Tag Archives: enterprise timesheet

TimeControl on-premise security architecture white paper rewrite

tc7secure_cover_300x389.jpgWith the launch of TimeControl 7, we are gradually working through updating the vast array of TimeControl resource that are available online.  This week saw a rewrite of the TimeControl On-Premise Security Architecture white paper which is now available on the TimeControl.com website.  Rewriting such material gets everyone thinking about the subject matter so security turns out to be one of our most popular internal conversations this week.

To be fair, security has been a topic of conversation for the TimeControl developers since long before the first version of TimeControl was released.  The first ever timesheet that HMS created was 10 years before TimeControl.  Our client, Philips Information Systems in Canada needed a timesheet that would integrate with both the Payroll system and the Project Scheduling system.  Security was a huge element of the design as the data for Payroll was, of course, very sensitive and the costing information in the project system was information that would have been terribly damaging to the company if it fell into the hands of competitors.

That original HMS timesheet was very secure for its time and there are elements of that design that live in TimeControl still.  But times have changed and the threat of data and systems compromise has become ever more sophisticated each year since that first timesheet system.

While the TimeControl On-Premise Security Architecture reveals many of the elements of the TimeControl deign that lend themselves to a safe and secure system, it is primarily a document that lets prospective clients review TimeControl against their own security standards.   Yes, we use the latest in many technology designers in TimeControl and we test against the OWASP standards (owasp.org) looking for potential threats and ensuring we protect against them but there are risks that you can implement at that are beyond the security architecture we designed for TimeControl.  Here are a couple of basic tips you can think about regardless of your size:

  1. Have a security plan for your key systems and data and choose someone to be accountable for it.
  2. Authentication is key.  How do people authenticate to your network, to your applications and even to your building.
  3. Outward facing or inward?  Does TimeControl need to be accessible to the Internet or will it serve your purposes just as well being available only within the corporate firewall?  Inward implementations aren’t as easily accessible and that can mean they’re safer.
  4. Don’t forget physical security.  If someone can get physical access to the servers, they can get access to your systems.
  5. Monitor.  Make sure you take advantage of the many technologies available to monitor unauthorized access or out of pattern use of your applications, your data and your network.
  6. Functional and Data restrictions.  In TimeControl, User Profiles determine what users can see which data and which users can use or perform which functions.  Think about who needs access and don’t be scared to start with less access and later ease up on your restrictions.
  7. Disaster Recovery.  Make a plan for your data and systems being compromised and how you’ll recover from it.  Then do an actual practice to make sure your plan works.  Iterative and redundant backups and a plan for restoring them is something that makes security officers sleep better.

This is not a comprehensive list of course.  There are many aspects to a complete security plan that are better explained by specialists in that field.  We’ve been talking about TimeControl for an On-Premise implementation.  Next month as we upgrade TimeControl Online to version 7 we’ll be updating our Security Architecture white paper for TC Online and we’ll be sure to talk about that here in the blog.

You can find the TimeControl 7 On-Premise Security White paper at: TimeControl.com/resources/whitepapers

TimeControl 7 now available!

We are so excited to announce that we have released an exciting new version of TimeControl. TimeControl version 7 is a major upgrade to the product we launched the first version of over 20 years ago and we are sure it will be welcomed by both existing and new customers.  There are over 40 major new features or enhanced features that you’ll be seeing as the new version is released.  Here are only a few:

Multi-line edit timesheettimesheet.jpg

The TimeControl 7 timesheet has been completely rewritten to allow all cells in the timesheet to be edited simultaneously.  In previous versions, a single line had to be edited at a time due to the many customizable validations that are tracked on each cell and each line.  We have determined methods to accomplish the same thing while allowing all the lines to be changed at once.  For those with timesheets that have a large numer of pre-loaded tasks, this will be a welcome change.

Gantt Views

TimeControl 7 now allows you to view projects, tasks or assignments in graphical Gantt charge views.  MyAccount_Gantt2.jpgThis gives users an easier perspective into data they have access to and to highlight potential assignment challenges in the coming days.  The view is highly configurable and is accessed from either the Reporting tab or the MyAssignments tab of each user’s Options page.

