| By Micah Fairchild
Using Lessons Learned From Others to Mitigate HR Software Risk
An effective Human Resource Information System (HRIS or HRMS) can lower administrative burdens, increase efficiencies, drive productivity gains, maximize morale, and improve retention rates. An HRIS allows for management of all employee information, can track job applicants, can be configured for insightful reporting, and can be capable of communicating and/or interfacing with myriad other business systems. As such, it's not hard to realize why companies are clamoring to add HR systems of this sort to their bailiwick. In fact, the 13th Annual Edition of CedarCrestone's HR Systems Survey, points to a forecast for almost red letter growth in talent management, social media, and analytics/planning applications for the next three years—91%, 93%, and 120% respectively. And where does the data for these applications come from? It originates from the "core" HRIS, encompassing position/profile management, payroll, and benefits administration, and because the data deals with employees, it touches just about every substantive facet of the organization.
An effective HR information system will contribute to overall cost reductions through better resource allocation and as such the decision to implement an HRIS is fairly simple, straightforward and smart. What's not so simple is making sense of the numerous problems that organizations have with information systems of this sort. What follow are the Top 5 mistakes that companies encounter with Human Resource Information Systems implementation replete with tested tips to help you avoid some of those same pitfalls.
HRIS Mistake # 1 - Failure to Effectively Manage Change
Failing to effectively manage change has the ability to derail even the best initiative. While organizations may have been able to scrape by with change initiatives in the past due to the implementation of very few large-scale, enterprise-level projects, those days are officially gone. A Society for Human Resource Management (SHRM) report, To Make Change, Manage Them, found that large-scale "change initiatives" are on the rise. Says Prosci, Inc. CEO Jeffrey Hiatt, "Thirty years ago, a Fortune 100 probably had one or two enterprise-wide change initiatives going on; today that number is…[closer to]…20," With this rise in enterprise-level changes, organizations have to be able to effectively manage how individuals are impacted by the changes, especially when it comes to the implementation of a human resource information system.
Unfortunately, effectively managing change can be an area of major deficiency for many organizations. Indeed, PwC's quarterly Management Barometer Survey of 140+ large company executives found that 66% of respondents cited "lack of change management skills" as a barrier to change initiative success. A study for the Asia-Pacific Journal of Human Resources further validated this by finding critical implementation success components to new HRIS systems in the form of employee needs, concerns and opinions. Although myriad explanations exist of how to actually "manage" these needs, concerns, and opinions, most breakdowns tend to originate from management failing to identify: a) the change that is happening; b) the reason the change is occurring; c) the affect the change will have on individuals; and d) the necessary steps that must be taken if change is not supported.
Tip # 1: Numerous options exist for companies to assess the organizational impact a given change will have (e.g. Discovery Learning's Change Style Indicator). Taking advantage of one of these assessments for both supervisors and employees can spell the difference between project success and failure.
Tip # 2: Communicate, Communicate, Communicate. By communicating frequently; designating specific mechanisms for addressing staff needs/concerns/opinions; and varying communication techniques and channels, you can ensure that the change is understood and contingencies that arise can be dealt with proactively.
Tip # 3: Don't forget about (or skimp on) pre/post change training or neglect the training for new hires that come in after an HRIS implementation is complete.
HRIS Mistake # 2 – Failure to Define, Validate, and Support Data Quality
Quality decisions come from quality information. That information needs to be valid, reliable, timely, and above all…useful. Unfortunately, too often useless reports make their way to the C-suite without being cross-referenced for quality, especially when it comes to data that originates from HR. For example, retirement data could shed light on a potential exodus of a certain segment of the workforce. If that information isn't accurate, or doesn't allow for specific solution avenues, then those figures aren't very useful—and the quality of that data is rightfully suspect. Once data cannot be relied upon, business intelligence, in turn, suffers. According to a Report, Data Governance, by The Data Management Association (DAMA) "data quality is synonymous with information quality, since poor data quality results in inaccurate information and poor business performance". As such, it is an operationally integral component that data be validated, checked for corruption points, and, if necessary, be cleaned so as to make it accurate and useful.
