Author: Samuel Greengard

When consulting firm Arthur Andersen embraced knowledge management (KM) in the early 1990s, executives knew it would take more than sophisticated technology and leading-edge software to make the initiative fly. They also knew that cultural barriers would need to be broken down, and that this would take effort from everyone in the company. “It requires a total commitment from management and a total buy-in from workers,” explains Mark T. Stone, director of internal knowledge management for the firm’s business consulting division based in Atlanta.

That’s because organizations usually run into three major cultural problems when adopting a knowledge management initiative. First, people don’t like to share their best ideas. They believe doing so dilutes their standing in the organization, and can impede their ability to get ahead. “Most of us were raised in an environment that’s highly competitive, and we’ve never learned to share,” states Thomas Koulopoulos, president of the Delphi Group, a Boston consulting firm specializing in knowledge management. Adds Eric Austvold, director of product marketing at Infinium Software: “In today’s highly political corporate environment, knowledge equals power. Getting people to understand that knowledge sharing is for the greater good of all requires significant culture change.” Second, people don’t like to use other people’s ideas for fear it makes them look less knowledgeable, and that they’re suddenly dependent on others to do their job. Third, people like to consider themselves experts, and prefer not to collaborate with others.

Communicate the concept.
Changing this mindset isn’t easy. Because most workers have operated within a knowledge-hoarding environment for so long, it can take weeks or months to spot the first hint of significant change, but it can be done. To create the desired culture, Arthur Andersen established an array of programs which includes occasional seminars and workshops, and a cross-functional team comprised of both technologists and non-technologists to make decisions about knowledge management processes. Says Stone: “It’s a tremendous and ongoing challenge, but once people begin to see the true value of sharing knowledge, you break through the barriers and see a transformation in thinking and action.”

At Buckman Laboratories, a Memphis-based producer of specialty chemicals for the paper, leather and plastics industries, the change has been slow and steady. CEO Bob Buckman conjured up the idea of sharing knowledge in 1991 while laying in bed with a ruptured disk. He thought, “Why should people be forced to constantly re-invent the wheel when a steady stream of information and knowledge is available within the organization?” A year later, after establishing a knowledge-sharing network known as K’Netix, Buckman had built a foundation for the future.

But getting employees to understand, let alone use the system, required enormous effort. “We had to assist them in understanding what the system is, what it does and how it can benefit them personally,” says Mark Koskiniemi, vice president, human resources. “Managers had to learn they no longer can oversee the flow of information within the company; they have to help employees get the information they need.”

Early on, the firm began offering workshops to communicate the power of KM. The organization’s top executives, including Buckman and Koskiniemi, immediately began contributing to forums and discussion groups to show management’s unwavering commitment and monitor the proceedings. Those with something intelligent to say finally had a public forum, Buckman pointed out. But as the culture became more collaborative, those who couldn’t or wouldn’t participate might find their opportunities for advancement more limited than in the past.

Provide incentives.
Incentives were also a key component. Although Buckman Laboratories doesn’t offer financial rewards for posting knowledge, it has dangled a few carrots along the way. At one point, Buckman organized a one-time event at a fashionable Scottsdale, Arizona resort for 150 employees who had contributed the most widely used information. At the event, these individuals helped map out the future of the program, and shared ideas on how to make it better. The selected employees also received computer gear, listened to a presentation by Tom Peters, and participated in discussions which further defined K’Netix. Some of those who didn’t make the cut let management know they were a bit irked at being left behind, but participation in the online forums spiked immediately following the event, and it has never dropped off.

Experts say creating appropriate rewards, recognition and compensation to drive KM is essential. Therefore, besides encouraging consultants to contribute information out of “social responsibility,” Arthur Andersen also provides monetary incentives and other rewards that can amount to several thousand dollars a year for those who regularly contribute knowledge.

The challenge is to ensure that people are contributing valuable information, not just reams of information. “Knowledge management can collapse under information overload. It’s essential to manage the process,” says Joel Summers, vice president of HR systems development for Oracle Corp. of Redwood City, California, a database and HRMS provider. That’s not so much a problem with HRMS and ERP (Enterprise Resource Planning) tools that take existing data and information and manipulate it to fit a user’s needs. But for companies that rely on personal Web sites to spot competencies and those that use classic knowledge-sharing techniques, it’s a make-or-break proposition.

At Arthur Andersen, the problem has attracted a good deal of attention. “The trick is to create incentives for quality, rather than quantity,” says Stone. The company has appointed a group of knowledge managers who review every contribution and certify that it’s of significant value to the organization before posting it. Consultants who contribute receive cash bonuses based on both the amount of knowledge they contribute and how often it’s used. “While that’s not a direct assessment of quality, it’s an indirect indication of the value to the organization,” Stone explains. Arthur Andersen also uses recognition programs, and includes a knowledge management skills assessment as part of all employee performance evaluations.

Make people accountable.
Employee evaluations are another way Buckman Laboratories encourages involvement. After establishing K’Netix, Koskiniemi revamped the evaluation process to include an evaluation of online participation and contributions. “We’ve created mechanisms to encourage teamwork. The ultimate incentive is to use the system to become more productive and successful in satisfying customers.” And more often than not, that’s exactly how things have played out. Over the years, Buckman Laboratories has grabbed lucrative contracts away from larger competitors on the basis of its knowledge network. “When potential clients see what we’re able to deliver with K’Netix, they understand they have the support of the entire company behind them,” boasts Koskiniemi.

Getting to this point takes time, but is worth the effort. “Once people begin to see the true value of sharing knowledge, they embrace the concept,” says Arthur Andersen’s Stone. “Ultimately, they recognize that it arms them with better solutions. It allows them to get work done in a fashion that’s superior to our competitors. In any organization, the value of knowledge management must be clearly demonstrated. You don’t succeed by simply introducing an intranet and telling people to share information. You find ways to provide value for both the individual and the organization.”

Workforce, October 1998, Vol. 77, No. 10, pp. 93-94.

For most human resources professionals, building an intranet is an alluring idea. After all, what better way is there to reduce the blitz of phone calls and paperwork? Automating processes and eliminating mindless work can’t get much easier than this. But behind the buzz about how an internal Web site can revolutionize the workplace and make HR more strategic lies a sobering dose of reality: Intranets can pose a potential threat to security-and not only in ways that are immediately obvious.

Yes, it’s necessary that an organization takes precautionary steps to prevent hackers and disgruntled employees from breaching data within its intranet. It must ensure that private information is kept secure, and that unauthorized access to electronic documents or files doesn’t take place.

You have to deal with viruses and other assorted headaches. Then there are also less obvious threats, like unofficial applications — including games — that can corrupt or destroy data; keeping confidential or sensitive information-from trade secrets to business plans-from being mistakenly or inadvertently displayed online; and improperly designed firewalls that don’t lock out those pesky potential hackers. Without proper version controls and backups, it’s also possible for employees to overwrite or destroy key documents.

Unfortunately, ignorance isn’t bliss when it comes to online security. Andy Maxwell, a Washington, D.C.-based intranet consultant for Watson Wyatt Worldwide, explains: “Human resources and finance are the two divisions of a company in which the data touches every employee. Any mistake or lapse in security can be absolutely fatal [for the business].”

John Kelly, a security expert with SCT Corp., a business applications software company in San Diego, adds: “The typical HR professional has long delegated intranet security policy to IT. Today, that’s a huge mistake. The economic and legal risk is enormous-particularly if medical claim records or dependent information is revealed.”

Here are 10 ways HR can play its part in protecting data that is available through an intranet:

1. Consider using a PIN or password-based system to prevent unauthorized access to files. Although the use of an employee ID and password isn’t the most secure method for authenticating a user (see “Getting to Greater Intranet Efficiency,” page 72), it’s a good balance of convenience and security. A single log-on procedure with appropriate restrictions on access can simplify processes and eliminate the need for employees to maintain multiple passwords, says Giuseppe Cimmino, manager of The Source Online, MCI Corp.’s HR intranet site.

   At Washington, D.C.-based MCI, more than 30,000 employees company-wide access the intranet every month. They’re able to exercise stock options, view electronic pay stubs, update W-4s and engage in distance learning. MCI also puts employees’ names on the Web pages so employees know they’re viewing confidential information.

   Plus, there’s a log-off button to ensure that data is no longer available once an employee has completed an online task. “Although the system automatically logs a person off after five minutes, we want employees to know they have a personal responsibility to protect sensitive data,” Cimmino comments.

