Security Breaches: A Lesson For All From A Small Company

December 16, 2014

security breach

News of security breaches has become so commonplace that we hardly react with surprise or outrage any longer. The scenario plays out in an almost scripted fashion. Computer hackers located in Russia or China identify a system’s vulnerability, break in, and steal sensitive customer or patient (in the case of electronic medical records) information. Defending against these outsider attacks has become a high priority for any organization which possesses confidential records. The failures which make headlines are those where data thieves have looted the systems of large entities containing millions of records and huge infrastructures. We’ve all been impacted to some degree as consumers, but as business managers and owners we may harbor a false sense of immunity to data security breaches. A recent action brought by the Department of Health and Human Services Office of Civil Rights (OCR) brings the problem closer to home for smaller entities which manage more limited amounts of information.

The case involves Anchorage Community Mental Health Services, Inc. (ACMHS), a five-facility nonprofit provider of behavioral health care services to children, adults and families in Anchorage, Alaska. As required by the Health Insurance and Portability and Accountability Act (HIPAA), ACMHS notified OCR of a breach of 2,743 patient records caused by malware on one of its desktop computers. OCR conducted an investigation of the incident and found ACMHS had failed to protect sensitive patient information. On December 10, 2014, ACMHS agreed to pay a $150,000 fine and undertake a corrective action plan to address the deficiencies which caused the breach. Here is what OCR’s investigation revealed:

1) ACMHS had adopted HIPAA security policies and procedures, but they were not followed by the organization’s employees for a seven-year period, from 2005 to 2012.

The practices at ACMHS are not unique to health care providers. All too often organizations maintain a template of written policies and procedures which are not tailored to the organization’s actual method of operation. For health care providers, simply having in place template policies and procedures is insufficient to satisfy HIPAA requirements. Organizations outside the health care industry do not face monetary penalties for security breaches but nonetheless are exposed to data security risk for failure to evaluate compliance with written data security protocols.

2) ACMHS failed to update its software.

OCR found that the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software. The settlement agreement stated, ACHMS failed to “ensure that firewalls were in place with threat identification monitoring of inbound and outbound traffic and that information technology resources were both supported and regularly updated with available patches.” Once again, all organizations, not just health care businesses, can suffer losses for delaying or neglecting software updates. It’s not always an easy task, and the cost to implement an upgrade may push it down on the company’s priority list. But the downside to avoiding the upgrade process has potential for serious consequences, not to mention the eventual value impact on the organization caused by using old software.

C3 Advisors, LLC
December 15, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or email us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Advertisements

Are LinkedIn Contacts Protectable Trade Secrets? For Now, The Answer May Be Yes

November 13, 2014

trade secret_2

Stealing customer lists from an employer for competitive motives is nothing new. Court dockets are full of legal disputes between employers and former employees for trade secret theft. One recent case, though, is worth careful consideration because of its implications for social media in a business development context. The controversy involves an employer which sued a former salesperson for trade secret protection of the LinkedIn contacts that individual maintained after he was terminated from employment. Given the vast networks of individuals and organizations available to the 300 million LinkedIn users across the globe, it hardly seems likely that such information could be deemed secret. But for now, the courts have agreed with the employer’s claim that the former employee misappropriated its proprietary information. Employers and anyone in a sales or business development role should pay close attention to this case as it winds its way through the courts.

The majority of facts in this case are not unusual. David Oakes worked as a sales manager for Cellular Accessories for Less, Inc. (Cellular) from 2004 to 2010. While employed there he signed an employment agreement that precluded him from removing any proprietary information from Cellular, either physically or electronically, including Cellular’s customer database. He also signed a statement of confidentiality forbidding the disclosure or use of the company’s information without prior consent. In 2010, Cellular terminated Oakes, and he then struck out on his own to start a competing business, Trinitas, Inc. Shortly after his termination, Oakes emailed himself a file containing the contact information for more than 900 personal and business contacts, another file with information for purchasing agents, detailed client billing preferences, client pricing requests and a Cellular strategy document. What merits attention is that he also maintained his LinkedIn contacts after termination. Subsequently, Cellular sued Oakes for trade secret misappropriation. See Cellular Accessories for Less, Inc. v. Trinitas, LLC, No. CV 12-06736 DDP (C.D. Cal. Sept. 16, 2014).

Customer lists are not trade secrets, per se, because they may contain information which is readily accessible through open sources. They tend to be considered trade secrets when time and money has been expended through sophisticated methods to compile the information. The court agreed with Cellular in this instance that the customer lists taken by Oakes are trade secrets due to the economics of their creation and development. But LinkedIn is commonly viewed as a personal network, not the proprietary information of an employer. So why did the court rule in favor of Cellular? Here are the arguments which resulted in that decision.

Oakes asserted that the LinkedIn contacts were not secret because Cellular had encouraged its employees to create and use LinkedIn, his contacts were viewable to any other contact he has on LinkedIn, and any competitor could search LinkedIn to recreate the list. Finally, he argued that Cellular authorized salespeople to disclose the identities of clients to other customers as a way of attracting new business and failed to inform employees that the LinkedIn contacts were proprietary or confidential.

Cellular refuted Oakes defense saying that LinkedIn contacts are not automatically viewable because an account is only visible to the extent that the user chooses to make it public. LinkedIn is not configured to automatically share contact information and Oakes deviated from the default settings in deciding to make his network public. The court declined to take judicial notice of the functions of LinkedIn (judicial notice allows a court to accept the existence of a commonly known fact) and stated that the parties did not make clear the extent to which the contacts were made public, or whether it was done with Cellular’s permission.

Considering that social media has become inextricably woven into marketing and business development philosophies at every level of commerce, this ruling should be carefully examined. The concept that a social media account is not public and that it belongs to an employer may be difficult for an employee to understand. From the employer’s perspective, a client list may lose its value as a trade secret if employees are encouraged to use social media without restrictions for business development purposes. What’s more, as demonstrated by Cellular v. Trinitas, it cannot be assumed that judges understand the intricacies of social media forums, including the mechanics of privacy settings. While there is no perfect solution, businesses can establish practices to better protect their trade secrets.

