Security Risk

Human Resource Information Systems

The purpose of this paper is to identify other companies who have faced similar human resources issues in regards to information technology. Through benchmarking different companies we can learn how other companies have handled certain human resources issues related to information technology, information systems, new technology, and data security. An overall analysis has been completed using research on IBM Europe, Ameriprise Financial, Terasen Pipelines, Shaw’s Supermarkets, CS Stars LLC, IBM, WORKSource Inc., and Toshiba America Medical Systems, Inc. This paper also includes eight synopses of companies facing similar issue to those in the reading.

New Technology

With the changing world and constant new technology that is available, managers need to be aware of the technology that will increase effectiveness in their company. Human resource information systems (HRIS) have increasingly transformed since it was first introduced at General Electric in the 1950s. HRIS has gone from a basic process to convert manual information keeping systems into computerized systems, to the HRIS systems that are used today. Human resource professionals began to see the possibility of new applications for the computer. The idea was to integrate many of the different human resource functions. The result was the third generation of the computerized HRIS, a feature-rich, broad-based, self-contained HRIS. The third generation took systems far beyond being mere data repositories and created tools with which human resource professionals could do much more (Byars, 2004).

Many companies have seen a need to transform the way Human Resource operations are performed in order to keep up with new technology and increasing numbers of employees. Terasen Pipelines moved its headquarters from Vancouver to Calgary to be closer to the oil and realized a major growth in employees. In the past recording keeping was done on paper and with spreadsheets. Mangers at Terasen realized that there was a need to change to a more computerized system and looked into different HRIS vendors. By making the move to a HRIS system, Terasen is able to keep more accurate records as well as better prepare for future growth. Another company that saw the benefits of keeping up with new technology is WORKSource Inc. To meet the challenge of handling 100 new employees, WORKSource Inc. acquired Web-based technology programs from GHG Corp. like electronic pay stub, electronic timesheet software, time-off system, and human resource information system (“Tips,” 2006). By adapting these new programs, WORKSource was able to reduce waste and cost.

The Internet is an increasingly popular way to recruit applicants, research technologies and perform other essential functions in business. Delivering human resource services online (eHR) supports more efficient collection, storage, distribution, and exchange of data (Friesen, 2003). An intranet is a type of network used by companies to share information to people within the organization. An intranet connects people to people and people to information and knowledge within the organization; it serves as an “information hub” for the entire organization. Most organizations set up intranets primarily for employees, but they can extend to business partners and even customers with appropriate security clearance (Byars & Rue, 2004).

Applications of HRIS

The efficiency of HRIS, the systems are able to produce more effective and faster outcomes than can be done on paper. Some of the many applications of HRIS are: Clerical applications, applicant search expenditures, risk management, training management, training experiences, financial planning, turnover analysis, succession planning, flexible-benefits administration, compliance with government regulations, attendance reporting and analysis, human resource planning, accident reporting and prevention and strategic planning. With the many different applications of HRIS, it is difficult to understand how the programs benefit companies without looking at companies that have already benefited from such programs.

One such company is IBM. IBM has a paperless online enrollment plan for all of its employees. Not only has the online enrollment saved the company 1.2 million per year on printing and mailing costs, the employees enjoy working with the online plan. “Since we began offering online enrollment, we’ve learned that employees want web access,” Donnelly [Senior Communications Specialist] says, so they can log on at home rather than through the company intranet. So the company has been working to put in place a web-based enrollment system that employees and retirees can access from anywhere (Huering, 2003). By utilizing the flexible-benefits application HRIS has to offer, IBM was able to cut costs and give employees the freedom to discover their benefits on their own time and pace.

Another company that has taken advantage of HRIS applications is Shaw’s Supermarkets. In order for Shaw’s to better manage its workforce, the company decided it was time to centralize the HR operations. After looking at different options, Shaw’s decided to implement an Employee Self Service (ESS) system. The use of self-service applications creates a positive situation for HR. ESS gives HR more time to focus on strategic issues, such as workforce management, succession planning, and compensation management, while at the same time improving service to employees and managers, and ensuring that their data is accurate. With this solution, employees have online access to forms, training material, benefits information and other payroll related information (Koven, 2002). By giving employees access to their personal information and the ability to update or change their information as needed, HR was given more time to focus on other issues. Understanding the different applications HRIS has to offer will give companies the chance to increase employee efficiency and reduce costs.

