Skip to main content

Risk Assessment


Potential Privacy Issues: 

            When a company decides to use an HRIS system, privacy is a concern with any software as a service (SaaS) or cloud-based HRIS.  Because of the nature of the SaaS and cloud-based solutions, companies are relinquishing data control and the protection of that data to third-party vendors. The employee data that would be contained within an HRIS is highly sensitive because it includes such information as names, dates of birth, social security numbers and salary information.  All of this information would be highly valued by hackers.
            In addition, because the systems are frequently single sign-on systems, employees should be trained on the privacy concerns associated with HRIS.  According to the article, Emerging Issues and Challenges Of HRIS: A Review,
              “Most of the privacy issues are found out related to what information of employees should be stored in the system, who can access those data or software and who can have the authority to change or modify the data in the database.”  
         The article goes on to note that in addition to training, system controls should be implemented in order to restrict users’ access to information.

Potential Security Issues:

            Potential security issues are visualized using a fishbone diagram.  This fishbone further refines these discussed security threats in the risk analysis table.  The risk analysis table is organized by having the most likely prominent and potential effects of any given issue listed.  These effects are judged to the extent to which they have an effect on the organization's operations. The extent is seen by the risk priority number (RPN) it is assigned.  The higher the number, the more risk that the effects have on the organization. The RPN is developed by the team evaluating the risk by the categories of severity, occurrence, and detection.  Severity is the potential damages the organization incurs. The occurrence is the likelihood of the situation being exhibited. And the detection is the way in which the organization responds to such threats.  

The equation is simple, (severity x occurrence x detection = RPN). When evaluating when and how the risks will be addressed, the highest RPN should be considered first and then on down to the lowest RPN. In the case of the risks outlined below, employees using unsafe business practices ranks the highest with an RPN of 32.  The Gallaugher textbook makes this point very well when it quoted P.T. Barnum’s famous saying “There’s a sucker born every minute.” Black hat hackers use a technique such as social engineering and phishing to gain access to systems, preying on those that don’t use the best internet use practices (Gallaugher, 2018). 

Fishbone Diagram 







Risks Compared to Estimated Benefits: 

            IVK’s operating expenses have increased from $10,651614 to $65,659,724 within the past two years. IVK needs ADP to lower costs which is one of the benefits of adopting ADP into IVK.  The risk, however, is high when it comes to privacy, privacy of employees, of market data, and of consumer data. Is the cost of privacy too high or does the operating expense increase mean that IVK will do anything to lower them. The truth is that the intangible benefits of increasing efficiency, lowering IVK’s carbon footprint, and lowering user errors outweigh the possible risk for IVK. One of the highest RPN’s in the analysis above is employees using unsafe internet practices.  This can be reduced with education and proper monitoring. IVK can educate staff on ADP, so proper usage can be utilized and lower risk. Overall, ADP is worth the risk.
References
Fairchild, M., The top 5 HRIS mistakes and how to avoid them [article].  HRlab.com. Retrieved from: http://www.hrlab.com/hris-mistakes.php.
Behera, M. Emerging issues and challenges of HRIS:  a review. (2016, September) [article] SSRG International Journal of Economics and Management Studies ( SSRG – IJEMS ) – Volume 3 Issue 9, (pp 9-12) Retrieved from:  http://www.internationaljournalssrg.org/IJEMS/2016/Volume3-Issue5/IJEMS-V3I5P114.pdf
Gallaugher, John. (2018) Information Security: Barbarians at the Gateway (and Just About Everywhere Else) (pp. 474). Information Systems: A Manager’s Guide to Harnessing Technology (Ver. 6). Boston, MA. FlatWorld. 
Gordon, J. (2016, July 28). Are Your Talent Management Tools a Risk? 5 Ways to Tell. Retrieved November 1, 2018, from https://www.adp.com/spark/articles/2016/07/are-your-talent-management-tools-a-risk-5-ways-to-tell.aspx



Comments

Popular posts from this blog

ADP, or Automatic Data Processing, Inc., is a "... comprehensive global provider of cloud-based Human Capital Management (HCM) solutions that unite HR, payroll, talent, time, tax and benefits administration, and a leader in business outsourcing services, analytics, and compliance expertise. Our unmatched experience, deep insights, and cutting-edge technology have transformed human resources from a back-office administrative function to a strategic business advantage" (ADP, 2018).  Our mission is to provide insightful solutions that drive value and success for our clients.    - Carlos Rodriguez,  President and CEO via the ADP website (adp.com)