Agreements and Policies—Frequently update employment contracts, non-compete agreements, non-disclosure agreements and social media policies to redefine trade secrets in the context of online networking and spell out restrictive terms and conditions regarding the use of various social media platforms. Specify that the accounts remain the property of the company.

Training—Educate employees regarding the proprietary and confidential nature of customer information located in social media platforms, privacy settings and how to avoid unwanted disclosure.

Business-Only Social Media Accounts–Require that employees’ personal social media accounts remain completely separate from their business accounts, which should be linked only to a company email address.

Client Database—Establish a password protected internal database to which employees should add any client contact information that they obtain through social media or otherwise.

Costs—Maintain records which capture the time and money spent to develop customer lists.

Employee Termination–Upon employment termination, voluntary or otherwise, terminate the employee’s access to business accounts.

The federal judge denied Oakes’ motion for dismissal and found that the case can move forward. Stay tuned for the next phase, and consider changes to policies and procedures which are important for the protection of company proprietary information.

C3 Advisors, LLC
November 13, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or email us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Is Digital Hoarding Hurting Your Business?

October 15, 2014

 

digital hoarding

Hoarding shows are popular these days. The images are consistent: Boxes stacked to the ceilings. Piles of newspapers dating back to the Nixon era. Feral cats skittering behind furniture. Empty cans of cat food, beans and soup scattered everywhere. Most people know a hoarder. Maybe it’s an aunt. Maybe it’s the neighbor with a sofa on the front porch and motorcycle parts strewn across the lawn. Or, maybe it’s you. Have you taken a look at your email inbox lately?

What Is Digital Hoarding?
Digital hoarding also known as e-hoarding is excessive acquisition and reluctance to delete electronic material no longer valuable to the user. The behavior includes the mass storage of digital artifacts and retaining unnecessary or irrelevant electronic data. As with physical space in which excess items are described as clutter or junk, excess digital media is often referred to as “digital clutter.” Digital hoarding occurs in any electronic space where information is stored. In a business setting the areas where digital clutter may exist are email inboxes, electronic documents and file folders, excessive desktop icons, old software/computer programs/apps no longer being used, and Internet bookmarks no longer being referenced. Hoarding of electronic information is a common problem that reduces employee productivity, raises information technology operational expense and heightens the risks and costs of regulatory action and litigation. We’re probably all guilty of holding onto some information we really don’t need and will never use again. Our collective proclivity for accumulating vast quantities of digital information has resulted in these following statistics reported by Contoural Inc.:
• The size of the digital universe in 2012 was estimated at 2.7 zettabytes (2.7 trillion gigabytes), and is forecast to be 40 zettabytes by 2020 – a 50-fold growth since 2010 (source: IDC).
• Businesses sent and received 89 billion emails per day in 2012 which should grow to over 146 billion by year-end 2016 (source: Radicati Group).
• Unstructured data (files, documents, information generated by applications) is growing at up to the rate of 80 percent (source: Gartner).
The widespread availability of content on the Internet makes it easier for users to obtain digital information and since it does not take up physical space it is less likely to be perceived as clutter. Digital hoarding stems from a variety of individual habits coupled with corporate conditions and trends. We can all relate to one or more of the following reasons for holding on to digital content: fear losing something important, no methodology for determining which content is worth keeping, lack of time to evaluate and delete unnecessary records, and inexpensive data storage options that reduce the need to save data selectively.

Why Is Digital Hoarding A Problem For Businesses?
Findability—The more you save, the more you will have to sift through. A recent survey by the technology market research firm Radicati Group reported that “the typical corporate email user sends and receives about 105 email messages per day.” That is a lot of email to process, categorize or store. Heavy users of email see upwards of 200 to 300 messages per day. Add documents, spreadsheets and presentations, and this number balloons. Sorting through old messages and rummaging through our boxes strips hours from each day. If you’re a well-paid knowledge worker, the productivity lost while purging old files may well cost your organization more than the bloated storage costs. That is, until it comes time to find something. Powerful search engines like Google create the illusion that information is always at our fingertips. The reality is that even for large organizations with enterprise search capabilities, findability falls way short in terms of efficiency. For businesses which rely solely on desktop and email search for digital content retrieval, the process causes even more lost productivity.
Data Security—Digital content is vulnerable to anonymous attacks from thousands of miles away. Data can be stolen, altered, misused, and abused by foreign governments and cyber criminals alike, as well as by negligent or disgruntled employees and bored teenagers. Securing email and desktop documents from a data breach may not be considered as a serious matter compared with protecting a system or application from data destruction or theft. Nonetheless it is one component of an organization’s digital presence, which must be guarded in totality.
Litigation Discovery—The problem of saving too much information can come back and bite an organization during the discovery phase of a lawsuit. According to Jeff Fehrman, vice president of forensics and consulting at Integreon, a provider of legal and research solutions, e-hoarding becomes an even more serious problem when your organization faces a lawsuit. “During the discovery phase, if you don’t have your data properly classified and legal teams are handling a bunch of information that is not relevant to the case, you can spend millions on e-discovery,” he says.
Judy Selby and James A. Sherer of the law firm BakerHostetler explain that stakeholders should understand that all that stored data might become discoverable in litigation, and a store-everything approach is no defense. Even if data isn’t subject to production in a given lawsuit, it still might be subjected to a litigation hold, collected and subsequently reviewed by counsel—at a significant per-hour cost—even if it is later determined that it need not be produced. In addition, the costs, administrative burden, functionality disruptions, and inefficiencies associated with subjecting data to legal holds can be quite substantial.
Storage and Backup—Although the hard cost of data storage has trended downward over the past few years, the cost is still real and adds up, especially when carried out ad infinitum. While the cost of storing data has dropped, ancillary costs haven’t, including costs for adding space in data centers and paying for escalating HVAC bills. As data grows, the chore of backing up critical data becomes more costly and complex.