Measuring the Effectiveness of HRIS

The evaluation should determine whether or not the HRIS has performed up to its expectations and if the HRIS is being used to its full advantage (Byars & Rue, 2004). One of the most significant challenges faced by public personnel executives today is measuring the performance of their human resources information system (HRIS) In order to justify the value-added contribution of the HRIS to accomplishing the organization’s mission (Hagood & Friedman, 2002). Implementing an HRIS program may seem a necessary stem for a company, but unless it will be an effective tool for HR operations, it will not help increase efficiency and may hinder it instead.

One company that implemented a HRIS system is Toshiba America Medical Systems, Inc. (TAMS). TAMS put all employee benefits information online and created an open enrollment option when TAMS changed healthcare providers. Almost immediately upon rolling out the UltiPro portal [new HRIS technology] to employees, TAMS began seeing improvements, with an estimated 70% increase in open enrollment efficiency (Wojcik, 2004). By determining the efficiency of the new program, TAMS was able to realize the benefits of the new HRIS system.

Security of HRIS

The privacy of employee information has become a major issue in recent years. With identity theft becoming a common problem, employees are becoming more sensitive about who sees their personal information, and the security it is kept in. By making sure employee information that is kept in the HRIS is relevant to the company and making sure there is limited access (password protection) to such information, companies can make its employees more secure with the safety of their information. Whether electronic or paper, employee files deserve to be treated with great care. Establishing security and end-user privileges calls for a balance of incorporating, HR policy, system knowledge and day-to-day operations (O’Connell, 1994).

One company that faced a major security issue was CS Stars, LLC. CS Stars lost track of one of its computers that contained personal information that included names, addresses and social security numbers of workers compensation benefits. The bigger problem was that CS Stars failed to notify the affected consumers and employees about the missing computer. Though the computer was retrieved and no information seemed to have been harmed, many employees lost their sense of security with the company. New York’s Information Security Breach and Notification Law, effective in December 2005, requires businesses that maintain computerized data which includes private information to notify the owner of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, acquired by a person without valid authorization (Cadrain, 2007).

Another company that experienced a breach in security is Ameriprise Financial. In late 2005, a computer that contained personal information on clients and employees was stolen. Because many of the employees at Ameriprise take their computers between work and home, the company determined there was a need to put more security into those computers. Ameriprise made sure all employees had the new security suite installed on their computers. By responding quickly to the need for more security, Ameriprise made sure all information is being kept secure. Making sure employees information is kept as secure as possible there will be more trust in the company and the HR employees working with that information.

Conclusion

IBM, Terasen Pipeline, CS Stars LCC, and Toshiba America Medical Systems, Inc. are good examples of companies facing issues similar to human resources information technology and human resources information systems. All of these companies know the importance of new technology, human resources information systems, and data security. The remainder of this paper provides synopses of more companies facing human resources issues, how the company responded to the issues, and the outcomes of the company’s responses.

Companies Benchmarked

IBM Europe

The Situation:

IBM is a global organization offering research, software, hardware, IT consulting, business and management consulting, ring and financing. It employs around 340,000 people, speaking 165 languages across 75 countries, and serving clients in 174 countries. In January 2007, IBM established a separate “new media” function within its corporate communication department. IBM main goal is to educate, support, and promote programs that utilize social media. IBM Europe decided to expand internal communication by blogging guidelines. The recognition was that blogging was already happening among IBMers, just in an unregulated way. In a similar way, institutionalizing a function to deal specifically with new media is not a corporate move, or establishing from scratch. It’s a response to the issues already emerging in the company. Now that those technologies are here, people are using them, they’re growing and there here to stay-we’re just going to put some structure around them so that we can try to optimize their use.” The users decide what technologies they want to use and how they want to use them. That main idea is that IBM understands that they must remember to respect the fact that social media are social. IBM had the need to connect its 340,000 global employees more effectively.