Calendar Views

TimeControl 7 introduces a brand new view into assignments with a calendar view.  The view can include assignments and/or TimeRequests™ and can be access from either the reporting view or from right inside the TimeRequest Approval screen. Now a supervisor with multiple requests for vacations in a given period can quickly pop up a calendar to see them graphically displayed and can distinguish between draft, released for approval, approved and rejected requests by using different colors for each type.

There are more than 40 more exciting new and improved features in TimeControl 7 that we haven’t even listed here.  For a more complete list, see the Latest TimeControl page on the website.

TimeControl 7 is available for download right now for clients who have an active support agreement at TimeControl.com/support/updates.  If you are an existing TimeControl client and need to renew your support agreement, please email info@hms.ca.

 

If only…

comingsoon.pngIf only the TimeControl timesheet had multi-line edit…

If only TimeControl had a calendar view to see pending time off…

If only TimeControl had a barchart view to see assignments…

If only the TimeControl report designer was multi-device enabled…

If only there were table-level validation rules in TimeControl…

If only…

If only” sometimes never arrives… but this time “If only” will be here next week!

Stay tuned.  TimeControl 7 is will launch next week!

Timesheets by exception

autofill1.pngNot every organization expects all their staff to fill in a timesheet every single week.  Instead, theses salaried staff are instructed to fill in a timesheet only “by exception” meaning only if they were not at their intended post for the entire pay period.  If the employee has an exception such as a sick day, vacation, a day when they left early, etc.  they must then enter only the exception.

TimeControl can be used like this of course because if that is what your payroll system expects, then TimeControl export to the payroll system will have only the expected exceptions.

Ah, but if life were only that easy.

Here’s a much more difficult scenario:  Imagine an organization where some of the staff who are project oriented must fill out timesheets to account for their entire week and other non-project personnel will be asked to only fill in timesheets by exception.  Must there then be two separate timesheet systems?

Not at all.

TimeControl’s AutoFill functionality is designed to fill in where the exception timesheet leaves off.  Here’s how it works.

First, define who will be entering timesheets by exception.

Next, create a process that allows people who have exceptions to enter them by a certain time in the timesheet period.  For example on a weekly timesheet perhaps exceptions must be entered by noon on Monday.

Now run the AutoFill functionality and have it “fill-up” the timesheets for the people defined to the total number of hours per day that you define.

In this manner TimeControl will create blank timesheets and automaticall fill them in or add to the exceptions that are already there to fill in a complete timesheet.  Now the project staff who enter a complete task-based timesheet every week and the non-project staff who enter a timesheet only by exception will end up with a completed timesheet that can be reported on together, exported or analyzed together and, if you still need to send only the exceptions to the payroll system, that too can be filtered to send only the appropriate data.

TimeControl’s AutoFill is one of the more popular features for HR and Payroll adminstrators for the enormous time it saves by automating a simple function and allowing a single timesheet to replace multiple timesheets.

You can see more HR related functions in the TimeControl and HR use-case area of the TimeControl.com website.

How many TimeControl Modules can you buy? (it’s a trick question)

From time to time we’re asked how many modules TimeControl has and what modules are required for a particular requirement. allinclusive_300x197It’s not a strange question because so many timesheets on the market sell in exactly this manner.

The short answer to this question is very simple. There are no extra modules to but in TimeControl.

We know that there are publishers who sell you the timesheet for time and attendance and then say “Oh, you also need to do vacation approvals, that requires our add-on Vacation Approval Module” and others who say “Oh, you need a link to a project management tool? There’s a module you can purchase for each link you want to use.” And yet others who say “Oh you want to create your own custom reports. Of course you can with our add-on report designer module.”

The industry calls it “up-selling” and we don’t like it any more than you do.

So, we decided a long time ago to include everything in TimeControl that you’ll need. There are two editions of TimeControl, one designed for industrial situations like heavy construction or mining or EPC projects and the the other for everyone else.

Inside each TimeControl is the timesheet of course, the links to the many project management tools and versions we support, the report designer, the vacation approvals, our Matrix Approvals, the Accruals functionality that HR needs, the import and export modules to link to ERP and other corporate systems and even the mobile interface. Once you pay for your TimeControl license, there’s not much else we can sell you unless you’d like some implementation assistance (not everyone takes that and not everyone needs it) or ongoing maintenance and support contracts. If you’ve decided on subscribing to our TimeControlOnline timesheet in the cloud, you’ll be paying your subscription service each year and that’s about it.