Can The Problem Be Corrected?
How does the average professional know what will not prove to be valuable information months and years later? And should the decision as to what should be retained be left to individual employees? Large organizations tend to rely on enterprise systems and information governance policies where information is under management’s control and digital hoarding is not allowed. Unfortunately, the benefits of these content management tools are often undermined when employees, who are afraid of losing their information, save it elsewhere without security and lawsuit discovery protections.
For organizations, large and small, how do we get employees to understand that hanging on to useless content makes about as much sense as saving empty cereal boxes and hundreds of old plastic bags? Ingrained habits can be difficult to change. Businesses which are successful at managing digital content are those with an organizational culture which creates, communicates and enforces policies and procedures for content retention and deletion, from the C-suite down. The first step in changing rooted practices may be to ask employees to consider this question each time they save digital content—“Would you save it if it were paper?”

C3 Advisors, LLC
October 15, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or email us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Cyber Insurance: What Is It and Who Needs It?

August 15, 2014

cyber security

Breaking news earlier this month reported one of the biggest cyber attacks ever. A cybercrime gang of less than a dozen people from south central Russia had amassed a staggering 1.2 billion user name and password combinations and 500 million email addresses from poorly protected sites. The level of complexity involved in their work seems worryingly basic—checking company websites for vulnerabilities, and then once found, stealing user credentials. An attack of this magnitude should cause all business owners and managers to reconsider the security of their systems and question whether their risk protection is adequate. As headline stories of cyber attacks and data breaches have increased so has the demand for cyber insurance grown among companies as they expand their risk mitigation strategies.

What Is Cyber Insurance?
The cyber insurance market is still in its infancy and as such cyber insurance is not a standard product. Policies are tailored to the unique needs of the insured but protect against first party and third party risks.

Third Party Coverage—Insures for the liability of the policyholder to third parties, including clients, business associates and governmental entities. This type of insurance is more readily available than first party insurance, described below.
• Litigation and regulatory costs of lawsuits, judgments, settlements and penalties
• Legal and other professional expenses in responding to inquiries from governmental entities and the related expenses of fines, penalties or other sanctions
• Costs to notify clients, employees or victims of a cyber event
• Crisis management and public relations costs of a cyber event
• Media liability for copyright, trademark or service mark infringement for online publication by the insured
• Liability to clients or employees for a privacy breach

First Party Coverage—Insures for losses to the policyholder’s data, lost income or other harm to the business. This type of insurance is less prevalent because of the limited amount and nature of coverage it offers.

• Destruction or loss of data due to a cyber event
• Theft and transfer of funds
• Legal and other professional services to assess, mitigate or stop a cyber attack
• Business interruption and lost income related to a cyber event
• Extortion payments for threats to disclose sensitive information and related investigations
• Loss of computer-related assets and data restoration
The Department of Homeland Security Cybersecurity Insurance Workshop Report states that one of obstacles in developing a robust cyber insurance market, especially first party coverage, is the widespread, mistaken belief that standard corporate insurance policies and/or general liability policies already cover most cyber risks. Some of the elements of cyber insurance coverage may be interconnected or overlap with existing coverage but be aware of the battle raging between companies and insurers over the definition of property damage. A standard definition of property damage includes “physical injury” to “tangible property”, including all resulting loss of use of that property. Insurers typically argue that data is not “tangible property” that can suffer “physical injury” and, therefore, is not “property damage”. However, a number of courts have disagreed holding that damaged or corrupted software or data is “tangible property” that can suffer “physical injury.” Companies that lack explicit cyber coverage often try to bring cyber incident claims in under other policies which is leading insurers to add exclusions for cyber incidents in general liability policies. What losses are covered under general liability policies and what losses will be segregated out for separate coverage is an evolving area.

Premiums for cyber insurance vary widely. Although cyber insurance has been around for more than ten years, there still is little empirical data on incidents. Companies don’t want the public to know about security breaches and other vulnerabilities in their systems, so many incidents go unreported. Therefore, standardized insurance prices and policies are hard to come by. The nature of the risk for any given business is often unique so policies are built and priced around the needs of the business, but even the same set of circumstances can result in divergent premium amounts because insurers and buyers don’t always understand the risks that are being transferred. In order to purchase cyber insurance, a company will have to demonstrate that its first line of defense against a cyber incident is self-protection through a comprehensive risk management program.

Who Needs Cyber Insurance?
In general, small and midsize businesses are ideal candidates for cyber insurance, because they may be less prepared for a cyber incident and less able to absorb the associated costs. They often rely on someone else to host their Web sites, track inventory or authorize credit card purchases and generally have no control over those systems’ reliability and maintenance. Larger companies, with more substantial risk management and legal departments, are better equipped technically and financially for a cyber incident, which could make insurance a less effective risk management tool. Larger corporations usually do things in-house and can keep an eye on processes better.

Third-party risks exist for just about any business, though. Any business that collects protected health information or personally identifiable, non-public information like bank account numbers, credit card numbers, or Social Security numbers, has an insurable risk. One of the biggest risks for a company is unauthorized access from a virus, allowing a third-party to breach the system. Data breach notification laws require a business is to comply with those laws in addressing the breach and notifying potential victims. The aftermath of an incident is far reaching, can drag on for months and result in devastating losses.

The Computer Security Institute Computer Crime and Security Survey report offered a sobering insight which makes a case for including cyber insurance in the risk management strategy of any business. Respondents did not seem to feel that their challenges were attributable to a lack of investment in their security programs or dissatisfaction with security tools, but rather that, despite all their efforts, they still could not be certain about what was really going on in their environments, nor whether all their efforts were truly effective. This lack of visibility into the severity of threats and the degree to which threats are effectively mitigated is a perennial problem in security and it presents problems for anyone trying to make sense of the state of information security.

What Is Government’s Role?
In recent years, the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) has brought together a diverse group of private and public sector stakeholders – including insurance carriers, risk managers, IT/cyber experts, critical infrastructure owners, and social scientists – to examine the current state of the cybersecurity insurance market and how to best advance its capacity to incentivize better cyber risk management. Its efforts are fueled by the belief that a robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Between November 2012 and July 2014, DHS has convened the stakeholders for four workshops on the topic of cyber insurance. Read the workshop reports at http://www.dhs.gov/publication/cybersecurity-insurance.

