Bsa_375_Riordan_System

Riordan Manufacturing HR System Riordan Manufacturing is a producer of various types of plastic products that include aircraft components, auto parts, and medical materials, along with custom tailored components for the Defense Department. Riordan currently has four locations three in the United States, and one in Asia. The stateside locations are the two manufacturing plants in Albany, Georgia, and Pontiac, Michigan, and the corporate headquarters in San Jose, California that also serves as a center for research and development. The location of the plant in Asia is Hangzhou, China, and primarily serves the Asian market. Riordan Manufacturing estimates earnings of about $46 million per year (Apollo Group, Inc., 2011). Each location uses a system unique to its particular location and is incompatible with the other locations. The varying and distinctive methods used to record the organization’s operational data can result in an unreliable and inaccurate database. Riordan Manufacturing needs to upgrade the current method of operations by reducing the inconsistency in its organizational procedures that can reduce customer loyalty (iSixSigma, 2010). After obtaining the SR-RM-022 Service Request and conducting an evaluation of the human resources information system (HRIS) at Riordan Manufacturing, a report will list the existing procedures and the necessary upgrades needed to improve the system. Request for an HR System Analysis Hugh McCauley, the Chief Operating Officer (COO) of Riordan Manufacturing, has presented an SR-rm-022 service request form to the information technology (IT) department. The service request requires the IT department to perform an evaluation of the existing information systems (IS) in use at each Riordan plant and present a solution to integrate the current systems and subsystems into a compatible all-encompassing system using more up-to-date technology. According to the SR-rm-022 the newly revised system’s timeframe completion must be accomplished in six months. The information presented in the SR-rm-022 form permits the IT department to examine each aspect of the request, including the budget and the time span for the implementation of the project. Objectives The purpose of this document is to discuss the different phases of the Systems Development Life Cycle (SDLC) for the information system (IS) planned for the Riordan Corporation by the IT department. The processes used to gather information for the new system will be reviewed in this document as well. This document will touch upon the critical characteristics of information gathering along with the extent and viability of the project to guarantee the quality of the system’s incorporation. Ensuring the successfulness of the project will be dependent upon balancing the range of the project with the cost and timeline, what is referred to as the Triple Constraint concept (Gergi, 2010). Methods for Gathering Information The opening steps taken by the IT department is first to schedule a meeting with Hugh McCauley, Riordan’s COO and the issuer of the SR-rm-022 form to gain an understanding of the existing HRIS and determine what problems need to be addressed. An outline of the agenda will be provided for the attendees and will include an overview of the type of questions to be asked by the interviewer. The attendees ideally will include the sponsoring executives, end-users, and division managers. Riordan’s COO Hugh McCauley, Director of Human Resources (DHR) Yvonne McMillan, and Chief Information Officer (CIO) Mariah Trinh will make up the top level of the audience. Each division’s manager makes up the lower level and represents the various personnel who interact with the current system. After a conference with the research and development team at the San Jose headquarters and assembling the information gathered from the workshop sessions the IT department will start the assessment phase. This phase will consist of the deliberation of the information gathered concerning the existing systems at the various locations using a set of assessment models that include One-sided, Unstructured Interchange, Five Ws and an H, Actual vs Expected, and Dimensional Analysis (Pearson, 2003). * With the one-sided assessment model the information about the service request along with the issues presented by the systems is from Riordan’s perspective. * The unstructured interchange assessment model is a multiparty venture with the information is elicited from Riordan personnel through the inclusion of questions from the analyst. * The five Ws and an H model stands for what, who, why, when, where, and how' What the system needs to accomplish, who needs it, why it is needed, when it is needed, where it is needed, and how it will be used. * The actual versus expected model uses a method equivalent to the previous model with the added feature of actual versus expected columns. * The dimensional analysis model employs various aspects to organize the information obtained from the workshop attendees. These aspects involve the practicality, space requirement, timeframe, magnitude, and worth. When the assessment is complete, the project development team will organize each stage according to its precedence. To validate the development team’s assessment a copy of the collected information will be forwarded to the initiator of the service request form. HRIS Evaluation Riordan’s system keeps a record of each employee. This record includes his or her name, address, hire date, rate of pay, and vacation hours earned (Apollo Group, Inc., 2011). Any necessary informational changes are performed manually by each department head and submitted by hardcopy to an HR department clerk who enters the data into the current system. A centrally located storage system to manage such items as financial records, resource, and personnel records is totally non-existent. Each separate division manager retains any records pertaining to his or her particular area. Records for recruitment, training, and product development are stored on Excel spreadsheets. The manager of each division keeps track of family or medical leave and stores the data on hardcopies in a divisional file system. Workers compensation records are managed by an outside source. The current HRIS has the capability to monitor and manage Riordan’s personnel data; however, the various plants individual department heads depend largely upon hardcopy documents and pre-arranged forms. The various methods used to track individual personnel creates an obstruction to the timely access of employee data by HR