2. Use digital signatures to authenticate a person’s identity. It’s a technology that’s evolving rapidly, but it’s far enough along to pay dividends today. Digital signature/certificate technology makes it possible to verify that a person is exactly who he or she says he or she is.

   While a conventional, printed signature on paper can be forged, that’s nearly impossible to do with a digital certificate. A document is encrypted using a password that’s required by both the sender and receiver. Without the password, the file becomes a scrambled mess. Likewise, any attempt to alter the document once it has been encrypted renders it useless.

   Such systems typically work best for sending sensitive documents outside the organization, yet “Issuing and maintaining them can be challenging,” says Maxwell. The lag time in getting a new employee set up and revoking privileges for a terminated employee-typically a few days-can present problems because employees can’t log on right away or can continue to have access after they’ve left the organization.

3. Confirm transactions to ensure they are valid. “Whenever any personal data is changed through an electronic system, the person originating the transaction should confirm it,” says Kelly. That means sending a letter or e-mail in response to the employee or manager’s request, ensuring that the transaction is legitimate and that changes have been recorded. Sending out a confirmation also offers an added bonus: “The person can review the information to make sure it’s accurate,” he points out.

4. Know what data resides on your intranet. According to Steven L. Telleen-director of strategy and business at Santa Clara, California-based Intranet Partners, and the creator of the term intranet-as much as 30 percent of a company’s online content is made up of “unofficial applications and information.”

   When IT managers at organizations use a Web crawler (a software program that automatically indexes content) to survey their intranets, many are shocked to see that servers and pages often sprout like weeds. In some cases, the extraneous content can pose a security or liability threat. Employees at some companies have actually posted classified information or put up opinions and statements not supported by the organization. More frequently, employees load games and various programs they find useful. These applications can crash the network and corrupt files and settings.

5. Establish manager controls. Although it’s possible to achieve impressive results using advanced intranet functionality, the more sophisticated the capabilities, the more security becomes an issue. For example, managers might suddenly have access to sensitive or unneeded data, such as an employee’s ethnicity or marital status. That information could be used-or perceived as the basis-for making decisions about terminations and promotions. As a result, it’s essential to consider what data different managers need, and then establish controls to limit access to the appropriate level.

6. Establish access controls and other physical controls. Sometimes, the most obvious threat is the least considered. When one large supermarket chain in Southern California found a server on its intranet wasn’t responding, an IT manager was dispatched to the scene-only to discover that the entire computer had been hauled off, along with an essential database. To be sure, all the network protection in the world won’t do any good if equipment isn’t protected.

   Not only is it important to limit physical access to computers with access control systems, it’s a good idea to use video surveillance, if appropriate. Unfortunately, employees and vendors with free rein to offices mastermind the majority of break-ins.

7. Use HRMS security controls and firewalls. “You should build a basic level of security into your base HR application, regardless of the vendor,” warns Kelly. In fact, security in today’s HRMS applications has become far more robust-yet it’s only as good as the checks and balances that have been put into place. That means making sure security features are fully enabled, employees follow guidelines and appropriate firewall protection is in place. For instance, without the latter, it’s possible for hackers to tap into data. Contrary to popular belief, these data bandits usually aren’t teenagers breaking into the system from outside. They’re often employees, temps or independent contractors working in other departments within the same company.

8. Encrypt sensitive Web pages. When employees are allowed to view sensitive information on an intranet-such as 401(k) statements or pay stubs-it’s essential to provide encryption through the browser. Netscape Navigator and Microsoft Internet Explorer support Secure Sockets Layer (SSL), but it’s up to IT and HR to ensure that sensitive documents and files are sent from the server to the browser in an encrypted form. “It’s cheap insurance that’s very effective,” says Maxwell.

   However, the protection you place on your intranet materials shouldn’t stop there. It’s possible to set controls so that the browser won’t display data stored in its cache. Thus, when an employee clicks on the “back” button, the previous screen is no longer available.

   The system can also be set to disconnect an employee after several minutes of inactivity. “If a person gets up and leaves his or her PC, somebody else can’t view the data,” says MCI’s Cimmino. Such a policy can ensure that the right set of eyeballs views appropriate data.

9. Develop and coordinate policies with IT. At many companies, human resources depends on IT to develop sufficient security procedures. That’s a big mistake-security is a complex issue and that requires input from various departments. Maxwell notes, “HR must be involved to ensure that the appropriate level of protection is in place. Nobody knows HR data better than HR.”

   It’s also essential to work with IT to ensure that electronic audits can track down violators, and also spot weaknesses in the overall security structure.

10. Educate workers how to use the system correctly. Companies that teach their employees how to securely use an intranet can prevent a number of problems. In order to protect the company’s data, it’s important for workers to understand how to correctly use passwords, as well as log-on and log-off procedures and digital certificates.

    “A system is only as good as the policies and procedures in place. Security is about cultural issues, as well as technology,” says Jude O’Reilley, a research analyst for Gartner Group in Stamford, Connecticut. In other words, all the protection in the world won’t help if employees do not follow standard guidelines and procedures. It’s up to HR to help educate employees use systems correctly and ensure that they’re minimizing the risk of a security breach.

Keeping the company’s systems and data well protected is the responsibility of everyone within the organization. Although the task can at times seem complicated and overwhelming, there’s no alternative to using proper security techniques in today’s digital workspace-and workplace. Anything less than total vigilance can be an invitation for disaster.

Workforce, September 1998, Vol. 77, No. 9, pp. 78-81.

To secure your intranet, you need the tools to make it happen. Here are several vendors and resources who offer Web-based security tools and are accessible online:

AXENT Technologies: Offers systems for security assessment, intrusion detection, remote access security, single sign-on, web security and firewalls.

Encryption Privacy and Security Resource Page: Provides information about encryption, including updates on political and legal issues.

Internet Security Systems: Sells intrusion detection systems and firewalls that control network access and detect security threats within individual data packets. www.issgroup.com

Microsoft: Offers information about its Internet Explorer browser and various servers for Web transactions and commerce.

Netscape: Offers information about various Web products, including its Navigator browser, Enterprise Server and Certificate Server.

Network Associates: A leading vendor of network security software products, including antivirus software and encryption.

RSA Data Security: Provides detailed information about Web and e-mail data security.

Security Dynamics: A leading vendor of secure ID systems.

Verisign: A leading provider of secure server IDs and digital certificates.

Nobody ever said the information revolution was going to be easy, but for the 55,000 employees of MCI Corp., it’s getting a whole lot easier every day.

Thanks to one of the most sophisticated and complex intranets yet devised, workers are redefining the way they act and interact. They’re watching the nature of work change before their very eyes, and learning that data, information and knowledge create the fuel that drives modern enterprise.

While most companies are groping to load online directories and handbooks onto their intranets — and perhaps dabbling in the earliest stages of employee self-service — Washington, D.C.-based MCI is taking employee self-service and collaborative work to a higher level. The company’s online offering, known as The Source, provides employees with more than 1,400 pages of interactive services. At the click of a mouse, it’s possible to up-date, share and exchange information in ways that would have seemed impossible only a few years ago.

Employees can venture online to reallocate investments in their 401(k) accounts, fill out electronic W-4 forms, and view an electronic pay stub a week before they’re paid. They can view streaming video of managers providing briefings, check best practices within the company, and sign up for distance-learning courses directly from their desktops. Using an intranet, managers can know at any given moment where an employee stands in terms of skills and training. “It allows managers to lay out a career path for their employees,” says Don Warner, senior manager of MCI’s Career Enhancement University.

MCI’s system represents the future of intranets. As more and more companies venture onto the Web, they’re discovering that the greatest gains come from a highly networked organization that can swap data and trade knowledge. Tasks that once required layers of approvals and piles of paperwork are being automated, if not eliminated. And unlike the first generation of intranets that managed information and exchanged data in a linear way, these next-generation intranets are busting apart hierarchies and letting companies organize around clusters of information and expertise. Whether a worker is located in the finance department or HR department is less important than the information and knowledge they have — and can share.

“Until recently, the center of gravity for intranets has been information sharing through publishing,” says Mike Gotta, program director of Work Group Computing Strategies for Meta Group, a Stamford, Connecticut-based market research firm. The publishing model enables companies to post employee directories and handbooks online, and in some cases, has offered a return on investment as great as 40 percent.

