Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using a Business Operations Management Approach to Control, Analyze, and Improve Your Information John Gatto, CISA, CRISC, Divisional VP Audit Services.

Published byFelix Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "Using a Business Operations Management Approach to Control, Analyze, and Improve Your Information John Gatto, CISA, CRISC, Divisional VP Audit Services."— Presentation transcript:

1 Using a Business Operations Management Approach to Control, Analyze, and Improve Your Information John Gatto, CISA, CRISC, Divisional VP Audit Services at HCSC Bobby Koritala, Sr VP of Operations at Infogix, Inc.

2 Biography John Gatto, CISA, CRISC, Divisional Vice President Audit Services - HCSC John Gatto has been with Health Care Service Corporation (HCSC) in Chicago, IL since December, 2005. He is responsible for all aspects of IT Audit for the four Plans comprising HCSC (Illinois, Texas, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SSAE #16 reviews and E&Y Year-End Financial Audits. John is a member of a number of Steering Committees within the IT area of HCSC.

3 Biography Bobby Koritala Sr Vice President of Operations Infogix, Inc. Bobby Koritala joined Infogix in 2009 and leads the Marketing and Product Development Group. Prior to this, Bobby served as the Director of Risk Technology Solutions at Protiviti, Vice-President of Investments at Open Prairie Ventures, Director of Applied Technology at Blue Cross Blue Shield, Director of Product Development at Lexis Nexis, and Senior Manager, Software Development at SPSS. Bobby has a Bachelor of Arts degree in computer science and physics from Coe College, a Master of Science degree from the University of Wisconsin, and an MBA from Kellogg School of Management.

4 4 5/12/2015 We Impact Millions of People. Every Day. Health insurance claims Property insurance billing Utility billing Bank statements Gift cards Mortgages Purchases at stores Credit card transactions

5 Why Do We Exist? 5 5/12/2015 To provide solutions that transform the operations of our customers….thus allowing them to focus on what is most important…….their customers.

6 6 5/12/2015 Our Business Operations Management Suite Key Performance and Risk Indicators Real-Time Process Performance Operational Intelligence Operational Reporting Analytics Balancing Reconciliation Exception Management

7 7 5/12/2015 Who We Help Insight Control Executives/ Leadership Directors/ Managers Analysts/ Developers

8 8 5/12/2015 Functional Areas We Serve Operations Finance IT

9 9 5/12/2015 Environmental Challenges in Core Processes Lack of real-time operational reporting Lack of visibility into your process level information Disparate systems and platforms Product centric information silos Multiple manual steps and semi-automated controls

10 10 5/12/2015 Our Solutions at Work Management Processes Governance Processes

11 Presentation Objectives HCSC & InfogixNAIC MAR and IT AuditBenefits of InsightLooking Ahead 11 5/12/2015

12 Presentation Objectives HCSC & InfogixNAIC MAR and IT AuditBenefits of InsightLooking Ahead 12 5/12/2015

13 HCSC Environment Very complex infrastructure Very complex applications Mainframe and distributed Batch On-line / real time Thousands of interface files ACA expanding that problem 13 5/12/2015

14 Relationship 14 5/12/2015

15 15 Infogix Solutions Timeline Implemented ACR Summary Implemented ACR Detail on MVS Implemented Insight on 13 Interfaces Developed Data Integrity Policy Started ACR 4.2 Upgrade Added Insight to all 1,856 ACR Controls 1982 19932009 2010 2011 5/12/2015

16 Many problems arising New Solutions Needed 16 5/12/2015

17 Presentation Objectives HCSC & InfogixNAIC MAR and IT AuditBenefits of InsightLooking Ahead 17 5/12/2015

18 NAIC MAR and IT Audit 18 5/12/2015

19 What is NAIC MAR? National Association of Insurance Commissioners Model Audit Rule (NAIC MAR) Applicable for all private insurance carriers with written premiums over $500 million Similar to the Sarbanes-Oxley Act of 2002 (SOX) in that it has SOX-like compliance requirements For MAR compliance, IT is required to: perform self-assessment of internal controls of IT operations strengthen application interface controls over financially significant applications 19 5/12/2015

20 HCSC Audit Plan 20 5/12/2015

21 NAIC MAR Interfaces MAR System A financially significant application / system that is used to support a business process or transaction Material to the financial statements MAR Interface A MAR System transmitting data to or “interfacing with” another MAR System Source to Target Applications 21 5/12/2015

22 22 MAR Interface Data transmission or feed into a financially significant application, job, or process. 5/12/2015

23 23 Interface Metrics 50 Target Systems 110 Interfaces Missing Duplicate Balancing 3 Controls per Interface Sample size consist of 25 reports per control 5/12/2015

24 2012 MAR Overview Application Interfaces ITG GC’sNon-ITG GC’s  50 unique target systems  110 interfaces  balancing  duplicate file  missing file  5 reports for admin purposes  Actuary  Dearborn National  Hallmark  Provider Services  IAM (68 applications)  Reliance for E&Y  SOC-1 – 25  Financial -19  Non-reliance - 24  Risk Management  Strategic Planning  Physical Security  Incident Management  Change Management  Release Management  IT Operations  AS/400  SDM 24 5/12/2015

25 25 Interface Audits - Back in The Day… John Gatto, 2006 5/12/2015

26 Real Ugly 26

27 Real Ugly 27 5/12/2015

28 28 Interface Audit Challenges Large documentation requests 25 days x 3 control = 75 Reports Longer turnaround for documentation requests At minimum 5 business days Auditee availability IT Audit needs to work around Auditee schedules Request helpdesk ticket for each unsuccessful Job Auditee may need additional time to provide Review each report in detail to determine control outcome Poor visibility into results 5/12/2015

