Table of Contents

Print PDF   Home   Portfolio


MITS Audit Module — Knowledge Transfer Guide
Project Developer Keith Stewart
Project Owner USDA-CFO
Customer US Department of Agriculture
Technical Writer Keith Stewart
Versioning V 1.0 REV 12/2016
Document Name KT-Audit-Intro.docx

Introduction

This Audit Tracking Module (ATM) Knowledge Transfer (KT) Guide has been prepared to assist the USDA NITC support team with both programmatic and technical knowledge of the ATM so that the NITC support team can assume support, maintenance and development roles for the ATM following contractor post implementation system hand-off to the USDA.

The ATM is a component of the MITS (Management Information Tracking System) web application. The ATM is an online web application that allows the USDA to prepare, review, manage, track, and generate reports for USDA OIG Audits. This guide covers the primary functions and features of the ATM as well as detailed core code and database programming reference and logic for the key com-ponents of the ATM. This guide will be used as the primary roadmap for the KT sessions conducted online and via teleconference between the MITS ATM contractor and the USDA NITC team. Portions of the KT presentation will use online references to the ATM; accordingly, KT participants will use the USDA QA server as well as the contractor’s ATM development server accessible at the following URLs:

USDA QA Server (requires USDA development e-authentication)
https://mitstest.ocfo.usda.gov

Contractor ATM development server
http://source.espherical.com


Participants are reauired to log-on to the QA server using valid e-Authentication IDs. Once logged in, click the ATM link. For the contractor ATM development server, the contractor will provide the NITC team with account access information.

Note: This presentation will focus on the ATM functions & features; we will not cover Security Officers functions which have been covered in previous KT sessions and which have not changed for the ATM.

Knowledge Transfer Guide Tips

The primary focus of this document is knowledge transfer to the NITC staff for core code and data-base functionality and logic. In this document, each referenced code template is diagramed (see figure #1) and each referenced template and database query will include a dual rating for (1) Com-plexity Level and (2) Detail Level as a guide for the NITC staff. These levels are explained below

Complexity Level (CL): range 1—10 (1 = basic template with standard logic/flow) (10 = very complex template with complex logic/flow and nested looping and conditions)

Detail Level (DL): range 1—10 (1 = basic template detail with standard layout and minimal in-cludes) (10 = very complex template with multiple includes and/or multiple conditional tests)


Figure 1: Template Diagram Figure 1: Template Diagram


Knowledge Transfer References

For the KT sessions, it is recommended that participants have access to and be familiar with the following ATM documentation.
  1. ATM Knowledge Transfer Guide (this document)
  2. ATM Training Manual
  3. ATM Data Migration Instructions
  4. ATM Design Document
These documents provide reference and detailed screen shots for each of the ATM user roles and functions as well as background information on system design.

Audit Process Business Rules Overview

An overview of the general audit business rules is being provided here as a point of reference for the NITC staff. This will help the NITC staff understand the overall audit business process. Understanding this business process is an important aid for understanding the ATM application flow and logic. The audit process business rules are detailed in the following flow diagram (figure #2). The audit process can be summarized as follows:
  1. The USDA OIG identifies deficiencies and/or weaknesses in USDA programs.
  2. Together with the Agencies management, the OIG and the Agency agree on the audit recommendations (this is termed the management decision date)
  3. Agencies set recommendation estimated and revised estimated completion dates (for recommendations with monetary balances, the OIG records payment and/or resolution of these monetary balances and communicates these payments and/or resolutions with the USDA OCFO PAD office via OIG data file uploads. Audits can be closed only when all recommendations with monetary balances are zero.
Figure 2: Audit Process Business Rules Figure 2: Audit Process Business Rules


Audit Structure Layout

The ATM includes twelve primary functional template pages. Each of these twelve pages controls a key audit process or function. The following diagram (figure #3) shows the relationship of each of these key templates. This KT Guide will cover details in each template included in Figure #3. Note: not all templates are available to all users. User access is based on the ATM user role as detailed in the ATM User Guide. Additionally, most ATM templates include the standard ATM_Header.cfm template-include which controls the menu and ATM access.
Figure 3: Audit Key Template Structure Figure 3: Audit Key Template Structure


Audit Access

For MITS users to gain access to the ATM, they must have a valid MITS account and an assigned audit role. Assignment of an audit role within MITS is performed by the MITS security officer based on an approved agency AD 1143 form for each user. Once the MITS ATM role has been created, the code which controls ATM access is identical to the other MITS modules and is diagramed below in figure #4.
Figure 4: ATM Access Control Figure 4: ATM Access Control


Instructor Led Training

The next chapters of this document are presented by the instructor in the following format:
  • Brief overview of the Functions, Features, and Key Logic for each topic.
  • Review of the chapter figure(s) detailing the key software topics/components.
  • Interactive classroom presentation of each of the topics/components.
    • Participants are encouraged to engage with the instructor enhance their understand of topic concepts.
    • Note: the USDA records the classroom presentation. A transcript of the recording is available from the USDA.