While this form of sharing has brought substantial gains, it’s now giving way to an intranet that relies on advanced workflow. In other words, data, information and knowledge are automatically routed through the company to the appropriate person, as they’re needed. In many instances, sharing this way allows the organization to “push decision making out past the business unit. Companies are only beginning to understand how to use a Web site as an overall platform to influence and impact business outcomes,” Gotta explains.

Indeed, the challenges of developing a more efficient intra-net are enormous. But this next-generation intranet promises to establish a new baseline for technology and interaction. It also promises to put human resources at the center of the process. It’s up to the HR department, HRIS and others to combine the tools and unleash the full power of the technology. Moreover, the remarkable capabilities of this technology can only be fully exploited with changes in organizational behavior, and with appropriate compensation and rewards, including bonuses for contributing information that others use. When HR has a hand in the design and implementation of these systems, a new era of strategic partnership will take shape.

Advanced intranets take business intelligence to a higher level.
These new intranets are putting data in the hands of whomever needs it, the instant they need it, and ultimately “helping managers make more intelligent and timely decisions,” states Lisa Rowley, an HR systems marketing director at Oracle Corp., a database and HRMS provider headquartered in Redwood Shores, California.

And the list of applications is growing by the day. It’s now possible to handle performance reviews, time and attendance, organization charts, best practices, procurement, payroll, recruiting, benefits enrollment and distance learning online. With more sophisticated hardware and software to oversee the process, the return on investment can be astounding. In some cases, Web-based transactions are cutting costs by 80 percent or more. A study conducted by Internet Commerce Services Corp., a Nashua, New Hampshire, consulting firm, found that a typical phone transaction, which costs about $9 through a call center, can be completed through the Web for $1.60.

But the issue isn’t only about money. “Companies are leveraging their knowledge and capabilities. There’s a clear organizational evolution going on,” says Doug Francone, a manager of self-service solutions at AG Consulting based in San Francisco. He and other experts believe that the traditional demarcation between HR data and that of other departments is blurring quickly. He adds, “Managers need to solve business problems and they don’t care where the data comes from. The Web creates new opportunities by re-engineering the way people think and work.”

In a sense, the Web is able to create a greater sum than individual pieces of HR software. John Monson, president and CEO of San Mateo, California-based HRMS vendor Austin Hayne, notes that many corporations have a different set of standards and processes attached to various tasks, such as performance management, training and development, and recruiting. This lack of standardization means that workers must spend time transferring data from one application to another. Instead of shuffling paper, they wind up shuttling electronic files and data between systems and constantly tweaking the data to make it fit.

Under such a business model, employee self-service can still produce gains by eliminating work, paper and meetings, but it can’t unleash the full potential of the technology. Only by developing a standard set of rules that cut across all technologies and tasks can the information gain value and become useful in a more strategic way. Suddenly, data for recruiting, benefits, personnel records, training and more seamlessly blend together. For example, when an employee leaves a company, the system automatically generates a job requisition. After approval from a manager, the listing appears on the corporate intranet. Employees submit applications electronically, and HR can compile resumes using Web-enabled applicant tracking software. Once the employee is transferred (or hired from the outside), the system prompts the worker to input data from the HRMS. It can also ensure that the employee is issued the appropriate equipment and supplies. Ultimately, “You reduce administrative inefficiencies as information is passed through the organization. You enable things like workflow and process automation to drive gains,” says Monson.

Although the typical organization is struggling to evolve from an intranet-based publishing model to a process model, the writing is already on the wall — or at least on the Web browser — and vendors are more than eager to provide the high-tech ammunition to make it all possible. For example, recruiting solutions provider Restrac of Lexington, Massachusetts, now offers WebHire Network, which automates almost every aspect of the recruiting and hiring process, including candidate searching and management, hiring functions, success measurement and consolidated billing — all from a single desktop interface. Austin Hayne also offers a powerful solution for managing performance appraisals online. Its Employee Builder software provides tools to track performance objectives, organize employees and documents, provide ratings and weightings and offer career coaching. The system is designed to link to core HRMS software from Peoplesoft, SAP and Lotus so that a manager can sit at a PC and view how an employee, or group of employees, rates in terms of education, training, compensation and more. Customized screens show only the appropriate data and guide the manager through the appraisal process.

MCI dials up greater gains.
Some companies, like MCI, have begun to recognize the power that is embedded in such systems. They’re redefining the rules for human resources, and ushering in a new era of competitive gain. For instance, an employee can log on to MCI’s intranet and register for a training course. His or her manager is notified instantly, and the system sends an immediate confirmation back to the employee. This is accomplished with no paperwork, no forms and no lengthy approvals.

More than 55 percent of MCI employees can also learn directly through the intranet, using either virtual coursework — computer-based training, complete with audio, video and online exams — or a virtual classroom, where instructors and students assemble to exchange ideas, information and knowledge in real time. This technology alone has cut $917 per person for each day of travel to the company’s Dallas training facility. The total savings from travel, facility and labor costs has exceeded $2.8 million since October 1997. As of the end of June, more than 3,800 students had completed online training courses.

Yet, as significant as the distance-learning capability is, the real gain comes from being able to access and track data about employees’ skills. “Managers can view transcripts and understand the needs of their employees far better than trying to decipher information from dozens of file folders,” says Warner. A manager can see the qualifications for a particular position, and then glance at a group of employees to see their progress.

But that’s not all. The data is coded so that HR can drill into the database and extract relevant information. For example, if the company has an open position, it can conduct a quick internal search for a qualified employee. If that fails to produce a candidate, the system generates a request to recruit outside the organization. While an authorized manager can view such data, the individual’s development plan remains private and confidential.

MCI is also realizing gains through several other leading-edge technologies. One of the most successful uses of the intranet has been multicasting presentations and meetings to groups of employees. Task force meetings, legal briefings and financial updates take place online, with video and audio streaming over the network. Like the distance-learning initiative, the multicasting is paying huge dividends. It’s saving the company nearly $1.5 million a year, while allowing meetings to convene more quickly and efficiently. Participants no longer need to travel to meeting locations — they can view the proceedings from their desktops at work or by using a notebook computer on the road.

The net rewards extend beyond cost savings.
Building greater collective intelligence is the ultimate goal for most organizations, and it’s finally becoming possible. “Intranets are providing the opportunity to make the HR department strategic,” notes AG Consultings’ Francone, but he points out that “strategic” means different things to different organizations. “Many organizations are content to reduce transactional and administrative overhead. They look at the resulting cost savings and are happy with the results. But some organizations are realizing that there’s more beyond that horizon. They understand that opportunity isn’t measured only in hard, dollar costs.”

In fact, so-called “intangibles” can represent the biggest opportunity of all — boosting productivity and morale. With 45,000 employees worldwide, MetLife has used employee self-service on a legacy mainframe system for more than a decade. Employees of the New York City-based insurance and financial services company could handle HR transactions — including benefits selection, 401(k) transactions and updating dependent information — using terminals located throughout the company, saving millions of dollars. Now, the organization is diving headfirst into an intranet. “Electronic workflow, electronic signatures and the automation of tasks offer an opportunity to remove HR from the administrative loop,” says Evelyn Franklin, manager of HR Re-engineering.

As part of its project, dubbed hrSPECTRUM, MetLife is radically enhancing its online capabilities. Using Lotus Domino and a Peoplesoft HRMS, the company is building an array of tools that rely on collaborative workflow, including an educational catalog and curriculum maps, recruiting and applicant tracking, open enrollment, beneficiary maintenance, compensation planning and individual development planning. “The ultimate goal is to focus on value-added activities that HR can provide to the organization. We’re not only re-engineering HR systems, we’re re-engineering the business of human resources,” she explains.

Of course, that’s easier said than done. “The biggest hurdle for organizations using a knowledge-based intranet is cultural, not technological. It forces people to think and act differently,” says Meta Group’s Gotta. One of the biggest headaches centers on data ownership; groups of workers must learn to share knowledge, rather than hoard it. For example, if HR data becomes valuable to sales and finance, it also helps operations determine where to build a factory. While the data may pass flawlessly from computer to computer within the network, it often requires specialists in each department to provide analysis and interpretation.

