So you have strong data access policies, best of breed IT management systems and robust controls over HCM Technology.
IT promote it. HR support it.
This works well when everyone follows the processes, but not everyone does. We’re not talking about employees who become corporate criminals, technology vandals or malicious sociopaths.
Let me introduce a nice man called Bob and explain the mistakes we made.
Bob had been there for decades. He was a programmer from the old days. He had coloured pens in his top pocket of his inexpensive short sleeved shirt. Bob knew everything about the HR/Payroll system, the system before that, and the one that used punch cards before that one. Bob would help anyone. He wandered the organisation greeting old friends.
Everyone liked Bob.
Bob didn’t conform to any IT standards. He didn’t have to. He wasn’t part of IT any more. He left amicably during a time when IT were struggling for funds, buying gear and handing out redundancies.
Bob wandered into HR, he understood their systems, their vocabulary and HR didn’t want to see him walk out the door. Although Bob wasn’t part of IT, he still had friends there, some of them moved up. They would stand around, as IT people of a certain age do, talking about the good old days before cholesterol, ISO’s, caffeine awareness, ITIL and Gen-Y’s with Software Engineering degrees.
Bob really liked solving problems related to HR and Payroll data. Anything that involved leave, payroll journals, gender and age analyses. Better something obscure like the height of employees work place above sea level. It might take him a while. He always had a few jobs on the boil.
Bob had a complicated and colourful white board that reminded him to perform tasks periodically. Diverse managers received reports and analyses from Bob. Most were deleted but they didn’t want to hurt Bob’s feelings by cancelling. But a few were used to produce monthly management statistics which fed up the organisation.
Bob distained paperwork. HR didn’t care if Bob didn’t document anything. Being HR they knew succession, so they gave Bob an understudy now and again. It never worked out. It was easier for Bob to do the work himself than take the time to show them. The understudies liked him, but slipped away onto more promising paths.
Some IT folk were worried.
Bob used strange tools that he had accumulated over the years, a shoe box crammed with faded applications. They warned the uninterested HR managers that dependence on Bob was risky.
HR ignored the worrying nerds, how hard is it to understand a spreadsheet, they reasoned. Besides they had another graduate coming in who had done gaming design for a semester.
Bob died. It was terrible and unexpected. There was a big wake. Everyone from the organisation attended. They said he would be missed.
As the weeks passed a horrible legacy was revealed. The reports and analyses stopped. No one had a clue how Bob had produced them. A mourning cleaner erased the whiteboard when she cleaned his desk. The IT folk tried to figure it out with limited success. It was like tracking random particles in a universe of servers. The faded applications crumbled under scrutiny. IT was inundated with report requests based on data they never knew existed. The HR managers disowned all responsibility for technical stuff.
How did this happen?
The first mistake was letting Bob leave IT for HR and taking his tools and data access with him. When he changed position these should have ceased and new ones granted.
The second mistake was ongoing: not auditing the use of tools, systems and data access.
The final point isn’t a mistake, it’s human nature. Some people in HR and IT knew what Bob was doing was wrong, but they trusted and liked him, so they turned a blind eye.
I still miss Bob.