ATM Home Page

Functions: The ATM home page is the starting point for access to all ATM Audits, Data, and related functions. Access to selected functions is dependent on a given users role.

Features: The ATM home page (see figure #5) includes seven separate ways to find audits as well as summary graphs of real-time audit statistics. Audits can be accessed by searching on any of the seven parameters or by clicking on any bar in the summary graphs. In addition, the ATM home page includes links to the other functions in the ATM (see figure #3).

Key Logic: Core programming logic for the ATM home page includes the following key items:
  1. Audit query based on user role; if less than Audit follow-up coordinator or developer, filter audits based on user agency.
  2. Create a query for each of 5 graphs shown on the home page. Consider caching graph queries to speed up page load
Code/Data Explanation: (follow with the instructor)

Figure 5: ATM Home Page Figure 5: ATM Home Page


Audit Summary Page

Functions: The Audit Summary Page is the primary source of key summary information about a selected audit. This page includes areas for authorized users to update audit points of contact, audit notes, a PDF copy of the audit, and various reporting dates.

Features: The Audit Summary page includes a recommendation count and status indicator (Late, Open, Closed) as well as a monetary summary and listing of any recommendations which are 1 year or more past the Management Decision date.

Key Logic: Core programming logic for the audit summary page includes the following key items:
  1. Determining the audit status (based on 1 or more open recommendations).
  2. Determining the latest management decision (MD) date, estimated completion date, and revised estimated completion date.
  3. Providing a count of recommendations based on their type (disallowed cost [DC], funds to better use [FTBU], non-monetary [NM], or other).
  4. Determining if any recommendation with MD is still open past one year; listing the total days if past one year.
  5. Determining recommendation status (open, late or closed) and providing a count based on status.
  6. Determining the audit monetary summary (audit balance).
  7. Determining the monetary summary details for disallowed costs and funds to better use.
  8. Determining delay code information.
  9. Determining lead agency and agencies involved.
  10. Retrieving PDF link (if any uploaded PDF).
  11. Code looping to aggregate monetary data and recommendation/corrective action dates.
Code/Data Explanation: (follow with the instructor)

Figure 6: Audit Summary Page Figure 6: Audit Summary Page


Recommendations Summary Page

Functions: The Recommendations Summary Page includes access for authorized users to enter view corrective actions, create new corrective actions, view recommendations, create new recommendations, and view the actions summary page as well as entering other recommendation summary data.

Features: Features on the Recommendation Summary page include the recommendation type, a listing of the recommendation management decision date, estimated completion date, revised estimated completion date, recommendation final action date and a recommendation balance including both FTBU (funds to better use) and DC (disallowed costs) amounts.

Key Logic: Core programming logic for the recommendations summary page includes the following key items:
  1. Determining the recommendation status (based on the estimated completion date and/or the revised estimated completion date).
  2. Determining the latest estimated completion date and revised estimated completion date.
  3. Recommendation type listing (DC,FTBU,NM, Other).
  4. Determining the latest recommendation final action date if any.
  5. Determining the recommendation monetary summary (recommendation balance).
  6. Determining the monetary summary details based on the recommendation type.
  7. Determining lead agency and agencies involved.
  8. Code looping to aggregate monetary data and recommendation/corrective action dates.
Code/Data Explanation: (follow with the instructor)

Figure 7: Recommendations Summary Page Figure 7: Recommendations Summary Page


Actions Summary Page

Functions: The Actions Summary Page includes monetary information about the selected recommendation as well as access for authorized users to enter monetary and other related actions and access to view the actions summary page.

Features: The monetary balance for the given recommendation is listed in the actions summary page. This also includes the recommendation status as well a listing of the monetary amount(s) details.

Key Logic: Core programming logic for the actions summary page includes the following key items:
  1. Determine the available actions based on the recommendation type (for a mapping, see Audit Design Document Appendix 1). Populate the actions select list with the available action types.
  2. Calculate and display the recommendation monetary summary information.
  3. Apply the monetary amount entered on this page to the correct action type (note the use of JavaScript to accomplish this task).
Code/Data Explanation: (follow with the instructor)

Figure 8: Actions Summary Page Figure 8: Actions Summary Page


Corrective Actions Summary Page

Functions: The Corrective Actions Summary page provides access for authorized users to enter corrective action information and corrective action status information for the given recommendation.

Features: The Corrective Actions Summary page includes details for the corrective actions and status items for a given recommendation including delay codes, status notes, estimated completion dates, OCFO concurrence, revised estimated completion dates and points of contact. This page also includes access to edit corrective actions status information.