Pulling the plug on the old corporate structure.
When a knowledge-based intranet succeeds, employees often begin to organize themselves around clusters of information and common practices instead of departments and specific tasks. That makes it possible for someone in marketing or finance to tap into the knowledge of a person in HR or sales to solve a problem. It also makes it possible to assemble teams based on needed skills, regardless of their department. In the end, this ransacks the hierarchical structure in favor of a flattened organization that’s capable of rapid change. “The idea isn’t to have a digital Woodstock where everyone feels good about the latest technology. It’s to find ways to make a difference and improve organizational costs and efficiencies,” says Gotta.

Managing a next-generation intranet certainly isn’t for the squeamish. And it’s clearly not the task of IT alone to ensure that everything operates smoothly. MCI, for example, uses just over one hundred IT staff to manage 150 of the company’s 550 intranet sites, of which The Source is just one. Various business units handle the rest. In most cases, teams of employees from different departments and divisions sit on committees and task forces, ironing out policies, procedures and more. HR is expected to provide a significant amount of input and expertise, since many of these systems tie into human resources data.

Expensive and impressive technology doesn’t guarantee success. The corporate landscape is littered with projects gone awry, and a next-generation intranet can raise the stakes further because of its inherent complexity. As human factors and cultural issues intertwine with technology and processes, the challenges become enormous. When systems don’t work properly, millions of dollars can vanish into a technological black hole. The organization may end up automating already inefficient processes.

Despite these challenges, advanced intranets are quietly taking hold. According to Cambridge, Massachusetts-based Forrester Research, 35 percent of HR executives say their companies now offer more than static content on the Web, and 79 percent expect to feature interactive capabilities by 2001 (see chart, page 76). In addition, organizations are learning how to build a single interface for the Internet, their intranets and extranets so that data flows across corporate boundaries. They recognize that achieving results is about creating an easy-to-use interface that employees, managers and senior executives can’t resist. When that happens, the results can be astonishing. The entire organization can find itself hitting nothing but Net.

Workforce, September 1998, Vol. 77, No. 9, pp. 72-77.

Here are some examples of how next-generation intranets are changing the online equation:

Workforce, September 1998, Vol. 77, No. 9, p. 74.

In the beginning, online job recruiting burst into our consciousness. It quickly begot an array of Web sites, each serving as a repository for resumes and job listings.

While venturing online seemed like a huge leap in efficiency, many human resources professionals have come to realize that electronic recruiting has done nothing to automate processes. It has simply been another way to link to applicants and mine resumes.

In that respect, online recruitment has been successful. To be sure, online sites such as CareerMosaic, The Monster Board, E.Span and the Online Career Center continue to prove valuable for many HR professionals. In many cases, they connect a company to applicants better than ads in print publications. But they still haven’t solved how to reengineer recruiting to become less costly and more efficient. “By nature, recruiting is an incredibly difficult and inefficient process,” states Reginald Barefield, executive director of Talent Resources at Humana Inc., a six million-member HMO headquartered in Louisville, Kentucky.

In fact, for many companies, adding an online component means getting buried by electronic resumes — in addition to the flood of resumes sent via mail or fax. Even using resume scanning capabilities and sophisticated databases, the time and resources required to manage the process often produces only marginal gains.

“Today, companies have to use the Internet to remain competitive in the job market. The problem is that most don’t have an integrated strategy,” explains John Sumser, CEO of Internet Business Network, which publishes Electronic Recruiting News (www.interbiz-net.com).

That’s beginning to change. Thanks to more sophisticated computer programs, better databases and smart agent software, online recruiting is finally coming of age. Organizations that are able to combine the technological tools with a well-conceived business strategy are finding they’re able to reap rewards they couldn’t have imagined only a few years ago. Says Diane Tunick Morello, a research director at Stamford, Connecticut-based Gartner Group: “The Internet can be a highly effective way to find candidates. Companies that understand the processes and manage them effectively are at an advantage.”

But developing the right solution begins with an understanding of the capabilities of various electronic recruitment systems:

• General Job Sites. All purpose job sites — a.k.a. resume banks — have proven a phenomenal success. According to Electronic Recruiting News, over 2,500 Web sites offer job postings. It’s also estimated that there’s more than 1.5 million resumes online. Many organizations use sites like E.Span, The Monster Board and CareerMosaic to complement existing recruiting strategies because general sites inexpensively and effectively post positions and trawl for resumes. Whereas the Sunday classifieds of the Los Angeles Times or Washington Post can run $1,000 or more per listing, the price online usually costs around $100 per month, per posting.

  Also, the Internet helps companies connect with potential employees. Says Pamela James, senior staffing director at Irvine, California-based Taco Bell Corp.: “The Web can extend your reach to people who didn’t know about you or wouldn’t normally think about you. It can help you find high quality applicants who almost certainly would have gone elsewhere.”

  Yet general job sites do have a downside. High-visibility firms like Ford Motor Co. and The Coca-Cola Co. frequently find themselves inundated with resumes, while relatively unknown medium and small companies often see only minimal response from their job postings. “For many companies, it’s a case of receiving resumes you don’t want or not getting a volume of resumes to make it all worthwhile,” says Sumser. Another problem: the amount of work involved in formatting and managing ads for various sites. “It can devour an HR department’s time and resources. You wind up with many of the same inefficiencies of paper online,” he points out.

  Some sites and services are beginning to address these problems. Junglee (www.junglee.com) now offers the ability to automatically format job listings and content for various Web sites. Meanwhile, Restrac customers can now tap into CareerBuilder Network’s (www.careerbuilder.com) job-postings and import information directly into a database. Finally, Hot Jobs (www.hotjobs.com) has moved to a subscription-based model called Softshoe, in which the fee is partly based on results. The service offers the ability to add, edit and delete jobs instantly, and Web-based workflow to direct responses to a recruiter. For example, a hiring manager can click a button and view resumes submitted for a particular job, or search across a group of resumes for particular education or skills.

• Specialized Job Sites. It’s hardly surprising that as on-line tools have become more sophisticated, a greater array of offerings have become available. These days, most major newspapers offer classifieds on their Web sites, and in some instances, Web-based ads are offered free to anyone paying for a print ad.

  It doesn’t stop there. Different services have popped up to address the needs of specific segments of the market, including temps and university students. For example, JOBTRAK (www.jobtrak.com) is the largest online job listing service for college students. It offers upward of 40,000 listings, and is linked to 750 campuses in the United States. Advertising costs up to $395 for the ad to appear at all 750 career centers.

  “A growing number of sites are addressing specific market niches. It’s important to understand which service can pro-vide the largest pool of qualified applicants,” says Richard Johnson, president of Hot Jobs.

• Your Company’s Web Site. Listing positions on your company’s Web site makes sense. Not only is it a way to publicize various jobs, it reminds those browsing the site that career opportunities exist and that they should keep you in mind. Best of all, there’s no fee associated with advertising on your company’s site. The downside? Only those who already know about your company are likely to view the job listings. “In many cases, you wind up getting resumes from people you aren’t particularly interested in targeting,” says Sumser.

• Banner Ads. An increasingly popular way to attract attention is to purchase banner ads at job banks and recruiting sites on the Web. When a job surfer enters specific terms — say HRMS or accounting — your firm’s ad pops up. Although it’s a way to break through the clutter, it also can be costly. Depending on the site, banner ads can run from a few hundred dollars a month to several thousand, making it an approach more often used to create long-term name recognition rather than a way to fill an open position or two.

• Smart Agents Searching the Web. It’s so leading edge that only a handful of companies are currently using this technique. And unless you have the in-house IT expertise, you can pretty much forget it. However, smart agents — sophisticated software that automatically search the Web for high-quality resumes and then slot them into a database — might well represent the future of online recruiting. Some programs can extract e-mail addresses and send a potential job candidate news of an open position. “It saves money, it saves time, it delivers better candidates, and it automates a process that’s incredibly inefficient,” explains Humana’s Barefield, the developer of the company’s smart-agent software [see “Humana Takes Online Recruiting to a Hire Level,” page 63]. The problem with traditional online recruiting, says Barefield, is that “everyone is hoping the one great resume will pop out of a stack of 50,000 or 100,000 sitting on a particular Web site. You ultimately wind up with recruiters who spend their time handling tasks rather than being proactive and strategic.”