29 Presentation Objectives HCSC & InfogixNAIC MAR and IT AuditBenefits of InsightLooking Ahead 29 5/12/2015

30 Use of Insight

31 Using Insight ITG Corporate Governance IT Audit 31 5/12/2015

32 32 NAIC MAR Project and Insight Identified Deficiencies by Internal and External Audit Implemented 3 Types of Controls –Missing File Check –Duplicate File Check –Balancing Developed coordinated process with Corporate Governance, Internal Controls Evaluation, Internal Audit and ITG Controls group. Needed ease of monitoring and testing 5/12/2015

33 Benefits of Insight The Old Way 25 days X 3 controls = 75 reports 5 to 10 business days Work around auditee schedules Additional time could be needed Poor visibility into results Using Insight Dashboard vs. paper Reports readily available No waiting period Auditee schedule not impacted Linked to Insight Immediate availability 33 5/12/2015

34 View of Controls labeled by Source to Target System A red gauge indicates an error. The green gauge indicates no errors. An empty gauge indicates that the controls haven’t processed yet for the time frame specified within the filter. 34 5/12/2015

35 Subview: Balancing, Duplicate Check and Missing File Checks 35 5/12/2015

36 Execution Results: Job Name, Execution Date, Time and Return Code 36 5/12/2015

37 Drill Down to Return Code and Error Message 37 5/12/2015

38 ACR Reports – Detailed Information 38 5/12/2015

39 Resolution Notes 39 5/12/2015

40 Looking Ahead 40 5/12/2015

41 41 5/12/2015

42 42 Looking Ahead Implement ACR Unix Controls Insight Upgrade 6.3: Send Non ACR Controls to Insight Insight Upgrade 6.3: Link to Help Desk Continued Development of ACR and Insight Controls 5/12/2015

43 43 5/12/2015 Typical Areas of Application Claims Data Warehouse Actuarial Reserves Billing Statements Payments Commissions Provider Services Member Services General Ledger Financial Reporting Compliance SOX NAIC MAR Audit Enrollment

44 44 5/12/2015 How We are Different Provide real-time end-to-end process level performance measurement and visibility Real-time operational insight into errors and process inefficiencies caused by disparate systems and product silos Automate reporting, reconciliations, and controls across your critical business processes

45 45 5/12/2015 Putting it all Together Infogix Business Operations Management Solution

46 46 5/12/2015 Sampling of Our Customers

47 47 5/12/2015 About Infogix Based in Chicago area Many customer relationships > 20 years Customers include: 20 of the Fortune 100 7/10 of top Commercial Banks 6/10 of top P & C Insurers 3/10 of top Health Insurers

48 48 5/12/2015 Questions?

Download ppt "Using a Business Operations Management Approach to Control, Analyze, and Improve Your Information John Gatto, CISA, CRISC, Divisional VP Audit Services."

Similar presentations

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.
Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
1 Copyright © 2007 Accenture All Rights Reserved. Affirmative Insurance Accenture Claim Components Solution Win Card Accenture has been selected to license.

1 Copyright © 2007 Accenture All Rights Reserved. Affirmative Insurance Accenture Claim Components Solution Win Card Accenture has been selected to license.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
PayAdvantageHR Imagine an integrated HRIS – Payroll – Enrollment platform with one login at your fingertips Presents.

PayAdvantageHR Imagine an integrated HRIS – Payroll – Enrollment platform with one login at your fingertips Presents.
John Whittle Sales Specialist Case Study: Manage Transactions Across the Enterprise Featuring BMC Middleware Management.

John Whittle Sales Specialist Case Study: Manage Transactions Across the Enterprise Featuring BMC Middleware Management.
CFIT Presentation Presented By: Sumit Nijhawan

CFIT Presentation Presented By: Sumit Nijhawan
Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.

Technology Applications in the Age of Integrity Integrity Forum 2006 Tony Murphy Vice President, Worldwide Sales ACL Services Ltd.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Copyright Dickinson College 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Transforming Your Operations Presented By: Mark Johnston, Product Adoption Manager The Role of Data Governance August 13, 2014.

Transforming Your Operations Presented By: Mark Johnston, Product Adoption Manager The Role of Data Governance August 13, 2014.
What do we mean by Real-Time Business? Gaurav Tomar Usha Raghavan

What do we mean by Real-Time Business? Gaurav Tomar Usha Raghavan
Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.

Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.
V i s i o n ACCOMPLISHED ™ Portfolio Management Breakthroughs Shelley Gaddie President Project Corps Pacific Northwest Portfolio Management Roundtable.

V i s i o n ACCOMPLISHED ™ Portfolio Management Breakthroughs Shelley Gaddie President Project Corps Pacific Northwest Portfolio Management Roundtable.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
Agile insurance carrier - What the carrier has to look like? Glenn Lottering Senior Director, EMEA Insurance Product Strategy and Sales Consulting.

Agile insurance carrier - What the carrier has to look like? Glenn Lottering Senior Director, EMEA Insurance Product Strategy and Sales Consulting.
Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.

Continuous Auditing Technology Adoption in Leading Internal Audit Organizations Miklos A. Vasarhelyi Siripan Kuenkaikaew.
State Examinations Have No Fear, Help is Here. Risk-Focused Financial Condition Exams NAIC mandated for state insurance departments beginning 1/1/2010.

State Examinations Have No Fear, Help is Here. Risk-Focused Financial Condition Exams NAIC mandated for state insurance departments beginning 1/1/2010.
Chapter 13 Auditing Information Technology

Chapter 13 Auditing Information Technology

Similar presentations

Ads by Google