Hi, and welcome to my blog.

Here I plan to blog on the current technology issues, news, tips and tricks associated with HRIS (Human Resource Information Systems).  Sometimes the topics will really be technical (like what’s the best one-way hash algorithm for storing passwords) and sometimes the topics will be untechnical (such as what the new buzz acronym “SaaS” really means).  Sometimes I’ll even shamelessly pitch an Achievant service or product.

I hope you find the blog useful.  Feel free to comment on postings, ask questions or suggest topics.  At Achievant, and specifically in the IT group at Achievant, our motto (like that buzz word) really is Software as a Service.  Most geeks (and I mean that in the nicest way possible and include myself in the moniker) tend to be techno-centric, fascinated by what technology they apply to a business challenge.  At Achievant we’re client-centric.  Technology and the things we can do with it exist to serve one thing: the client’s needs.  The most gee whiz, whiz bang piece of technology has zero value if it doesn’t further a business objective.  We get that and for us, a simple as it is, that’s SaaS: put the client first, serve the client’s needs, build technology that furthers a client’s goals.  It’s not about us; it’s about you.

And that’s what I hope my blog is and does: meet a need, provide a service and add an intrinsic value. 

Thanks for visiting.  I hope you’ll come back often and help build the blog into a community where questions are asked, answers are offered and informational discussion takes place that helps us all accomplish our goals and overcome our challenges that much more easily than we might have otherwise.

If you’d like to learn more about Achievant feel free to sign-up for a webinar.

Yesterday, one of our smartest employees did one of the dumbest things ever.  She opened an e-greeting card from someone she didn't know.  Within seconds she knew she had a problem.  It could have been the anti-virus warning that popped up or the freaky image that suddenly became her desktop background.  Either way, the first thing she did was raise the alarm.

You may be asking yourself what a virus outbreak and HRIS Software have in common.  To me, the commonality is in the quality of the response.  Anyone can sell you a talent management system.  In fact, any two pieces of HRIS Software are likely to be very similar.

What's not going to be similar are the people behind the product.  When the virus hit that one user the first thing we did was isolate her from the network (well, isolate her computer, we didn't really do anything to her). 

Then, to make sure there would be no further spread of the virus we took all of our computers off the network.  We did this by simply unplugging the switch that handles all computer traffic.  We left the switch that handles all VOIP up and running.  In short, we had a good plan and were well prepared.  Within minutes we new the extent of the problem, had it isolated and were on our way to better times.

The same can be said of how we provide service.  Maybe you use our employee time and attendance module or our performance assessment module.From the day you kick off your implementation and everyday thereafter the achievant team is ready to answer questions, address issue and help you make the most of the tool you purchased.

Any two pieces of software Human Resources Software are going to be more or less the same.  But the people who support them, who make you successful are not.

As the use of web based programs grows, becomes more common and is more widely accepted we've begun to have clients ask to add 3rd aprty widgets (like their own stock ticker) to our online human resource software.

I get why clients want this... it's a perk for their users and can enhance employee self-service.  Widgets, when embedded together in a single page, can offer a kind of one stop shop for employee self-service.  if your learning management softwware offers this widget and your performance management solution overs that widget and you embed them all in your core HRIS software then everything has coalesced into one easy to use piece of software.

As a general web surfer I think widgets are great.  I use several of them and like to look at sites like google to see what new gadgets are available.  Almost all of my favorite sites offer some sort of plugin or another.

As the head of IT for a company I hate widgets.  Everyone wants to install them on their desktop, include them in their home page so they're there every time they open their borwser.  My problem with them is that they are frequently authored by random people and aren't subject to oversite so they are potneitally riddled with spyware, malware, virus and whatever other icky stuff someone can dream up.

Two news articles this week point this out.  One, a blog post from TechCrunch, talks about a worm spreadhing on Facebook.  Another points out theat google gadgets are now the focus of hackers.

Employee training and development is the number one way to prevent these kinds of tools from becoming a danger to your information security.  You can't alway control where people go, or even sometimes, what they install while at work.

Learning management software is a beast unto itself.  It can be a very simple piece of human resource software or it can be a giant, full-blown module.

In my career I have worked on Online Employee Training software that has covered the entirety of the possible range of robustness and complexity.

Because learning management modules can spider their way into so many other aspects of HRIS they can be an integral and important part of any talent management system. Learning management naturally flows into performance management, succession management and even applicant tracking depending on what your on-boarding process is like.


This week Achievant rolled out some new enhancements to its LMS.  Our module for learning management started off life as a lightweight module that though flexible and fairly robust had room for growth.

