User story for generating audit reports

The Solution Accelerator uses auditing to support electronic records and regulatory requirements. The requirements are intended to assure document authenticity, integrity, validity, and confidentiality.

For example, the Solution Accelerator supports the requirements of the Code of Federal Regulations 21 Part 11 Subpart C Section 11:300(e), which requires:

“Use of secure computer, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that crate, modify, or delete electronic records...changes shall not obscure previously recorded information.”

Audit information is stored in a database. To generate an audit report, you can create tools or use industry standard report generation tools, such as Crystal Reports.

Narrative

It is often necessary to log consistent information for reviews. After you log the information, typically, audit reports are created to monitor reviews for compliancy.

When you are ready to generate reports, implement a mechanism that is applicable for your organization. All audit information for the Solution Accelerator is stored in a database. Audit trails are built for reviews that have auditing enabled in the review template.

Before you can generate reports, decide what levels of auditing are required for your review and approval processes. After you have created the necessary audit levels, you enable audits by modifying the review templates.

The solution template provides a mechanism for you to add auditing to a review template but does not provide capabilities to generate reports.

The following illustration shows the GlobalCorp solution template page that allows users to add auditing to the review template. (See User stories for creating review templates .)

View full size graphic
Adding auditing to the review template.

Estimated time to implement

To implement this story, expect to spend 1-2 days create SQL queries and test them. Additional time is required to create or modify existing audit levels and build presentable and user friendly reports.

Note: The time to implement the story depends on the skill sets of your staff and how well you know your requirements. The estimates are broad guidelines and differ for each organization.

Common questions to ask to clarify requirements

  • What information do you require?

  • Who requires access to the audit reports?

  • What are the required actions to audit for reviews and approval workflows?

  • How many audits levels are sufficient and how are they identified?

  • How often are audits used for reviews?

Requirements addressed

  • Audit reports can be created based on a review or certain actions that occurred for all reviews. Audit reports can also be used to generate a history of actions that occurred during the review.

  • Audit reports can be created based on a review or certain actions that occurred for all reviews.

Implementation overview

The GlobalCorp solution template does not provide an implementation to generate reports.

Audit information is stored in a database. Knowledge of SQL databases and experience with building database queries is required to retrieve the information. Consider using industry standard tools to make it easier for you to get the information from the database. (See Retrieving Audit logs in Review, Commenting, and Approval Building Block 9.5 Technical Guide .)

Before you can generate an audit report, complete the following tasks:

  1. Define audit levels

    You modify an audit configuration file to add more levels or modify existing audit levels to configure the actions that are logged. The audit configuration file is implemented as an XML file and adheres to a predefined schema. The solution template provides two default audit levels. You can use one as your standard if it fulfills your auditing requirements and configure the actions you want to log. (See Adding a new audit level in Review, Commenting, and Approval Building Block 9.5 Technical Guide .)

  2. Configure review templates to use auditing

    After you set up the auditing to meet your requirements, you can add auditing to reviews by configuring them in review templates. (See User stories for creating review templates .)

Tools used

  • An XML editor and tools for query relational databases and to edit the review template.

  • Database query tools to build queries to retrieve information from the database.

  • Workbench to retrieve and deploy the changes to the audit configuration file.

Team members and skill sets

  • Understanding of entity relationship diagrams and SQL knowledge. (LiveCycle Developer)

  • XML, W3C XML schemas. (IT staff, or Business Analyst)

Best practices, tips, and tricks

The GlobalCorp solution template provides default audit level names, such as Level 1 and Level 2. Consider using meaningful names such as Audit For ISO Processes or Internal Process Audits. Meaningful names help to identify the context of the audit.

The information is stored in a database and returned as tables. When reports require formatting, additional tools are required. Consider using industry standard tools to build reports, such as Crystal Reports.

Auditing for review and approval workflows is important to ensure that reviews are compliant with an organization’s standard operating procedures. When you use auditing, the following are some considerations to help with you planning:

  • The actions that are recorded as part of the audit.

  • The presentation of the reports.

  • Access to audit information.

  • The amount of auditing to use.

Since the audit information is stored in a database, consider planning to get permissions to query the database. Typically, you require only read permissions to the database to generate reports. Contact your database administrator to familiarize yourself with your organization’s policies on database access.

// Ethnio survey code removed