The Response:

IBM’s intent around social media has now been officially formalized. From January 22 2007, the company established a separate “new media” function within its corporate communication department. “Its remit: To act as expert consultants inside and outside IBM on issues relating to blogs, wikis, RSS and other social media applications. The main idea is to educate, support and promote programs that utilize these tools. IBM has a history of being a t the forefront of technology based corporate communication. From the multimedia brainstorming “WorldJam” that made news headlines back in 2001 in which 50,000 employees worldwide joined a real time, online idea-sharing session about the company’s direction. IMB has always prepared itself to use breakthrough technologies to establish a two-way dialogue with its employees. The need for social media was necessary and could no longer wait.

The Outcome:

In the last few years IBM has been recognized as being the vanguard of social-media use: IBM was on of the first Fortune 500 companies to get behind collaborative wikis, published internal blogging guidelines as far back as 2003, and is now moving fast beyond RSS and podcasts into videocasting and “virtual world” technologies like Second Life. The intranet search facility extends to all areas of the site, including new media aspects. When an employee logs onto their portal an executes a key word search, the results they get back not only come from the main intranet pages, but include results from IBM forums, wikis, blogs and podcast/videocasts tags. IMB has an understanding that employees are no longer staying in a company their entire lives. It’s just not like that any more. In Belgium for example over 50 percent of 2,300 employees have been there fewer than five years. The company has come to the conclusion that with an increasingly young and mobile workforce, the likelihood is that an employee population full of a younger generation, for whom these tools are part and parcel of life, is not that far away. In years to come IBM will have to deal with employee base for which blogging is just the natural way to interact over a web platform. IBM has created centralized platforms for most tools that fall under its remit, which includes wikis. For Philippe Borremans, new media lead Europe for IBM, has the potential business applications of a wiki cover two broad benefits: Collaborating and knowledge sharing. IBM has scored some notable successes on both fronts in the near 5000 wiki pages now up and running in the organization. The company has been a huge pick-up in interest in podcasting over the last 18 months writing can seem such a technical skill, whereas people feel they can talk more freely than they can write. One of the most consistently popular IBM podcasts, with over 20,000 downloads a week.

Ameriprise Financial

The Situation:

The Department of Justice survey estimates that 3.6 million U.S. households were victims of identity theft in 2004. Trafficking in personal date goes beyond U.S. borders: the New York Times reports that stolen financial information is often distributed among participants of online trading boards, and the buyers are frequently located in Russia, Ukraine, and the Middle East. One reason clients are concerned about data security is the widespread publicity generated by breaches at financial services firm. In late December 2205, an Ameriprise Financial employee’s laptop that contained unencrypted data on approximately 230,000 customers and advisors was stolen from a car. Other financial services firm, including Citigroup and Bank of America, also acknowledge large-scale customer data losses in 2005. President of NCS, Rita Dew, a compliance consulting firm in Delray Beach, Florida, says that the Securities and Exchange Commission requires investment advisors to have policies and procedures that address the administrative, technical, and physical safeguards related to client records and information.

The Response:

Ameriprise Financial had to fight back and had to implement “layers of protection.” It is important for employees who their primary business computer, and employees regularly transport the computer between home, office, and meeting sites. The vulnerability of this arrangement and the need for a safety software program is much needed.

The Outcome:

Employees who are transporting lab tops should install the Steganos Security Suite on their computer. This software allows employees to create an encrypted virtual drive on the laptop that serves as data storage safe. Employees stores all client related data and tax preparation software database on the encrypted drive, which employees has set up with one gigabyte of storage space. The best thing is that when an employee turns off the computer the information is stored “safe”, the software automatically encrypts the virtual drive’s data. The software also generates encrypted backup files, which employees store on CDs in a fireproof safe. This should keep the data secure if any employee’s laptop is stolen or if the drive is removed from the laptop. Other financial advisors are relying on encryption both in and out of the office. Other programs that are being used to protect client’s information are RAID Level 1 system to store data on the drives that are encrypted with WinMagic’s SecureDocs software. Encryption ensures that anyone who steals the computer will be absolutely unable to read the data, even by connecting it to another computer as a “slave drive. This has given many financial advisors the greatest peace of mind.

