Part 1 – Playing with fire and being fired
When I was a boy, my Mum used to tell me not to play with fire.
Trouble was, I had a little steam engine that used to drive a piston and flywheel – that I loved. It was a real steam engine, and had a small methylated spirit burner, and you could attach the flywheel to things, like rubber bands that you could ping at your sister or passing squirrels.
Despite numerous warnings from my Mum (which I duly ignored), I would try and make my well-designed little steam engine go faster by introducing inappropriate bolt-ons – such as additional burners and various fuel toper-uppers – fed from meths bottles suspended above the engine like hospital drips.
One day the inevitable happened – whilst I was trying to get the flywheel with a cunningly attached penknife blade – to saw a branch, the ferocious heat melted one of the suspended bottles, and a small fireball ensued – setting my Dad’s adjacent log pile on fire, which was surprisingly difficult to extinguish with the garden hose.
I was lucky to escape with minor burns and singed eyebrows (and an extreme ticking off) – but the strange thing was how I remember feeling at the time. I kind of knew this was an accident waiting to happen, and that suspending meths bottles above naked flames was probably reckless, and likely to cause an accident. But somehow when it happened I was still surprised that my Heath Robinson approach to engineering and health and safety *actually* failed.
Fast forward 35 years, and imagine the surprise, when Public Health England (PHE) recently managed to lose 16,000 test and trace record through equally reckless behaviour.
You couldn’t make-it up!
It has emerged that almost 16,000 cases of positively tested coronavirus cases were delayed in being transferred to the test-and-trace system because the government was using Excel spreadsheets instead of “robust and secure” IT.
The issue was caused by use of Excel spreadsheets to transfer test results from labs to the health service to total up. Initially – it was ‘suggested’ that Public Health England (PHE) used columns instead of rows to log cases and that the maximum number had been reached (Excel has a 16,384 column limit), leading many to suggest it should instead have used rows for entries (as Excel’s row limit is > 1 million). Or that it should have used, you know, database software.
Since then a further explanation emerged – test results were automatically fetched in CSV format by PHE from various commercial testing labs, and stored in rows in the old .xls Excel format that limited the number of rows to 65,536 per spreadsheet, rather than the one-million row limit provided by the modern .xlsx file format. According to the BBC, each test result took up several rows, so the real case limit was about 1,400 per sheet, and after that cut-off point, records were simply left off and not counted when imported.
Multiple technology and information security experts have expressed concern over the government’s decision to use Excel for such a sensitive task. The rich irony is that the same government espousing the virtues of GDPR, is a government whose agencies are flagrantly disregarding the same. Dido Harding – the Tory peer in charge of the new Test and Trace scheme – has been urged to either resign or be sacked over the episode.
Part 2 – Excel for dummies isn’t for dummies
For those of you who follow recent elementsuite posts, you’ll have already spotted a trend – that we’ve been banging on about the dangers of using Excel for some time. In our industry, we are seeing a lot of well-meaning people use Excel in ways it should never be used for.
Excel is not a system of record and should never be used as a database for storing HR and personally identifiable data.
Before smugly using the PHE episode as an “I told you so” stick and elaborating further on this point, I should just point out that I do believe Excel is the most brilliant and powerful software application that has ever been created. It’s certainly the most used business application of all time – the following quote sums it up:
“Microsoft Excel is one of the greatest, most powerful, most important software applications of all time. Many in the industry will no doubt object, but it provides enormous capacity to do quantitative analysis, letting you do anything from statistical analyses of databases with hundreds of thousands of records to complex estimation tools with user-friendly front ends. And unlike traditional statistical programs, it provides an intuitive interface that lets you see what happens to the data as you manipulate them”
As a consequence, Excel is everywhere you look in our industry – especially where people are adding up numbers a lot, in areas like finance, HR and payroll. In these recent COVID-19 times, the enormous amount of legislation change relating to payroll and absence has not been easy to accommodate within legacy HR systems and platforms. So in the absence of a sensible alternative, a natural (though arguably reckless) approach has been to extract data from those back-end systems and shove it around in Excel spreadsheets.
We continually see widespread use of Excel as “human middleware” as default HR tech to bridge all the gaps that “proper” HR tech isn’t available to cope with. The trouble is that the spreadsheets created with Excel are incredibly fragile. For starters, there’s no way to trace where your data came from, there’s no audit trail (so you can overtype numbers and not know it), and there’s no easy way to test spreadsheets.
