Insights from Gallagher’s HR & Benefits Technology Consulting Practice

In our work, we talk a lot about the “bright shiny ball” and the problem of employers distracted by flashy front-end features when shopping for HR technology platforms. The result is often that they “buy the sizzle, not the steak.”

We get it. There’s a lot of exciting features available today, many supported by new, smart technologies. But failure to focus on the less exciting aspects of the technology (and providers), and all that comes with it (read “What You’re Really Buying When You Buy HR Technology”), creates real risk for employers. This risk goes well beyond data security, which is most often what comes to mind when we talk about risk given the frequent news headlines associated with the latest data breach.

A thorough risk assessment also takes into consideration such things as financial and operational attributes and cultural and philosophical fit. Perhaps the problem we most often see resulting from inadequately assessing risk is a failed implementation, which can be costly money-wise and in terms of employer reputation. In a Gallagher survey on HR and benefits technology, 50% of employer respondents who reported a failed implementation attributed it to “poor purchase decision.”

To help you think about and assess your risk when buying technology, we offer a seven-point “risk evaluation framework.” We use this same framework to evaluate service providers in the HR technology marketspace. Following is a high-level look at each point.

  1. Security – Thanks to extensive publicity about consumer data breaches, most people grasp the importance of keeping data secure and the impact of a breach. HR systems present two major areas of risk: 1) highly sensitive employee data that needs protection from ID theft (damaging reputation and costly reparation for the service provider storing the data); and 2) the possibility of highly sensitive medical data protected by HIPAA (leading to fines). Never assume a provider has the necessary security to protect your data. We recommend employers work with their IT team and risk manager to evaluate the provider’s performance related to:

    1. multi-factor authentication and access
    2. encryption
    3. network security
    4. policies and procedures
    5. third-party risk assessments (e.g., audits)

  2. Technology & Infrastructure – Technology is not one size fits all. For every standard operation, there are multiple exceptions. In selecting technology providers, carefully consider risks associated with:

    1. integration capabilities
    2. network infrastructure (including internal and external connectivity)
    3. operational capabilities
    4. scalability
    5. system infrastructure (database functionality, back-ups, redundancy, etc.)

    A solution’s capability to scale is probably the most overlooked area of risk when assessing tools and providers. Will the product/platform work efficiently during light periods but scale up for intense usage, e.g., open enrollment and year-end payroll processing, when the risk for failure is both high and painful?

  3. Financial Attributes – The HR technology sector is continually evolving with advancements in consumer and smart technologies. Changing regulatory guidelines also may mean regular changes. All these changes call for adequate funding to stay current. Given the large number of start-ups and privately held companies in this industry, financial attributes are especially important in risk assessment as there is no required financial transparency, such that exists with publicly traded companies. You may need to poke around and ask questions. Areas to ask about include:

    1. capitalization
    2. fairness of client contracts (relative to maintaining a level playing field between the provider and their clients and partners)
    3. E&O and tech insurance limits
    4. strength of the balance sheet
    5. M&A ramifications (likelihood and impact of acquisition)

    Strong financial attributes call for a long-term vision. Companies lacking this vision will likely find themselves at risk at some point.

  4. Operational Risk – While subjective, there is inherent risk stemming from a company’s day-to-day operations. Within this category of risk, consider:

    1. company culture (relative to customer satisfaction and security)
    2. responsiveness
    3. execution (ability to implement and support clients based on capabilities and capacity)
    4. expectation management with client
    5. sales versus operational capability
    6. quality of partners for day-to-day operations

    All service providers will say they fully support their product. But it’s hard to see what is really behind that support until things go wrong. Look beyond the number of support services offered and explore how quickly they respond when problems arise.

  5. Business Attributes – As with operations, business attributes are largely subjective, but our experience proves they have a direct correlation to risky behavior. Areas to consider include:

    1. breadth of services/business focus
    2. business maturity (relative to level of sophistication supporting operations and business relationships)
    3. leadership maturity (ability to recognize strengths and weaknesses, adaptability to a changing market)
    4. level of transparency
    5. market conduct (ethical behavior toward competitors/clients)
    6. market reputation (“street view” of service provider by others with knowledge relative to the company)
    7. sales risks/omissions (track record for clarity and forthrightness during sales process)
    8. thought leadership (commitment to shape the market and set the company apart from competitors)

    In assessing these attributes, it’s also important to know who’s behind them, e.g., the board of directors’ experience and reputation, which will provide additional insight into the company’s business attributes.

  6. Client Attributes – Risk associated with a service provider does not always stem from that provider. A poor match between a provider and a client can create risk that would not exist in other pairings. Performance areas to consider include:

    1. cultural fit
    2. provider experience with like groups (e.g., size, level of complexity, industry)
    3. geographic fit
    4. expectation management (client’s ability to communicate deviation from established plans)
    5. price relative to market (like competitors)
    6. price relative to value (overall benefit delivered to client)
    7. partnership match (business goals and philosophies)
    8. target market match

    Some client attributes may not initially be obvious. This area of assessment may call for a little self-reflection from both parties and/or guidance from a consultant. The client profile as it compares to the “typical” client of a service provider can significantly affect the fit, and therefore, the success of the relationship.

  7. Platform Attributes – The product itself can be a source of risk. Our team examines both objective and subjective areas of performance tied to technology platforms, including:

    1. configuration versus customization
    2. decision support tools
    3. development investment and methodology (product roadmap)
    4. employer/employee experience
    5. level of transparency (software that tells you what’s going on rather than having to call a service center)
    6. ownership of technology
    7. ability to support regulatory needs

    There is a natural tendency to make platform attributes the highest priority when assessing tools and solutions because many buyers assume the provider has sufficiently addressed all other areas of risk. While the product itself is certainly important, these attributes, while typically easy to assess, call for a big-picture perspective, i.e., whether the long-term vision of the platform matches the long-term vision of the company.

Focusing on risk (and all the things that might go wrong) may not be the most up-beat approach to selecting an HR technology platform, but it is a prudent one. Getting answers to questions and making sense of those answers, however, can be two different things. It may be useful to engage a specialist who can help get the answers needed and weigh them against the company’s tolerance for risk. Contact us today if you’d like to speak with a Gallagher consultant about your specific challenges and how we can help. Although it is not possible to eliminate all risk when buying HR technology, understanding that risk and taking steps to mitigate it can greatly increase the level of satisfaction with the product and the provider.

About the Author

Rhonda Marcucci, together with Ed Barry, co-leads Gallagher’s HR and Benefits Technology Consulting Practice. Their team provides unbiased, well-researched HR technology and benefits administration consulting, including sourcing advice and service provider capability audits. Rhonda’s extensive and broad-based experience in finance, accounting, administration, strategic planning, information systems, sales and marketing, and operations is instrumental in helping clients identify a comprehensive strategy and execute against it.