Terasen Pipelines

The Situation:

Terasen Pipelines is a subsidiary of Terasen Inc. located in Vancouver, Canada and is located in several provinces and U.S. states. In 2001 the company changed its headquarters to Calgary to be closer to the oil. With the big move, the company went through a growth spurt. With the company in many different locations and the growing numbers of employees, the HR department saw a need to find a new system to keep more accurate records.

The Response:

In the past Terasen had kept records on paper and with spreadsheets and with the growth of the company, this system does not work as well as in the past. In order to compensate for future growth, Terasen began to look into HRIS companies to help with the HR operations. After researching different companies, Hewitt’s application service provider model with eCyborg was found to be the right fit.

The Outcome:

Although there was difficulty adapting to a new way of recordkeeping, Terasen was able to find a system that will help support the current and future growth of the company. Fortunately, some of the HR staff had experience working with an HRIS and were able to help their colleagues imagine new processes, as aided by a system. One theme often voiced throughout this process was: “You guys don’t know how hard we’re working when we can make it so much easier with a system that could do a lot of this for us. You don’t always have to run to the cabinet for the employee file just to get basic information. It can all be at your fingertips.” (Vu, 2005). In order to help Terasen ease the HR burden of implementing a new HR system, the management of Terasen was convinced to look for a vendor to help implement and maintain a HRIS system. This system has helped Terasen better prepare for current and future growth.

Shaw’s Supermarkets

The Situation:

Shaw’s Supermarkets is the second largest supermarket chain in New England. With a workforce of 30,000 located at 180 stores throughout six states, Shaw’s HR staff is responsible for managing employees’ personal data. Their employee mix includes approximately 70 percent part-time employees, consisting of students, senior citizens, second-job part-timers, and career part-timers. One third of the workforce is made up of union associates, and Shaw’s staff oversees the company’s involvement with three unions and six separate contracts (Koven, 2002). In order to help manage the workforce, the HR staff became interested in centralizing its HR operations.

The Response:

In order to centralize HR operations Shaw’s decided to implement an ESS (employee self-service) solution. The use of self-service applications creates a positive situation for HR. ESS gives HR more time to focus on strategic issues, such as workforce management, succession planning, and compensation management, while at the same time improving service to employees and managers, and ensuring that their data is accurate. With this solution, employees have online access to forms, training material, benefits information and other payroll related information.

The Outcome:

Shaw’s has had positive feedback since implementing the ESS solution. “The reaction from our employees has been extremely positive,” Penney, VP of Compensation and Benefits, says. “We even had a significant increase in our medical coverage costs, and it was almost a non-issue because the online enrollment featured the plan choices, the employee cost, and the company subsidy. An employee self-service application makes it very easy for them to understand their contributions and coverage options. I received several e-mails from employees saying this was a great change and how easy ESS was, which the case is not often when employees are selecting their benefit options.” (Koven, 2002). By giving the employees more access to their information they are able to see the benefit choices available to them. Employees are also able to update their information online, which helps reduce the paperwork of the past. Shaw’s has also seen improvement in productivity because employees are updating information at home, not during work hours.

CS Stars, LLC

The Situation:

New York Attorney General Andrew Cuomo has announced that New York State has reached its first settlement with a company charged with failing to notify consumers and others that their personal data had gone missing. Cuomo’s office, which enforces the state’s 2005 Information Security Breach and Notification Law, charged CS STARS LLC, a Chicago-based claims management company, with failing to give notice that it had lost track of a computer containing data on 540,000 New Yorkers’ workers’ comp claims.

The Response:

The owner of the lost data, which had been in the custody of CS STARS, was the New York Special Funds Conservation Committee, an organization that assists in providing workers’ comp benefits under the state’s workers’ comp law. On May 9, 2006, a CS STARS employee noticed that a computer was missing that held personal information, including the names, addresses, and Social Security numbers of recipients of workers’ compensation benefits. But CS Stars waited until June 29, 2006, to notify Special Funds and the FBI of the security breach. Because the FBI declared that notice to consumers might impede its investigation, CS STARS waited until July 8, 2006, to send notices to the 540,000 New Yorkers affected by the breach. On July 25, 2006, the FBI determined an employee, of a cleaning contractor, had stolen the computer, and the missing computer was located and recovered. In addition, the FBI found that the data on the missing computer had not been improperly accessed.

