This post originally appeared on the RES blog before the company was acquired by Ivanti in July 2017.

An HR Leader, Service Desk Manager, and Security Officer walk into a bar. The bartender asks, “Hey, who owns the process of employee onboarding and offboarding?”

Er, do you mean who owns the paperwork?” asked the HR leader.

“Do you mean, who sets up the laptop and IT systems?” asked the Service Desk Manager.

“Believe me,” said the Security Officer, “nobody owns it. It just happens.

All too often, the complex and critical process of onboarding and offboarding is carved up into pieces, with little real holistic ownership. But that lack of clear ownership may be the reason behind statistics like these:

24% of employees still have corporate data access after leaving

22% of staff turnover occurs in the first 45 days of employment

If no one truly owns the process, who ensures employees have the tools they need to be productive from day one? Or that company access is revoked immediately when employees depart, protecting the company from potentially serious security risks?

The View from the Business

When I ask HR leaders to describe the onboarding/offboarding process, they talk about welcoming an employee into an organization and then organizing a friendly, efficient exit when an employee departs. This view of onboarding includes setting up payroll, creating welcome packets, benefits enrollment, hounding the hiring manager for a proper ramp-up plan, and managing communications between the new employee and the business.

And then there’s this: “Oh, and then I submit a ticket to IT to set the new employee up with the proper systems and access.” The ticket then goes into a black hole and HR waits for notice that the workstation has been configured and is ready to go. To the new hire, either HR or the hiring manager says, “if you’re missing any access or technology just let IT know.”

And what happens next? Sources estimate 10 additional support tickets in the first week to set up the right level of access to apps, printers and drivers; as well as custom configurations for email signatures, profile pictures, and more. Talk about not being productive!  All too often that valuable new hire waits 7 to 10 days just to gain access to the tools and apps they need to be productive.

The View from the Service Desk

To the IT Service Desk onboarding looks completely different, and it often begins with the dreaded call: “I forgot to tell you, Jamie is starting today. Please set up with the right equipment and access. Just make sure she has the same set up as the others on the team.” The Service Desk Team does its best to guess what’s needed, accepting that throughout the next week they will be getting 10 or so tickets asking for additional or modified services. Eventually things will get sorted out and the new employee will be on her way to productivity. But the truth is, the dreaded call can be uncomfortable as it forces IT into a key role within a sensitive HR activity.

The CISO Weighs In

With the increasing headlines of ex-employees “stealing” corporate data long after their tenure, security departments now have a heavier role to play in the offboarding process – or as security references de-provisioning the user. With so much at stake, enterprise access strategies must now address:

  • Who has access to what apps and data, and when
  • Auditable, policy-driven approval cycles for adding and removing access
  • Secure password management/reset processes

As a result, the security or compliance officer is putting increasing pressure on the service desk to institute a process that must be documented, repeatable and auditable for employee access. From each employee’s day one to day last, and every day in between.

A Better Way for Everyone: Automation

When someone asks who owns the employee onboarding and offboarding process – the right answer is everyone. It touches too many cross-functional teams for a single owner. But, it can have a key orchestrator to help drive success: Automation. Organizations today are automating the onboarding and offboarding process through:

  • Integration with their existing “systems of truth,” such as payroll or HR databases, and identifying the true status of each employee. No more last-minute emails or tickets to IT when an employee is hired, changes roles or departs.
  • Automated access delivery for routine IT tasks like configuring printers based on location, assigning access rights based on role, removing access when roles change, and the list goes on. IT can have an automated ticket and audit trail for each request – but the resource draining manual effort can certainly be eliminated.
  • Policy-driven workflows for approval cycles ensuring that the right people – and only the right people – have the right access, to the right apps.
  • Self-service with automated delivery so employees can also request access or reset passwords through a service app store, empowering them to be more self-sufficient and much less of a drain on IT.
  • Removal of access (or de-provisioning) when an employee’s role or employment status changes in the system of truth. This ensures that no one has improper access, and that ensures both security and compliance.

With these automated processes, the need for central ownership has been mitigated, establishing an onboarding and offboarding process that meets the needs of everyone. Employees are happy to have the apps and services they need to be productive. And HR simply has to set up an employee’s role within their existing system of truth. The IT Service Desk is given back the time needed for those more strategic projects without sacrificing the audit of all services and apps delivered and revoked. And finally, Security is happy as everything is recorded and standardized – guaranteeing compliance.