C3 Advisors, LLC
August 15, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or e-mail us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

 

Personal Liability For Business Debt: The Protection Of A Corporation Is Not Automatic

June 16, 2014

pierce corporate veil

A key reason that business owners and shareholders choose to form a business as a corporation or limited liability company (LLC) is the protection from personal liability for business debt that is afforded those business types. Corporations and LLCs exist separately from their owners as do the assets and liabilities of those entities. But the protection from personal liability is not automatic. Business owners have a responsibility to show that the business operates independently from its owners. Failing to do so puts the owners at risk that a creditor may be able to disregard the company as a separate legal entity, and impose personal liability upon the entity’s owners, shareholders or members. This process of seeking to hold owners personally responsible for the debts of the business entity is known as “piercing the corporate veil.” When this happens, the owners’ personal assets can be used to satisfy business debts and liabilities. This means creditors can go after the owner’s home, bank account, investments, and other assets to satisfy the corporate debt. To ensure the protection of a corporation or LLC remains intact business processes must be in place to demonstrate the separation a business entity from its owners. At the inception of a business and then continuing during the life of a business, processes must be proactively managed to avoid situations which could cause the corporate veil to be pierced. Consider the most common factors courts use in determining whether to pierce the corporate veil:

Following Corporate Formalities:  Corporations have strict formalities they must follow, and while LLCs do not face the same requirements, many of the same steps are advisable. Small corporations are less likely than their larger counterparts to observe corporate formalities, which makes them more vulnerable to a piercing of their corporate veil. It’s important for small corporations and LLCs to comply with the rules governing formation and maintenance of a corporation and to maintain proof of compliance, as follows:

Corporations
• Create and regularly update bylaws
• Issue shares of stock to owners (shareholders) and maintain a stock transfer ledger
• Hold both an initial and then annual meetings of both directors and shareholders
• Undertake any annual filings required by the state of incorporation in a timely manner
• Pay the necessary filing fees and corporate taxes

LLCs
• Undertake any annual filings required by the state of incorporation in a timely manner
• Pay the necessary filing fees
• Create and regularly update an operating agreement
• Issue membership certificates to owners
• Keep a membership transfer ledger
• Hold both initial and then annual meetings of the members and managers
In both instances the organization must ensure that officers, agents, or members abide by the requirements of either the bylaws or operating agreement.

Ensuring Adequate Capitalization:  A business requires money and the equipment and items necessary both to start and continue operations. There are several sources of funds for business operations: capital contributions from business owners, investments from others and business loans. Whatever the approach, without adequate capital, a business will not survive. (Also keep in mind, this capital needs to be designated to the business and not the business owner.) There is no requirement that a corporation or LLC be flush with cash in order to preserve its limited liability, but it is necessary to have sufficient funds so that creditors are not left with uncollectible invoices due to a customer’s irresponsible overspending. Typically, courts recognize that cash flow problems can and do occur and will allow a creditor to pierce the corporate veil only if it is determined that the entity was “grossly undercapitalized” at the time the debt was incurred. This means that taking on significant debt at a time when a company can’t meet its current obligations puts it at risk that a creditor may be able to look to the individual shareholders for payment. Starting a large project or purchasing supplies or inventory with the knowledge that the business cannot pay the related debt increases the likelihood that a court will permit the company’s veil to be pierced.

Maintaining Separation Of Business And Personal Assets:   Small-business owners may be more likely than their larger counterparts to intermingle their personal assets with those of the corporation or LLC. Some small-business owners divert corporate assets for their own personal use by writing a check from the company account to make a payment on a personal obligation or by depositing a check made payable to the corporation into the owner’s personal bank account. This is called “commingling of assets.” A business owner may find it is easier to pay personal bills from a business account rather than write one check to cover the owner’s salary and then a second check from the owner’s account to pay a bill. Regularly following this practice could allow a creditor to pierce the corporate veil, particularly when the owner’s scheduled salary or draw is not enough to cover personal bills. To ensure that business and personal assets remain separate, the corporation should maintain its own bank account and the owner should never use the company account for personal use or deposit checks payable to the company in a personal account. Likewise, a business credit card should be used for business expenses only.

Inadequate processes are not the only reason the corporate veil may be pierced to satisfy a creditor’s claim. Business owners or shareholders may lose the insulation from personal liability for business debt if a court finds that the company’s actions were wrongful or fraudulent. If the owners recklessly borrowed and lost money, made business deals knowing the business couldn’t pay the invoices, or otherwise acted recklessly or dishonestly, a court could find financial fraud was perpetrated and that the limited liability protection shouldn’t apply.

C3 Advisors, LLC
June 16, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk, and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or e-mail us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Clearing The Air: E-cigarettes In The Workplace

May 16, 2014

 

No Vaping ImageFor many of the Gen X and Gen Y’s of today’s workforce, smoking in the workplace is something only known from watching an episode of Mad Men, a TV series that takes place during the 1950s and 1960s. In an era where traditional cigarettes tend to make headlines when large retailers, such as CVS, propose to discontinue selling tobacco products, electronic cigarettes (also known as vaporizers) are the new controversy.

What are e-cigarettes?

E-cigarettes are electronic nicotine delivery systems by which a battery powered heating element vaporizes a liquid solution, usually containing nicotine, creating water vapor as opposed to smoke. These personal vaporizers started appearing in the marketplace around 2006 and have quickly evolved in recent years. The early models produced small amounts of vapor, but with the increased battery capacity, the newer generations of these devices now produce significant amounts. Unlike tobacco products, e-cigarettes are not regulated by the Food and Drug Administration (FDA). Due to the lack of federal regulations, manufacturers of these products are not required to list the ingredients used to create the solutions. Most contain a mixture of propylene glycol, glycerin and nitrosamines.

Why all of the controversy?

Proponents of e-cigarettes are quick to point out that the chemicals used in most solutions are found in many products that have been deemed safe by the FDA. For example, propylene glycol and glycerin can be found in such things as toothpaste and asthma inhalers. While nitrosamines are known carcinogens and are linked to liver cancer, they can be found in many household products such as latex gloves. E-cigarette advocates point to the low levels of nitrosamines in personal vaporizers and compare the levels to those omitted by non consumable products. While many agree that using e-cigarettes can be a safer alternative to tobacco use, the void of research does not mean they are actually safe and point out that in the early years of “big tobacco”, many believed that smoking traditional cigarettes were safe and is now known to be a leading cause of lung cancer and emphysema, not only among smokers but to those who have been subjected to secondhand smoke.