We've added over 17 new features some of which included:

·         proctoring features for trainers who need more detailed class planning and tracking

·         more robust class rosters and session results

·         the ability to track education credits for both internal and external classes

·         automated notifications for minimum class size not being met

Our goal, as is almost always our goal (and philosophy), as we build out our web HRIS software is to grow it incrementally.  Each time we work within the app we look for areas where we can add new features.  We listen to our current clients, our future clients and our industry to see what needs and wants are out there and we take the opportunity to add them whenever we can.

For us, such a successive refinement approach to all of our modules is not unlike learning management itself: with continuous work and grooming people (or applications) can get better at their jobs.

Today I had to contact a vendor over a potentially serious problem we were having with some of their equipment. They have a nice little automated package to which you send an email and from you which a new case is automatically created, support personnel are contacted and an initial response sent.

I marked my issues as needing immediate attention and went about my business waiting for a reply.

Three hours ago a reply would have been timely.  A reply now might save a good part of someone’s derriere.  A reply any later than, say, right now will get me a little wound up.  Like Tasmanian devil wound up.

Anymore, every industry is a service industry.  A three hour response to an issue isn’t even remotely acceptable.  You might not be able to solve my problem as quickly as I might like, but at least let me know you’re working on it.  Via a real person.

With live chat support, 24x7 email and phone support and the long list of other support means now available from virtually any company if your company doesn’t supply top notch customer service you’ll pretty much be immediately behind on the customer service learning curve.  And any company that isn’t supply either great service or who doesn’t have a monopoly just isn’t going to make it.

It may seem obvious, but clients are a company’s number one asset and any company that doesn’t jealously protect and nourish that asset is going to lose it.

I spent my morning with a potential partner going over key aspects of their business model for which we will be adding support in our application.  It was a very typical software requirements meeting: it started out with a group of people looking across the table at each other wondering how to start.

I suggested we start with four or five goals and work our way into the details of each in succession.  Pretty soon we were drawing like cavemen on whiteboards, talking compensation matrices and other minutiae of the HR world.

Some of the items we indentified would be tough to implement and at one point the statement was made that “maybe this isn’t a solvable problem”.  Huh uh.  No way.  Not going to happen.  All problems can be solved.  Sometimes the cost or the time or the effort required exceed our means, but that doesn’t mean it can’t be done.  It just has to be rethought.  We left the meeting with scads of notes, a number of great ideas and the general feeling that we’d had a productive morning.

When I got back to the office I found a news article about Time Magazine’s Top 100 Influential People in the world.  It was an interesting read.  One story in particular reverberated with me after the morning’s meeting:  if Mary Lou Jespen can bring a computer to children around the world who don’t even have physical classrooms I can create an enhanced performance management and  compensation management tool that can morph and evolve to meet almost any client’s needs.

Challenges arise, problems happen and all too often I see people give up.  I hate that attitude.  With creative thinking, some strategic compromises and hard work a lot can be done with a little.

My hope is that after each such meeting, whether with a client, a potential partner, or our own staff people leave with the feeling that by working together, by pursuing the goal we can get to wherever it is we want to go.

A few years ago when gas prices started to cross the $3.00 mark I had a number of employees come to me and ask about working remotely.  Their rational was that gas was getting expensive and their long commutes were hurting their budgets.  Some wanted extra compensation to set off the rise in gas prices or the flexibility to work from home a few days a week and some just wanted to work from home.

My answer then was a firm “no”.  I am not a fan of working remotely.  On the most part I simply don’t trust human nature.  It’s the rare person who will work as hard sitting in his den as he does sitting in his cube.  Add to that the associated challenges with communication, lack of team building and the security/insurance risks of having a telecommuting workforce and I have really never found the idea a promising one.

This week I had an employee come to me with the prospect of a three week trip to Egypt two of which would be telecommuting and one of which would be vacation.

So I did what any good manager does and said I’d get back to him, delaying the uncomfortable confrontation when I’d have to tell him no.   So while I pondered the easiest way to tell him he couldn’t go I also pondered my reaction to the request and came to realize that one of my biggest knocks against telecommuting was simply that I am an old dog and this is a pretty new trick.

I’ve come to realize that if telecommuting doesn’t work it’s the company’s fault and not the workers'.  If you don’t have the right policies, checks and balances and employees to succeed with a distributed workforce you probably don’t have the right policies, checks and balances and employees to succeed period.

Let’s start with the people.  If you have someone cheating the proverbial clock while working from home you can generally rest assured that they’re cheating that same clock one way or another at work.  And if you can’t trust your employees to work while the boss isn’t looking you need to examine your hiring process… somewhere along the way you’re hiring the wrong people.