The Outcome:

New York’s Information Security Breach and Notification Law, effective in December 2005, requires businesses that maintain computerized data which includes private information to notify the owner of the information of any breach of the security of the system immediately following discovery, if the private information was, or is reasonably believed to have been, acquired by a person without valid authorization. The law affects not only businesses in their dealings with their customers, but employers in their role as custodians of employees’ personal data. (Cadrain)

Without admitting to any violation of law, CS STARS agreed to comply with the law and ensure that proper notifications will be made in the event of any future breach. The company also agreed to implement more extensive practices relating to the security of private information. CS STARS will pay the Attorney General’s office $60,000 for costs related to this investigation. (Cadrain)

IBM

The Situation:

IBM’s paperless online enrollment system, introduced in 1999, has proved to be a winner for both the company’s 135,000 active U.S. employees and the company, according to Cathleen Donnelly, senior communications specialist at company headquarters in Armonk, N.Y. The company saves $1.2 million per year on printing and mailing costs alone, Donnelly says, and the employees’ can take advantage of a variety of technologies to learn about issues, research program information and access decision support tools from their desktop computers. (Heuring, 2002)

The Response:

One of those tools, a personal medical cost estimator, enables employees to calculate potential out-of-pocket health care expenses under each of the plan options available to them, Donnelly says. Employees log in personally and are greeted by name and with important information regarding their benefits enrollment, such as the deadlines and when changes take effect. They automatically get access to health plans that are available to them, and the calculator lets them compare estimated benefit amounts for each plan.

“Employees can select the health care services they expect to use in a particular year, estimate expected frequency of use, and calculate potential costs under each plan option,” Donnelly says. “The feedback that we’ve received from employees tells us that this tool has really helped them to make a comparison between plans based on how they consume medical services.” The calculator shows both IBM’s costs and the employee’s. (Heuring, 2002)

The Outcome:

“Since we began offering online enrollment, we’ve learned that employees want web access,” Donnelly says, so they can log on at home rather than through the company intranet. So the company has been working to put in place a web-based enrollment system that employees and retirees can access from anywhere.

Employees can get summary information on the plans, drill down into very specific details and follow links to the health care providers for research. Donnelly says the system has received high marks for convenience because employees can “get in and out quickly.”

WORKSource Inc.

The Situation:

To meet the challenge of handling 100 new employees, WORKSource Inc. acquired Web-based technology programs from GHG Corp. like electronic paystub, electronic timesheet software, time-off system, and human resource information system (“Tips,” 2006). These tools enabled CEO Judith Hahn to handling payroll procedures efficiently and effectively.

The Response:

WORKSource has eight workforce centers, with approximately 108 employees, located throughout a six-county region. Previously, payroll, benefits, and human resources for those employees were processed and managed by a Professional Employer Organization. The company also has 52 administrative staff in its headquarters office. When the contract with the PEO terminated on June 30, 2006, those 108 employees were immediately moved to the payroll of WORKSource, which meant Hahn’s workload more than doubled effective July 2006 (“Tips,” 2006).

Hahn, in an interview with PMR, said she relied on LEAN to help get a handle on what needed to change for her to manage the increased workload. Two years earlier, Hahn’s CEO had introduced her to LEAN, a Japanese management concept of eliminating wasteful steps and motion when completing processes. “I began to read as much as possible about LEAN and joined an HR LEAN focus group” (“Tips,” 2006).

The Outcome:

Mastering the concepts of LEAN led Hahn to develop and apply her own acronym of “REASON” to her department’s payroll and HR processes. Review the process: map payroll tasks from start to finish. Eliminate waste: determine how to complete a payroll task most efficiently without unnecessary steps. Analyze alternatives: research and evaluate the applicability of new technology. Sell innovations to management: document the return on investment of each innovation. Open the lines of communication: communicate openly—and often—with all stakeholders, including employees and top management. Never allow negativity: make change simple and fun. Give employees plenty of encouragement and time to learn (“Tips,” 2006). Judith Hahn was able to implement the right human resource functions using information systems.

Toshiba America Medical Systems Inc.

