VC investment alters the HR technology landscape

hr_investment_bargraphBillions of dollars invested in HR technology companies have created a handful of new and reborn one-size-fits-all HCM vendors who made a big splash on the HR scene throughout 2015 and 2016. Not to be outdone, niche HR specialist vendors have upped the ante with some very compelling niche products targeting recruiting, performance, learning, compliance, and social collaboration. Choice is always a good thing for HR departments. How does all this investment in HR technology companies change the way HR executives think about using technology within their operations? 

To best-of-breed or not to best-of-breed? That is now the question.

There is no question that current thinking leads HR executives toward single-vendor-fits-all approach for HCM over using multiple best-of-breed niche software providers. The best-of-breed approach may gain favor as convenient and reliable data exchange service to core HR platforms mature. I’m seeing this trend occur with SMB accounting and sales automation providers now supporting data exchange to financial institutions, POS, fulfillment services, lead sources, and even benchmarking data. I expect the HR space to follow suite making a best-of-breed solution approach more viable for HR executives to consider in the future.

A new category is born—The Social Workplace.

Facebook, Google, and Microsoft are all well-positioned to Socialize the workplace. Social tools at work have the potential to reinvent tracking time, electing benefits, performance management, training, and coaching. This goes much deeper that LinkedIn or Glassdoor—think Facebook, SharePoint, and GoToMeeting combined. In fact, Facebook is already in the game with Workplace by Facebook (https://workplace.fb.com/) launched in late 2016. Gaining access to the employee’s wallet will be the holy grail for Social Workplace vendors, and HR is positioned as the epicenter to be the gatekeeper and policy maker for this new category. I’m concerned that many HR executives are too overwhelmed with day-to-day workload to properly address this opportunity. So, jumping into bed with Facebook may be convenient but not in their companies’ best interests. There are so many issues to consider: security, privacy, data ownership, productivity, etc. It’s HR’s ball to carry right now, and I’m hopeful that HR executives prioritize their time so they can lead the charge to carefully, thoughtfully, and safely deploy Social Collaboration in their workplaces.

Regulations grow exponentially; strategic outsourcing is HRs only hope to keep up.

With all good intentions government continues to burden companies with new reporting and regulation. With the expansion of E-Verify, EEOC, health and welfare laws, efforts to curb tax refund fraud and change tax brackets, the coming compliance burden continues to grow. We’ve learned from the ACA that new employment laws can be anything but a routine and predictable compliance job during their initial rollout. Already understaffed HR departments should strategically outsource these duties to specialists because when you bake in the true cost of doing the work yourself, outsourcing is truly more affordable and reduces compliance failure risks at the same time.

On premise software bites the dust.

Technology investments have favored Cloud vendors exclusively since investors like the advantages of the Cloud business model with shorter development cycle times, a single code base across the customer base, a streamlined support experience, and out-of-the-box integrations with third-party vendors. These things are all made possible by the Cloud software business model. The Cloud business model also does away with version upgrades costs and aligns customer and vendor interests around a stable and compelling product version which reduces the demand for support. That benefits both parties. Vendors are rewarded with lower costs and clients are rewarded with a better product and lower total cost of ownership. As most software vendors exclusively align their products to cloud deployment, on premise software becomes a relic of the past.

The billions of investment dollars in the HR technology space over the past five years has created new choice for HR departments. HR executives should look to outsource the increased burden of compliance to leave them bandwidth to focus on strategic technology investments such as Social Workplace tools and Human Capital Management software. Arguments will still be made for a single vendor solution, but a best-of-breed approach may gain more favor soon. Either way, HR needs to exercise caution with adequate due diligence in the vendor selection process. Don’t pick a vendor solely on technology demonstrations. A vendor that is too focused on feature-packing and super growth and not enough on customer service can be a nightmare to deal with. Nothing can make up for bad partner choices and failed implementations. The cost, aggravation, disruption, loss of time, and negative hit to your reputation as an HR leader is unrecoverable.

