Upload
janice-fleming
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
GFH Consulting
NEH
IA M
ystic, C
T
Data Analytics: The Practical Application of ACL and Excel in ContinuousAuditing and Monitoring
GAIL HORMATS, ACDA, CIA, EHRA, CRMA, MBA
PRINCIPAL, GFH CONSULTING
12
/3/2
01
4
GFH Consulting NEHIA Mystic, CT
2
Session Objectives
Define Continuous Auditing and Monitoring Stages of Maturity Methodology DEEP DIVE – Applying the Methodology Beyond ACL - Automation Using Excel and VBA
12/3/2014
GFH Consulting NEHIA Mystic, CT
3What is Continuous Auditing and Monitoring?
Repetitive Defined Frequency Test or Monitor Mine Data Share Results Timely
12/3/2014
GFH Consulting
4
NEHIA Mystic, CT
What are Data Analytics?
Continuous Auditing
Applied
Continuous Monitoring
Ad-Hoc
Managed
Increasin
g automatio
n and
sophist
icatio
n
12/3/2014
GFH Consulting NEHIA Mystic, CT
5
Examples of Routines
Compliance Human Resources Information Systems Financial Operational
12/3/2014
GFH Consulting
6
NEHIA Mystic, CT
Continuous Auditing and Monitoring Process
Audit Process
Plan
Understand
Test
Report
Follow-up
CAM Process
Plan
Understand
Script
Report
Production
12/3/2014
GFH Consulting
7
NEHIA Mystic, CT
CAM PROCESS -Planning
12/3/2014
Identify New Project(start)
Developer and Audit Mgmt Meet
Entrance Meeting
Prioritize Tests
Background Understanding
Identify Potential Risks and Control
Testing
GFH Consulting
8
NEHIA Mystic, CT
Cam Process - Understanding Data
12/3/2014
Schedule Data Extracts
Determine ODBC Compliance
Request or Link to Data
Determine Privacy Needs
Request Sensitive/Privacy
Shared Drive
Create Source Data File
Process Understanding
focused on Data
Data Placed in Project Location
Set-up Sensitive Share
GFH Consulting
9
NEHIA Mystic, CT
Cam Process – Script Development
12/3/2014
Import Data into Analytic Script
Validate Initial output with SME
Modify Analytic as Required
Develop Project Start Code
Create or Organize Project if needed
Review Results with SME
Demonstrate Project to Mgmt
Mgmt Approves Moving Ahead
GFH Consulting
10
NEHIA Mystic, CT
Cam Process – Report Development
12/3/2014
Produce Initial Output
Develop Script to Produce Output
Reports
Finalize Report Format with SME
Establish Reporting
Responses and Schedule
Demonstrate Project to Mgmt
Mgmt Approves Moving Ahead
GFH Consulting
11
NEHIA Mystic, CT
Cam Process – Production
12/3/2014
Write Initiation Code
Move Project to AX Core if using ACL
Serve
Develop User Instructions
Train Project Owner
Modify Instructions if Need Be
Complete 1st Production Run
Project Complete
GFH Consulting
14
NEHIA Mystic, CT
DEEP DIVE – PROJECT PRIORITIZATION
12/3/2014
Process/Dept
Test Name
Status Difficulty
Hand-off ROI Mgmt Priority
Fraud
Related
Trend IT?
Potential testIn developmentIn ProductionCancelledMerged into (name)Not Feasible
easy
very difficult
Simple
very difficult
$ miminal roi
$$$$$ high roi
! low
!!!!! high
Yes/No Yes/No
AP Duplicates Invoices
Potential Test $$$ !!!! No No
AP Dormant Vendors
Potential Test $$ !!! Yes Yes
AP Duplicate Vendors
Potential Test $$ !!! Yes Yes
CCL Revenue
Missing Charges
Potential Test $$$$ !!!! No No
Payroll Overtime Potential Test $$$ !!! yes No
Consultations
Consults Not Feasible $$$ !!!! No Yes
GFH Consulting NEHIA Mystic, CT
15
DEEP DIVE – PROJECT APPROVAL
Project Request Project Approval Attorney-Client Privilege
12/3/2014
GFH Consulting NEHIA Mystic, CT
16
DEEP DIVE – Building Blocks
12/3/2014
Project Naming
Project Tracking
Project Name Date StartedProduction Date Project File Location (Path)
Moved to AX Core?