As for productivity, if you can’t manage it when someone is working from home (or wherever) you probably aren’t tracking it appropriately to start with. 

Communication can be a challenge, but technology has pretty much bridged that gap: web cams, instant messaging, VOIP, video conferencing and a plethora of other mainstream technologies make keeping in touch pretty easy.

So in the next month we’ll be having our first trial run at supporting a virtual office of one as one of our team takes his VOIP phone, air card and laptop partway around the world and works from the land of the pharaohs.

So, recently, here in Indiana there was a story about a school system permanently losing some school records due to a computer glitch.

My first reaction was: Really?  That can still happen?  No way!  But apparently it can and still does happen.  Read the story and you’ll find this quote:  The school district's announcement said IBM engineers determined the loss of data was caused by "an unfortunate and very rare combination of hardware problems and backup configuration settings."

I don’t know about you, but if I read between the lines I am pretty sure that means someone wasn’t backing up what they should have been and when the hardware crashed and burned they discovered the omission too late to do anything about it.

In my opinion if you’re the conservator of someone’s data you need to be sure it’s being taken care of.  Here at Achievant we have a very robust back-up plan that backs up the data and then backs-up the entire disk image on which that data lies.  We keep the back-ups for at least 14 days, some for a month and some for a year.

We also routinely restore from back-up to ensure that we can.  Sometimes we restore just a single file, or a single database table or even an entire database.  And now and then we restore an entire server.

When you back-up you need to test and audit those back-ups.  You need to know that they work the way you expect them to and that in a true emergency they are there, whole and ready to go. 

Losing grades is bad.  What if it had been your banking records or your time and attendance data or your benefits information?  Our world runs on data these days.  Being sure our data will survive everything from an oops to a typhoon is s fundamental.

Everywhere I’ve worked I’ve recommended background checks on employees along with drug screens and a robust set of policies and procedures. 

It’s not the most fun thing to do.  I generally dislike a lot of policy and procedure.  It’s annoying and it sets a tone I don’t really like.  However, take a look at the security breach at LendingTree and you’ll see why these things are necessary.

In short, employees from the company gave their passwords to unscrupulous individuals who then accessed account data of clients using the service.

This is a tough hacker approach to defend against.  Offer someone enough money and they are likely to be willing do most anything.  How much for info on Britney Spears’ medical records?  How much for a photo of a celebrity’s kids?  How much for a password?

You can’t control human behavior, but you can be aware of it.  If you run a shop with sensitive data and you hire people who have a criminal record, with huge debt, who maybe take drugs you increase the likelihood that those employees can be compromised via bribes or other approaches to illicit data access.

Performing background checks and drug screens help weed out potential risks.  Having robust security measures, frequently changing passwords and a termination workflow that makes sure account access is terminated in a timely fashion when an employee leaves the company all help ensure your data doesn’t become someone else’s data.

Routine review of access logs would also have helped catch the LendingTree problem more quickly.  If a user is suddenly accessing the system all hours of the day all days of the week it’s a fairly sure sign that that user’s account has been compromised.

A little bit of due diligence, however tedious or even slightly uncomfortable can go a long way to ensuring that your data remains secure.

I always find trends interesting.  TechCrunch has a great blog post today that shows Internet trends (using a Morgan Stanley report).  In a nutshell the report shows that social sites are dominating with respect to user traffic.  Being a business to business kind of site, Achievant doesn’t necessarily fall into the same bucket as such sites, but I think there are lessons to be learned.

We all want traffic to our sites whether our sites are the company intranet dolling out the latest company news, or a marketing site pimping the latest product or a consumer site selling the latest must have widget.  Whatever basic human need is driving people to YouTube or Facebook is the same human need we can tap to bring people to our sites regardless of their function.

If you’re trying to get your employees to read the latest policy on this, that or the other thing and you can’t get them to stop on the intranet’s home page, maybe adding something social (as the trend shows) will bring them in.  If you’re trying to sell widgets it would appear a widget forum where the general masses can leave their two cents worth would bring traffic your way.

As a developer of websites I find the trend pointing toward the next iteration of a user interface.  These social sites that hundreds of millions of users hit each month are being hit by the same people using Achievant’s HCMS.  The user experience on these sites frames the expectation of the user for our site.  We probably won’t ever have video sharing or a friend tracking widget, but we might have forums or a look and feel that is less business and more social.

As I logged into my NCAA tournament bracket today (I am tied for first, BTW) I was struck by the fact that my username and password for that login matched my username and login for an account at work.

