myHR: October 16, 2019
Outstanding Collaboration Enhances Penn's Purchasing Processes
As a research university with 12 schools and over 125 centers, Penn purchases enormous amounts of material--from chalk and cheese, to centrifuges and ceramics. In a typical month, Penn processes approximately 1,800 purchase orders and handles over 3,000 other payment requests from a multitude of vendors and independent service providers, including individual freelancers to large firms.
To make sure Penn gets the best value for goods and services while advancing the University’s commitment to sustainability and inclusion, staff members like Mark Mills, Executive Director, Purchasing Services, are on the case, managing Penn’s procure-to-pay process. Procure-to-pay, or P2P, starts with selecting a product or service and ends with successful payment to the supplier.
Penn’s P2P pipeline and its online portal, Penn Marketplace, recently had a major upgrade, thanks to Mills and fellow members of the Penn Marketplace Enhancements Team. Mills served as one of the team’s three functional leads, along with David Ishmael, Executive Director, Financial Systems & Training, and former Associate Comptroller Thomas Slavinski, now a Penn retiree. They launched a web-based solution to make the P2P journey smoother and more transparent for Penn and its suppliers.
“When we step back and see how many online registrations happen today, and how many pieces of paper we took out in the process and how much more secure our systems are--that's just a huge win,” says Mills.
Based on their success, the 26 staff members of the Penn Marketplace Enhancements Team were honored at the Models of Excellence ceremony in April 2019. They came from Business Services, the Division of Finance, Information Systems and Computing, the Office of the President, Penn Law, the Perelman School of Medicine, Student Services, the School of Engineering and Applied Science, the School of Arts and Sciences, and Wharton.
“No one department could have done that on their own,” says Mills. “It took a collective.”
Mills, who has been in Purchasing Services at Penn for over eight years, explains that developing and implementing a new university-wide solution required outstanding collaboration. He observes, “The one big takeaway is to get those school and center stakeholders be part of the process early.”
Mills says that by having diverse people on the core team, they could share diverse perspectives. “The Law School operates very differently than Wharton does, and SAS and so on. So we could get a diverse set of inputs without being in a large forum where sometimes, somebody doesn't want to raise their hand. In the core team, we can get a lot of that feedback out.”
Mills says, “They say feedback is a gift. We got a lot of gifts.”
What kept the process moving forward was a clear project charter and a focus on a “One Penn” solution that would improve processes for the whole Penn community.
“It's collaborating on the same level with everybody and saying, ‘Hey, how do we all get there together?’”
“School and Center people like Ian Semmler, Bill Lockard, Elyse Saladoff, Chris Bristow, Carol Henderson, Janet Dwyer, and Jason Nestor put themselves out there to present on behalf of the core team,” says Mills. That powerful demonstration of their engagement went above and beyond his expectations. “They would take the mic at the podium to say, ‘Here’s what we’re doing.’”
“You can’t over communicate,” says Mills. “Sandy Ardis, the communications lead, worked with an external partner, making sure our guides and other messaging were buttoned up.”
Over the course of the initiative, team members roles changed. Movement created new career opportunities for staff like Brian Caputo, who went from being a data expert to running a service center, and LaTanya Carter who is now an onboarding specialist.
Mills also credits coworkers outside the Marketplace Enhancements Team--from the Executive Vice President to the steering committee to the project’s 60-person Change Agent Network--for the successful launch of the enhanced Marketplace portal and revised processes and procedures related to it. He describes the wider group as capable of “listening in all directions.”
After years of collaborative effort and resilience, Mills says Models of Excellence recognition “felt tremendous.”
“Sometimes it’s like we’re on the 99th yard trying to solve this stuff,” says Mills, comparing the effort to a crucial football play.
“Knowing how much hard work went into making sure we had the right solution, it just made me feel good. I think Models of Excellence gives that platform to say you’re appreciated beyond the performance review and nice words.”
Mills remembers challenging moments “when you’re on the phone on a weekend hearing about why systems aren’t integrating properly,” and the trust it took to resolve various issues. Although the collaboration was intense, Models of Excellence helped the team bond in surprising ways.