Whilst you can (to a limited extent) authenticate users to access Excel via password-protection (a source of perpetual frustration that often leads to passing non-secured data around) Excel has no concept of authorisation of data handling – i.e. controlling the data you should be able to see in a spreadsheet based upon your role. The main concerns are: who has access to the data, do they need access, is their access audited and do they have access to only the data that pertains to them being able to perform their tasks in a timely manner. Additional problems around spreadsheets are around resiliency and potential data loss, with limited controls on what can be deleted and restored if lost.
Excel doesn’t help you comply with these critical GDPR principles – if someone can open a spreadsheet, they can see all the data in it.
The biggest problem however is that anyone can create Excel spreadsheets—badly. In the heat of battle and with a frustrated Finance Director breathing down your neck for HMRC reclaims or monthly journals, it’s easy to rush something through that looks correct, and be reckless with confidential, sensitive or personally identifiable data.
Part 3 – HRevolution, not backwards HR
HR Leaders are left with an almost insolvable conundrum. Faced with business challenges imposed at short notice that require immediate attention and implementation, but with legacy worn-out tools that do not provide the flexibility or agility to adapt to the changing environment – it’s little wonder they turn to backwards HR thinking – using Excel to deal with factors such as:
- Holiday accruals and carryover
- Furlough reclaim and rigour regarding dates of furlough start and end
- Dealing with leave mid furlough period
- Change of furlough status mid period
- Sickness within period of furlough
- Period that the comparative average hours worked/days worked and pay per day were calculated from.
- Using 80% (subsequently reduced/tapered) of the comparative averages.
…and many more.
I’m sure some HR practitioners were crying out for better systems prior to the pandemic but told to wait in line. Some also thought that the pandemic would be over quickly, and that temporary measures implemented with known technical debt could be rapidly recovered and paid back. But this pace of change and agility is the New Normal, the Big Reset, and requires a different way of thinking.
It is reckless to continue to process large data sets containing personally identifiable information in Excel, and must be stopped. We are calling it the HRevolution.
“Desktop tools such as Excel should not be used for large datasets, and investment should be made in technology that can securely process large datasets to ensure data integrity and accurate results”
Many HR practitioners feel in a hopeless position where layers of temporary measures are now paralysing their ability to react and process data, pay people correctly or respond to audit and compliance. However, all is not lost, and there are systems and people to help. elementsuite is HR software built by a passionate and dedicated team of HR specialists with the following features to solve the problems you may be encountering with your Excel workarounds, and to future-proof your systems and processes to remain agile in this rapidly changing HR world:
– Flexible HR and Pay database to securely import data of different shapes and formats
– Inbuilt functionality to deal with all nuances of Absence, Time and Attendance and Payroll
– Includes Furlough, SSP, Carryover, Accruals and JSS – along with associated reporting capabilities
– Easy-to-use reporting suite, query builder, report viewer, and dashboards, to report on all data held
– Comprehensive security model with inbuilt GDPR security principles “by design and by default”
– Speedy provisioning – we can be securely up and running with your data within 3 days
– Simple cost model – cost effective and no hidden charges
– Experienced team – we partner with you to solve your problems or meet your business case
– Full suite HR and Payroll functions – the system grows with your business and future plans
– Employee centric – designed with self-service in mind
The Public Health England fiasco serves as a reminder for businesses about the importance of using the right software for the right job. We urge companies using Excel to store or process HR data to rapidly invest in a more appropriate HR solution before they meet with a plight worse than a HMRC audit, GDPR breach (or possibly even a fireball).
If you are struggling with the Big Reset – we would love to speak to you. Don’t blow yourself up with reckless Excel Hell – invest in proper systems and processes. Oh and by the way, Reckless Hell when abbreviated, spells HR backwards. Join the HRevolution.
Why HR technology will future-proof your business
For many HR leaders, the pandemic has confirmed what they already knew, the traditional ways of working don’t hold up under constant change and pressure.
HR Christmas Wish List 2020
2020 is without a doubt the year HR teams will not forget in a hurry. HR professionals have faced an unparalleled flood of demands on their time, knowledge and expertise and have risen to the challenge. Working tirelessly to not only manage the well-being of employees but meet the demands of the business too. […]
Staff love it! – wish #12
HR, by definition is a very people-oriented and human profession. Many of the wishes we have covered on our list of 12 wishes from HR and payroll teams, include technology and systems.
Intuitive self-service – wish #11
HR self-service for all members of the workforce – often referred to as employee self-service (ESS) – allows employees to securely access their own