personnel. The manner in which employee records are maintained creates a high risk of unauthorized access to sensitive personal information exposing the organization to a serious possible breach in security. The existing HRIS would be used to perform all of the tasks that currently are performed by manual methods. Personnel records from each division would be combined so the HR department could more easily manage employee information. Eliminating hardcopy files would lessen any security risks to personal information that currently exists. The creation of a centrally located database along with the use of encryption, and cloud technology will ensure sensitive data, both organizational and personal, is well secured. The data that currently exists on spreadsheets can be easily moved without the necessity of converting the data files into a different format because like Excel the HRIS is also based on the Windows systems. Training the HR staff to use the system accurately would pose the biggest problem. Project Scope and Feasibility The foremost reason for the submission of the service request was to ask for an update of the systems existing at the various locations into one united system. By forming this union among the different locations the new system will bring organization, effectiveness, and compatibility among the different systems. Planning, analyzing, designing, and implementation along with testing the new system would be completed well within the timeframe purposed and should reach full production early in the following year. Riordan’s IT department has assured management that the purposed changes to the HRIS will be within the available budgetary funds and because a system is currently in place the feasibility of delivering an updated system to handle all informational tasks within the allotted time is possible. Conclusive HRIS Evaluation Riordan Manufacturing’s HRIS was put into place around 1992; however, it has been used primarily for the financial department thereby rendering it too limiting in its potential performance. Following an extensive analysis of this existing system it has been determined that with the implementation of newer technology the current system can be upgraded to perform the tasks that Riordan requires to stay competitive. The IT department working with the purposed budget of $150K and a completion date six months away can guarantee delivery of the updated system well within the purposed scope. Application Architecture and Design This part of the integration document focuses on the application architecture and design proposed by the IT department in answer to service request SR-RM-022. Network infrastructure and application development along with security controls specifications are included. Redesigning work processes and automating these work processes promotes cost efficiency, minimizes work cycle times, and improves information management along with product quality. Good management information systems (MIS) help management and decision makers devise and implement better strategic decisions (Kavanagh & Thite, 2008). Network Because Riordan Manufacturing has plants placed in different locations, the first setup that the IT department will act upon is to design the network architecture of Riordan’s HRIS. The new proposed system development will start by first determining how the various plant locations will communicate data and information to each other. Because Riordan Manufacturing already has a robust communication and network system in place, the new HRIS will use this system in regard to connectivity. Installation of a new server dedicated solely for the HRIS in place at the San Jose headquarters will serve as the central hub. The subsystems in place at the other three locations will remain connected to the HRIS server via Wide Area Network (WAN) connection transmitted through the same satellite networking currently used for operations. Development of the new system will be as a two-tier-architecture typically referred to as client-server-architecture. Figure 1.1 displays the flowchart of the projected network system using existing hardware configurations. Figure 1.1 Network Configurations Process HR information from each location will automatically be in-sync with the main server in San Jose headquarters through use of the two-tier or client-server-architecture. Information from each location is stored in San Jose for security. Data is downloaded and uploaded through an on-demand basis. Because the main server in San Jose is accessible to the HR departments in each location information is shared company-wide. Information is also synchronized among each location’s resident servers. This helps to expedite the transmission of data and increase stability. The newly upgraded HRIS system will provide the following data to all HR locations: * Organizational Data – Data pertaining to company background, history, mission, etc. * Personal Worker Information – Performance reviews, resume files, earned vacation time, and other pertinent information. * Employee File Editing – Permits employees to validate and revise personal data. * Updated Employment Listings – In depth list of new openings at each location. * Job Descriptions – Description of the job requirements and rate of pay. * Employee Handbook – Containing company policy, procedures, and employee rights. * Recruitment – Application progress of qualified applicants. System managers will have full access to the updated HRIS system. Lower tier management will only have access to data relevant to his or her department. The user interface will permit the HRIS team to access the mainframe server through each location’s computers. Security Controls The number one concern of the security controls proposed by the IT department is to prevent unauthorized entry, misuse, and modification to the system. The main goals of the security controls in this project are confidentiality, integrity, availability, and non-repudiation of all information (Byrnes & Proctor, 2002). The following bullet list presents threats the projected security controls will help reduce: * Human Error – Ordinary human mistakes. * Damage by Employees – Information compromised by disgruntled worker. * Misuse – Employees using the system for personal use. * Data theft and fraud – Information taken for personal gain. * Malwares – Viruses, worms, and other malicious software. * Hackers – Unauthorized access. * Natural Disaster – Storms, floods, and power outages. To ensure the security of the information, security management policies will be employed on various