the journey to world-class data management, reporting and compliance best practices presented to:...
Post on 20-Jan-2016
212 views
TRANSCRIPT
The Journey to World-Class
Data Management, Reporting and ComplianceBest Practices
Presented to: Lawson Software, Inc. / City of Columbus, Ohio
William Bacote
Manager
The Hackett Group
April 9, 2008
Page 2
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Statement of Confidentiality and Usage Restrictions
This document contains trade secrets and other information that is company sensitive, proprietary, and confidential, the disclosure of which would provide a competitive advantage to others. As a result, the reproduction, copying, or redistribution of this document or the contents contained herein, in whole or in part, for any purpose is strictly prohibited without the prior written consent of The Hackett Group.
Copyright © 2007 The Hackett Group, World-Class Defined. All rights reserved.
Page 3
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Objectives and Expectations
Examine current process efficiency, effectiveness, and structure Understand current gaps to best practices, and service delivery model considerations
through examination of Hackett Best Practices Begin the development of a best practices scorecard
Page 4
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Aligns with strategy Reduces costs Improves productivity Promotes timely execution Enables better decision making Leverages existing and exploits emerging
technologies Ensures acceptable levels of control and
risk management Optimizes skills/capabilities of the
organization Promotes collaboration across the extended
enterprise
Hackett’s Best Practices are certified when there is a correlation with world-Hackett’s Best Practices are certified when there is a correlation with world-class performance metricsclass performance metrics
Best Practices Defined:A Hackett-Certified Practice is a proven technique that delivers measurable value
Page 5
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
A description of each Hackett best practice for this process
A description of current utilization of this best practice
CoverageHigh Widespread impact on the enterprise and/or significant value-addMedium Impacts multiple areas, value-add is significant but less relative to
processes ranked as HighLow Impacts a single area of has limited span of adoption throughout the
enterprise
CoverageHigh Widespread impact on the enterprise and/or significant value-addMedium Impacts multiple areas, value-add is significant but less relative to
processes ranked as HighLow Impacts a single area of has limited span of adoption throughout the
enterprise
ApplicableYes Adoption of the best practice is in line with current/future business needsNo Best practice does not fit the current business needs
ApplicableYes Adoption of the best practice is in line with current/future business needsNo Best practice does not fit the current business needs
CommentsStatements pertaining to the technology enablement, policy enactment and other challenges and/or prerequisites associated with improving the utilization of the Best Practice
CommentsStatements pertaining to the technology enablement, policy enactment and other challenges and/or prerequisites associated with improving the utilization of the Best Practice
No Usage Strong Usage
Best Practice Scorecard
Page 6
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Best Practice Session
Page 7
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
The capture, management, and reporting of employee and non-employee (including contractors, retirees, and other former employees) data in accordance with organizational policies and government regulations including the development and maintenance of the following:
– data ownership guidelines and governance; – data structures and definitions, – data privacy strategy and compliance activities; – data security guidelines and procedures; – data retention policy and procedures; – disaster recovery and/or business continuity strategy and procedures; – input, verification and maintenance of employee and non-employee information; – recurring and ad-hoc management reporting; – recurring and ad-hoc regulatory and other compliance reporting.
Data Management, Reporting and Compliance Best Practices
Process Definition
Page 8
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practice Review – Summary Results
Item Count % of Total Comments
Best Practices Reviewed 34 N/A
Best Practices Deemed “Applicable”
32 94%
Best Practices Fully or Mostly In Use at City of Columbus
3 9% or
Best Practices Partially in Use at City of Columbus
17 53% or
Best Practices Seldom or Not In Use at City of Columbus
12 38%
Page 9
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
One integrated HCM system is utilized to all employee and non-employee information. *HREI001
Pay/Per system is integrated. However, the following are separate systems that use Pay/Per info:Training, injury tracking, time & attendance, position control (EPC), dept. systems, Performance mgmt, grievance tracking, military DB, and OSHA
Yes H Eliminate use of secondary systems by incorporating into CHRIS.Applicant system feeding HRMS for hires subject to review.Interface to EPC and Performance Mgmt.Capture life beneficiaries accurately & consistently.
One HCM system application instance is utilized as the system of record, to support all business units, globally. HREI026
N/A No
Page 10
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Role-based security is utilized to determine access to and utilization of HCM system. *HREI017
Security groups exist and access can be set to City, Department wide or Division specific. Add, update, inquiry, delete (limited transactions), and some correction but is not a security role.Enterprise hierarchy: City, Dept, Div, Payroll number (section), Work Location. Access may go down to Division.
Yes H Define data owners.Document and publish procedures.Additional levels of security (hierarchy).Review who has correction access. Better validation that role is appropriate.
