Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit Duties #11

Closed
benedictws opened this issue Jul 7, 2020 · 3 comments
Closed

Audit Duties #11

benedictws opened this issue Jul 7, 2020 · 3 comments

Comments

@benedictws
Copy link
Collaborator

benedictws commented Jul 7, 2020
edited

Audit requirements are complex and differ across suppliers. But there seem to be some common patterns that we can capture about when an audit must happen.

  1. There is a duty on the assigner to notify the assignee of the audit.
  2. There may be a limited number of times that this can be done in a given time interval.
  3. There is a duty on the assignee to consent to that audit.
  4. Again, there may be a limited number of times that they must accept an audit in a given time interval.
  5. The assignee may have a time window in which they can schedule the audit.
  6. In the case of "emergency" audits, when there is no such time window, the assigner normally needs to do more than just notify the assignee. They must also report reasonable suspicion to the assignee.
@benedictws
Copy link
Collaborator Author

benedictws commented Jul 7, 2020
edited

DBAG does not seem to limit the number of audits it can request in a year. But if it does request an audit the assignee has 30 days to arrange it, unless DBAG reports reasonable suspicion. We should model these as two separate duties. First, the normal audit request.

The assignee has 30 days to arrange the audit (handled by the deadline delta):

:O1     a                   odrl:Duty ;
        nl:creditor         <https://permid.org/1-4298007872> ; # DBAG
        nl:hasDeadlineDelta [   a                     time:ProperInterval ;
                                md:timeReference      time:Instant , md:TimeOfNotification ;
                                time:hasXSDDuration "P30D"^^xsd:duration
                            ] ;
        odrl:action         [   a                      md:Consent ;
                                md:actionScope         md:Audit  ;
                                odrl:count             "1"^^xsd:int
                            ] ;
        odrl:duty           :D1 .

The duty :D1 that activates this duty is the notification duty on DBAG:

:D1     a                   odrl:Duty ;
        nl:debtor           <https://permid.org/1-4295899615> ; # CME
        odrl:action         [   a                      md:Notify ; 
                                md:actionScope         md:Audit  ;
                                odrl:count             "1"^^xsd:int
                            ] .

@benedictws
Copy link
Collaborator Author

benedictws commented Jul 7, 2020
edited

The "emergency" audit comes without the deadline delta - it must be acted upon immediately. But DBAG must do more than just notify the assignee. They must report "reasonable suspicion".

The assignee must accept the audit immediately (no deadline delta):

:O2     a                   odrl:Duty ;
        nl:creditor         <https://permid.org/1-4298007872> ; # DBAG
        odrl:action         [   a                      md:Consent ;
                                md:actionScope         md:Audit  ;
                                odrl:count             "1"^^xsd:int
                            ] ;
        odrl:duty           :D2 .

But the assigner must report reasonable suspicion to fulfill :D2:

:D2     a                   odrl:Duty ;
        nl:debtor           <https://permid.org/1-4295899615> ; # CME
        odrl:action         [   a                      md:Report ; 
                                md:actionScope         md:ReasonableSuspicion ;
                                odrl:count             "1"^^xsd:int
                            ] .

@benedictws
Copy link
Collaborator Author

benedictws commented Jul 7, 2020
edited

The CME does limit the number of audits it can request in a year: one of the normal kind and one of the emergency kind. All we need to add is a time interval and set the count for that interval to one.

The assignee has 30 days to arrange the audit (but need only do this once a year):

:O1     a                   odrl:Duty ;
	    nl:creditor         <https://permid.org/1-4295899615> ; # CME
	    nl:hasDeadlineDelta [   a                   time:ProperInterval ;
	                            md:timeReference    time:Instant , md:TimeOfNotification ;
	                            time:hasXSDDuration "P30D"^^xsd:duration
	                        ] ;
	    odrl:timeInterval   [   a                   time:ProperInterval ;
	                            time:hasXSDDuration "P1Y"^^xsd:duration ;
	                            odrl:count          "1"^^xsd:int
	                        ] ;
	    odrl:action         [   a                   md:Consent ;
	                            md:actionScope      md:Audit  ;
	                            odrl:count          "1"^^xsd:int
	                        ] ;
	    odrl:duty           :D1 .

CME can only provide the notification once in a year:

:D1     a                   odrl:Duty ;
	    nl:debtor           <https://permid.org/1-4295899615> ; # CME
	    odrl:timeInterval   [   a                   time:ProperInterval ;
	                            time:hasXSDDuration "P1Y"^^xsd:duration ;
	                            odrl:count          "1"^^xsd:int
	                        ] ;
	    odrl:action         [   a                   md:Notify ; 
	                            md:actionScope      md:Audit  ;
	                            odrl:count          "1"^^xsd:int
	                        ] .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benedictws