We have even structured upgrades to be something you never buy. If you have TimeControl or TimeControl Industrial now, the only way to get a new version is to simply keep your maintenance contract current. We’ll make the new version

We believe this makes our relationship with our clients easier to establish and easier to make richer over time. But, there is one specific issue that can arise from this all-in-one thinking. Because we’re not constantly calling our clients trying to sell them on the next module or version, some new clients can put time into deciding why they wanted TimeControl in the first place and then never revisit what TimeControl could be doing for them to accommodate other business requirements.

For example, a few years ago, we got a lead from a company interested in TimeControl because it had a link to Microsoft Project. The company was already a client so we asked the caller if he knew about our timesheet. He looked at his own weekly timesheet and, sure enough, it was already TimeControl! “But my TimeControl doesn’t have a link to Microsoft Project. Did we not buy that module?” the caller asked us. “It was hidden during the original deployment because your firm was focused on time and billing when you rolled the system out,” we answered.

The feature was easily turned back on by the TimeControl Administrator and the caller didn’t have to go purchase another timesheet or another module. He already had everything he needed and shortly thereafter he was linking TimeControl to his project files.

So we make a point of talking about TimeControl features in the blog and in email blasts that include our current client because we never know when someone will suddenly realize they already own the solution to a business requirement they’re already looking for.

To look at different business-use-case scenarios of how you can use TimeControl, go to the Use Case gallery at: www.timecontrol.com/use-cases.

To catch up with the main TimeControl features, go to the Features area of the website at: www.timecontrol.com/features.

Of course you can always just contact us at info@hms.ca and one of our account managers or technical staff will help you find out how TimeControl can be configured for your particular business challenge.

FAQ: How do I control vacation entries?

We are often asked if TimeControl supports a method to ensure that employees don’t take more vacation time than they’ve been approved for.vacationtime_300x150.jpg

This is controlled in TimeControl two ways:

TimeRequest™
First, the approval of the timesheet is managed in the TimeRequest™  feature.  TimeRequest let’s employees request vacations in the future.  If the vacation is approved, the employee will be able to see that in the TimeRequest screen.  They can also be optionally notified by email through TimeControl and that email can automatically include a calendar notification to load into their Outlook or other calendar system.

TimeControl can then be configured to include a Validation Rule that says “You cannot enter vacation without a matching approved TimeRequest.”

Employee Banks
TimeControl also uses banks which can  be loaded for the entire year or loaded as time goes on through the TimeControl Accruals module to show vacation, personal time off, banked overtime, etc. that has been earned by this employee.

TimeControl has numerous banks created by default in the system which can be used for this purpose so different types of banks can be defined by the TimeControl Administrator. A TimeControl Validation Rule can then be created that generates an error if the amount of vacation taken in the current timesheet exceeds the amount in the bank for the vacation category.  Different organizations have different rules for this.  Some will allow only vacation that has been completely earned.  Others will allow an employee to be up to a week “negative” in their vacation bank.  Whatever the rule is, it can be defined for this in the Validation Rule.

 

FAQ: Dealing with approvals when supervisors are absent?

Question:
How do you deal with approvals when supervisors are absent due to vacation or if a person changes departments?

Answer:
It is a common occurrence for a person to be absent and this is just as
true for managers and supervisors as it is for any other employee.  TimeControl includes an “Alternate User” function that is designed to manage the situation where a supervisor or administrator will be absent and someone else must assume their duties.  A user can set their own Alternate in their Profile area and can define when the privileges of that alternate will expire.  alternate_login.jpgAn Administrator can set an alternate for any user in the User Table.  The Administrator can also determine who should receive email notices from TimeControl for things like missing timesheets.  They can go to the original user, the alternate or both.  In the example at the right, Joe Gardner has logged into TimeControl and is told that he has been assigned as an alternate for Tom Logan.  He can now log in as himself or as Tom.

When the alternate logs into TimeControl, they will be presented with a new intermediate screen after their login which asks who they would like to access the system as.

If alternate_headerthey select the Alternate, then TimeControl will indicate that at the top of the screen. In the example on the right, Joe Gardner has logged in as Tom Logan.

While the Alternate is logged into TimeControl they will see the menu and data selections that the absent person would see but TimeControl always keeps track in the background of who really did approvals or data changes for auditing purposes.