What does this mean for the workplace?

While only 28 states and the District of Columbia have bans on smoking in the workplace, most would be hard pressed to find any company that still allows the practice on-site. 150 cities, including Chicago, have banned the use of e-cigarettes in public places such as restaurants, bars and offices requiring smokers of any kind to stand at least 15 feet from entryways of such establishments before lighting up or “vaping.” For those who work in areas not covered by such a ban, the issue may come down to how e-cigarettes are classified and the broad nature of some employee policies. Many believe that regardless of whether they are electronic or traditional, if they contain nicotine they are cigarettes and should be treated as such. Others point out that they are actually smoking cessation products designed to help smokers quit–and they have a point. Nicotine Replacement Therapies (NRT’s) such as patches and gums, which also contain various levels of nicotine, are not only permitted in the workplace, but some companies reimburse employees for the expense of such products in order to help in the quitting process.

Regardless of one’s personal viewpoint on the use of e-cigarettes as a smoking alternative or NRT, companies have a responsibility to not only treat their employees fairly but also to ensure the safety of their employees while on the job. It is important to consider the well-being of the workforce as a whole when drafting and implementing workplace policies. When considering non smoking policies and the use of e-cigarettes, policies should be clearly constructed and detailed in order to alleviate any confusion. If the company provides any kind of assistance to those employees who are trying to quit using tobacco products with the use of NRT’s, policies regarding their use and expense reimbursements should be detailed and include which products are covered and what is not. When in doubt, it may be worth it to error on the side of caution when deciding on whether or not to allow vaping on company property.

C3 Advisors, LLC
May 15, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk, and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or e-mail us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

Intellectual Property Primer: The Difference Between Patents, Copyrights and Trademarks

April 17, 2014

Image

On April 26 every year, the World Intellectual Property Organization celebrates World Intellectual Property Day in order to promote discussion of the role of intellectual property (IP) in encouraging innovation and creativity. IP refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. IP is protected in law by patents, copyright and trademarks, which enable people to earn recognition or financial benefit from what they invent or create. With the upcoming celebration of World IP Day, we thought it would be a good time to present a few IP basics and perhaps eliminate some of the confusion related to common terms.

Patents
A patent is a property right granted by the U.S. government to an inventor “to exclude others from making, using, offering for sale, or selling the invention throughout the United States or importing the invention into the United States” for a limited time in exchange for public disclosure of the invention when the patent is granted. By granting the inventor a temporary monopoly in exchange for a full description of how to perform the invention, patents play a key role in developing industry around the world. Once the owner of an invention has been granted a patent in any particular country, they then have the legal authority to exclude others from making, using, or selling the claimed invention in that country without their consent, for a fixed period of time. In this way, inventors can prevent others from benefiting from their ingenuity and, ultimately, sharing in profits from the invention, without their permission.
A patent may be applied for only in the name(s) of the actual inventor(s). “Utility” patents are provided for a new, nonobvious and useful:
• Process
• Machine
• Article of manufacture
• Composition of matter
• Improvement of any of the above
In addition to utility patents, encompassing one of the categories above, patent protection is available for ornamental design of an article of manufacture or asexually reproduced plant varieties by design and plant patents. The following cannot be patented: laws of nature; physical phenomena; abstract ideas; literary, dramatic, musical, and artistic works (these can be copyright protected-see below); and inventions that are not useful (such as perpetual motion machines) or that may be offensive to public morality.
To determine if an invention has been publicly disclosed and thus is not patentable, a search of all previous public disclosures including, but not limited to previously patented inventions in the U.S., should be conducted. A search of foreign patents and printed publications should also be conducted. The process of obtaining the grant of a patent begins with the preparation of a specification describing the invention. That specification is filed at a patent office for examination and ultimately a patent for the invention described in the application is either granted or refused. It is highly recommended that an IP lawyer be engaged for the performance of a patentability search. An advance patent novelty search by a lawyer also helps determine whether an invention is novel and whether it is worth pursuing patent protection. The lawyer can also perform a patent infringement search to determine whether the invention will infringe someone else’s patent. After a patent application is filed, the United States Patent and Trademark Office will conduct a search as part of the official examination process. A U.S. patent protects an invention in the U.S. only. Under the Patent Cooperation Treaty, an inventor can file a single international patent application in one language with one patent office in order to simultaneously seek protection for an invention in up to 117 countries throughout the world. Utility and plant patents are granted for 20 years. Design patents last for 14 years.

More information on the patenting process can be found at http://www.uspto.gov.

Copyright
Copyright is a form of protection grounded in the U.S. Constitution and granted by law for original works of authorship fixed in a tangible medium of expression. Copyright covers both published and unpublished works. Copyright protects original works of authorship including literary, dramatic, musical, and artistic works, such as poetry, novels, movies, songs, computer software, and architecture. Copyright does not protect facts, ideas, systems, or methods of operation, although it may protect the way in which these things are expressed. Copyright protection occurs the moment the work is created and fixed in a tangible form that it is perceptible either directly or with the aid of a machine or device. Copyright registration is voluntary and a legal formality intended to make a public record of the basic facts of a particular copyright. It is only necessary to register in order to file a lawsuit for infringement of a U.S. work. The Berne Convention provides rights harmonized at an international level with many other countries without a requirement for national registration. Many choose to register their works because they wish to have the facts of their copyright on the public record and have a certificate of registration. In the United States, the Library of Congress officially registers copyrights which now last for the life of the author plus 70 years. No one else can profit or copy an idea without permission during this time period.

More information on copyrights can be found at http://www.copyright.com.