So then I wondered: does the company hosting my bracket protect my login credentials with the same rigor as I would protect login information for a corporate account?  The honest answer was: probably not.

Password diversity is a part of password complexity that is often overlooked.  I think we all find a password we like and then stick with it or variations of it over time.  I am currently on mypassword24 on one of my accounts simply because I can easily remember it, can type it reliably and am not go-getter enough to think of a new password.

The problem with a lack of password diversity is that once one account is breached all of your accounts are breached or easy to breach if you are using the same password of variations of the same password.

It’s a pain to remember all of the passwords one has anymore.  I have at least 15.  Having them all the same or similar simplifies the task of remembering them, but the risk is fairly monumental.  Of someone compromises my tournament bracket password do I want them to be able to easily guess my mutual fund password, on line banking password or network login?  Not at all. 

So, just after checking my final four picks I went through every login I have and chose different passwords.  Each is in some way tied to the application I am using so that I have a sort of mnemonic for remembering them, but each is sufficiently diverse enough that someone who gains access to one will not easily gain access to another.

There seem to be no end of cautionary tales in the media these days.  Hackers steal over four million credit card numbers,  more hackers steal students’ personal information,  electronics come straight from the factory already infected ,  your swipe card for door access at work and other places can be easily hacked , and even your pacemaker (if you have one) isn’t safe.

It’s like a hail storm of bad technology news.  I might move to a deserted island somewhere and give up all my modern conveniences in order to escape to digital mongrel hordes that are after my data.

So what do you do?  You take all the precautions you can.  You make sure your anti-virus, anti-spyware, anti-malware and anti-spam software are all up-to-date.  You make sure your OS is up-to-date.  You are careful about what links you click, what emails you open, what programs you install.  You make sure your spouse, kids, mom, dad, cousin and aunt are all aware of the same precautions and are taking them.

Sounds tedious.  Sounds time consuming.  Sounds like a pain in the rumpus.  It is. But you’re not done yet.  You need to make sure that all the people who have your data do the same: the grocery store, the bank, your online retailers, your doctor, your accountant, your HRIS vendor and pretty much everyone else you do business with.

If you outsource an HRIS needs (like time and attendance, learning management, payroll integration, etc) you need to make sure that vendor is doing all they should.  They don’t just have your data… they have the data of every employee in your company and quite possible the data of their dependents, beneficiaries and a whole host of other innocent people.

A company should spend at least 10% of its IT budget on security.  All of the things I suggested you do above are the bare minimum they should be doing.  Ask to see their security policies, their intrusion response documents, their SAS 70.  Ask to see everything.  Then ask them how they know all of these policies are being followed.

For me, I believe actions are better than words.  Any good company has their employees sign acceptable use policies, claim they use “best practices” around digital security.  I like to prove that.  How?  You can:

1.       Hire someone to perform a physical penetration.  In the past I have (about every six months) had someone walk into the office, pretend to be a computer technician, a new IT employee, whatever and then work to gain access to computers, networks and other data stores.  It’s a great way to keep people on the alert.

2.       Pay a company to perform a penetration test against your network (or, if you have staff with the right skills perform it yourself).  Do it once a quarter.  Things change and you need to make sure you haven’t accidently opened a whole in your digital fortress.

3.       Send out monthly security newsletters… it helps keep security on everyone’s mind.

4.       Subscribe to security alerts from your anti-virus, anti-spyware and other security software vendors.  They generally do a great job of getting in front of new attacks and keeping you aware of the latest schemes.

 

There will always be new and improved security threats.  There’s not much you can do about that.  What you can do is be aware, be ready and be on guard for what may be coming your way.

This morning one of my coworkers asked if I’d take a look at his computer.  When I asked what was wrong he mentioned it might have gotten wet.  Really?  How did that happen?  Apparently the 2^nd best place behind the fridge to keep a bottle of water is your laptop case (in the same compartment as your laptop itself).  Who knew?  If you don’t tighten the cap to the water bottle bad things can happen.  Like your laptop can get flooded with 16 oz of water and stop working.

Fortunately for my associate most of the water just puddled in the bottom of the bag and his laptop is fine.

Giving your laptop a sip of water when it’s thirsty isn’t covered in our Acceptable Use Policy or our Incident Response Policy or any of the other myriad of forms one has to govern the use of company technology resources.

One of the problems I have faced in the past (aside from sometimes novel uses of one’s computer) is keeping employees aware of those policies.  Generally the read and sign them on their first day and never see them again.

At Achievant we have a feature in our application (which we use internally) that posts news and documents on our HRIS’ home page so that a user logging in gets a brief news update.  Using these creatively we can remind folks of the content of our policies and keep some of the more important ones (like security awareness) forefront in the minds.  It’s a feature that has less star power than time and attendance or learning management, but is one that adds considerable benefit when used effectively.

 

I hate inaccuracies.  I don’t mean your run of the mill, oops I made a factual error inaccuracies.  I mean the silly, any thinking person should know better inaccuracies.  To protect the (mostly) innocent I won’t mention the name or relationship of this person, but in my digital life I have an individual (and I know we all have one) who endlessly forwards me every email warning ever.  All of them are untrue.  In the last month I have received ridiculous emails about every Presidential Candidate, computer viruses, the latest gang initiation death threat and everything else you can imagine.

Oddly, I find some of these same messages plaguing my inbox at work.  Good meaning, but perhaps ill-informed coworkers, colleagues or professional acquaintances forward on a variety of spam that should never make it anywhere except someone’s Deleted folder.

As the head of IT I face a bit of a challenge with these emails: I don’t want anyone to think that I do not appreciate their attempts at security and I don’t want a well intentioned person to raise a false alarm that creates even more work for me (or a political headache).

Let me give you some examples:

1.       A colleague once forwarded me an email that said “Ed, this looks like a virus.  What should I do?”  He CCed his boss and the technical support distribution list.  Well, for starters, don’t email it to me.  If you think an email has a dangerous attachment or link in it, don’t send it to someone.  Call and ask. The email was actually a notification from the email server that the original email attachment had been deleted because it contained a virus.  Had this person simply read the first sentence in the email there would have been no cause for concern.  Of course he told a few people that he had a virus, who told a few more people and pretty soon the entire company was fraught with worry.

2.       A colleague once convinced the CEO of the company for which I worked that we would lose some of our contracts should the client ever learn that we received so much spam.   The account on which she was getting spam was our marketing account which was on about a billion websites and had its spam filter settings set very loosely so that we did not miss a viable opportunity due to it ending up caught in the spam filter.  I ended up coming in from my vacation to deal with the fallout from this one person urban legend.

3.       A colleague once sent the entire company an email (which was actually a hoax circulating on the Internet) warning them that they needed to shut their computers off on a specific day because a massive virus was supposed to hit.  Before I could control the tsunami of proactiveness that followed action plans had been formed, productive work had stopped.

So, how do I control the flow of information to make sure it is valid and accurate?  First of all I make sure we have spam, spyware, malware and anti-virus software installed everywhere.  Then I make sure the policies for these tools are well defined, well communicated and that people know what to expect from these types of software.

Next, I make sure that there is one definitive source for communication of all cyber related threats.  This way people will know not to respond to the occasional false alarm from the general population.  I also make sure the inverse is true and that there is a definitive contact for any cyber related concerns.  If someone knows who to contact it helps control the flow of information.

How can an HRIS system help?  The Achievant platform allows for two forms of companywide communication: there is a home page that acts much like an intranet and there is a messaging component.  Use of either of these can alert staff to virus outbreaks, security updates, etc.  At Achievant we use this messaging to great effect, keeping the staff aware of any news alerts that are important enough to warrant immediate distribution to either the whole company or a select group.

Today I am back on the HR 2.0 topic.  It seems like every blog, news article or factoid I read these days is all about social this or wiki that and the word “mashup” seems to be on the tip of everyone’s tongue.  Actually ‘social” and “wiki” are already kind of dated and mashup is (IMHO) a newer, slightly evolved, version of the same.

So, reading about things like Yahoo! Buzz and MyPunchBowl’s own Buzz I began to wonder what an HR mashup would be?  What would it do?  How would it make our lives better?

I see two possible HR mashups: one for the HR professional and one for the HRIS user.

First, let’s define what a mashup is: a mashup is essentially the aggregation of data from diverse sources into one place.  A hip techno geek might want to wax poetic about the separation of data and presentation, but in my mind that’s over complicating something that is basically simple.  In the modern age you can get instant access to pretty much any piece of information you want and from pretty much any source you prefer.  Bring all those pieces of information from all those various sources into one place and present it in a meaningful way and you have yourself a mashup.

If you look at either Yahoo! Buzz or MyPunchBowl’s Buzz you’ll see what is essentially a mashup (more so for Yahoo! Buzz) that adds a social twist by allowing users to rate the content within the mashup.  Visit Digg and you can see more of the same.  The proliferation of this kind of site must mean there is (at least a perceived) need for it.  I think it also means that the need has not been met.

So, back to the HR Mashup…

What if you, as an HR professional, had a mashup at your disposal that brought together all of the HRIS, HR automation, time and attendance, etc information of meaning to you and then let other HR professionals give it a virtual thumbs up or thumbs down so that the cream rose to the top and the chaff fell away?  Would it help you keep up with current HR issues, changes in HR law and see HR trends emerge?

What if you, as an HRIS user, had a mashup at your disposal that brought together all of the time and attendance, learning management, performance management, applicant tracking, etc data you might want?  You could see that suddenly everyone is taking the day after Thanksgiving off or that everyone in your job family has signed up for a new course or certification or that everyone with your experience is applying for this new job?  It seems like it might be a nice way to stay on top of changes and events within the workplace for which you might use your own company’s HRIS tool.

A mashup is kind of a mob mentality, but one that would use a collective to push important current and emerging topics to the forefront.  It’s really a two heads are better than one kind of thing: if every other HR professional is finding topic C to be particularly salient maybe you will too?  Or maybe you can keep your marketability high by seeing the trend that everyone competing for that job you want 9or have) is adding to their skill set by getting certification Y.

You’ve probably heard the term Web 2.0 tossed around like a good salad at a fine restaurant.  It’s one of those buzzwords whose drone seems ever present in the background of web based technology talks today. 

What Web 2.0 is can be hard to define or maybe isn’t widely agreed upon and is generally based on your own biases.  In my opinion and in short Web 2.0 is generally comprised of any combination of three things:

1.       Functionality and features (particular within the user interface) equivalent to those you can get with a desktop application.

2.       A social twist on a formerly strictly technological domain (like search).

3.       Transformation of what was essentially tactically oriented automation of previously manual task into strategic analysis and action based on data from those tasks.

Being a web developer who works in the HR space I’ve started wondering what HR 2.0 should be.  Should I be developing a virtual HR world along the lines of Second Life where your avatar walks into a cyber-faux HR department that looks like a Caribbean resort in order to request time off or to complete an expense report?  Should I be working on a social alternative to the usual HR functions that uses a wiki-like mob Inteligencia to perform daily HR tasks?  Probably not.

What I should be working on is a way to take the tasks of time and attendance, learning management, session management, performance management, etc that we’ve automated and elevating them to be tactical and strategic.  An HR 2.0 application should be a proactive piece of software that doesn’t just help streamline day-to-day task; instead, an HR 2.0 application should point your organization in the right direction by helping determine strategic success factors.

Let’s take succession management (the subject of my last post) as an example.  The application might tell you what gaps you have now, might help you use our learning management module to plan to fill those gaps, might give you a roster of who is where and how long have they been there, but as an HR 2.0 application it should also tell you (maybe without your asking) that Bob Smith is the best choice for that new VP of Whatever slot that just opened up.  It should tell you that if you train Mary Jane Doe on topic X she’ll make the best replacement for John Somebody who has 29 years of service in and is ready to retire.

In short, a HR 2.0 app should be an active virtual employee within your company bringing solutions to you without the need of your asking it for the data to make that decision yourself.  Two dot oh means that it is time for software to move beyond automation of mundane tasks into the space of strategic planning.  Two dot oh software doesn’t just work hard; it work’s smart, too.

I am a nerd; ergo, I am a fan of the Hitchhiker’s Guide to the Galaxy series.  What’s that have to do with IT or HR?  Well, I learned my most import IT lesson from the first book of that series.  The Hitchhiker’s Guide to the Galaxy (an actual interstellar travel book ala Fodor’s or Lonely Planet within the context of Douglas Adams’ imagined universe) has one important message at all times: “Don’t panic!”

It’s as good of a mantra for an IT professional as any I’ve ever heard.  Things happen.  Bad things happen.  In the midst of a techno-calamity remaining calm can be the difference between a good decision and a bad one or between hours of down time or minutes of down time.

Monday’s Blackberry outage is a shining example of why panicking isn’t productive.  For those of you who don’t carry the ubiquitous device and are maybe unaware of the outage, Blackberry subscribers lost email functionality for a portion of the day Monday.

So you’ve read my title and you’ve read my intro and you’re wondering… what does any of this have to do with succession management?  Succession management, in the simplest of terms, in having a plan in place for when something (really someone) you need goes away.

In the case of the Blackberry outage you can find a number of testimonials on the web about how someone was so detrimentally impacted they want to sue Blackberry, or get a refund, or switch to a Treo.  Apparently, those people did not have a plan for what to do if their mobile device lost email.  Apparently they also couldn’t devise a plan on the fly.

So what if something more important than a Blackberry went away?  What if, say, I got fed up and quit or was lured away by a better organization?  What if I was promoted to Chief IT Czar of the Universe and someone else had to fill my role?

Fortunately, I have plan.  A succession plan.  I won’t list the many things that would make a good succession plan or succession management tool.  They are really pretty simple:

1.       Know who is on your bench. 

2.       Measure strengths and weaknesses

3.       Know who you need to keep

4.       Have a plan for making sure anyone you need to keep stays

5.       Be sure to continuously groom those employees for roles further up the career ladder

For me my first step in succession management for my position is to hire my replacement.  Once I’ve done that I start actively preparing that person (or maybe even persons) to take on my role.  I identify the gaps in their skill set and I start little by little giving them some of my responsibilities, exposing them to the details of my role/job.  I do my best to help them grow and learn.  Not only does it provide the company with a new me should the current me move on in some way, but it allows me to take vacations, effectively delegate work and provides a staff in whom I can trust and on whom I can rely.

Succession management doesn’t have to be overly architected or cumbersome.  It doesn’t even have to be overly formal.  Good succession management starts with the awareness of what leadership roles are needed, who currently fills those roles and who can fill those roles in the future (given the appropriate mentoring, training and career development).  Have a plan; work the plan; don’t panic.

Yesterday almost everyone in our office received one of the IRS tax refund scam emails that have been going around.   No one fell for it, but I can see how someone could.  Computer related fraud is becoming more and more common. 

During the sales cycle we are often asked how employees might defraud our application and cheat the company.  There isn’t a cornucopia full of opportunities for fraud in HRIS, but there are few and one spot in particular is time and attendance.  Stealing time from an employer is probably as old of a trick as employment itself.  Fudge 15 minutes here, a half hour there and pretty soon the company is paying you for 40 hours of work when you’ve only worked 30.

We allow for two basic types of (regular) time entry in our application: by the honor system and by time punch.  Which a client uses is usually a nod to the corporate culture of that client.  We’ve had client adamant about never using the honor system and we’ve had clients just as adamant about always using the honor system.

Here is how we work to prevent fraudulent time and attendance entries the application:

1.       Time punches: if used by a client our time punch system requires the employee to authenticate via username and password and then punch a virtual time clock.  The time for the punch is controlled by our servers.   By requiring authentication we’re making it more likely that the employee is punching their own "time card”.  By controlling the timestamp on our servers, we prevent anyone from cheating the system by fudging the time on the client PC.

2.       Rounding:  We round the punch or honor system entry by whatever rule the client has.  We all know people who work this angle.  If someone knows that until seven minutes past the hour the punch will always round back to the hour they wait until 6:59 past the hour to punch in, stealing almost seven minutes.  We track the rounding and measure whose favor the rounding is in and can report on these on an employee by employee basis.  Over time if an employee is being honest with their punches that give and take should average out to about zero: sometimes it will be in the company’s favor and sometimes it will be in the employees favor.

3.       Work Flow: For all of our time and attendance functions there is an associated work flow.  The workflow is defined by the client and can be (and should be) used as a check and balance.  If a manager is required to review and sign-off on an employee’s time and attendance then it is much more likely someone will be honest in their timekeeping and that any fraudulent behavior will be caught upon review.

Our controls for off-time work pretty much the same way. You have to go through very similar process esin order to take time off.  We track your requests for off time, put them through workflows, get them approved and report on them.

Not many employees cheat at the time and attendance game, but it’s important to be able to know if someone is stealing time.  Labor is a huge cost for any company.  If you were being shorted half your widgets on every shipment you’d want to know and would want to take preventative measures to prevent it.  The same is true for hours worked.  Every hour falsely worked is money taken from the bottom line, lost productivity and a theft from the company.

Defining what is or what is not a defect is a lot like defining happiness or love, but in reverse.  Happiness and love are fun, defects are not.  In two recent posts I discussed metrics and goal setting.  For me, and I think for IT in general, metrics are null and void if a company does not have a well defined set of criteria for what’s a defect and what’s not.

A lot of issues can masquerade as a defect and defects can come in many shapes and sizes.  Without being specific about what a request type is and means too many issues will get lumped in one bucket and the wrong people and groups will get saddled with the weight of that bucket come metric measuring time.

If you’ve read my posts Metrics 101 and Metrics 102 you know that we’re going to measure IT success (in part) at Achievant based on the flux within our ticketing system.  In order to have valid metrics we’ve identified 10 types of tickets:

1.       Data Update:  This category covers any data transformation, update, whatever.  These aren’t defects.  They are usually in responses to changes in state or federal codes or a change is business practice by a client.  For example, when the fed changed the convention for ethnicity codes that generated a Data Update ticket in our system as we complied with the change.