Systems Access Testing 9/10/20073/15/2008server path\access\4###-access NoAccounts Payable - Duplicates 3/7/20109/15/2010
server path\accounts payable\AP Duplicates\4101 Accounts Payable - Duplicates Yes
Accounts Payable - Vendor Master 5/15/2010
12/20/2010
server path\accounts payable\AP vendor Master\4102 Accounts Payable - Vendor Master Yes
GFH Consulting NEHIA Mystic, CT
17
DEEP DIVE – Building Blocks (cont)
Code Libraries
12/3/2014
Code Name DescriptionType of Code Code Location
text cleansing
acl code to clean text of extraneous characters ('-"" ") ACL server path\code library\ACL\text_clensing
Open Excel Template VBA
server path\code library\VBA\open excel template.doc
script demongraphics text to include in all scripts ACL
server path\code library\ACL\script_demographics
GFH Consulting NEHIA Mystic, CT
18
DEEP DIVE - Building Blocks (cont)
Process Understanding Data Request Shared Drive Request Script Development – Standards
12/3/2014
GFH Consulting NEHIA Mystic, CT
22DEEP DIVE – Script Development- Standards
Directory Structure
12/3/2014
Templates
Project Name
Scripts
Input files
Cycle 1
Output files
Cycle 2
Example
GFH Consulting NEHIA Mystic, CT
23DEEP DIVE – Script Development- Standards
Script Structure Sub Folders
TablesScriptsViewsInputOutput
Modular
12/3/2014
GFH Consulting NEHIA Mystic, CT
24DEEP DIVE – Script Development- Standards
Script Objects Variables – DO NOT HARD
CODE! Naming Conventions
12/3/2014
GFH Consulting NEHIA Mystic, CT
25DEEP DIVE – Script Development- Standards
Object Suggested Convention
Example
Table tbl or t_ t_APVendor
Variable var, v_ or name_var v_eeFltr = 'MAP(VENDOR, " EN99999")‘
v_runDate = ALLTRIM(DATE())
File, Input file, Output file, Report file
f_, i_, o_, r_ F_Counts
Logs Log ; l_ Errors_Log
Paths Path_v, Pathvar; v_Path
PATH_v = "\\orgdata01\data$\IAD\CONTINUOUS AUDITING\4902
ACCESS CA"
12/3/2014
GFH Consulting NEHIA Mystic, CT
26DEEP DIVE – Script Development- Standards
Comment! Comment! Comment! General vs SpecificCOMMENT
** SCRIPT AUTOMATES THE PROCESSING OF LAST PERIOD'S RESPONSES AND PREPARES A TABLE CALLED APPprior TO BE USED WITH THE CURRENT PERIOD ROUTINES
END Specific
COMMENT ** REMOVES KEY RESPONSE AND NOTES FIELDS FROM THE DEFAULT VIEW AND RENAMES THEM END
12/3/2014
GFH Consulting NEHIA Mystic, CT
27DEEP DIVE – Script Development- Standards
Change Control** SCRIPT MODIFICATIONS - ** MODIFED BY: [ANALTICS DEVELOPER]** DATE MODIFIED: MM/DD/YY**** REASON FOR CHANGE: Exclude PS data export for “Access Not Needed” users with “EMPLOYEE” ** level access ** Revise SMS Audit Notes to remove “Dormant > 2yrs” on system ID’s**** removed following code from SMS Audit Notes field definition:** OR (STRING(DORMANT_FLAG,4) = "9992") AND ** MATCH((UPPER(SMSprior.AUDIT_NOTES2)),"OK - SYSTEM/MODEL ID")** ***************************************************************************************
