                                                                    Figure 8. Encrypted SOAP Message
    The <EncryptedData> element block contains the en-               On the other hand, more attributes can be added to
crypted form of payment information. The <Signature>             measure staff performance. Since the alerts generated to
element contains the XML signature for payment data. In          officers and agents are monitored by the AMS, the time
general, a shared key must be provided so that receiver of       spent on handling the exceptions and alerts can be calcu-
the messages can decrypt the protected data. However, it         lated based on the time recorded in database. For example,
is a bad idea to include the key in the SOAP message (i.e.,      if a scanning officer receives a “document rescan” alert,
the <KeyInfo> element block) because unauthorized par-           then he must rescan the requested documents and relevant
ties could just get the key and decrypt the protected data.      records within the “document update time.” The perfor-
AgreementMethod is a protocol for safely communicating           mance is logged into database and reports for staff can
a secret key. This key agreement protocol, like the SSL          include this kind of attributes to measure the staff perfor-
secret key agreement protocol, is used to generate the en-       mance. So, the workload on investigating problems related
cryption key along with the key material necessary to re-        to the entire operation flow can be reduced as detailed
peat the encryption key generation on the recipient’s side       information about the problems can be found from the
[15].                                                            exceptions and alerts well managed by the AMS of the
4. Discussion and Summary                                            In addition, the following intangible benefit can be
                                                                 achieved with the AUS. Customer satisfaction can be im-
     Process automation by integrating existing enterprise       proved. The document processing and flow are smoothly
information systems with workflow software has proved            controlled and executed. This can shorten the entire
to increase the staff productivity, thus turns out to generate   processing time for new case applications and thus result
more business values in terms of more revenue and less           in issuing and sending policy to policy owner within a
expenditure. However, if the process flow within a busi-         shorter period of time. This can enhance the insurance
ness workflow from one step to next step is not smoothly         company’s professional image as well because the short
executed (e.g., failure of transferring complete XML data        processing time of new insurance application can impress
to workflow engine and servers but no further “resend”           its customers and improve the customers’ confidence in
action is done), then the next step may not be able to pro-      insurance company. This might led to more business op-
ceed until the problem is detected and fixed. This kind of       portunities in the future.
situations significantly wastes human resource and time              This paper has presented an overview of underwriting
and should are not expected to occur in automated                process in an insurance company and the automated facili-
processes. Therefore, by integrating the AUS with the            ties incorporated into the underwriting process to drive the
existing workflow infra-structures can bring the workflow        entire underwriting. A Web-service based alert-enhanced
automation into full play because the errors or unexpected       underwriting system has been presented in this paper to
events can be detected and relevant parties or processes         overcome most of the existing problems of the underwrit-
are notified with alerts to rectify the problems. The follow-    ing process workflow implementation. We expect this
ing tangible benefits can be achieved with the AUS, main-        approach is suitable to other business processes that in-
ly through the enhanced monitoring and tracking through          volve human approval together with the need for maintain-
the AMS with a service-oriented architecture.                    ing documents for auditing and legal purposes, such as
     For example, the turnaround time taken to rescan doc-       loan and credit card approval.
uments, which have been identified as poorly scanned, is             After finishing the AUS platform prototype, we shall
shortened. If the scanning officer is not notified properly,     then proceed to study the benefits of adopting the platform
the poorly scanned document will probably be rescanned           in existing workflow infra-structures in the insurance
after the scanning officer triggers to print out a report on     company’s perspective through questionnaires to collect
listing those document rescan requests, thus resulting in        user feedback. Although the proposed platform obviously
longer processing time in some cases. This benefit is also       facilitates the handling of most problems or events in the
applicable to the process of “Document Reindex” for the          process flow of underwriting, there are still some unex-
index officers.                                                  pected events that are hardly to be detected or tracked.
     Moreover, the AUS helps maintain data integrity in          Further studies should be carried out on this topic. Future
uploading data into the centralized file server. If the XML      works include the extension of AUS platform to support
data is inconsistent and the import robot still proceeds to      artificial intelligence in handling the exception events as
import the inconsistent data into workflow engine, it will       well as agent-based assistance to internal staff and external
result in unexpected or serious consequences. The conse-         users. We are also interested in empirical measurements of
quences may be a delay in processing applications or even        the improvement of staff performance and customer satis-
a wrongly underwritten insurance application that could          faction.
put financial risk to insurance company.
                                                                               Order Received

                       Check                                           Req
            Enquiry                    Prepare           Send                     Send                Prepare    Deliver &   Payment
  Begin    Received
                       System                                          Extra                                                                  End
                                      Quotation         Quotation      Info     Extra Info            Service     Install    Received

Sell Integrated System                                                             Extra

              References               Begin
                                                                               Assemble                Install    Test
                                                                                System                Software   System
          [1] Miriam Orsina, Gene Stone, “Insurance Company Opera-
              tions” (2nd Prepare Service
                          Ed), pp.3, LOMA, 1999
          [2] Harriett E. Jones, Dani L. Long, "Principles of Insurance:
              Life, Health and Annuities" (2nd Ed), pp. 8, LOMA, 1999
                                               L. Falk,
          [3] Jane Lightcap Brown, KristenCatalog "Insurance Adminis-
              tration", (2nd Ed), pp. 22, LOMA, 2002
          [4] Jane Lightcap Brown, Kristen L. Falk, "Insurance Adminis-
                          Receive Part Info Updates
              tration", (2nd Ed), pp. 67, LOMA, 2002
          [5] Miriam Orsina, Gene Stone, “Insurance Company Opera-
              tions” (2nd Ed), pp.243, LOMA, 1999
          [6] D.K.W. Chiu, Benny Kwok, Ray Wong, E. Kafeza, and S.C.
              Cheung, “Alert Driven E-Services Management,” HICSS37,
              IEEE Computer Society press, CDROM, 10 pages, Jan 2004
              (Best Paper Award, Decision Technologies track).
          [7] OASIS, Web Services Security Core Specification 1.1,
    , 2004
          [8] Microsoft           Message           Queuing      MSMQ,
              [9] Global 360,
              [10] Dynamic          e-business    using     Web         service        workflow,
              [11] EDI      and        XML        Solutions        -      iWay          Software,
              [12] ebXML        -     Enabling      a     global       electronic           market,
              [13] D.K.W. Chiu, S.C. Cheung, E. Kafeza, and H.F. Leung, “A
                   Three-Tier View Methodology for adapting M-services,”
                   IEEE TSMC, Part A, 33(6):725-741, Nov 2003.
              [14] SOAP       (Simple     Object     Access      Protocol),
              [15] Jothy Rosenberg, David L. Remy, “Securing Web Services
                   with WS-Security”, pp 222-230, SAMS, 2004

Shared By: