HR Pulse

Profile

Layout

Direction

Menu Style

Cpanel

How to control the costs and risks of HR

Andrea Lodolo
ARTICLES

In any company, people are employed, change positions through promotion, and move on. It’s a set of processes as old as the concept of employment itself. However, to this day it is poorly managed and controlled, adding hidden costs and presenting gaping security holes. There are far better ways – driven by HR technology - to manage these processes but unfortunately, most companies simply don’t see the value in it - yet. Investing in HR technology to solve problems delivers clear efficiency and security gains.

In any company, people are employed, change positions through promotion, and move on. It's a set of processes as old as the concept of employment itself. However, to this day it is poorly managed and controlled, adding hidden costs and presenting gaping security holes. There are far better ways – driven by HR technology - to manage these processes but unfortunately, most companies simply don't see the value in it - yet. Investing in HR technology to solve problems delivers clear efficiency and security gains.

While banks are typically on top of credential management, the same cannot be said for broader business. A surprisingly large number of companies cannot identify who 30 to 40% of their employees are and their systems and building access credentials. Just cleaning up what seems to be a patently obvious problem is a real challenge, made more difficult as different names can be used by HR and by IT and other departments, for example 'Frederick John Smith' in the HR system may be 'John Smith', 'Fred Smith' or even 'Derick Smith' to IT.

What's more, most companies don't yet see this as an issue worthy of expenditure. After all, it doesn't add to the bottom line as it's essentially an administrative function. However, should a security breach occur that viewpoint changes rapidly. Add to that the hidden cost of the time wasted, often by senior management personnel trying to figure out access and provisioning for new employees.

At the root of the problem is the manual nature of on-boarding employees

This is in addition to – when they leave - removing them to prevent them from accessing the company systems. Most organisations don't even recognise that the process is manual:

  • Typically, it is driven by e-mail, with considerable amount of 'to-and-fro' between managers, the IT department, facilities and HR.
  • The process often involves re-keying of information between various parties, with no sure responsibility at any point.

Problems should immediately be apparent. When there is re-keying of data, the potential for human error is obvious. Common occurrences include:

  • Incorrect spelling of names,
  • Accidentally not providing access to one or more systems or buildings needed by the specific employee, and
  • Not recording or knowing who the new employee reports to.

There are always problems with this process, which leads to frustration, wasted time and ultimately new employees sitting idle and unable to start work.

When someone changes job position another similar process is initiated

In many instances, the manager e-mails HR to let everyone in the organisation know. However, neither HR nor the manager typically knows who administers various systems to which the promoted person may now need access and, by the same token, to revoke access to systems that he or she no longer needs to work with. At best, the process is driven through a service desk system where a ticket can be opened to initiate the change and has some form of tracking.

Biggest issues arise when an employee leaves the company

The longer they have been with the organisation, the greater the potential risk. Typically, as an individual goes through their career, they are provided with increasingly higher levels of access. As they have moved, there may be systems and facilities which they once used, but no longer need, however still have inappropriate access to. By the time they reach a senior position, they might have 'the keys to the kingdom'. When they leave, if all those access credentials aren't removed, the organisation is left wide open.

The departing employee might themselves have motivation to wreak havoc – disgruntled persons are a recurring fact of life – or their user credentials might be intercepted by someone else with an agenda. Regardless of the approach, when there are obvious 'ins' owing to unrevoked former employee credentials, a major security risk exists.

Intelligent HR technology can analyse employee types

It can also automatically produce a set of job roles with typical access permissions. From there, an automated process, controlled by HR, allows for easy on-boarding of employees, with single capture of information which is synchronised with IT to provide all access and provisioning to required systems and facilities.

When the individual's role changes, it requires a 'single click action' to revoke previous access and allocate the new role, with all its pre-populated access permissions. There is no re-keying of information, thus eliminating the possibility of errors. When the employee leaves, another single click removes all system permissions, locks out laptops or other devices, and invalidates access cards.

So what's the problem? Most organisations take the 'wait-and-see' approach, or just bury their heads in the ground and hope that they never have a serious breach. But once it does happen it will have them scrambling to find a solution. So why wait? Let's fix it the right way, first time.


Andrea Lodolo is the operations manager and the chief technology officer at CA Southern Africa, a position which he has held for approximately the past 18 years.

Andrea has been working in the IT industry for almost 30 years. He commenced his career as a field engineer working on mechanical billing systems. From there, he moved to mainstream computers, specialising in Unix systems with Unisys.

BLOG COMMENTS POWERED BY DISQUS