  Of course, putting all the pieces together is no easy task. Today, online recruiting involves more than individual tools and components. It’s finding more efficient ways to collect resumes, manage data and automate processes. Indeed, how an online recruiting system integrates with an HRMS and with applicant database and workflow systems, such as Resumix, Restrac and Hot Jobs’ Softshoe, goes a long way toward determining success. And, increasingly, such tight in-tegration is possible. Yet more than anything else, it’s about adopting a well thought out strategy. Says Taco Bell’s James: “The online world is merely a complement to traditional methods. The challenge is to tie it all together effectively.”

Workforce, August 1998, Vol. 77, No. 8, pp. 73-76.

In addition to the more obvious direct costs, there are several indirect costs you may not immediately associate with implementing an employee self-service system. Be sure to factor in all of the following as you evaluate return on investment:

• Windows-based client/server software or Web-based software
• Hardware, including the equipment needed to build a network: servers, routers, PCs, kiosks
• Customization
• Consultants to help with system design and integration
• Installation
• Training
• Maintenance
• Upgrades

Workforce, July 1998, Vol. 77, No. 7, p. 69.

Elaine Davis knows a good thing when she sees one. Three years ago, after Glaxo Holdings merged with Boroughs Wellcome, employees at the new company found themselves swimming in organizational charts and company directories. “Trying to find an employee and figure out who he or she reported to was impossible,” explains the director of human resource services. That prompted human resources to use a Web interface and a company intranet to post current information so that employees could find it on their own.

At the time, Glaxo Wellcome found itself venturing into uncharted territory. It used a development tool kit and its own information technology (IT) staff to create the firm’s first generation of self-service offerings. Although the company carefully designed an implementation strategy, it never conducted a cost-benefit study, it didn’t run a return-on-investment (ROI) analysis, and it certainly didn’t determine how much staff time the project would require. “We just knew we needed to find a way to get people to communicate. We recognized that it offered a significant value for everyone, including human resources,” says Davis.

Over the months that followed, as HR added a series of employee self-service (ESS) capabilities, the value of the technology became abundantly evident. Nevertheless, Davis and her staff aren’t a whole lot closer to understanding the underlying costs associated with the entire self-service program. They know they’re reducing paperwork, they recognize that they’re re-deploying staff to function more strategically, but getting a handle on the financials is as elusive as ever. “Today, this is simply the way to conduct business. There are no alternatives,” she explains.

It’s difficult to measure the cost and value of ESS.
In today’s rocket-paced world, Davis has plenty of company. At a time when most organizations scrutinize costs the way a forensic expert surveys the scene of the crime, ESS technology remains one of the final unexplored frontiers. It’s not so much that senior executives wouldn’t like to know how an implementation will play out, it’s that the costs and benefits are difficult to measure and even more challenging to understand. “Self-service is not a technology, it’s not a tool, it’s a behavior,” states Jerry McLaughlin, CEO of Enwisen Inc., a Novato, California company that sells employee information systems software.

When The Hunter Group, a global information management-consulting firm based in Baltimore, Maryland, examined the topic, it found that the majority of companies — particularly those in the high-tech arena — didn’t conduct rigorous cost justification before implementing self-service. Most organizations justified the technology as a way to serve a growing population of workers with no increase in HR staff, reduce the cost and cycle time for processing transactions, improve access to data, and raise the overall level of satisfaction with human resources. A few felt that self-service was inexorably intertwined with their image as a progressive company — regardless of the cost.

Of course, all this isn’t to say that companies should avoid looking at costs as well as capabilities. “Return on investment is an issue that can’t be ignored,” says Alexia Martin, a management consultant who conducted the survey of 25 companies for The Hunter Group last September. Yet understanding the cause and effect of today’s ESS technology is a mind-bending task. And one that must transcend the sphere of IT professionals. “In order to build a successful HR department, it’s necessary to use self-service technology to maximum advantage. It’s the future,” states Eric Gelman, director of marketing for PDS, an HRMS vendor headquartered in Bluebell, Pennsylvania.

Take a look at the big picture.
Merely looking at the price tag for a self-service system can certainly cause a case of sticker shock. When Martin examined what companies are paying to implement systems — either Windows-based client/server solutions or Web-based software — it became clear that $100 or more per employee is fairly typical. Some companies spend as much as $300 per employee to install the required software and integrate everything into a total solution. Factor in maintenance, upgrades and training, and the figure easily can jump by another 30 percent to 40 percent.

And all this is assuming the hardware already is in place. The equipment needed to build a network — servers, routers, PCs, kiosks and more — can add another $100 to $200 per employee. At one 20,000-employee company that Martin studied, the cost of implementing a system initially ran $890,000, and the total cost over five years exceeded $6.5 million. And that didn’t include maintenance and upgrades to the core HRMS. “Every module you install and customize adds significantly to the cost,” Martin explains. In fact, customizing a module to fit the exact needs of the company — a necessity for most organizations — can tally 60 percent of the software’s total cost.

Some vendors, such as Lawson Software, offer highly integrated Web-based ESS applications built into the core HRMS. Others, such as PeopleSoft, ESSENSE Systems, SAP, ADP, Oracle, J.D. Edwards, Lotus Development and PDS, are rapidly adding powerful functionality. And still others, such as Edify, NetDynamics, TALX and Seeker Software, are serving up components that can run on top of other HRMS systems. To be sure, there are plenty of different approaches to take — all designed to let managers and employees control their own data, including employee records, banking information, benefits, travel expenses, timesheets, electronic pay stubs, salary verifications and more.

Finding the right mix of hardware and software often has more to do with a company’s unique needs than cost. An organization with a large base of professional employees sitting at desks might turn to a Web-based self-service solution, while an organization with employees primarily on the factory floor might require kiosks and an interactive voice response (IVR) system. Yet, beyond that, it often comes down to how systems mesh with existing work patterns, and what software can deliver the biggest returns. It’s also a question of whether an enterprise has the expertise and resources to handle a project internally. Turning to an outside designer and integrator can ratchet up costs still more.

Make ROI a priority.
Early on, Glaxo Wellcome realized that it would have to build its own self-service components on top of a PeopleSoft system running an Oracle database. “When we began in 1995, there were no commercially available self-service software programs. It came down to doing it ourselves or not doing it at all,” says Davis. And because the pharmaceutical giant already developed the systems to build its own ESS modules as needed, it continues to do so using software from NetDynamics. The system allows workers to update employee records, emergency contacts, educational information and a Web-based company directory. It also features the schedule for shuttle buses, information about discount programs and health screenings, and even the menu for the company’s employee cafeteria.

And that’s paying handsome dividends. Although Glaxo Wellcome hasn’t conducted a formal analysis of costs and benefits, Davis estimates that self-service programs running on the corporate intranet have cut some transaction costs by 50 percent or more. Processes that used to take two or three days now are completed in a few hours. Across the entire department, about 10 percent of HR’s work now is transactional in nature, compared to 60 percent to 70 percent only two years ago.

At Pacific Bell in San Ramon, California, ESS will soon become the way that nearly all employee transactions take place. Today, employees can obtain employment verification via faxback by using the company’s intranet or an IVR system. The existing legacy system, which is more than two decades old, also allows employees to update W-4 data and make changes in their withholdings. Newly installed SAP software, which will be fully operational by 1999, will let employees handle myriad functions online using a Web browser: expense reporting; direct deposit updates; pay stub viewing; annual bonus information; employee records updates; emergency contacts; and attendance and time records, including overtime. Employees who don’t have access to a PC will be able to use many of the same features through an IVR system powered by Edify software. “The goal is to empower employees and cut costs,” says Burke Fong, a manager of human resources and a senior systems analyst for the 45,000-employee firm.

In fact, when Pacific Bell pulls the plug on nearly 60 legacy systems it now uses to handle HRMS and ESS, it will slash well over a million dollars a year in expenses. By reducing hardware, consolidating software into a single system and reducing support staff, the telephone service provider projects that it will recoup the total cost of the investment within three years. And it will eliminate a Year 2000 problem, while providing employees with far better service. The Web site will be available more than 20 hours a day, seven days a week — almost double the number of hours employees have access presently. “We looked at costs and ROI from the beginning,” says Fong.

And that’s a solid, if uncommon, strategy. Experts say a well-designed ESS solution typically can pay for itself within a year or two. In most cases, the return is approximately $35 to $50 per employee per year at a large company and as much as $100 per employee annually at a small firm. “It reduces costs on many levels,” says Gelman. For example, at a large United States oil company with 9,000 employees, Web-based self-service — handling only benefits statements and electronic pay stubs — slashed $368,000 in the first year alone. Approximately $108,000 of the savings came from eliminating paperwork and postage; $260,000 was cut by a reduced need for staff to handle the transactions over the phone and in person.

