Project Mgmt and HR Mgmt Advice and HRMS Implementation Module 5 Module 11 Objectives Understand how the use of PM approaches, techniques, and tools help throughout the entire SDLC Be able to describe what factors are used to develop program evaluation and review technique (PERT), critical path method (CPM), and Gantt charts Understand how monitoring the project activities carefully on a Gantt chart will ensure project completion on time Be able to construct a Gantt chart Understand how Six Sigma can be used in HR and project management Understand how the combination of knowledge from the IT and HRM literature makes the development and implementation of the HRIS successful Be able to describe how IT factors can affect HRIS project success Understand how knowledge from HRM literature provides guidance for handling the behavioral problems and issues that arise in HRIS development Understand the different roles of the steering committee, the CBA team, and the PM team in the HRIS project Be able to describe how training and documentation are important to both the development and implementation of an HRIS Be able to describe how critical success factors affect the success or failure of an HRIS project. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 2 Project Management and HRM Advice for HRIS Implementation CHAPTER 6 Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. STATISTICS It Has Been Estimated That The Failure Of HRIS Projects Costs Organizations In The United States Alone At Least $100 Billion A Year (Ewusi-Mensah, 1997). Of Those Systems That Are Completed, More Than 55% Will Exceed Cost And Time Estimates By A Factor Of 2. Only 13% Of The IS Projects That Are Completed Are Considered Successful By The Executives Who Sponsor Them Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 4 PROJECT MANAGEMENT PHASES Initiation Development Of Project Concept And Project Proposal (Project Charter) Required Tasks Work Breakdown Structure Work Plan & Packages Project Execution Tracking And Periodic Progress Reports Project Close-out Implementation, Evaluation And Maintenance Of The HRIS Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 5 PROJECT MANAGEMENT QUALITY CONSIDERATIONS Six Sigma Used To Assess The Effectiveness Of HR Processes Define, Measure, Analyze, Improve And Control (DMAIC) Approach Develop An Overall Work Plan Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 6 PM APPROACHES AND TOOLS Performance Evaluation And Review (PERT) The Critical Path Method (CPM) Gantt Chart Major Benefit Is A Tighter Control Over The Process To Ensure Successful Implementation Of The HRIS. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 7 PM APPROACHES AND TOOLS: PERT Method For Analyzing The Tasks Involved In Completing A Given Project, The Time Needed To Complete Each Task, And The Minimum Time Needed To Complete The Total Project. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 8 PM APPROACHES AND TOOLS: CPM Uses A Mathematically Based Algorithm For Scheduling A Set Of Project Activities Developed By Dupont And Remington Rand Corporation For Managing Plant Maintenance Projects. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 9 PM APPROACHES AND TOOLS: GANTT A Graphical Representation Of The Duration Of Tasks Against The Progression Of Time In A Project. Most People Have Probably Constructed A Gantt Chart In Formally Without Realizing That They Had Done So. Instructions For How To Develop A Gantt Chart And Then Covert It To A Pert Chart Are Contained In The Following Website: Http://Ganttproject.Biz/. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 10 Example of a Gantt Chart Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 11 IT FACTORS AFFECTING PM SUCCESS Solve The Right Problem. 2. Have Systems Developers Who Are Sensitive To Hr Issues And Willing To Learn About The Constraints In Hr Functionality. 3. Have Project Managers Who Understand The Dynamic Nature Of Any HRIS Project And The Interrelations Among Various Factors In Addition, Three General Factors That Affect Successful PM Are Time, Cost, And Scope. 1. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 12 THE HRM PERSPECTIVE: ORGANIZATIONAL REQUIREMENTS 1. Identification Of Steering Committee And Project Charter Selection Of Project Sponsor 2. Configuring The PM Team Representatives From The Functional Units Affected, Most Notable HR And IT Team Training 3. Identification Of Available Resources And Constraints Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 13 THE HRM PERSPECTIVE: ORGANIZATIONAL REQUIREMENTS 4. Controlling Project Creep Project Creep Is Defined As The Enlargement Of The Original Boundaries Of The Project As Defined In The Project Charter. 5. Selection Of The Implementation Team The Implementation Team Also Has Primary Responsibility For Communication With The Entire Organization Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 14 THE HRM PERSPECTIVE: ORGANIZATIONAL REQUIREMENTS 6. Training And Documentation Complete, Accurate, And Up-to-date Documentation Of The System Is Critical For The Implementation Of A Successful HRIS. Training In Both Group Processes And “Change Management” Methods. Training On The New System Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 15 Barriers to Success Inadequate resources – Lack of management commitment Project team instability Organizational Politics Poor needs analysis Omission of key persons on project team Failure to include key groups in needs analysis Inadequate control/involvement by HR Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 16 Critical Success Factors Top Management Support Provision Of Adequate & Timely Resources Ongoing Communication Conducive Organizational Culture User Involvement Project Champions (Steering Committee) Organizational Structure Change Management Methodology Project Control & Monitoring Cross Integration Between Business Systems Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 17 Creating an Environment of Motivation Consider rewards of recognition. They don’t have to be large, but they need to be a standard part of operating procedures to create a motivating project environment. Be sure to include all project employees, not just the highly visible ones, or those above a certain rank. Recognizing work done well and keeping communications open are the two most important operating procedures for any project manager. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 18 CHAPTER 16 Information Security and Privacy in HRIS INTRODUCTION A Great Deal Of Confidential Information Employees are Captured and Stored by Organizations Employee Personal Details Pay And Benefits History Medical Records Disciplinary Records Data Are Stored Electronically And Transmitted Across Networks. Increasing Integration Of HRIS Has Made Information Security Management A Complex And Challenging Undertaking Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 20 Information Security in HRIS Protecting Information In The HRIS From Unauthorized Access, Use, Disclosure, Disruption, Modification, and estruction Objectives of Information Security Protect Confidentiality, Integrity And Availability Of Information (Pfleeger, 2006; Wong, 2006b). Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 21 COMPONENTS OF INFORMATION SECURITY Three Main Principles Of Information Security The HRIS Is Composed Of Three Components Confidentiality Integrity Availability Hardware Software Communications As Mechanisms Of Protection Physical Personal Organizational Levels Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 22 COMPONENTS OF INFORMATION SECURITY Figure 16.1 SOURCE: Wikipedia (2007) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 23 LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY Personal Information Protection And Electronics Document Act (Canada) Security Breach Notification Law (California, USA) Supports And Promotes Electronic Business By Protecting Personal Information That Is Collected, Used Or Disclosed Requires Organizations To Notify Customers Or Employees When Unencrypted Personal Information May Be Compromised, Stolen Or Lost. Computer Misuse Act 1990 (UK) Proposed To Make Computer Crime (e.g. Hacking Or Cyberterrorism) A Type Of Criminal Offense. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 24 LEGAL REQUIREMENTS FOR INFORMATION TECHNOLOGY (Cont.) The European Union Data Protection Directive (EUDPD) Requires That All EU Members Must Adopt National Regulations To Standardize The Protection Of Data Privacy For Citizens Throughout The European Union. Health Insurance Portability And Accountability Act (USA) Sets National Standards for Electronic Healthcare Transactions and Requires Healthcare Providers, Insurance Companies And Employers To Safeguard The Security Of Health Information Of Individuals. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 25 THREATS TO INFORMATION SECURITY Human Errors In Data Entry & Handling Damage By Employee Disgruntled & Ill-informed Employees: Critical Role Of HR Misuse Of Computer Systems: Unauthorized Access To Or Use Of Information Computer-based Fraud Viruses, Worms & Trojans: Cyber Terrorism Hackers Natural Disasters Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 26 BEST PRACTICES IN HR INFORMATION SECURITY Adopt A Comprehensive Privacy Policy Store Sensitive Personal Data In Secure Computer Systems And Provide Encryption Dispose Of Documents Properly Or Restore Computer Drives And CD-ROMs Build Document Destruction Capabilities Into The Office Infrastructure Conduct Regular Security Practice Training Conduct Privacy “Walk-throughs” (Canavan, 2003; David, 2002; Tansley & Watson, 2000) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 27 ADDITIONAL BEST PRACTICES IN HR INFORMATION SECURITY The Careful Selection Of Staff with Regard to their Honesty and Integrity Raise Information Security Awareness and Ensure Employees Understand Corporate Security Policies Institute Measures To Address The Personal Problems Of Staff, Such As Gambling And Drug Addictions, Which Might Lead Them Indulge In Abuse For Financial Gains Provide Access To Effective Grievance Procedures Since The Motivation For Much Computer Abuse Is Retaliation Against Management Kovach, Hughes, Fagan, and Maggitti (2002) Grundy, Collier, and Spaul (1994) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 28 INFORMATION SECURITY MANAGEMENT FOR HRIS ISO/IEC 27002 Administrative/Procedural Logical/Technical Physical Controls Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 29 INFORMATION PRIVACY Comprises Ethical, Moral, And Legal Dimensions And Has Assumed Greater Importance With The Increased Adoption Of The Internet And Web 2.0. Privacy Is A Human Value Consisting Of Four Elements (Kovach & Tansey, 2000): Solitude: The Right To Be Alone Without Disturbances Anonymity: The Rights To Have No Public Personal Identity Intimacy: The Right Not To Be Monitored Reserve: The Right To Control One’s Personal Information Including The Methods Of Dissemination Of That Information. Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 30 CONTROLLING ACCESS TO HR DATA Administrative Controls Logical (Technical) Controls Physical Controls Security classification for Information Access control Cryptography Defense in depth Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 31 INFORMATION PRIVACY AND HRIS Concerns Types Of Employee Information that Can be Collected And Stored In The System Who Can Access And Update The Information (Noe et al., 1994; Sadri & Chatterjee, 2003) Considerations Collect and store information Based On Sound And Valid Business Reasons (Hubbard Et Al., 1998) Collect only information which is Necessary, Lawful, Current, And Accurate (Camardella, 2003) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 32 HRIS SECURITY BEST PRACTICES 1. Train Users On How To Securely Use And Handle The Equipment, Data, And Software. 2. Train Employees To “Log Off” Personal Computers After They Are Through Using Them. 3. Do Not Allow Passwords To Be Shared. Change Passwords Frequently. 4. Run Software Through A Virus-detection Program Before Using It On The System. 5. Ensure That Backup Copies, Data Files, Software, And Printouts Are Used Only By Authorized Users. (Noe et al., 1994; Pfleeger, 2006) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 33 HRIS SECURITY BEST PRACTICES 1. Make Backup Copies Of Data Files And Programs. 2. Ensure That All Software And Mainframe Applications Include An Audit Trail (A Record Of The Changes And Transactions That Occur In A System, Including When And Who Performed The Changes). 3. Use Edit Controls (Such As Passwords) To Limit Employees' Access To Data Files And Data Fields. 4. Employees Take Responsibility For Updating Their Employee Records Themselves Via The Self-service System. (Noe et al., 1994; Pfleeger, 2006) Michael J. Kavanagh, Mohan Thite, and Richard D. Johnson - Human Resource Information Systems: Basics, Applications, and Future Directions, 2e © 2012 SAGE Publications, Inc. 34