12/3/2014
GFH Consulting NEHIA Mystic, CT
28DEEP DIVE – Script Development- Standards
Standard CodeSET ECHO NONE - DO NOT SHOW ON SCREEN
COMMENT
* overview of script purpose
END
SET ECHO ON - SHOW ON SCREEN
SET SAFETY OFF – DO NOT PROMPT FOR SAFING TABLES ON CLOSE
DELETE ALL OK - Delete all objects
CLOSE PRI SEC – CLOSE ANY OPEN TABLES
12/3/2014
GFH Consulting NEHIA Mystic, CT
29
DEEP DIVE – Applying the Standards
Plan and Create the Analytic Do the Scripting Check the Results Act on Feedback
12/3/2014
GFH Consulting NEHIA Mystic, CT
30DEEP DIVE – Plan and Create the Analytic
Identify the Tests to Include Manual Process Capture the Steps Review the Results with SME Repeat until done Identify the Variables
12/3/2014
GFH Consulting NEHIA Mystic, CT
31
DEEP DIVE – Project Initiation
Excel Spreadsheet Passing Parameters ACL
12/3/2014
GFH Consulting NEHIA Mystic, CT
32
DEEP DIVE - Do the Scripting
Identify Parameters Think Modular Create a Master Script Define Variables
PATH_v = \\servername\data$\Org Internal Audit\CONTINUOUS AUDITING\4102 AP Vendor Master
v_pocrFltr = '(NOT MAP(VENDOR, "999999999")) AND (NOT MAP(VENDOR, " EN99999"))'
v_Date = ALLTRIM(DATE())
v_Time = TIME()
v_runDateTime = "%v_Date%" + " " + "%v_Time%"
12/3/2014
GFH Consulting NEHIA Mystic, CT
33
DEEP DIVE - Do the Scripting
Create the modules (subscripts) then add to the Master ScriptDO _STEP1_PRIORS
DO _STEP2_PS_SECURITY_BATCH_RUN
DO _STEP3_LDAP_BATCH_RUN
DO _STEP4_IDX_BATCH_RUN
etc.
12/3/2014
GFH Consulting NEHIA Mystic, CT
34
DEEP DIVE - Do the Scripting
Import DataIMPORT ODBC SOURCE "Excel Files" TABLE "LDAPusers$" QUALIFIER "%PATH_v%\External Reports %PriorPer%\%PriorPer% CA Responses\LDAPresponses%PriorPer%.XLS" TO "%PATH_v%\LDAPpriorPREP.FIL" WIDTH 55 MAXIMUM 100 FIELDS "ACL_ID","USER_ID","USER_NAME","PS_JOB_TITLE","DEPARTMENT","ROLE","PSTERM_NAME","PS_TERM_DATE","PSLOF_NAME","PS_LOF_DATE","DATE_CREATED","LAST_LOGIN","NON_EE","DUPLICATE","REPEAT","RESP_DATE","LAST_RESPONSE","AUDIT_NOTES","CURRENT_RESPONSE","CONFIRMING_MGR_NAME","MANAGER_EN","LIST_NAME","PSNAME_MATCH","PS_EENAME","BADGE_MATCH","BADGE_NAME","MANAGER_VERIFICATION","VERIFIER"
12/3/2014
GFH Consulting NEHIA Mystic, CT
35
DEEP DIVE – Do the Scripting
Prepare or Clean up the EnvironmentCOMMENT
** REMOVES KEY RESPONSE AND NOTES FIELDS FROM THE DEFAULT VIEW AND
** RENAMES THEM
END
DEFINE VIEW Default_View
DELETE COLUMN Default_View LAST_RESPONSE OK
DELETE COLUMN Default_View RESP_DATE OK
RENAME FIELD LAST_RESPONSE AS LAST_RESPONSE2 OK
RENAME FIELD RESP_DATE AS RESP_DATE_x OK
12/3/2014
GFH Consulting NEHIA Mystic, CT
36
DEEP DIVE – Do the Scripting
Calculate Needed Information or Values
OPEN APVENMAST
v_tmpCREATE_DATE = CREATE_DATE