Key Logic: Core programming logic for the corrective actions summary page includes the following key items:
  1. Test for first Corrective Action, restrict to OCFO if no corrective action.
  2. JavaScript number restrictions for corrective actions.
  3. OCFO concurrence restriction.
  4. Estimated completion date restriction.
Code/Data Explanation: (follow with the instructor)

Figure 9: Corrective Action Summary Page Figure 9: Corrective Action Summary Page


Create New Recommendations Page

Functions: The Create New Recommendations page allows authorized users to create a new recommendation for the given audit. This function is generally not used since recommendations are entered via the OIG data file import. However, this function was created for future use and system flexibility.

Features: The Create New Recommendations page includes details for the new recommendation including the monetary code, recommendation ID, management decision date, final action date, weaknesses, FISMA status, and lead agency.

Key Logic: Core programming logic for the create a new recommendation page includes the following key items:
  1. Audit restriction for recommendation.
  2. Recommendation number check using JavaScript (no duplicates).
  3. Lead agency check depending on user role.
  4. Form validation for user input.
Code/Data Explanation: (follow with the instructor)

Figure 10: Create New Recommendation Page Figure 10: Create New Recommendation Page


Create New Corrective Actions Page

Functions: The Create New Corrective Actions page allows authorized users to create a new corrective action for the given recommendation. This function is available only when a corrective action has first been created by the OCFO. The OCFO must enter the first corrective action and the estimated completion date.

Features: The Create New Corrective Actions Summary page includes details for the corrective actions and status items for a given recommendation including delay codes, status notes, estimated completion dates, OCFO concurrence, revised estimated completion dates and points of contact. This page also includes access to edit corrective actions status information. Only the Audit Follow-Up coordinator can enter estimated completion dates.

Key Logic: Core programming logic for the create a new corrective action page includes the following key items:
  1. Audit restriction for corrective action.
  2. Corrective action number check using JavaScript (no duplicates).
  3. First corrective action number check for OCFO.
  4. Estimated completion date check for OCFO.
  5. Lead agency check depending on user role.
  6. Form validation for user input.
Code/Data Explanation: (follow with the instructor)

Figure 11: Create New Corrective Action Page Figure 11: Create New Corrective Action Page


Manage OIG Imports Page

Functions: The Manage OIG Imports page provides authorized user’s access to view, accept, and/or reject Audit/Recommendation information which has been imported from the OIG via an OIG Data file.

Features: The Mange OIG Imports page shows information about imported and processed OIG files as well as the ability for authorized users to provide rejection reasons to the OIG when a given file item is rejected by the OCFO staff.

Key Logic: Core programming logic for the Manage OIG imports page is straightforward; the application UI includes a rejection checkbox and rejection-reason explanation text area for authorized OCFO users to reject any OIG import file item.

Code/Data Explanation: (follow with the instructor)

Audit Standard Reports Page

Functions: The Audit Standard Reports page provides access for authorized users to generate any of the Standard Audit Reports.

Features: The Audit Standard Reports page includes the ability for authorized users to generate reports based on any start and end dates. Once a report has been generated, there is also a feature which allows users to download an Excel™, Word™, or print version of the report.

Key Logic: Core programming logic for the Audit Standard Reports Page is straightforward; generated reports are configured with start and end dates using the calendar function and once generated can be saved in Excel™, Word™, or print format.

Code/Data Explanation: (follow with the instructor)

Audit Custom Reports Page

Functions: The Custom Reports Page provides access to authorized users to generate a custom report by selecting any of the multiple filters.

Features: The Audit Custom Reports page is separated into three basic report types:
  1. Audit Report
  2. Recommendations Report
  3. Corrective Actions Report
Each report includes various filters associated with the selected report type as well as the ability to select which report columns are to be included in the report. Once the report is generated, users can import the report into EExcel™, Word™, or a print version.

Key Logic: Core programming logic for the Audit Customs Reports page is straightforward; generated reports are configured with start and end dates using the calendar function and once generated can be saved in Excel™, Word™, or print format.

Code/Data Explanation: (follow with the instructor)

Create New Audit Page

Functions: The Create New Audit page allows authorized users to create a new audit in the ATM. This function is reserved for Audit Follow-Up Coordinators only.

Features: The Create New Audit Page includes the key information required for an audit.

Key Logic: Core programming logic for the Create New Audit page is straightforward and includes the a simple form validation for the audit elements and an  insert  database action to save the new audit.

Code/Data Explanation: (follow with the instructor)

Conclusion and Questions

This concludes the ATM UAT training Guide. At this time, the floor is open for questions, comments, and discussion from participants.

ATM Documentation

The USDA UAT team should be provided access to the following ATM documentation for reference:
  • ATM Requirements Document.
  • ATM Design Document.
  • ATM Test Readiness Review.
  • ATM Knowledge Transfer Document (This Document)