HCM system security is incorporated with existing corporate security architecture and is compliant with all data privacy laws. HREI027
Pay/Per system security is incorporated with corporate security.
Yes M Systematically evaluate security risks and address each
The internal, corporate LDAP provides the HCM system and other critical systems with password authentications. *HREI028
LDAP is not used. Yes H Consider LDAP; single sign on where possible. Have some systems in separate domains.
Page 11
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Key data fields are standardized to enable efficient transaction processing and consolidated global and regional reporting. *HREI018
Generally keys fields are standard; BU, dept, EEID, job classification. There may be differences in some date usages.No tableset control (sets of table values) for tables.System allows incorrect pay for BU.Working on standardizing table values (format and naming convention).
Yes H Tableset control for tables.Better edits Review current tables to determine what data is still applicable.Standardization of date fields.Standard formatting for fields.Separate name fields instead of one field.Documentation & training
relating to standards.
The set of data and process standards includes the approaches to solving global requirements using available international standards. HREI020
N/A No
Page 12
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
HCM system makes use of field level validation at point of data capture to maintain accuracy and integrity of data. *HREI004
Limited front-end editing. Most transactions subject to batch update edits.
Yes M More online editing.Improved control tables for online validation; tableset control for showing only appropriate values. System applies business
rules as data entered.One-time data capture of all life and career event changes automatically routed to all impacted functions / affected applications and databases. *HREI003
No automatic routing. Life event changes transmitted to providers: Some electronic file transfers via secure website access, some data copied to CD, some paper reporting. Also, floppy disk.
Yes M Workflow. Interface where possible.
Workforce records updated automatically following completion of transactions. *HREI008
Records are not automatically updated. Training is a separate system.
Yes H Training should be integrated with CHRIS or have bi-directional interfaces. Include other systems such as injury, military, grievance.
Page 13
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Employees and non-employees are responsible for updating and held accountable for the accuracy of personal data via self-service. *HREI002
Self-service is not available. Yes H Implement Employee Self-Service (employees only)and train employees on updating information and the process.
Employee and manager self-service capabilities are browser-based and accessible via a personalized, internet-enabled employee portal. *HREI012
Employee and manager self-service is not available.
Yes H Implement Employee and Manager Self-Service. Train as part of new hire orientation.Train all employees as part of implementation.
Self-Service tools provide automatic prompts relating to life or career data changes that may impact other process areas. *HREI005
Self-service is not available. Yes M Employee and Manager Self-service with automated workflow. Integration/interface with other systems such as PEP and Training.
Page 14
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Electronic signatures used with automated workflow for distributing and approving information changes where and when legally permissible. *HREI009
No automated workflow or electronic signatures are in use.
Yes M Implement Employee and Manager Self-Service with automated workflow and approvals.
Multi-tiered service delivery model in place, utilizing self-service, call centers to provide support to inquiries and transactions. *HREI021
Current model is for dept / division HR to be 1st line of support with backup from central payroll/benefits/CSC. Process is not always followed. No self-service or call centers but there is a # to call for support.
Yes H Establish call centers (consider Shared Service Center (SSC)) with workflow functionality and integrated with email system. Implement employee and manager self-service.
At least eighty percent of inquiries made into shared service center are resolved upon first contact. *HREI015
No SSC is in place and there is no tracking of inquiries or resolutions.
Yes M Establish SSC that includes needed system infrastructure.Requires trained representatives & managers.
Page 15
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Strong governance is in place relating to core HCM system enhancements, table maintenance, security administration, and role-based access. *HREI022
DOT/ Central Payroll/CSC/HR work together to provide governance. Guidelines for enhancements are not clear with no formal process to evaluate or fund. A formal project request form with detailed requirements exists. For large changes (no definition of large projects), project mgmt techniques are used. DOT is in process of defining criteria for project definition.
Yes M Complete definition of project criteriaCommunicate and implementDefine process for the evaluation/determination of what projects get funded and worked on.
The HCM system supports the organizational reporting structure. *HREI019
No reports to functionality and no ad-hoc reporting. Data resides in EPC (does not include PT, all sworn officers, fire) but data is not always current and does not provide org chart.HR is sometimes notified timely if entire dept/division moves but not for just reporting relationships. Communications sometimes does not trickle down to the needed levels.
Yes H Better communication of org changes to include reporting relationships.Get all employees into EPC.Integration between HRMS and EPC.
Page 16
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Tools support multi-dimensional reporting and drill down. *HREI023
Tools do not support. Reports generally provide detail and summary derived from reports. Requires special request to get report in electronic format rather than on paper.