Achieving results with ESS is about dollars and sense.
When it comes to employee self-service, not all costs can be quantified in dollars and cents, and returns aren’t only a measure of money saved. As Davis puts it: “There are tremendous opportunity costs associated with a self-service program.” In many cases, improving the quality of service HR provides can go a long way toward raising satisfaction with the entire organization. It can also help human resources become more strategic — either in the way it handles transactions or by having the time and tools to analyze data and provide top management with a better understanding of staffing needs.

Yet, tossing together a system simply to join the self-service bandwagon can create an endless series of headaches. Without a highly integrated solution that offers scalability and flexibility, all the technology in the world can’t make employee self-service succeed. Enwisen’s McLaughlin believes a company that rushes into self-service risks failure. “Ultimately, it costs the same to build an outstanding system as one that’s poorly conceived and badly designed,” he says. “More than anything else, an employee self-service solution has to be intuitive, useful and convenient. It has to provide advantages for those using it in order to benefit the organization.”

At a time when cutting costs and eliminating unnecessary work has become a corporate religion, self-service is finally serving the organizations that truly understand its value.

Workforce, July 1998, Vol. 77, No. 7, pp. 67-69.

America is fast becoming a self-service society. These days self-serve gas pumps far outnumber full-serve pumps. Our banks encourage us to use ATM machines for 24-hour service. And the “free refills” slogan brought us self-serve soda fountains at fast-food restaurants. A little more slowly, a little more quietly, Corporate America is making the same shift.

Employee self-service. The mere mention of the words elicits joy in the hearts of human resources professionals everywhere. And it’s not difficult to understand why. Buried under an avalanche of forms and phone calls, HR historically has been relegated to a messy corner of administrative hell. Processing an endless stream of requests, updates and clarifications has allowed little time to become more efficient, let alone strategic. Thus, the idea of introducing technology that can automate processes to let employees handle functions themselves sounds like a passport to The Promised Land.

Yet, buried beneath all the glowing reports about how self-service can transform an organization lies an important and all too often ignored fact: Achieving outstanding results requires a significant change in cultural mindset. It’s not good enough to roll out the latest and greatest form of employee self-service (ESS) and leave it to employees to adopt the technology with wide-eyed enthusiasm. And it’s certainly not good enough to introduce the concept and smugly think that advantages for human resources translate into gains for the entire organization.

“No matter how important an employee self-service project is and how great a concept human resources believes it is, the cultural and sociological impacts can’t be ignored,” states Susan Obijiski, an analyst for Gartner Group, a consulting firm based in Stamford, Connecticut. She says, “If you get off to a disastrous start, the battle to implement the technology becomes far more difficult.” James Hatch, a partner in the Workplace Transformation Practice at Arthur Andersen LLP in New York City, adds: “The thing that many organizations don’t understand is that self-service affects behavior and the way employees think about the company.”

That makes sense, of course. Yet, these days, organizations are busy introducing ESS without understanding the full impact on the workplace. How do employees typically respond to these systems? How do they feel about having fewer interactions with HR? Is accuracy a concern? And, amid all the rhetoric about human resources becoming more strategic, what’s really happening?

At a time when organizations are desperately struggling to define and redefine themselves, self-service technology offers incredible opportunities… as well as remarkable risks. “It’s an absolute change in mindset for everyone involved,” says Jerry McLaughlin, CEO of Enwisen, a Novato, California company that sells employee information systems software used for ESS.

ESS brings rewards.
According to the Bethesda, Maryland-based consulting firm Watson-Wyatt, about 60 percent of all organizations are now using some form of Web-based employee self-service technology. Approximately 35 percent cited improved service to employees and better communication as a primary goal. The Gartner Group estimates that 40 percent of traditional HR activities will be handled by ESS by 2000.

It’s no secret that most companies introduce self-service technology for one primary reason: It can save huge sums of money by eliminating unwieldy processes that devour time and resources. Of course, other benefits can result from employees taking control of their own transactions, including helping them take greater responsibility and ownership of their careers. But, let’s face it, that’s hardly a justification for spending millions of dollars on sophisticated hardware and software.

Although the return on investment varies greatly from one company to another—partly as a result of how each organization reengineers work processes—various studies have shown that ESS can result in a savings of 20 percent to 80 percent per transaction. Many systems can pay for themselves in a year or two, and subsequently produce multi-million dollar gains. ESS can also free HR from the administrative treadmill while providing a more convenient way for workers to make changes to their own data.

Eliminating manual data entry and a steady stream of visitors to the HR department has removed an ongoing need for temporary workers in human resources, and subsequently helped the department spend more time coaching and counseling employees on career matters. “There was a lot of concern when we introduced the first self-service program in 1993,” admits Kenneth S. Wagner, director of worldwide information technology at Bristol Myers Squibb of Princeton, New Jersey. “But today it’s a non-event. Nobody is asking for the ‘nice’ people who help them fill out the forms.”

The end result? An HR department that actually is becoming more strategic. Using technology to reengineer processes, human resources recently has introduced several notable changes. One of them is the elimination of paper-based annual appraisals. Instead of managers filling out a form and handing the paperwork to HR for approval, they now engage in a meeting with each employee and discuss mutual goals, objectives and challenges. “It’s opening new channels of communication,” states Wagner.

ESS also brings risks.
When it’s done right, employee self-service can achieve remarkable results. But it doesn’t always work out that way. As employees begin to conduct business transactions through computers, “they can easily lose their connection and identification with the organization,” says Hatch. Instead of speaking to a live representative in a call center or an office, they’re left to fill out forms on their PC. Ultimately, by taking HR out of the equation, the formal and informal channel of communication can be lost if there are no attempts to remedy the situation with new forms of communication. “The relationship between an employer and employee is the foundation for a company’s success. If workers begin to lose the link, the effects can ripple throughout the organization,” states McLaughlin.

In fact, the mere introduction of cost-saving technology such as employee self-service can introduce problems—if an organization hasn’t devoted time and effort to mapping out the process and understanding the changes that will take place. As corporations embraced a business model that engenders less loyalty between employer and employee, workers are finding that the “fulfillment and sense of belonging they get out of work is more important than ever before,” says McLaughlin. Thus, the question can ultimately become: “Does any of the money saved go toward employees or improving communication between managers and workers?”

But that’s not the only potential land mine. When the Gartner Group’s Obijiski consulted for one large company on an ESS implementation, she found a curious disconnect between employee perceptions and reality. The company had successfully introduced a module that allowed employees to update their own records. Surveys indicated the workers genuinely liked the system and preferred it to traditional methods. After the company introduced several other self-service capabilities, however, surveys turned decidedly negative. “Employees, particularly in human resources, were afraid they weren’t going to have jobs in a few years. The fear was born out of the company using ESS to downsize HR staff. The people who left became extremely disgruntled and communicated their displeasure to the rest of the workers,” she explains.

Be sure your system works well at rollout.
If you take a proactive approach, you can guard against these negative first impressions. “In today’s business environment there’s an overwhelming need to do more with less. But there’s also an awareness that employee self-service has to serve everyone’s interests,” says Eric Gelman, director of marketing at PDS, a provider of HRMS and self-service solutions. To be sure, it’s a fine line between success and failure. Although a human resources department might recognize the value of ESS for the organization, that enthusiasm doesn’t necessarily translate into gains for workers.

That concept serves as the foundation for ESS at a growing number of companies. In fact, many organizations are learning that employees actually prefer a well designed employee self-service program to pen and paper. At Bristol Myers Squibb, 24,000 American employees can update records, conduct flex enrollment, update emergency information and more through an intranet or over the phone. Checking on 401(k) balances also is a snap. Workers can access account information 24 hours a day, 7 days a week by connecting directly with Fidelity Investments of Boston, Massachusetts.

The company spent the time and resources to build an easy-to-use system—with Web-based ESS software from Austin-Hayne of San Mateo, California and IVR software from Santa Clara, California-based Edify—and workers are reaping the benefits. Processes, such as generating 401(k) statements, that used to take days, now take place in seconds. “People don’t miss the interaction with human resources because they are getting better service,” states Wagner.