Trademark or Service Mark
A trademark is a word, phrase, symbol or design, or a combination of words, phrases, symbols or designs, that identifies and distinguishes the source of the goods of one party from those of others. Goods are physical commodities used in interstate commerce. Goods can be natural, manufactured, or produced.
A service mark is the same as a trademark, except that it identifies and distinguishes the source of a service rather than a product. Services are intangible activities, which are performed by one person for the benefit of a person or persons other than himself, either for pay or otherwise.
Federal registration is not required to establish rights in a trademark. Common law rights arise from actual use of a mark and may allow the common law user to successfully challenge a registration or application. However, owning a federal trademark registration provides several important benefits:
• Public notice of the claim of ownership of the mark;
• A legal presumption of ownership of the mark and the exclusive right to use the mark nationwide on or in connection with the goods/services listed in the registration;
• The ability to bring an action concerning the mark in federal court;
• The use of the U.S. registration as a basis to obtain registration in foreign countries;
• The ability to record the U.S. registration with the U.S. Customs and Border Protection (CBP) Service to prevent importation of infringing foreign goods;
• The right to use the federal registration symbol®; and
• Listing in the United States Patent and Trademark Office’s online databases.
Rights to use a mark are claimed by the use of “TM” (trademark) or “SM” (service mark) designation which alert the public to the claim of a “common-law” mark. No registration is necessary to use a “TM” or “SM” symbol and these symbols may be used even if the USPTO refuses to register a mark. Those symbols put people on notice that there is a claim to the rights in the mark, although common law does not convey all the rights and benefits of federal registration. The federal registration symbol “®” may only be used after the USPTO actually registers a mark. The registration is valid as long as all post registration maintenance documents are timely filed at prescribed dates during the years after registration is granted.
Most applicants use an IP lawyer for legal advice regarding use of their trademark, filing an application, and the likelihood of success in the registration process. Using an IP lawyer can save future costly legal problems by conducting a comprehensive search of federal registrations, state registrations, and “common law” unregistered trademarks before an application is filed because not all trademarks are federally registered. Key considerations in filing an application are the depiction of the mark and the identification of the goods and/or services to which the mark will apply.

More information on trademarks and service marks can be found at http://www.uspto.gov/trademarks.

Trade secrets are also a form of IP. Trade secrets are methods, skills or techniques that are not known to the public and that give the organization practicing them an advantage in their trade. Owners of trade secrets seek to protect trade secret information from competitors by instituting special procedures for handling it, as well as technological and legal security measures, which are often in the form of non-disclosure agreements with employees and business partners.
More information on trade secrets can be found in the C3 Advisors article, “Trade Secrets: Protective Measures Every Business Should Know About.” For a copy of the article, contact Deb Deutsch at debd@c3advisors.com.

C3 Advisors, LLC
April 17, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk. Our services help our clients improve process optimization, people integration and technology maximization.
Process Optimization focuses on establishing formalized operational functions that facilitate increased productivity, mitigate risk, and provide the foundation for optimal profitability.
People Integration addresses staffing and workforce issues that are critical to the success of continually cost efficient, low risk, and productive processes.
Technology Maximization ensures the ROI on a technology investment is fully realized through complete use of systems functionality and business intelligence.

We have specific expertise in post-acute healthcare, technology and service companies. Please visit our website at http://www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or e-mail us at debd@c3advisors.com.
Find us on Facebook and LinkedIn. Subscribe to our newsletter by emailing debd@c3advisors.com.

To Pay or Not to Pay: The Internship Debate

March 17, 2014

Intern Article Image

With winter finally coming to an end and the return of the summer months, businesses across the country are starting to ramp up efforts to bring in summer interns.  Internship programs can be beneficial for students who need to gain experience in their field of study even if they will not be paid for the work that is being assigned.   Those benefits also include developing experience for inclusion on a resume, potential future employment references and, sometimes, additional college credit for the work that is done.  There are many benefits to business, as well, in terms of reducing heavy workloads, filling future recruiting pipelines, and increasing employee managerial skills, just to name a few.   The mutual benefits that can be derived from an internship program are clear but, in reality, employers can lose at the internship game if their programs are not designed and managed properly.

 The Fair Labor Standards Act (FLSA)

Most employers know that the FLSA differentiates between employees and independent contractors, but many don’t realize that an intern can often fall within the definition of an employee if care is not taken to differentiate the intern’s role and responsibilities.  As with independent contractors, the Department of Labor has defined specific tests that must be met in order to properly classify interns vs. employees.

 FLSA Internship Test

Under the FLSA, the following six tests must be met in order for a worker to be classified as an intern:

 1.       The internship, even though it includes a role in the actual operation of the business or facilities of the employer, is similar to training which would be provided in an educational environment;

2.       The internship experience must be designed for the benefit of the intern, and is not with expectations of commercial benefit for the business;

3.       The intern does not displace regular employees, but works under close supervision of existing staff;

4.       The employer that provides the training  derives no immediate advantage from the activities of the intern; and on occasion operation of the employer’s core business functions could be impeded;

5.       The intern is not necessarily entitled to a job at the conclusion of the internship; and

6.       The intern and the employer mutually understand that the intern is not entitled to wages for time spent in the internship.

 It is important to note that all six of the requirements must be met in order to demonstrate that an “employment relationship” does not exist, and the intern is not entitled to the benefits and protections afforded to employees under the FLSA rules.

The Pitfalls of Misclassification

Beware of assigning menial tasks to interns or hiring interns in lieu of employees.  And, be careful, to pay attention to wage and hour rules if interns are to be paid, even when the payment is in the form of a stipend.

In 2013, the United States District Court for the Southern District of New York held that duties performed by interns such as taking lunch orders, making deliveries, and organizing file cabinets demonstrated the existence of an employment relationship and that the unpaid interns charged with these tasks should have been classified as employees (Glatt v. Fox Searchlight Pictures). The case demonstrated that menial office duties were not for the educational and/or training benefit of the intern and only benefited the employer.  Therefore, the interns should have been classified as employees and paid.  In the same court, a collective class action suit was filed against a modeling management company.  In that case, the petitioner filed a $50 million suit alleging that the modeling agency knowingly misclassified employees as unpaid interns in order to avoid paying wages and overtime.

 Unpaid internship programs are not the only programs at risk. Internship programs that offer stipends that do not meet the minimum wage requirements are also at risk of wage and hour claims.  Take the situation where a student receives an internship for a company and receives a stipend for his/her work.  If the amount of the stipend is not adequate and in conformity with minimum wage and overtime requirements, there could be an actionable wage and hour issue.  In this case, an attempt at providing some compensation to the intern could actually backfire in a meaningful way.