access levels. * Administrative Handbooks will be provided addressing the methods of operation, policies, and guidelines in using the new system. The handbook will include policies on the use of passwords, computers, security, and related information integrity. * Logical Computerized security system to be placed prior to and following the installation of the main information system (IS) software. Card-based Identification software for access to HR computers and workstations will be employed. Various levels of HR staff will possess distinctive levels of access to the system, depending on his or her security clearance. To inhibit unauthorized entry and mistakes in which files and data are accessible, a file management system will be used. Network management procedures such as validation and access control lists (ACL) will help make certain network and information is secure. * Physical To reduce physical access to HR computer systems, access to the system will only be accessible to HR employees. The various company data levels will be divided into pertinent subdivisions complete with a closed-circuit surveillance system. The HR building and its departmental rooms are to remain closed when vacant. To enter the HR departments card-based authentication is required. * Encryption Information transmitted through the various HR departments will be encrypted to help avoid data disclosure through captured data transmissions. When using an encryption method a key or password is required to render an encrypted text back into readable text, and if the algorithms are exposed to an interception risk, the proper key would still be required to interpret the message (Stamp, 2005). E-mail s will also be encrypted, and the intranet-based employee access will go through a Secure Socket Layer (SSL) connection. * Training to Fix Common Problems Personnel training concerning the proper operation of the system along with the most common problems pose a threat to security. Weak passwords, un-patched, and outdated systems will be addressed during security meetings. Data Flow Any updated information updated will be synchronized every Riordan location server. When data change at one location occurs this information originates from one of the HRIS workstations. Newly updated information is uploaded into the main server in California for data integrity analysis and approval. After the analysis is performed the new information is uploaded and synchronized with the other locations of Riordan’s HR departments. This information is further distributed to specific locations. Figure 1.2 is a data flow diagram that illustrates the flow of data in an employee information change event. Figure 1.2 Name Change Data Flow Diagram The following diagram in Figure 1.3 illustrates a high-level data flow diagram of a new applicant event. Figure 1.3 New Applicant Data Flow Diagram Conclusion The integration and automation of the processes that occur on a frequent basis within Riordan’s HR department will enhance the value of information management, and provide more efficient cycle times. While this system will operate on an advanced level the success of the system will depend on the abilities of the users of the system. However, with a sound comprehensive employee training program as part of the development package and solid support from the IT department success is certain. With an operational network already in place, the integration of Riordan’s HR department in all locations becomes an easier assignment. Using existing equipment provides Riordan’s IT team with a quick start in implementing this integration project. The IT department has provided Riordan with an outline about the architecture and design of the project. Networking configurations have been deliberated, and a list of security policies have been profiled to certify the availability of a secure information management system. Implementation Stage Implementation of the system takes place after the system design phase is complete. The implementation stage is planned, and organized according to the requirements and system design. The implementation stage will need key personnel from the Riordan IT department, and includes the different phases on the following list: Coding An IT department programming team will write the code that makes up the central part of the new software for Riordan’s HRIS. Modification of off-the-shelf software, such as Intuit QuickBooks, Microsoft Access, along with security software, such as antivirus and firewalls will be adapted by the IT team also. Planned changes to Microsoft Access include supplementary databases with detailed tables to execute information management efficiently. Stronger password validation along with dynamic algorithms to guarantee information security is included as part of the package. A new web portal accessible only to the company’s intranet will be programmed by the IT team, and will use a dynamic PHP language along with a secure MySQL database engine. Personal employee information, company policy manual, company objectives, and additional documents pertinent to employees will be available to authorized personnel. For security purposes, portal access will be available only to designated workstations assigned to various departments. User passwords will require a minimum of eight characters including alpha, numeric, upper, and lowercase characters. Every six months users will be required to change to new passwords. The programming team will these integrate security procedures to the employee web portal. During the employee login procedure, the employee is required to fill-in the following information: * Last five digits of his or her social security number * Last name first, first name, and middle initial * Date of birth in month, day, and year format * Password The updated HRIS system will run on the existing network setup with an improved encryption put into operation on the system. This encryption will be based on secure socket layer (SSL) technology to certify the safety of information transfer. Testing The chief goal of the testing phase is to determine that the system has accomplished the necessary requirements. After completion of the software the system analyst tests the code by the following procedure: * Unit test * Integration test * Systems test When the initial code testing has been completed a beta version release of the software will be issued to HR as well as the IT division. IT personnel will perform the first of test the new system to certify that the software operates accurately on the existing hardware in the IT department. If