Of course this only works when the service is good. A poorly designed interactive voice response (IVR) or Web interface can dismantle a program as quickly as workers click on tasks and become frustrated by a poorly designed user interface or lack of functionality. Unclear menus or a system that requires employees to resubmit the same information every time they update a record or submit a report is a surefire way to fail. Even worse is a system that allows a worker to choose, say, a health plan, generates a confirmation but later rejects a claim because the person selected an invalid option while signing up.

In fact, system integrity is a core issue. Although inaccurate data is rarely a problem—when employees manage their own records electronically fewer errors actually occur—it’s the way the software handles information that can make or break ESS. When employees enter data and the system doesn’t process it properly, word quickly gets around. “People lose confidence and find ways to avoid using it,” says McLaughlin. Another sticking point is when a worker spends several minutes filling out an electronic form, only to have the system reject the transaction or force the person to start all over again. Likewise, a system that can’t instantly update a change in withholding or can’t display the latest pay stub information is likely to sink under the collective weight of employee disapproval.

“The time savings for a well implemented self-service project is immeasurable,” says Tom Meadows, a vice-president at Ceridian Source Empowerment of Cuyahoga Falls, Ohio, a provider of self-service and IVR solutions. Yet, experts agree, the technology requires a well-defined strategy. In most instances, it’s best to first offer a “killer app” that can convince workers that self-service offers them notable benefits. Once employees are convinced the system works and it can save them time and effort, it’s possible to expand the offerings. “Most companies that succeed start simple and continually look for ways to draw employees in while leveraging their assets and resources,” states Obijiski.

That was certainly the case at Richmond, Virginia-based LandAmerica Financial Group, a company that processes title insurance. In the fall of 1997, the company rolled out an online address change form using Ceridian Source Empowerment’s software. Since then, the 4,000-employee company has added modules for benefits and enrollment, taxes, company policy information and internal job postings. Last fall, when the company used the benefits module to introduce a paperless enrollment environment for workers at its headquarters, the entire process took place without a hitch. “Employees now view HR as a progressive department rather than paper pushers,” boasts Carol Gentry, HR information systems manager.

Take employee self-service to a higher level.
Not surprisingly, the success of an employee self-service system often hinges on several other key issues. Obijiski believes that no matter how dazzling the technology is, it’s necessary to overcome several common obstacles. Information technology (IT) professionals often see the project as a winning proposition, but do not take into account the cultural factors surrounding the change. As a result, they’re likely to design the site without human factors in mind. “The same work processes that existed with paper become part of a Web-enabled application. Instead of an employee viewing only the two or three relevant fields, they’re bombarded with 25 fields and they wind up overwhelmed and confused.”

Resistance to change is often the biggest headache of all. In a typical implementation, about 20 percent of employees are likely to dig their heels in and battle the new way of doing things. An additional 20 percent are likely to resent the change but use the system with a bit of cajoling, says Obijiski.

And the human resources department is hardly exempt. After all, the project can mean getting rid of file drawers and forms that have been part of the department’s collective psyche for decades. It means rethinking work and retraining individuals to handle entirely different tasks. And then, if the project succeeds, it could eliminate jobs.

But the greatest resistance can occasionally come from the most unlikely source: management itself. It’s particularly a concern at large corporations with entrenched ways of doing business. Although it would seem logical that senior managers would embrace employee self-service, it thoroughly muddles the idea of who’s responsible for record keeping and who’s to blame, says Obijiski. “There’s nobody to point a finger at and say ‘fix it’ if employees aren’t using the system right or if records are a mess. ESS crosses departmental boundaries and gets to the root of the company’s culture.” she states.

Training can help you sell the change.
Alexia Martin, a management consultant for The Hunter Group, believes education and training are paramount to success. Employees have to understand what’s coming, why it’s coming and what’s in it for them, she says. If a worker realizes how much easier it is to enroll in training, request vacation time or check on a 401(k) balance through the company’s intranet, he or she is likely to embrace the technology and use it. And once the person’s sold on the capabilities of ESS, he or she is likely to approach future changes with a positive attitude.

Obijiski insists an ESS rollout shouldn’t be rushed. Not only can it take months—sometimes a year or more to plan and implement—it’s essential to beta test the program, measure feedback and thoroughly understand the cultural ramifications at all levels of the organization. It’s also crucial to develop an overall strategy and timetable for implementing new technologies—and, as much as possible, understand the underlying financial issues.

Ultimately, employee self-service requires a major behavioral change. “You can never go backward once you’ve introduced employee self-service. It will have a profound impact on the organization,” McLaughlin observes. Yet, whether that impact is positive or negative has as much to do with how human resources manages the process as it does with the hardware and software that’s deployed. Employee self-service is more than a technology, it’s a state of mind.

In today’s ultracompetitive work environment, few company secrets are as important as what workers earn. And last February, Pixar Animation Studios of Richmond, California, found out just how easily the information can be compromised. With the click of a mouse, someone within the organization—nobody is sure exactly who—sent an e-mail that accurately listed the salaries for each of the firm’s 400 employees. Not only did the public release of the data serve as a huge embarrassment and potentially compromised the firm’s ability to attract top talent, the e-mail raised serious legal concerns centering on the violation of privacy.

On a list of crises for a human resources professional, it ranked right at the top. And, unfortunately, it wasn’t an isolated incident. According to The Computer Security Institute of San Francisco, 75 percent of companies have suffered financial losses, such as financial fraud, theft of proprietary information and sabotage, from computer security breaches. The institute found that the biggest security threat typically comes from inside an organization. “There are plenty of people—hackers and others—looking to steal information or do something malicious,” states Darren Donovan, a senior managing director at Pinkerton Investigation Services, a security and investigations firm in New York City.

Welcome to HR’s newest battleground. As more and more data goes electronic, the risks and threats to the modern organization grow. An unencrypted e-mail sent over an intranet or the Internet can allow crucial information to fall into the wrong hands. A PC without the proper password protection can easily become a fountain of illicit knowledge. And a network without the proper safeguards, including a firewall and audit capabilities, can become a high-tech sieve that lets crooks steal or destroy sensitive data. These days, there’s even cyberterrorism —orchestrated attacks on organizations for political or economic purposes.

Yet, despite the need for sophisticated hardware and software protection, data security has far more to do with policy than product. Notes Chip Mesec, director of product management at Santa Clara, California-based Network Associates, a provider of network security products: “Having the right systems in place is crucial. But unless employees understand the consequences of their actions or inactions, unless they’re educated to follow procedures and abide by rules, all the solutions in the world won’t work.”

For human resources, the implications are clear: In today’s business environment, it’s essential to understand enough about the technology to ensure breaches don’t take place. It’s also crucial to know that employees are using electronic security properly and that HR policies are in place to deal with training, education and compliance. “A tremendous amount of thought and planning is required,” states Kevin Wheeler, vice president of staffing and employee development at Charles Schwab and Co. in San Francisco. Yet, juggling corporate politics, procedures, staffing issues, and educational concerns to secure a workplace can seem overwhelming. Today, it requires a team-oriented approach that involves HR, security, legal and information technology (IT). As Mesec puts it, “Electronic security cuts across departments and divisions, but it always gets back to human resources issues.”

Pay attention to the growing risk.
A quarter-century ago, a typical company conducted the vast majority of its business on paper. Important files and documents were kept under lock and key, and when something was sent to someone across the office or in another part of the country, a set of security precautions was almost always used. In most instances, a document was sealed and sent by courier or registered mail with a signature required at the other end. Paper shredders helped ensure that sensitive documents didn’t wind up in front of the wrong pair of eyeballs.

But today, the move from paper-based systems to electronic data management has turned security upside down. Although breaches have always been part of the corporate landscape—a dishonest or inattentive employee presents a serious concern in any environment—digital data is far easier to duplicate and disseminate “In the past, a fairly limited number of people had access to key data. With the opening of systems to the entire workforce, particularly HR records, people can access and even change information and records. There’s a greater risk of employees accessing information that’s not theirs, and once a problem occurs, people lose confidence,” explains Bill Davies, director of technology at PDS, an HRMS systems vendor with headquarters in Blue Belle, Pennsylvania.

Violators now include a long list of individuals: workers who are disgruntled or have been laid off; contractors; consultants; even good employees who inadvertently destroy, alter or expose crucial data. Moreover, curiosity, gossip and the indiscriminate sharing of data can also lead to crime and a litany of other nightmares.