Unfortunately, according to the 2010 research report by Capscan, Data Quality: Reality and Rhetoric, "getting organizations to understand the impact of poor data is seen as one of the biggest data challenges today." Indeed, according to the report only 40% of companies surveyed validated their data, while 57.7% thought their data was of great quality. This disconnect is one of the major mistakes for HRIS applications because poor quality data leads to misinformed business decisions, which can lead to operational inefficiencies, which can lead to damage to the brand, to customer satisfaction, and worst—revenues.
Tip # 1: Establish clear-cut procedures and policies that define data-entry, especially for the "core" HRIS software functionality areas. Be aware that any areas that involve self-entry or entry by users that are not fully trained, is a potential data corruption exposure area.
Tip # 2: Define when and how data will be validated, making sure to specify if outside vendors for this process will be used and how corrections will be made to any deficiencies.
HRIS Mistake # 3 - Failure to Properly Plan
Given the numerous and varied stakeholders present in any Human Resource Information System (HR, Payroll, Accounting, supervisors, employees, vendors, etc.), information stored in the system can theoretically be used in infinitely-configured ways. Consequently, the needs of each user group will be different as well. Human Resources may be looking for real-time data to make balanced scorecards while Payroll may be looking for features that aid in their reporting requirements for regulatory agencies like the EEOC. Unfortunately, many organizations fail to pinpoint what each stakeholder needs from the information system and as a result wind up with a diluted end-product. Effectively planning means identifying HR software requirements that take both micro and macro-level needs into account, but many professionals tasked with HRIS planning, system selection, and implementation only focus on the micro-level needs. Though well-versed in department or unit-level applications, many system implementors do not know how to plan for the big picture. One large mistake that many implementation teams make is failing to recognize the long-term strategic benefits that data systems can bring—choosing to focus instead on short-term, operational gains.
Put another way, these individuals don't know how to "speak" the C-suite language. Unfortunately, revenues, P&L, and the host of other key business markers used, can get lost at this phase, which is a major misstep (especially when trying to secure executive-level buy-in). "The more senior executive, the more critical it becomes to talk in financial terms," says Connie Moore, VP and Research Director at Forrester Research. "Without addressing those……issues head-on, it'll be hard to gain executive level buy-in." Indeed, a look through the Standish CHAOS Report for 2009 is a good indication of this fact. According to figures released in the report, only 32% of IT projects are actually deemed by executives to be successful and none of the reasons for this failure reflect a problem with the actual technology. Rather, failure is indicative of issues that revolve around poor business planning.
Tip # 1: Identify all stakeholders and their business needs, strategic goals, and processes that the HRIS will have impact on, before any solution is selected. Further, recognize that disparate stakeholders will have different views about what is needed from their vantage point. It is up to the steering committee and project team to determine how to meet both unit-level and organizational goals.
Tip # 2: Do not under any circumstance integrate a poor process into your HRIS. For instance, if you have a "requisition to hire" form that is being signed 17 times on paper, don't just blindly use your HRIS to automate that inefficient process. Invest the time to look over your organization's current processes to be sure that all procedures are as close to optimal outside the system first.
Tip # 3: Given that many HR software vendors have specific data limits and/or caveats that have to be taken into account (e.g. the number of allowable employee job applicants that can be tracked through an Applicant Tracking System), it's important to consider what the application's limits are before software implementation. Though the needs for your HRIS may evolve over time, knowing up front the HR system's capabilities will help with decisions down the road.
HRIS Mistake # 4 – Failure to Administer Data Security Properly
Though present in any HRIS, data security issues (especially privacy and company safeguards) are becoming more prevalent and of critical concern with software as a service (SaaS) or cloud-based HRIS solutions. Grant Thornton International's 2011 Issues and trends: Assessing and managing SaaS Risk highlights that due to the very nature of the cloud, any HRIS that operates through the web gives up full control of protecting data to a contracted 3rd party. This information relinquishment can in turn increase company exposure to liability. Though implementing a cloud-based HR software solution is generally cost-effective (especially when considering efficiencies in global operations), a breach in cloud-stored data is a serious issue. Because of this seriousness, Gartner Research Director Thomas Otter, suggests that companies use vendors that "meet the security requirements of an internationally accepted framework". For example, widely accepted SaaS vendor certifications include SAS 70 and ISO 27001 which test and audit standards for IT infrastructure security.
