Configure · Policy-as-code · audit-versioned

Detection rules — policy as code,
not hard-coded logic.

Every OIG-recommended control is a versioned, auditable configuration. Edits run an impact preview against historical data and auto-generate regression tests. Last published: v12 by A. Thompson · 2 days ago.

Active · 8 / 8 Mode · Production Version · v12 + Add rule
Rule fires · 7d
312
96% auto-cleared
False-positive rate
3.6%
▼ 0.8 ppvs. v11
Auto-tests
428
all PASSlast run 2 min ago
Approval-policy rules
Implements OIG Recommendation 4 · approval-control violations
CR-001 Self-approval block Hard block
An employee cannot approve their own time entry — including hierarchical edge-cases where they sit on their own approval chain.
ModeBlock
Override allowedNo
Last fired9 min ago
Versionv2
CR-002 Span-of-control / lateral approval Override required
Approver must be in the employee's direct reporting line. Cross-team and lateral approvals require department-head override and are escalated to OIG.
Hops allowed1
Override SLA48 h
Last fired22 min ago
Versionv3
CR-003 Aggregate cap (weekly & monthly) Override required
Per-employee aggregate OT caps; breaches require department-head override and notify Inspector General.
Weekly cap
Monthly cap
Last fired1 hr ago
Versionv2
Anomaly & pattern detection rules
Implements OIG Recommendation 5 · time-series & pattern analysis
CR-004 Missed lunch / break frequency Flag only
Tracks frequency of missed-meal claims. Repeat occurrences across short windows trigger a peer-comparison check and a flag for review.
Threshold
Window d
Last fired3 hr ago
Versionv1
CR-005 Consecutive-day OT threshold Alert + flag
Detects sustained consecutive-day overtime above a threshold. Notifies department head and Risk Management for safety follow-up.
Days threshold
Min hrs/day
Last fired14 min ago
Versionv1
CR-006 Peer-comparison outlier Alert
Flags employees whose OT is significantly above the median of their classification & department over a rolling window.
σ above median
Window d
Last fired32 min ago
Versionv2
CR-007 Punch-pattern anomaly · "clock in, leave, clock out" Alert + investigation
The exact pattern documented in the OIG audit. Detects clock-in events with a sustained gap of badge inactivity and a clock-out at the same station, with no Maximo work-order link.
Min inactivity min
Same-stationrequired
Last fired32 min ago
Versionv4
CR-008 Time-series anomaly per employee Alert
ML-based anomaly detection over the employee's own historical pattern. Surfaces sudden regime shifts in OT behavior.
SensitivityMedium
Lookback180 d
Last fired2 hr ago
Versionv3
CR-010 Industrial-injury correlation Inform
Continuous correlation between high OT (prior 30d) and industrial injuries (OIG Recommendation 3). Surfaces departments with elevated risk multipliers.
Window30 d
Risk threshold1.5×
Last computed4 min ago
Versionv2
Impact preview · pending changes
Replays last 90 days against draft rule config
Draft v13
−22%predicted alert volume
0prior incidents missed
Increasing CR-005 from 8 → 9 days reduces alert noise by 22% with no historical incidents missed. Recommended.
Version history
Every change auditable · revertable
today · 11:18 AM
Draft v13 created — CR-005 threshold 8 → 9
A. Thompson · pending publish
2 days ago
v12 published — CR-007 sensitivity tightened
A. Thompson · 428 auto-tests PASS
14 days ago
v11 published — added CR-010 industrial-injury correlation
A. Thompson
42 days ago
v10 published — added CR-008 time-series anomaly
A. Thompson · co-reviewed by COO
90 days ago
v1 baseline — OIG Recommendation 4 & 5 controls implemented
A. Thompson · platform launch