 Finally, let’s not forget the issue of commercial benefit.  The tech-savvy intern who is brought on to develop a new program or application that may be offered for sale in the future probably isn’t going to be classified as a true intern under the FLSA’s rules and that individual should be compensated for his/her work.

 Conclusion

When properly designed, the use of interns can offer a company many benefits.  Overhead and overall wage and benefit expenses can be controlled.  Interns often bring new skills, particularly in areas such as technology, to the fore during an internship. Recruitment of interns can often be done using free websites such as intern.com.  Interns also derive significant benefit from the practical experience that an internship may provide.  All in all, offering internships can be a win/win situation for both the company and the student as long as the program follows the requirements set forth by the FLSA and, if applicable, state wage and hour laws.  Take these rules into account when designing your program and, when in doubt, seek the advice of legal counsel before taking the plunge.  Remember that an hour of your attorney’s time may mean the difference between a successful internship experience and a costly mistake that could end up in litigation.

Minimize Losses and Risks: Three Part Framework For Implementing or Strengthening Internal Controls

February 14, 2014

internal control

Internal control—it’s not the latest trend or likely to be the topic of a social media post.  It may even be one of the least interesting business principles.  Bland and uninspiring as the subject may be, it is the foundation of a well run business.  Inadequate or missing internal controls have real dollar consequences that impact the bottom line. And it’s not limited to only small companies with less manpower and resources.   Large businesses are just as vulnerable.    There are numerous examples of theft of assets due to weak or absent internal controls which can be discussed and analyzed.  But the more likely scenario resulting from deficient internal controls is that where a business is exposed to risk and losses due to errors.   What can you do to strengthen your company’s internal controls to minimize business losses?

I.                     Start With the Basics

Any discussion of internal controls begins with a definition.  We like this one from the Business Dictionary,  “Systematic measures (such as reviews, checks and balances, methods and procedures) instituted by an organization to (1) conduct its business in an orderly and efficient manner, (2) safeguard its assets and resources, (3) deter and detect errors, fraud, and theft, (4) ensure accuracy and completeness of its accounting data, (5) produce reliable and timely financial and management information, and (6) ensure adherence to its policies and plans.” www.businessdictionary.com.  Management is responsible for maintaining an adequate system of internal control, including communicating the expectations and duties of staff.   Staff and operating personnel are responsible for carrying out the internal control activities set forth by management.  Control activities are the specific policies and procedures management uses to achieve its objectives.  The most important control activities appear below.

1)       Segregation of duties requires that different individuals be assigned responsibility for different elements of related activities, particularly those involving authorization, custody, or recordkeeping. Having different individuals perform these functions creates a system of checks and balances.

2)       Proper authorization of transactions and activities helps ensure that all company activities adhere to established guide lines unless responsible managers authorize another course of action.

3)       Adequate documents and records provide evidence that financial statements are accurate. Controls designed to ensure adequate recordkeeping include the creation of invoices and other documents that are easy to use and sufficiently informative; the use of pre-numbered, consecutive documents; and the timely preparation of documents.

4)       Physical control over assets and records helps protect the company’s assets. These control activities may include electronic or mechanical controls (such as a safe, employee ID cards, fences, cash registers, fireproof files, and locks) or computer-related controls dealing with access privileges or established backup and recovery procedures.

5)       Independent checks on performance, which are carried out by employees who did not do the work being checked, help ensure the reliability of accounting information and the efficiency of operations.

In theory these activities make sense and can be reasonably incorporated into the processes and procedures and of a business.  In reality, though, internal controls are often not strong enough to prevent errors, monetary loss, risk exposure, and potentially the integrity of financial data.  So where does the breakdown typically arise?   Number 5 — Independent Checks on Performance.  This control activity is not merely a periodic review of transactions or entries.  It has more far reaching implications which place the burden on management and supervisors to ensure their subordinates are adequately trained for their responsibilities and are performing their duties properly.  An adequate system for independent checks on performance will identify not only errors but also procedural deficiencies or staff incompetence that cause repeated mistakes or expose the company to risk.    Reviewing subordinates’ work product and processes should be done on a routine and non routine basis.  Routine activity should be reviewed when tasks and transactions are completed, as well as on a spot check basis which is not predictable.  Non routine activity encompasses such things as processing unusual transactions, hiring new staff, implementing new systems or upgrades, changing processes and procedures, or addressing new industry regulations/requirements.  Review of non routine activity should be done as situations arise or periodically if no events trigger the need.   The detection of errors and inefficiencies can lead to stronger controls when management and supervisors use the information to identify the need for improved documentation, more efficient processes, proper authorizations, and staff training.

II.                   Preventing Errors and Losses

The following checklist provides a framework for implementing or strengthening internal controls for conducting independent checks on performance.

1)      Transaction Review:  Verify supporting documentation or other information to substantiate transactions, including correspondence and communication prepared by staff, to ensure accuracy and timeliness.

ü  Transactions which are over or outside a pre-determined limit, based on value/amount, volume and dates.

ü  Activity in large customer and vendor accounts, based on value/amount, volume, and dates.

ü  Adjustments, corrections, or write offs which are over or outside a pre-determined limit, based on value/amounts, volume, and dates.

ü  Reconciliations of accounts or balances for reconciling items which are over a pre-determined limit.

ü  Handling and disposition of unusual transactions.

2)      Workflow Review:  Conduct a review of processes and procedures from initiation to completion to identify weaknesses which can create errors or wasted resources.

ü  Duplication of procedures by more than one individual.

ü  Unnecessary steps or document preparation.

ü  Missing or inadequate reviews or document preparation needed to support an audit trail or regulatory compliance.

ü  Record retention for completeness and accuracy.

3)      Systems Review:  Verify that systems are used correctly and functionality is maximized.

ü  Staff knowledge of system functionality, including upgrades, is tested.

ü  Workarounds are used only if approved by management.

ü  Records created outside the system are approved by management as necessary and are verified routinely as part of transaction review.

ü  Reports available through the system are used to facilitate tasks and communicate information.