Yes M Provide reports in electronic format that supports analysis (drill-down).
HCM system reporting tools support forecasting and analysis needs of the organization. HREI025
The Pay/Per system does not support forecasting and analysis needs. Fiscal officers have some access through performance system.
Yes M Ability to produce analytical reporting for forecasting, trending, and time period changes from HCM system.
Report execution performance is monitored for continual improvements in report design, database tuning, and cross-functional data sharing. *HREI024
There is database tuning and report monitoring of run times but no monitoring report design.
Yes M Separate server for reporting.Research establishing data warehouse especially for cross-functional reporting.Train power users/report writers.
Page 17
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Statutory regulations regarding life event data changes, data privacy and other issues related to personal data maintenance are available to employees. HREI013
Yes, currently in hard copy (Benefit Booklet) for life events, soon to be added to Intranet. However, all privacy/data maintenance regulations may not be available to employees. Documented regulations are current.
Yes M Establish a review process prior to releasing information.Educate employees on how to access via intranet.
Consistent communication of all policy requirements built into on-going manager education and other related programs. *HRCM001
No consistent communication of policy requirements with the exception of annual payroll conference updates. Changes are communicated at that time. Also monthly People Team meetings provide updates.
Yes H Establish on-going manager training and communication of policy/procedure changes.
Document management solution utilized to store and track regulatory compliance correspondence and related materials. *HRCM003
City has several document management systems but they are not centralized. Materials mostly stored in manila folders.
Yes H Put a process in place which identifies those documents which need to be centralized and procedures on how those documents should be moved to a centralized repository (imaged and paper-based)
Page 18
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Statutory reports are standardized, produced automatically from the HCM system, and distributed electronically where possible. HRCM004
Payroll statutory reports (W-2, tax filing) are produced from PAY/PER. Pension, New Hire reporting is done from the system. Manual reporting for OSHA and possibly others (EEO).
Yes H Collect information in CHRIS so that statutory reports can be produced.
Management receives recurring education and progress/alert reporting concerning diversity programs and regulatory compliance. HRCM005
Made available through Citywide Training; People Team presentations, Columbus*Stat.Diversity, drug & ethics, sexual harassment training is mandatory for new hires. Depts. can request.
Yes H As part of an automated workflow, management would be notified of any regulatory requirements
Compliance, audit requirements and appropriate fiduciary responsibilities are stipulated in all third-party agreements. HRCM010
This is current practice. Yes L Continue best practice
Page 19
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
All relevant data privacy regulations are addressed through user education, preventative controls, and compliance reporting *HREI034
Role based security with userids and passwords for system access.
Yes M Better validation that role is appropriate.
Employment verifications are outsourced and/or automated. HREI035
Manually done in-houseCentral payroll will do basic information; active/separated, title, hire date. More detailed go to the depts. Does not seem to be an issue. (No need to outsource).
Yes H Review and document verification process.Train on what can be verified.Conduct outsourcing assessment.
Comprehensive data retention, disaster recovery, and business continuity strategies are in place and tested regularly
*HREI036
In process of putting in secondary data center. Not sure if DR site is available presently. Backups stored offsite. There is a retention strategy for backups.Business continuity planning needs to be completed.Original plans by dept. have been documented. No regular scheduled testing of strategies at the moment except for power fail.
Yes H Complete strategies/plans for disaster recovery, business continuity.Ensure processes have been documented.Obtain processing agreements with other 3rd parties where applicable.Periodic testing of all strategies.
Page 20
Document Name – Click on top-level Slide Master to change© 2008 The Hackett Group. All rights reserved. Reproduction of this document or any portion thereof without prior written consent is prohibited.
Data Management, Reporting and Compliance Best Practices
Best Practice Current PracticeUsage
Now | Future
End-State Vision
Applicability | Coverage Comments
Employee access and rights is updated when ever their position or status changes. HRMR003
Process is not automated. Requires manual notification and update.
Yes H Automated notification of status changes that impact security.
The HRMS allows for ease of recurring and ad-hoc reporting (regulatory and management). HRMR004
Standard recurring reports are distributed but system has no ad-hoc reporting capability.
Yes M Provide ad-hoc reporting capability to trained users.
Manager self-service approvals have a defined time-out period and escalates after time-out period has expired. HRMR005
No manager self-service capabilities.
Yes H Implement Manager Self-Service with escalation notifications.
HR routinely reviews vendor performance, including SLA's, pricing, employee satisfaction levels as part of contract renewals and renegotiations. HRMR006
Vendor contracts are reviewed every 3 years prior to renewal. Contract performance is continually reviewed.
Yes L Not many vendors outside of benefits and drug testing.