any defects or conflicts exist the software will be returned to the programming team for further examination and recoding. Once the system performs to the IT department’s satisfaction the new system will be passed on to HR for testing. Key personnel from each department will be assigned to the HR department manager to perform the tests on the system. These tests will include the following: * Typographical Errors * Network Load * Server Load * GUI Evaluation * User Acceptance * Use Cases Testing The systems analyst will provide each of the personnel involved with the HR testing an evaluation and feedback form to fill out during the tests. The evaluation and feedback form along with any comments and suggestions will be recorded, documented, and forwarded to the IT programming team for consideration in revising the code. This method of testing and coding will be performed until all defects are repaired. An assessment of the system as well as any relative links is an important task in implementation. A systems assessor is required to generate a logical audit program to boost the system’s appraisal, and support the results of the audit as well as provide recommendations (Gallegos, & Senft, 2009). When this is completed the software will be available for release, and eventual installation. Installation Riordan’s IT department will be responsible for the installation of new hardware as proposed by the systems analyst. Riordan’s systems analyst will supply a list of hardware setups based on three levels: essential, optional, and most advantageous. The key hardware scheduled for installation includes the following components: * Server * Client Workstations * Router * Switches * Printers * Cabling * Departmental Employee Portal Workstations * Door Security Card Readers * CCTV Security Cameras The IT department will install the software necessary for the workstations and servers. This will certify that the reliability of the system remains intact, particularly on the security software. This also permits the IT team to adapt the software directly should the need arise. Documentation Documentation will be performed by the relevant team members of each phase. Systems documentation is to include information about errors, timeframe, cost, and test results. Team leaders from each team will present the documentation on his or her phase to the project manager in a cohesive arrangement. System, Internal, and External Documentation – Consists of in depth information concerning the new system’s specifications. The project manager will supply a complete list of projected and established system requirements. The coding team will supply the code specification and module descriptions in addition to the code testing results along with any pertinent revisions. Data flow diagrams as well as other relevant diagrams will provide an in depth flow of data. User Documentation – An operator or instructional handbook will provide users with directions on the proper operation of the new system. Troubleshooting instructions and other system (software, hardware) related information will be included. This information is accessible through the company intranet web portals for quick reference. Access via the intranet provides users with the option to read online documentation by clicking on the navigational links or by printing hardcopies. Training With the installation of any information system training as well as the support phases are an essential part of the system’s success (George, Hoffer, & Valacich, 2009). There will be different stages of training for the employees in relation to the operation of the new system. The training will include sessions for the IT department on the maintenance, support, and management of the system. Advanced users will be trained in a separate session, and another for typical users will come after. A meeting will be held in the various departments to discuss and train users on the correct operation of the employee portal. A slide presentation will be presented at the beginning of each session to provide a general idea of each process. Support System support will be the responsibility of the IT department. Automatic support ticketing software will serve as the link between the IT department and system users. Problems are tracked, recorded, and forwarded to the IT department for corrective action. Prioritizing production asset support and maintenance will ensure maximum efficiency (Price, & Tam, 2008). Conclusion Using a distinct and repeatable process in the implementation of this HRIS provides a number of benefits. These methods are ordered and structured in stages that can be accomplished within a specific timeframe while keeping error at a minimum. During the coding stage the coding, testing, and building series certifies the reliability, unity, and accuracy of the codes while ensuring that the system’s requirements are met. Grouping procedures also control support between the stages and makes sure deliverables and phases are completed in the proper order. Through consistent and repeatable processes, the project is easily managed, maintenance is time efficient, and the quality of the system is enhanced. References Apollo Group, Inc. (2011). Riordan Manufacturing. HRIS. Retrieved from https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/Riordan/Internet/index.asp Apollo Group, Inc. (2011). Riordan Manufacturing. Home. Retrieved from https://ecampus.phoenix.edu/secure/aapd/cist/vop/Business/Riordan/index.asp Byrnes, C., Proctor, P. (2002). Information Security Must Balance Business Objectives. Retrieved from http://www.informit.com/articles/article.aspx'p=26952. Gallegos, F., & Senft, S. (2009). Information Technology Control and Audit, Third Edition. Auerbach Publications George, J, Hoffer, J, & Valacich, J. (2009). Essentials of systems analysis and design 4th ed. New Jercy, USA: Prentice Hall. Gergi, R. (2010). The Triple Constraints – What Makes a Project Successful. Retrieved from http://EzineArticles.com/'expert=Rita_Gergi iSixSigma. (2010). Six Sigma glossary. Retrieved from http://www.isixsigma.com/index.php'option=com_glossary&id=77&Itemid=27 Kavanagh, M., Thite, M.. (2008). Human Resource Information Systems: Basics, Applications, and Future Directions USA: Sage Publications, Inc. Pearson, R. (2003). Effective information gathering techniques. Colorado Springs, CO, USA: Help Desk Institute. Price, L., & Tam, A. (2008). Journal of Quality in Maintenance Engineering. USA: Emerald Group Publishing Limited Stamp, M. (2005). Information Security: Principles and Practice. USA: Wiley-Interscience.