Strategies to protect your Workday configuration from high-impact change
Workday enables you to overcome the limitations of fragmented, outdated systems by integrating various functions, technologies and teams. While this consolidation brings significant efficiencies, it is important to maintain this new standard by taking care when introducing follow-on configuration changes within high-risk areas.
Our research shows that 50% of defects related to configuration changes come from a small number of high-impact areas like security, payroll and integrations. Without enough due diligence, changes to these areas can disrupt key business processes, compromise data security, and reduce your business’ agility and efficiency. Here we look at some of the strategies you can implement to protect your business-critical processes from high-impact, high-risk change.
Monitoring data access in your security model
A robust security framework underpins Workday to empower your workforce while protecting your people and financial data. However, your security model is dynamic and requires continuous reviews to ensure that only authorised individuals access the correct data.
Without a comprehensive data access strategy, your organisation can become more vulnerable to security incidents and the accompanying penalties. What's more, when the trust of staff, investors, and customers is at stake, being able to easily handle security and compliance incidents is critical. Here are the key considerations when it comes to managing data access change and maintaining Workday security:
Access Model
Workday’s security model allows all data and processes to be secured using the same security model. The responsibility of Workday teams is to ensure that only the right people have access to the right data.
As a result, carefully managing who can control security roles is critical. Limiting the number of users with the ability to assign administrative security groups will limit the possibility of conflicts and security incidents.
Maintenance of your Security Configuration
When every process and application is interconnected, effectively managing change means looking at your global Workday security model to avoid unintended impacts, e.g. incorrect user access.
To improve efficiency and mitigate risk, avoid complex intersecting security groups where role-based groups are sufficient. Ensure that these security groups have clear descriptions so that their purpose and particular controls they relate to are obvious in the future.
Segregation of Duties
To avoid conflict of interest, consideration needs to be given to issues like business processes definitions, delegation authority, and routing restrictions—especially for processes that relate to security or transactions. For example, ensuring that a user cannot create and approve a one-off payment to themselves.
Sufficient controls should be in place to have more than one person required to complete a transaction to help reduce the risk of fraud and error. Monitoring expected and consistent behaviour will also help to flag any potential issues.
Always on-Monitoring
As previously highlighted, security is constantly evolving and as your tenant adapts to meet business needs, you need to ensure that you can constantly monitor access, transactions, and configuration changes.
Although Workday automatically retains information about what changed, who changed it and when, constant manual monitoring of this consumes time and resources that most security teams don’t have. Always-on automated monitoring solutions are key for teams to be able to ensure that changes don’t impact Workday security.
Ensure integration integrity
Workday's capability to integrate with diverse third-party systems enhances business performance, optimising and streamlining your processes and operations. You will need to conduct thorough testing and validation of integrations when changes are made in or around them. The key areas to focus on include:
Comparison testing
Side-by-side comparison of the integration output data from two non-production tenants, one with the changes, one without - will allow easy detection of any unexpected impact the changes have on the integration.
Configuration comparison
Looking at the inbound and outbound integration configuration from these two non-production tenants will help to identify issues within the integration itself. Analyse areas like launch parameters, attributes, and maps to ensure that updates are functioning as expected.
Integrity testing
Finally, confirming that inbound and outbound integrations execute correctly, without any errors gives you the confidence that processes will function end-to-end.
Intelligent testing solutions
These tests need to be run every time a change is made. When your tenant is complex or you rely on multiple integrations, this process can become inefficient and inaccurate. More businesses opt to employ intelligent automation to enhance their test coverage, ultimately increasing efficiency and reducing overall operational costs.
Derisking payroll change
Workday provides a powerful and flexible payroll tool, that can seamlessly integrate with other financial applications. With payroll integrations playing a central role in many intersecting processes, they are subject to constant change and as a result, potential disruption to vital processes if these changes are not thoroughly validated.
Since your workforce is your most valuable asset, payroll accuracy is crucial. So, how can you mitigate risk to this high-impact area?
Derisking payroll throughout the year
Payroll changes aren’t limited to the end of your payroll cycle or financial year, so constant testing is needed. This could be for mid-period changes in compensation, terminations and hires, or changes in roles. In addition to this, minor updates are made to Workday on a weekly basis, requiring further testing.
A regular ‘business-as-usual’ testing schedule using synthetic data is critical to ensuring your payroll operates as intended and meets local and national regulations.
During bi-annual updates
Workday’s two major annual releases see a range of updates applied across your tenant. The impact of these varies but can still have a significant impact on your relatively delicate payroll configuration.
In this case, the most effective strategy is side-by-side comparison tests in two non-production tenants; one with update changes and applied to one without. This will allow you to compare the outputs, identify discrepancies and fix errors before they go into production.
During major business changes
Whether it is a merger, restructuring or strategic initiative, major business changes often mean major payroll changes. Like any other change, this requires end-to-end, full cycle testing. In most cases, a major change involves tight deadlines and can stretch resources, so it is important to prioritise testing the changes that feed into your key processes, like payroll. Having pre-prepared test packs that focus on this critical process will allow you to plan and execute testing quicker and more effectively during these periods of change.
High impact doesn’t have to mean high risk
Throughout constant change, automation helps you to efficiently manage your high-risk configuration areas and mitigate the risk of disruption.
Kainos Smart provides comprehensive support across Workday, with proactive, simplified testing throughout business processes and worker lifecycles. This maximises testing coverage and mitigates high-impact incidents, helping to improve employee experience and safeguard sensitive information.
With a robust, automated approach to change management, Workday can continuously meet your business needs securely and efficiently, making any configuration bullet-proof.