Federation Reporting & Compliance
At a glance
Federation-grade reporting pipeline driving every upward and outward report a federation owes: configurable templates per federation level, automated KPI generation from live system data, deadline tracking with reminders and escalation, upward aggregation up the OrgNode chain, government and sponsor reports, audit-ready trails with revision tracking and a GDPR Article 33/34 data-breach notification workflow with 72-hour timeline tracking.
How it works
Reports are described as ReportTemplate documents with configurable sections, deadlines and frequency. Each template maps section types — membership, competitions, financial, umpires, sponsors, government — to data extractors that pull live KPIs out of the platform on generation. Output is a GeneratedReport with typed sections so the same data can be rendered as PDF, exported as Excel or fed into a downstream API, and every revision is tracked so an auditor can reconstruct exactly what was submitted on what date.
Deadline tracking runs as a scheduled job. ReportDeadline rows define the cadence (annual, quarterly, on-demand) and the recipient federation level; the reminder workflow nudges responsible users at configurable intervals before due, escalates to the parent OrgNode if the deadline slips, and logs every reminder in audit. The aggregation endpoint stitches child reports into parent reports — club totals roll into national, national into continental, continental into FIPJP — using the OrgNode hierarchy of the calling tenant, so a national federation does not need to handcraft its FIPJP submission from scratch.
Government reporting maps onto national-sport-council schemas (for example Riksidrottsförbundet's required fields in Sweden) through a GovernmentReportSection type that knows the destination format. Sponsor reporting consolidates participation data, exposure metrics — impressions, clicks, declared value — into a SponsorSection that can be exported to a sponsor portal or emailed as a branded PDF. Audit-ready data is enforced through an is_audit_ready flag on reports plus revision tracking on every supporting document; if the underlying data changes after submission the report regeneration shows the delta. The compliance checklist automatically scores each tournament against required criteria (jury seated, insurance valid, medical certificate present, anti-doping notification sent) with action items for anything missing.
The GDPR Article 33/34 data-breach workflow is a separate but related lifecycle: a DataBreachNotification record opens at incident detection with a 72-hour countdown, requires affected-records count, risk classification and remediation plan, and emits regulator-ready exports (Datainspektionen / CNIL / equivalent) plus affected-data-subject notifications when the risk threshold is met.
Key capabilities
- Configurable ReportTemplate per federation level with sections, deadlines and frequency
- Automated KPI generation across membership, competitions, financial, umpires and sponsors
- Deadline tracking with reminder and escalation workflow
- Upward aggregation up the OrgNode chain (club → nation → continent → FIPJP)
- Government-report sections compatible with national sport-council schemas
- Sponsor reporting with participation data, impressions, clicks and declared value
- Audit-ready reports with is_audit_ready flag and revision tracking
- Compliance checklist automation with auto-scoring and action items
- GDPR Article 33/34 data-breach notification workflow with 72-hour timeline tracking
In practice
A national federation's general secretary opens the reporting console at fiscal year-end. The annual FIPJP report is auto-generated from live data — 12 437 active licenses, 1 248 sanctioned competitions, 84 active umpires, financial summary in EUR — with every figure traceable to a source query. He reviews, marks the membership section as audit-ready, and submits upward; the aggregation endpoint instantly rolls his nation's totals into FIPJP's continental view.
A week later a misconfigured backup exposes 412 email addresses. He opens a DataBreachNotification, the 72-hour clock starts, the system pre-fills the regulator export and queues notifications to the affected data subjects — submitted to Datainspektionen at hour 38, well inside the deadline.
Features in this subsystem
9| ID | Status | Features |
|---|---|---|
| F16.06.01 | Shipped | Mandatory report templates per federation level — ReportTemplate with configurable sections, deadlines, frequency ✅ PL-F1606a |
| F16.06.02 | Shipped | Automated report generation from system data — GeneratedReport with typed KPI sections (membership, competitions, financial, umpires, sponsors) ✅ PL-F1606a |
| F16.06.03 | Shipped | Report submission deadline tracking and reminders — ReportDeadline with reminder/escalation workflow ✅ PL-F1606a |
| F16.06.04 | Shipped | Upward reporting (club > nation > continent > FIPJP) — Aggregation endpoint combines child reports into parent ✅ PL-F1606a |
| F16.06.05 | Shipped | Government/sports council report generation — GovernmentReportSection with Riksidrottsförbundet-compatible fields ✅ PL-F1606a |
| F16.06.06 | Shipped | Sponsor reporting (participation data, exposure metrics) — SponsorSection with impressions, clicks, value ✅ PL-F1606b |
| F16.06.07 | Shipped | Audit-ready data with full trail — is_audit_ready flag on reports, revision tracking on all documents ✅ PL-F1606b |
| F16.06.08 | Shipped | Compliance checklist automation (tournament had jury, insurance, etc.) — ComplianceChecklist with auto-scoring and action items ✅ PL-F1606b |
| F16.06.09 | Shipped | Data breach notification workflow (GDPR Article 33/34) — DataBreachNotification with 72h tracking and full timeline ✅ PL-F1606b |
Related subsystems
Stakeholders who need this subsystem
Surfaces in 6 stakeholder analyses