2.       Defect - Business Logic:  There are lots of flavors of defects.  We wanted to pin our defects down a little so we could better track where we are breaking down.  A business logic defect is one where the actual business rules are not followed.  For us a ticket is marked as Defect – Business Logic only if the developer coded the business logic incorrectly.  If we see a lot of these we know that we’re doing a poor job of communicating business requirements to the product development team and can adjust our requirements gathering and reporting accordingly.

3.       Defect - Hard Error:  Really you should almost never see these.  These are errors that are full on blow-ups.  You shouldn’t see them in QA and you shouldn’t seem them in production.  A developer doing his job unit testing should uncover any error so egregious prior to releasing his code.  If we see a number of these we know we’re either rushing the process or have developers who aren’t doing the due diligence they should.

4.       Defect - User Interface:  This means the UI has an issue.  Maybe the screen does refresh after a drop down list change or a button is in the wrong location on the screen.  These are strictly issues relating to the look and behavior of the UI.  Too many of these means we are not validating or work against the specs well enough or not following our own design rules.

5.       Defect - Validation Failure:  this category is exactly what it looks like.  The code failed to validate a data entry upfront and bad data has made it into the system or caused an error.  To many of this type of issue means we’re not taking the time to bullet proof the application and are rushing.

6.       Enhancement:  Enhancements are any changes to the app that make it better and which are not a simply a gap in current functionality.  These are for brand new functionality only.  If our applicant tracking module doesn’t allow for the upload of resumes in Word format that’s a gap, not and enhancement.  If we decide to add a module for union labor disputes that’s an enhancement.

7.       Gap:  Gaps are those things the application should do, but doesn’t.  Every application has these kinds of issues.  They are like enhancement in that they are new functionality, but unlike enhancements in that we should have thought of them while developing an actual enhancement but didn’t.  these are the slap your forehead, :why didn’t we think of that” kind of things

8.       Missed Requirement:  These are a failure in the requirements definition.  If a client MUST have duplicate copies of all emails sent to legal and we fail to note that and don’t develop that it’s a missed requirement.  These are things that come up in the sales and discovery process, but which never make it into a requirements document and are then never developed, but should have been.

9.       Performance Improvement: These are tweaks to code, SQL, OS configuration, whatever that make the application perform faster.  At Achievant we record the load time for every request of every page and regularly review the numbers to make sure we’re not slowing down and to also ensure that we don’t have any dogs out there.  Performance Improvement tickets address application slowness.

10.   Wish List: We all have this.  We might call it a portfolio, a backlog, whatever.  It’s those things that one day we’ll get to when all the planets and stars align and we’re not busy doing something else.  These are unique tickets because they sit on the shelf for a long time by their very nature.  When you’re measuring the closure rate, etc of your tickets this bucket can skew your numbers if not accounted for accordingly.

Just as important as defining what the tickets are is the goal of getting everyone to agree and to follow that convention.  We all know there are politics associated with the tickets in queue for product development.  If everyone follows the game plan then everyone is measured equally by the metrics.

Now that I have been blogging a while I have gotten a number of questions about what blogs I read.  So, even thought it isn’t related to time and attendance, HR automation software, performance management or any of the other HR topics I frequently cover I thought I’d list my top five favorites for anyone else who was interested:

1.       TechCrunch:  to me TechCrunch is kind of the insider Technology blog.  It covers all that’s new on the Net.  TechCrunch is more about the business of the Net than just the gee whiz gadget stuff you might find elsewhere.

2.       Red Herring: This is probably the most serious blog I read.  While the others certainly have real content Red Herring is more like news that any other blog.  Red Herring is a technology magazine dedicated to emergent technologies.  They are serious journalists and making it into Red Herring is a little like being in Time or Newsweek.

3.       CNET: CNET has a bevy of blogs.  I like the Beyond Binary blog and the Crave blog.  If you can’t find a technology related blog to read here you have no technology soul.

4.       Digg: a great way to stay on what’s hot at the moment.  Dig is essentially news bits (and other bits, too) rated by readers.  Either Digg It or don’t.  Get enough Diggs and you wind up on the Digg front page.  You may see the Digg icon on blogs, videos, news stories and a myriad of other things as you surf.  I read the Technology section of Digg.  It’s great amalgam of some of the best technology content on the web.

5.      Technorati:  this site is a collection of what’s hot right now.  It’s a great way to get your techno-blog on in a one-stop-shop format

You may work in a specific industry vertical (like, say, HRIS), but keeping up on the latest in technology makes you that much better at what you do.  There is a lot of crossover in the tech world and knowing what’s hot in music technology, bio technology, or whatever may very well help you serve your clients better.