FAQ: How do I make corrections in a closed timesheet?

balance_debit_credit_dice_250x250Question:
If I need to make a correction in an already closed timesheet, can I do so? And, if so, can I see what was changed?

Answer:
Yes. This has been a part of TimeControl since version 1.0 and it is something that HMS has spent a lot of time on. The function allows you to both remove hours and add hours as you adjust and you can force those changes to balance so we’ve called the function Debit/Credit just as you would in an accounting system. The Debit/Credit function occurs only once the main organizational approval has completed. You can identify every line that has been adjusted and as it must comply with the Defense Contractor Audit Agency, TimeControl must be able to re-create a timesheet as it was first entered at the time by the employee and for each change that occurs. Using the optional balanced Debit/Credit, you can ensure that any adjustments to the timesheet result in the same total that was approved by the supervisor. This allows project managers to redistribute hours from one task to another or even one project to another but not to affect the timesheet totals that may have already been sent to payroll and HR.

Debit/Credit is one of the functions that makes TimeControl completely auditable. For more information about Debit/Credit and how it is used in the Matrix Approval Process, see www.timecontrol.com/use-cases/matrix-approvals.

In the historical timesheet, TimeControl optionally shows the source user of each line and, in the background, we can see the time-date stamp for when the line was saved and posted. When you look at adjustments you can instantly see any reversed lines and their corresponding adjusting lines.

Just tell us about your week

saving_time_300x200.jpgThere is a feature that you won’t find in TimeControl though it has been asked for more times than any other enhancement request.  The specification usually looks something like this:

“We want TimeControl to automatically populate a timesheet with all the hours that an employee should have done so that they can just click ‘Ok’ if the timesheet is correct and save time.”

“Sorry, we won’t do that,” we reply.

It’s not that we’re being difficult.  In fact client and prospective client feedback is a key source of enhancements in TimeControl.  And it’s not that it would be technically difficult to deliver this feature.  The projected hours could have come from the project plan, for example and populating each cell on a line for that task isn’t a major programming challenge.

No, the difficulty is what would happen if we delivered such a feature.  As desirable as it seems to be for end users, we are certain that the result would be bad data.

Imagine that I ask an employee, “What did you spend your time on this week?”

Instead of answering with hours and tasks, they respond to my question with a question, “What do *you* think I should have spent my time on this week?”

I’d be instantly concerned that if I give my expectations that the feedback I’d receive would be tainted by the employee’s desire to please.

Or, imagine this scenario.  You come to the end of your week and your timesheet happily pops up your expected hours.  “Uh oh,” you think to yourself.  “I can see that I was supposed to spend 35 hours on task #27.  But I didn’t spend a minute on task #27.  I spent 35 hours instead on task #25.”  The pressure you’d feel to put at least *some* hours of your timesheet on task #27 would be enormous.

In the over two decades we’ve been selling TimeControl, we’ve seen these scenarios play out in countless organizations.  It’s not that employees want to lie.  They just don’t want to disappoint their managers.

Here at HMS when we get this request we now know to ask what the client wants this feature for and then we ask what they expect will happen to the quality of data if we were to deliver the feature.  The request always fades away.  As it should.  After all, life happens to projects.  The chance that something changed between the plans for the week on Monday morning when the week started and Friday when the timesheet was filled out will be the exception, not the rule.

Instead of prompting people with what they should have done, we want TimeControl to ask something very simple: “What did you actually do?”  TimeControl can preload tasks from a project system’s schedule or from personal preferences to save time in looking up those tasks but TimeControl won’t prompt with the hours per day that were expected.  The result is high quality timesheet data and in the end, that’s what will make managers happiest.

For those who are interested in how to save a minute here or a minute there on configuring and entering their timesheet, the TimeControl website has a section on Best Practices for timesheets at www.timecontrol.com/resources/best-practices.

FAQ: Can you import historical timesheets into TimeControl?

old_new_crossroads_300x300Of course. Aside from importing all the supporting tables, there is a timesheet import function in TimeControl links that does specifically this. You’ll need to make sure all the employee information, charge code information and project information already exists but then the import is quite easy. There is a blog post on this here in the blog at: blog.timecontrol.com/?p=142 which includes an Excel template to help you prepare your data for the import.