GROUP IF v_tmpCREATE_DATE > CREATE_DATE AND DATE(CREATE_DATE) <> ""
v_tmpCREATE_DATE = CREATE_DATE
END
12/3/2014
GFH Consulting NEHIA Mystic, CT
37
DEEP DIVE – Do the Scripting
Create Analytic(s)DEFINE FIELD LAST_RESPONSE COMPUTED
CURRENT_RESPONSE IF CURRENT_RESPONSE <> """Confirmed" IF MATCH((UPPER(AUDIT_NOTES2)),"NON-EE - PLEASE PROVIDE CONFIRMING MANAGER DETAILS") AND CONFIRMING_MGR_NAME <> "" AND MANAGER_EN <> "" AND CURRENT_RESPONSE = "" "Confirmed" IF MATCH((UPPER(AUDIT_NOTES2)), "PLEASE PROVIDE CONFIRMING MANAGER DETAILS") AND CONFIRMING_MGR_NAME <> "" AND MANAGER_EN <> "" AND CURRENT_RESPONSE = ""LAST_RESPONSE2 IF (UPPER(AUDIT_NOTES2))= "ANNUAL RE-VALIDATION (NOT RESPONDED TO)" AND CURRENT_RESPONSE = "" OR (UPPER(AUDIT_NOTES2))= "ANNUAL RE-VALIDATION (STILL VALID?)" AND CURRENT_RESPONSE = """Still No Response" IF CURRENT_RESPONSE = "" AND NOT MATCH((SUBSTR(AUDIT_NOTES2,1,2)),"OK") AND UPPER(LAST_RESPONSE2) = "NO RESPONSE""No Response" IF CURRENT_RESPONSE = "" AND NOT MATCH((SUBSTR(AUDIT_NOTES2,1,2)),"OK") AND UPPER(LAST_RESPONSE2) <> "STILL NO RESPONSE" AND UPPER(AUDIT_NOTES2) <> "ANNUAL RE-VALIDATION (NOT RESPONDED TO)" AND UPPER(AUDIT_NOTES2) <> "ANNUAL RE-VALIDATION (STILL VALID?)" LAST_RESPONSE2
12/3/2014
GFH Consulting NEHIA Mystic, CT
38DEEP DIVE – Check the Results and Act
Provide results to SME Modify Analytics as required Repeat as required
12/3/2014
GFH Consulting NEHIA Mystic, CT
39
DEEP DIVE - Reports
Report Templates Results Responses
Memos Annual Summary
12/3/2014
GFH Consulting NEHIA Mystic, CT
40
DEEP DIVE - Scheduling
Create Visual Basic Scripts (VBS)
12/3/2014
GFH Consulting NEHIA Mystic, CT
47
DEEP DIVE – Production Instructions
12/3/2014
Department logo goes here
INSTRUCTIONS (located at: Production_Instructions.doc)Prepared By/Revised By
Date
Development Approval
Date Production Approval Date
Developer Name(orginially prepared by Developer name1)
8/14/2013
Manager IA Name 10/16/2013 IA Manager 8/14/2013
EXAMINATION 4103a MD Order Mismatch (Patient Status)
OBJECTIVES
This analytic imports EHR and HPARS data regarding patient status (i.e. encounter type in EHR, and patient type in HPARS), identifies differences in status between EHR and HPARS, and discrepancies between EHR MD orders and EHR encounter type. The script performs this analysis on a daily basis for UNBILLED (inhouse) accounts using EHR and HPARS PA data, and on a monthly basis for BILLED accounts using EHR and RAC1 data (837 bill file and HPARS PAS data).
CONSIDERATIONS
GFH Consulting NEHIA Mystic, CT
48
SUMMARY
Work with SMEs Develop Standards Protect All Code COMMENT! COMMENT! COMMENT! DOCUMENT! DOCUMENT! DOCUMENT!
12/3/2014
GFH Consulting NEHIA Mystic, CT
50
Contact Information
Gail Hormats, ACDA, CIA, EHRA, CRMA
GFH Consulting
6 Hackfeld Road
Worcester MA 01609
508-769-2618
12/3/2014