Outside of cloud-based HR systems, HRIS data security remains an ever-present issue as well. The Federal Trade Commission (yes, the FTC!) in fact just recently announced settlements with two companies due to their failure to use "reasonable" security measures in their storage of employee data. Though numerous legal requirements like this exist (which we'll discuss in the following section), these latest FTC rulings shed light on an inescapable fact: that security of HRIS data is one of the most basic and "reasonable" expectations of a data system, and those expectations need to be understood by everyone in the company. LRN's Ethics and Compliance Risk Management Practices Report echoes this sentiment saying, "Team members need to understand how a violation of a company's data……policy can affect their specific business." Indeed, safeguarding employee information is tantamount to full system acceptance—without that security, no employee or executive will trust or embrace the system.
Tip # 1: If opting for a cloud HR software vendor, make sure to get answers about security for data in transit and data at rest. Ask about security governance and information security management systems (ISMS). Finally, ask to see independent audit and attestation reports such as an ISO 27001, SAS 70 or NIST C&A.
Tip # 2: Cloud HR systems don't lessen the need for strong internal security practices such as proper password management and controls, antivirus and malware detection/eradication, user education and internal network monitoring.
HRIS Mistake # 5 – Failure to Understand Legal Requirements
Finally, perhaps the biggest HRIS mistake made by companies is the failure to understand the legal ramifications present with the data, the process, and the structure of an HR information system. Because of what data the HR function is responsible for, even a small organization can be held accountable for ensuring that scores of country, state, and province regulations are adhered to. Local labor laws, internal policies, contract issues, contingent workforce considerations, corporate employment mandates, and a host of privacy laws are just some of the areas of liability for organizations when it comes to HRIS applications. If your organization happens to conduct operations across international borders, then that expanse of legality grows exponentially. Countries that make up the European Union (EU) for example, have data privacy regulations that are far stricter than those found in the U.S., forbidding inter-country data sharing of personally identifying information. Yet, many companies remain unaware of the lurking liability inherent with a human resource information system.
In a recent Acquire Report (Top 10 Ways HRIS Data Can Unintentionally Invite a Sarbanes-Oxley Audit), Stephen Chipman of Grant Thornton Intl. says, "Millions are being spent by corporations to comply with……and address internal control weaknesses". Penalties for non-compliance can include fines ranging up to $25M; along with civil and criminal legal action being taken above and beyond the fines. Issues stemming from data related with employee benefits, compensation, and payroll are some of the most troublesome, especially with broad-sweeping laws like Sarbanes-Oxley, Basel, and Solvency to contend with. While some regulatory hurdles are easy to foresee and build into the data process, executives must be cognizant to the potential violation of obscure or country-specific laws. Even in the U.S., vagaries abound between state record-keeping statutes, putting companies that use cloud-based storage at particular risk of violation.
Tip # 1: Consult with the legal experts on each given locale your company operates within, and do this before any discussions happen with any potential HR software vendors. This goes back to the tips that come from the Planning/Scope area: have specific needs ironed out before you enter into talks about HR system functionalities.
Tip # 2: Negotiate as concrete of an indemnification clause as possible. Because of the ever-changing landscape of legal regulations, it might not always be possible for you to know the yaw and pitch of your HRIS liability. As such, you should be aware of the fact that absent an indemnification clause, your company and not the vendor will often be liable.
Human Resource Software Bottom Line
For a growing number of companies, investments are increasingly being made in HR technology infrastructure. Many companies are belatedly realizing that these financial outlays are especially critical as they have a profound impact on one of the greatest assets and expenses the organization has—employees. However, as organizations scramble to get in the game with HRIS solutions, they must still be cognizant of pitfalls such as these that still exist when looking towards these implementations and investments.
Categories: HRMS Implementations
Tags: HR Implementations
Author: Micah Fairchild