Post on 16-Dec-2015
Using a Business Operations Management Approach to
Control, Analyze, and Improve Your Information
John Gatto, CISA, CRISC, Divisional VP Audit Services at HCSC
Bobby Koritala, Sr VP of Operations at Infogix, Inc.
BiographyJohn Gatto, CISA, CRISC,
Divisional Vice President
Audit Services - HCSC
John Gatto has been with Health Care Service Corporation (HCSC) in Chicago, IL since December, 2005. He is responsible for all aspects of
IT Audit for the four Plans comprising HCSC (Illinois, Texas, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and
testing, risk based audits, advisory engagements for new development projects, coordination of SSAE #16 reviews and E&Y
Year-End Financial Audits. John is a member of a number of Steering Committees within the IT area of HCSC.
BiographyBobby Koritala
Sr Vice President of Operations
Infogix, Inc.
Bobby Koritala joined Infogix in 2009 and leads the Marketing and Product Development Group. Prior to this, Bobby served as the
Director of Risk Technology Solutions at Protiviti, Vice-President of Investments at Open Prairie Ventures, Director of Applied Technology
at Blue Cross Blue Shield, Director of Product Development at Lexis Nexis, and Senior Manager, Software Development at SPSS. Bobby
has a Bachelor of Arts degree in computer science and physics from Coe College, a Master of Science degree from the University of
Wisconsin, and an MBA from Kellogg School of Management.
4 04/18/23
We Impact Millions of People. Every Day.
Health insurance claims Property insurance billing Utility billing Bank statements Gift cards Mortgages Purchases at stores Credit card transactions
Why Do We Exist?
5 04/18/23
To provide solutions that transform the operations of our customers….thus allowing them to focus on what is most important…….their customers.
6 04/18/23
Our Business Operations Management Suite
Key Performance and Risk Indicators
Real-Time Process Performance
Operational Intelligence
Operational Reporting
Analytics
Balancing Reconciliation Exception
Management
7 04/18/23
Who We Help
Insight
Control
Executives/Leadership
Directors/Managers
Analysts/Developers
8 04/18/23
Functional Areas We Serve
• Operations• Finance• IT
9 04/18/23
Environmental Challenges in Core Processes
• Lack of real-time operational reporting
• Lack of visibility into your process level information
• Disparate systems and platforms
• Product centric information silos
• Multiple manual steps and semi-automated controls
10 04/18/23
Our Solutions at Work
ManagementProcesses
GovernanceProcesses
Presentation Objectives
1104/18/23
Presentation Objectives
1204/18/23
HCSC Environment
• Very complex infrastructure• Very complex applications• Mainframe and distributed
• Batch• On-line / real time
• Thousands of interface files• ACA expanding that problem
1304/18/23
Relationship
1404/18/23
15
Infogix Solutions Timeline
Implemented ACR Summary
Implemented ACR Detail
on MVS
Implemented Insight on
13 Interfaces
Developed Data Integrity Policy
Started ACR 4.2 Upgrade
Added Insight to all
1,856 ACR Controls
1982 1993 2009 2010 2011
04/18/23
• Many problems arising
• New Solutions Needed
1604/18/23
Presentation Objectives
1704/18/23
NAIC MAR and IT Audit
1804/18/23
What is NAIC MAR?
1904/18/23
HCSC Audit Plan
2004/18/23
NAIC MAR Interfaces
2104/18/23
22
MAR Interface
Data transmission or feed into a financially significant application, job, or process.
SYSTEM AData IT Controls Data
Duplicate File
Balancing
Missing File
SYSTEM B
04/18/23
23
Interface Metrics
04/18/23
2012 MAR Overview
Application Interfaces ITG GC’s Non-ITG GC’s
50 unique targetsystems
110 interfaces balancing duplicate file missing file
5 reports for adminpurposes
Actuary Dearborn National Hallmark Provider Services
IAM (68 applications) Reliance for E&Y
SOC-1 – 25 Financial -19
Non-reliance - 24 Risk Management Strategic Planning Physical Security Incident Management Change Management Release Management IT Operations AS/400 SDM
2404/18/23
25
Interface Audits - Back in The Day…
John Gatto, 2006
04/18/23
Real Ugly
26
Real Ugly
2704/18/23
28
Interface Audit Challenges
04/18/23
Presentation Objectives
2904/18/23
Use of Insight
Using Insight
ITG Corporate Governanc
e
IT Audit
3104/18/23
32
NAIC MAR Project and Insight
• Identified Deficiencies by Internal and External Audit
• Implemented 3 Types of Controls– Missing File Check– Duplicate File Check– Balancing
• Developed coordinated process with Corporate Governance, Internal Controls Evaluation, Internal Audit and ITG Controls group.
• Needed ease of monitoring and testing
04/18/23
Benefits of Insight
3304/18/23
View of Controls labeled by Source to Target System
A red gauge indicates an error. The green gauge indicates no errors. An empty gauge indicates that the controls haven’t processed yet for the time frame specified within the filter.
3404/18/23
Subview:
Balancing, Duplicate Check and Missing File Checks
3504/18/23
Execution Results: Job Name, Execution Date, Time and Return Code
3604/18/23
Drill Down to Return Code and Error Message
3704/18/23
ACR Reports – Detailed Information
3804/18/23
Resolution Notes
3904/18/23
Looking Ahead
4004/18/23
4104/18/23
42
Looking Ahead
• Implement ACR Unix Controls
• Insight Upgrade 6.3: Send Non ACR Controls to Insight
• Insight Upgrade 6.3: Link to Help Desk
• Continued Development of ACR and Insight Controls
04/18/23
43 04/18/23
Typical Areas of Application
Claims Data Warehouse Actuarial
Reserves Billing Statements Payments Commissions Provider
Services
Member Services General Ledger Financial Reporting Compliance SOX NAIC MAR Audit Enrollment
44 04/18/23
How We are Different
• Provide real-time end-to-end process level performance measurement and visibility
• Real-time operational insight into errors and process inefficiencies caused by disparate systems and product silos
• Automate reporting, reconciliations, and controls across your critical business processes
45 04/18/23
Putting it all Together
InfogixBusiness Operations
Management Solution
46 04/18/23
Sampling of Our Customers
47 04/18/23
About Infogix
Based in Chicago area Many customer relationships > 20
years Customers include:
• 20 of the Fortune 100• 7/10 of top Commercial Banks• 6/10 of top P & C Insurers • 3/10 of top Health Insurers
48 04/18/23
Questions?