The time it takes to complete the steps above may be a burden on managers who are already stretched thin.  In the long run, though, the cost savings to a business in terms of reduced errors and risk exposure can be substantial, especially in a highly competitive or regulated industry.

C3 Advisors, LLC

February 14, 2014

C3 Advisors converges the three essential business elements—Process, People and Technology—to help businesses thrive, not just survive, by improving profitability and reducing risk.  Our services help our clients improve process optimization, people integration and technology maximization.

We have specific expertise in post-acute healthcare, technology and service companies.  Please visit our website at www.c3advisors.com and for direct information about how C3 Advisors, LLC can assist your business, please call us at (630) 510-3181 or e-mail us at debd@c3advisors.com.

Find us on Facebook and LinkedIn.  Subscribe to our newsletter by emailing debd@c3advisors.com.

Let’s Get Rid of HR!

November 20, 2013

HR_Vital Function Image

An article entitled, “Why We No Longer Need HR Departments” by Bernard Marr was recently posted on LinkedIn. (http://www.linkedin.com/today/post/article/20131118060732-64875646-why-we-no-longer-need-hr-departments).  Bernard Marr is a self-described bestselling author and performance management expert residing in the UK.   Let’s be clear.  The term, performance management, in the minds of many, is simply another euphemism for a systematic approach to HR and Mr. Marr is a consultant who provides these services to his clients.  Thus, we were among the 3,000 or so people who thought Mr. Marr’s views on the need, or lack thereof, for HR to be interesting and poorly conceived, not to mention controversial.

 He points out several things in his article.  First, he attacks the nomenclature by suggesting  that no one could possibly take a department that refers to people as ‘resources’ seriously.  He follows with the notion that HR departments serve two masters; both employees and employers, and that this dual allegiance creates an inherent conflict of interest that underscores the need to do away with HR departments entirely.  I guess that happens after we rename them.

Then he suggests a few alternative ideas including outsourcing non-value adding HR management functions (without telling us what those non-value added items might be) and creating two different internal, non-HR, teams to handle “people issues” including a “people support team” to provide assistance to employees and a “people analytics team” to scientifically analyze and provide information to management on employment gaps, turnover and employee performance.

 That’s all very interesting, but really?  First, we’re not crazy about the “HR” label either, largely because the function has come to encompass so much than the traditional HR functions of recruitment, hiring and performance reviews.  In addition to those traditional responsibilities, onboarding, change management, performance management, compliance and risk control are all part of the daily fabric of HR departments.   So, while we happily agree with the many companies that are abandoning the terminology in favor of more pleasantly descriptive role definitions such as “People Management,” the fact remains that the functions performed by HR and/or their ‘people management’ counterparts are quite necessary for every business of any size.  There is nothing “non-value added” about avoiding a multi-million dollar lawsuit through effective and compliant approaches to day to day workplace dynamics.   Indeed, your house might not burn down tonight, but that doesn’t mean that having homeowner insurance coverage is a bad idea.

 Second, the idea that HR departments should be primarily serving the interests of employees is absolute nonsense.  Any competent HR professional will tell you that his or her function is to serve the employer and that HR is no different than any other department in the company such as sales (where selling the company’s products or services is solely for the benefit of the company) or engineering (where research, design and product development is done solely for the benefit of the company), or finance (where analysis and reporting is done solely for the benefit of the company).  It is true; however, that HR must be instrumental in assuring that the company has an engaged, satisfied and competent workforce ready and able to do the work of the company.  And, certainly it is true that HR must often walk a middle line where service to or for the benefit of employees has the intended end result of benefitting the company.    Happy employees usually stick around.  Companies that have tenured, competent and engaged employee bases are usually those that are most successful in the marketplace.  Thus, happy employees often make happy company owners and investors and there is no conflict of interest there, that we can see.

 Finally, on the subject of “people support” and “people analytics” teams, we wonder how effective people support teams will be when the support they advocate has the result of weakening the company   or, alternatively, how they will be viewed by their constituency base when the company fails to implement recommendations that aren’t appropriately aligned with corporate strategy and goals.  As to people analytics, this seems like nothing more than yet another term for the dreaded HR function to us.

 We do agree that there are certainly advantages to outsourcing some HR functions particularly those that may require expertise not readily available with current HR staff.  Change management programs are often outsourced along with development of training and onboarding programs.  Outsourcing is a growing trend, but outsourcing the entire HR function is not the real answer to the problem.  Ask the CEOs who participated in a recent survey conducted by the Conference Board.  They unequivocally stated that their number one concern is attracting and retaining competent talent and leadership so that they will be able to grow and sustain their companies in the future.   I’m sure that many of them are outsourcing some functions, but I’d be willing to bet they all have effective, engaged and active HR departments.

 Instead of focusing on companies where the HR function is broken or at least not as contributory as it should be, perhaps Mr. Marr and his supporters should start looking at companies where HR is their prize winning department. What is it that they are doing differently?

 Take, for example, Southwest Airlines. Most graduate schools, including Stanford’s Graduate School of Business, have extensively studied the low cost, no frills carrier and the mark it has made on the airline industry. If you do a Google search of Southwest case studies, you will find page after page of white papers on the success of Southwest and how HR plays a major factor in the company’s ability to beat out the competition, even among the legacy carriers such as United and American.  Southwest considers the HR role to be one of the most important elements of its management team and it shows. Year after year, Southwest tops the list of carriers with the best record of on time arrivals and departures while working with a smaller workforce than other carriers.  The reason behind Southwest’s success is a focus on strategic planning and leveraging employees to create a fun, yet productive, work experience that, not incidentally, also makes for a pleasant and fun customer experience while also boosting the bottom line. While the airline doesn’t refer to the department as HR, the roles it plays is the same.

 So, let’s go ahead and meet Mr. Marr halfway and rename HR to something more catchy and up to date.  But, let’s also recognize that while HR it has its share of problems, viewing it as the scapegoat for a company’s issues usually only perpetuates the problem.  Before getting rid of the HR department, check to make sure you aren’t “throwing the baby out with the bathwater.”

Learn more about C3 Advisors, LLC at www.c3advisors.com.  Find us on Facebook and LinkedIn.  Subscribe to our newsletter by emailing debd@c3advisors.com.