HR leaders who are outsourcing their workforce management should be taking urgent note of the implications of the Horizon IT scandal, says Crown Workforce Management’s Technology Director Harish Rao, who is calling for businesses to review the delegation of control of their data with service providers.
On the face of it, the Horizon IT scandal will rightly be remembered as one of the worst miscarriages of justice in British history, but lurking underneath the life-changing damage is a warning sign for every business that has vast and complex software deployments.
With hundreds of branches across the UK, Post Office understandably sought a third party to supply accounting software and services. The issues that emerged from the failures within this arrangement have been well-documented over recent months.
Many have blamed faulty software for this, but that would be an oversimplification. The reality is that any significant body of software will have latent problems, which could surface when the software is operated in large scale with a complex network of computers and systems. Software by itself cannot anticipate all possible problem scenarios.
That’s why it’s crucial that robust support services are employed to deal promptly with problems that emerge in systems, combined with recording and verification of changes to those systems. All access and changes to sensitive data must be logged in the systems, and regularly verified by manual or automated auditing to avoid a repeat of discrepancies not being properly investigated.
Why is this significant to the HR sector?
Because the type of working set up between Post Office and Fujitsu is similar to the working arrangement between a business and service supplier for assistance with the management of a workforce.
Therefore, if certain measures aren’t put into place, then a new damage and scandal could be at risk of emerging – whether that is data-leaks, or inaccurate data recording.
It wasn’t long ago that a service supplier to a well-known supermarket, among others, was subject to a ransomware attack which compromised thousands of employees’ details, and as a result, that service supplier may have had to undergo a complete rebrand to survive.
The Horizon IT scandal has, in a way, reminded HR leaders that they need to be routinely monitoring the trust they have in their service supplier when it comes to handling employee data.
By this I mean conducting regular audits with their supplier and asking questions around what data the supplier can see, who has access to it, and how it is protected.
At Crown, our focus is on providing the infrastructure and systems that businesses need to solve their complex work issues – such as working out rotas that are the most cost efficient – and so we do not require access to customer data or personal information.
Crucially though, it is important for HR leaders to understand from their supplier how they are monitoring the staff who have access to their systems, to ensure there is no inappropriate use of the system, or inaccurate advice being delivered.
It isn’t just about data security either. It is very feasible, for example, that a workforce management system could have the potential to inaccurately record an employee’s clocking in and out time, which if it was to be believed, could lead to unfair disciplinary action for that employee.
This is why it’s important to have an internal discrepancy procedure set up, remembering that software systems can go wrong!
Technology is always evolving – with AI the latest emergence – and with major scandals such as Horizon, I am expecting various regulatory and legislative changes to the way software is managed.
That is why at Crown Workforce Management we have a working group set up that is dedicated to evolving how we as a service supplier are responding and tackling any potential challenges to ensure our workforce management systems remain market leading.