One thing is clear: today’s crooks are opportunistic—and elusive. A computer left unattended for a moment—and without proper password protection—can serve as an access point for a data bandit. It’s then possible to intercept data from the network using specialized software, tap into confidential files on a PC or a server, and undelete previously erased data from a hard drive, including e-mail. Unless the person storing data has encrypted the information or used a “wipe” delete function to get rid of it, the information isn’t secure.

And all this is just the beginning. Dial-up remote access—an increasingly common tool for telecommuters and traveling employees—is designed to provide entry into a network. Once there, it’s possible to gain access to unauthorized files unless firewalls and other protections are in place. Internet access poses yet another threat. And, as the Pixar case points out, an e-mail message can instantly transport company secrets to someone outside the organization. As Donovan puts it, “The risks are everywhere.”

The Pentagon found out how true that statement is in February. Despite an elaborate effort to protect its vast data bank, computer hackers broke into an unclassified section of its network and conducted “the most organized and systematic attack” ever, according to Deputy Defense Secretary John Hamre. The individuals who conducted the attack examined and possibly altered confidential payroll and personnel data. The assault was one of 250,000 attempts to crack the Pentagon’s security code each year.

But, more often than not, the biggest threat exists within an organization. For example, at Omega Engineering Inc. of Bridgeport, New Jersey, an engineer who doubled as his firm’s network administrator allegedly launched a logic bomb (a hidden malicious program) that deleted every application and file on every hard drive at the company. That resulted in more than $10 million in damage. Three weeks after the network administrator was fired, the program deleted every file on the network. “Employees came to work but couldn’t boot their computers,” Omega’s Director of Human Resources Al DiFrancesco later remarked in ComputerWorld magazine.

Although the man has been indicted by a grand jury and currently is awaiting trial—he faces a maximum five-year sentence and a possible $20 million fine—Omega learned its lesson the hard way. Even sophisticated back-up, recovery and audit software alone can’t prevent an incident. It’s the human side of the equation, well-designed policies and procedures, that make or break an organization.

Take a byte out of crime.
Firewalls, encryption, digital signatures, public keys, security tokens—products like these might make you feel as though you’ve been transported to the far reaches of the IT galaxy. Yet, it’s how people use the tools that largely determines whether key data remain a firm’s bread and butter or become toast. Ask yourself: Who has access to information? What files can specific employees access? What do people do with data? How do they share data? “Human resources should play a central role in determining who has access rights to certain data as well as educating employees how to use security tools correctly,” says Jude O’Reilley, a research analyst at the Gartner Group, a Stamford, Connecticut, market research and consulting firm.

At brokerage firm Charles Schwab and Co., data security has become a religion. With service representatives accessing highly confidential customer account records and servers storing mission-critical data, there’s no margin for error or problems, says Wheeler. As a result, the company conducts extensive background checks on all employees, offers a security briefing during orientation, and then provides booklets, brochures and intranet links that constantly remind employees what they should and shouldn’t be doing. In addition, any employee who works with the public must take a refresher course and exam once a year to ensure that he or she understands company policies and procedures related to data security—including the use of passwords and e-mail.

But the company also goes to great lengths to ensure that human policies mesh with physical security. For example, all service centers and branch offices are equipped with PCs that lack floppy drives and modems—and employees aren’t allowed to bring in any type of foreign media. Only data that have been approved and certified are available through a secure network connection. That makes it extremely difficult to remove or corrupt data, and ensures that viruses won’t wind up in the system. Although such a design can make some tasks, such as training, more difficult because local offices can’t load an updated CD or floppy disk into the PC, “Everyone understands how important it is to make sure that there’s no risk of compromised data,” says Wheeler. Schwab backs all this security with regular spot checks and sophisticated network monitoring that can detect illicit files.

Of course, Schwab’s detailed policies didn’t just happen. They were the result of meticulous planning. A senior vice president of human resources interacts with various other department representatives—including IT, legal and compliance—to put procedures and rules into place and regularly update them through a formal review process. In addition, human resources works with the security department to determine what actions and punishment should occur if an infraction takes place. “Decisions are made on a case-by-case basis, though the company generally has a very low bandwidth of tolerance,” says Wheeler.

In fact, Pinkerton found that 80 percent of a company’s vulnerability to cybercrime is related to inconsistent information security practices, including the use of passwords and standardized log-off procedures. “Passwords, codes, access levels and other tools are crucial, but security is just as much about culture and corporate attitudes as anything else,” says Donovan. And that begins with making clear which data are proprietary and valuable and which are cleared for public release. Many companies don’t adequately inform employees on such issues, he points out. Even worse, far too many organizations don’t bother to ask workers—as well as consultants and outside contractors (who frequently pose an even greater risk)—to sign a confidentiality agreement. The result? Ignorance about how to handle important data and questionable legal liability, if the case ever reaches a courtroom.

“One of the problems is that employees and employers tend to become lax and, over a period of time, pay less attention to policies,” says Burke Stinson, a spokesperson for AT&T of Basking Ridge, New Jersey. In fact, infractions take place despite AT&T handing employees information at orientation and providing them with bulletins and notices that remind them to change passwords, switch off computers at lunch or after work, and use encryption for highly sensitive e-mail.

Consequently, AT&T’s security department conducts regular audits and spot checks to find violations and then sends out notices to employees who haven’t complied with policy. What’s more, temporary employees—particularly in the IT department—aren’t allowed into the system. Ultimately, “It’s the tone you set within an organization. If you have slipshod management and a relaxed attitude, you’re setting yourself up for problems. If you take the risk seriously and use proven methods to make sure workers comply, you greatly reduce the odds of anything catastrophic happening,” he explains.

Build a better strategy through teamwork.
O’Reilley believes that a workable solution always comes down to three key issues: 1) Determining which data are private, 2) who has authorized or unauthorized access to data, and 3) potential ways people can access network-based information. Although it’s IT and security departments that typically put computer security systems in place, HR must communicate the human side of the equation—particularly when data originates and resides within the HR department, he argues.

Among other things, that means mapping out processes and work patterns—often using a team-based approach or a task force that cuts across departments. O’Reilley believes it’s necessary to create a continuum, ranking information from “public” to “business critical” and then putting work models in place that allow appropriate individuals to view appropriate data. In the case of HR data, for example, employees would be allowed to view their own records. A manager who directly oversees a group of workers might have data privileges as well. But the same manager wouldn’t be allowed to view data for other workers, other managers or executives. That becomes the centerpiece of designing security systems and policies. In fact, once rights and privileges have been mapped out within the organization, it’s possible to create secure work teams or departments unrelated to geography. It’s also possible to determine who is violating established policies.

If individuals outside the organization pose a threat, then it’s probably an issue best left to security and IT. However, when the threat is internal, human resources can play a key role in identifying potential violators within the company. In some cases, HR might be aware of previous violations and infractions that could tip off future problems. Routine background checks conducted during the pre-employment process might also provide important clues. In fact, experts say that thorough background checks should be mandatory for network administrators, who are entrusted with enormous power and can wreak havoc if they abuse it.

Dealing with employees who are leaving the organization is just as important. According to Donovan, many security breaches occur when a disgruntled employee—usually somebody who has been fired—is allowed access to his or her PC. Although managers would never dream of letting the person rifle through filing cabinets, they often don’t consider the consequences of allowing that person to log onto his or her computer. “A strict termination policy must be in place, and one that deals with passcodes. A person should immediately be locked out of the system,” he says.

New technology is making it easier to nab crooks and maintain solid security. Biometrics—once the stuff of James Bond films—is beginning to filter into the workplace. Using thumbprint, retina or facial recognition, biometrical devices allow only authorized personnel access to the network, without the hassle of passwords. What’s more, a person is able to log on from any location, and, in the case of facial recognition, the computer monitor can automatically go blank when the individual walks away. In addition, far more sophisticated intranet-based firewalls are cordoning off departments, while encryption is becoming increasingly transparent. In many cases, e-mail is encrypted and decrypted automatically by software running on the PC.

Yet no amount of technology will ever eliminate all cybercrime. As Mesec puts it, “As long as there are people, there will be incidents.” Ultimately, it’s up to human resources—partnering with security and IT—to help employees understand the risks and responsibilities of using computers. Indeed, a byte of prevention goes a long way.

Workforce, May 1998, Vol. 77, No. 5, pp. 53-60.