The Situation:

Lynda Morvik, director of benefits and human resources information systems at Tustin, California-based Toshiba America Medical Systems Inc. (TAMS), thought it would make sense to add a benefits communication component to it. By having all the benefit information online, the TAMS employee handbook would also be a living document, enabling Morvik to make changes when necessary. Such was the case halfway through the project, when TAMS changed health care plans from Aetna Inc. to United Health Group Inc (Wojcik, 2004).

The Response:

TAMS, an independent group company of Toshiba Corporation and a global leading provider of diagnostic medical imaging systems and comprehensive medical solutions, such as CT, X-ray, ultrasound, nuclear medicine, MRI, and information systems, had been using a payroll service bureau and an in-house solution for HR that didn’t include easy-to-use consolidated reporting or an employee portal. After evaluating UltiPro alongside several enterprise resource vendors, TAMS selected Ultimate Software’s offering and went live in September 2002 after an on-time and on-budget implementation. Almost immediately upon rolling out the UltiPro portal to employees, TAMS began seeing improvements, with an estimated 70% increase in open enrollment efficiency (Wojcik, 2004).

The Outcome:

In an effort to expand the usage of the Web beyond the benefits enrollment process, TAMS has posted a library of documents and forms on its HR portal, including the benefits handbook, which garnered a 2004 Apex Award for publication excellence. That same year, Business Insurance magazine also gave TAMS the Electronic Benefit Communication (EBC) award for outstanding achievement in communicating employee benefits programs over the Web. To continue elevating its use of Ultimate Software’s HRMS/payroll solution, TAMS modified the UltiPro portal to meet the imaging company’s unique needs (Wojcik, 2004). It was completely integrated with several proprietary applications created to address compensation and performance management issues so that TAMS employees have a central location for comprehensive workforce and payroll information from a Web browser that they can access with a single sign-on (Wojcik, 2004).

References

Byars, Lloyd L. & Rue, Leslie W. (2004). Human Resource Management, 7e. The McGraw-Hill Companies.

Cadrain, Diane (2007). New York: Company Settles Data Breach Charges. Retrieved June 3, 2007 from [http://www.shrm.org/law/states/CMS_021505.asp#P-8_0]

Clarifying IBM’s Strategic mission for social media (2007). Strategic Communication

Management. Retrieved June 1, 2007 from

http://proquest.umi.com/pqdweb?index=17&did=1263791161&SrchMode=1&sid=2&Fmt=4&clientld=2606&RQT=309&VName=PQD.

Friesen, G. Bruce (2003). Is your client ready for eHR? Consulting to Management, 14(3), 27. Retrieved June 3, 2007 from ProQuest Database.

Hagood, Wesley O. & Friedman, Lee ( 2002). Using the balanced scorecard to measure the performance of your HR information system. Public Personnel Management, 31(4), 543-58. Retrieved June 3, 2007 from ProQuest Database.

Heuring, Linda (2003). IBM: Laying Outing Enrollment Options. Retrieved June 2, 2007 from [http://www.shrm.org/hrmagazine/articles/0803/0803heuring_paperless.asp]

Koven, Jeff (2002). Streamlining benefit process with employee self-service applications: A case study. Compensation & Benefits Management, 18(3), 18-23. Retrieved June 2, 2007 from ProQuest Database.

O’Connell, Sandra (1994). Security for HR records – human resources. HR Magazine. Retrieved June 3, 2007 from [http://findarticles.com/p/articles/mi_m349] 5/is_n9_v39/ai_16309018

Protecting Client Data (2006). Financial Planning. Retrieved June 1, 2007 from

http://proquest.umi.com/pqdweb?did=1066464321&Fmt=4&clientld=2606&RQT=309

&VName=PQD.

Tips on Using Technology to Streamline Payroll Processes – and Cut Costs (2006). Payroll Managers Report, 6(10), 1-9. Retrieved June 2, 2007 from EBSCOhost Database.

Vu, Uyen (2005). Contracting out HRIS easy call at Terasen Pipelines. Canadian HR Reporter, 18(4), 5-9. Retrieved June 2, 2007 from ProQuest Database.

Wojcik, J. (2004). Toshiba Employee Handbook Goes Online. Business Insurance, 38(49), 18.

Retrieved June 2, 2007 from EBSCOhost Database.

Sheet Sets Bicycle Light Coffee Blend