Taming the monsters inside us

An awful lot is written about security from an Information Technology perspective, so we are pre-programmed to think that security means firewalls, encryption protocols, password policies, tokens and the like. Unfortunately, organizations are most at risk of theft and fraud from those that have intimate knowledge of their inner workings. We often don’t hear about these events because they are perceived to be embarrassment to the victimized entity.

Over my career, I’ve seen a number of situations where organizations have unwittingly put themselves at great risk for internal or even customer fraud. I’ve also been privy to some clever (but misguided) attempts that have failed miserably.

And I’d like to share a few of these past situations that have left an indelible impression on me.

I’ll start with the Canadian felon who duplicated a legitimate client refund check and then proceeded to issue hundreds of duplicate checks off this account. Then there was the controller that embezzled cash by processing refunds to inactive client accounts and redirected the refund deposits to his mother in-law’s bank account. Another incident involved an accounts receivable clerk that literally cashed hundreds of customer checks into a duplicate company account that she fraudulently opened in her name only. I was once exposed to a situation where a payroll manager cleverly voided federal tax deposits and then transferred those exact funding amounts to her own bank account. I should also mention the former Human Resources manager that used his still-valid payroll login credentials to change employee net pay bank account numbers to fund anonymous electronic payroll debit cards. Not so long ago, an IT worker retaliated against his soon-to-be former employer by posting all employee salaries on multiple bulletin boards at work. And finally, the data processing technician who gleaned bank account numbers from a payroll export file and then made payments to credit cards online using those stolen account numbers.

The common denominator in all of these situations is an insider. Well thought-out internal security protocols and procedures are our best defense against this type of fraud.
Here are my recommendations to be protected against being defrauded by the monster inside us.

Be ever vigilant with your cash and cash accounts. Reconcile bank accounts frequently and separate the reconciliation responsibility from those who processes payments or create client accounts. Use online banking access to match checks, electronic payments, and deposits to your accounting system daily. Require two signatures and/or electronic authorization for all checks or transfers greater than a threshold amount. Place blocks on your accounts so only authorized third-parties can debit funds from you. Use positive pay banking features, and flag unknown transactions and investigate them immediately. Good internal controls and procedures are the best deterrent to internal fraud. These basic steps will not only reduce your exposure to fraud but they’ll help you identify it really quickly when it happens so you can mitigate your damages substantially.

Separate Duties. I’ll say it again for effect. Separation of duties is essential. For example, never-ever-ever have the person who receives the money and credits the client accounts also produce your client billing. Client setup and termination should never be handled by the person that collects and posts your money. The person who reconciles the bank accounts should be different that the one that makes journal entries into the accounting system. You get the idea here: Separate duties so one accounting function provides a built-in audit to the other accounting function.
Expire access to systems and facilities prior to terminating employees. Termination can trigger retaliation and drama. Don’t put your company at risk for embarrassing post-termination drama. Get your ducks in a row prior to letting all employees go by terminating their access to all systems, collecting all their company assets, and ensuring that their access to facilities is limited.

Treat your payroll vendor like it is giving away your money. Just because you’ve outsourced your payroll doesn’t mean that you are safe from fraud. Make sure you separate the duty of changing account numbers from the person that reviews account number changes. It is a good practice to audit direct deposit account changes prior to processing each payroll. Also verify all third-party deposits. Review all manually entered checks, adjustment checks, and voided payments. Ensure that appropriate security is setup so sensitive information like salaries, social security numbers, and account numbers are available on a need-to-know basis. Limit those who can create output data or exported reports with sensitive data. Interface and export files should be encrypted at the source before they are downloaded or transmitted. A good payroll vendor will provide features such as warnings and detail reports to make these audits and verification steps fast and painless. If your payroll company doesn’t support these important features, then get a new payroll company.

The above recommendations are not intended to be exhaustive. The examples should make you think and assess your fraud risks and create a plan to mitigate them. Disciplined audit and security protocols are a great deterrent to fraud, and that deterrent may just be enough to tame those monsters inside your organization.