“So often during the implementation none of us were in the same room together. Just getting together for the Models of Excellence pictures, you remind yourself, ‘wow, this really made a difference at Penn,’” he says.
Models nomination season helps Mills step back and take note of accomplishments. He sees the Models of Excellence award ceremony as a time to look ahead toward new possibilities and collaborations while appreciating the work of other honorees outside his domain.
“I think it energizes people for the next thing.”
You can submit nominations for the 2020 Models of Excellence program online until Friday, October 25. Check out the new Quick Start Guide for an overview of the process.
If you have any questions about the nomination process, please contact firstname.lastname@example.org or call 215-898-7729.
Turn Uncomfortable Conversations into Productive Messages
In the workplace, we often have to discuss a serious subject, deliver unpleasant news, or talk about something that has gone wrong. Having difficult conversations with your colleagues can produce great anxiety and distract you from other important matters if you don’t know how to navigate these discussions.
Learn how to deliver challenging messages with poise, empathy, and resolve by attending the Navigating Difficult Conversations workshop on November 5, from 9am-12pm, 3624 Market Street, Suite 1A South.
Part of what makes conversations difficult is our fear of hurting people’s feelings, making them angry or upset, disappointing them, not being liked, or being disrespected. We may also shy away from these encounters to avoid feeling powerless or simply because we have a reluctance to engage in conflict.
This workshop will prepare you to talk face-to-face with your coworkers during unpleasant situations. Through exercises and discussions, you will explore and learn how to approach each of the seven stages of navigating a difficult conversation. The session will also help you and the people you speak with listen with empathy and understanding, stay focused, zero in on the facts of the situation, and discover constructive solutions.
By developing the ability to handle challenging conversations, you will increase your confidence and productivity, improve relationships, and put yourself on a path to earning better career opportunities.
Register today for Navigating Difficult Conversations. This workshop is available for $75. You’ll be asked to provide a departmental budget code for this cost after registration.
For more professional development opportunities, visit the Learn & Grow section of the Human Resources website.
A Drug-Free Workplace
For the health and safety of the community, the University of Pennsylvania is committed to maintaining a drug-free workplace. Drug and alcohol abuse endangers individual users, as well as their family, friends, and coworkers. The use of any substance that impairs your workplace judgement or abilities puts you, your colleagues, and Penn students at risk.
As Penn observes National Drug-Free Work Week, please take the time to review the University’s drug and alcohol policies.
Penn’s Drug and Alcohol Policies
Penn prohibits the unlawful manufacture, distribution, dispensation, sale, possession or use of any drug by its employees in its workplace. Complete policy details are available online:
Addiction is a serious disease, but many effective treatments are available. Visit Penn’s Health Advocate website at http://www.healthadvocate.com/upenn for facts about addiction, recovery, and support services for faculty and staff.
Help Is Here
If you or a family member has a substance abuse problem, we encourage you to seek help. Penn provides free, confidential counseling services for you and your immediate family members through the Employee Assistance Program (EAP). The EAP will assist you with challenges that may interfere with your personal or professional life, including substance abuse.
For more information about the EAP’s counseling and referral services, visit the Employee Assistance Program web page at https://www.hr.upenn.edu/eap or contact the Employee Assistance Program 24 hours a day, 7 days a week at 866-799-2329.
You can also refer to Penn’s addiction treatment publication for information about treatment benefits and resources at https://www.hr.upenn.edu/docs/default-source/benefits/opioid-brochure.pdf.
Keep Your Computer Systems Safe
October is National Cyber-Security Awareness Month. As a University, we must stay vigilant in preventing cyberattacks.
In this Q&A with the Division of Human Resources, Rob Brower, Senior IT Support Specialist in Human Resources Information Management, shares some tips on how we can keep our systems safe.
HR: How does the Division of Human Resources secure its systems?
Brower: We use a multi-layered model of security often referred to as the “castle approach” because it mirrors the many defenses inherent in a castle design. For example, at the border of our network we have a firewall. That’s the first layer. You can think of that as a moat surrounding your castle. You’re allowing only the traffic that needs to come and go from your network in order for your business to function.
Next, all the traffic allowed into the network is analyzed for malicious content using an Intrusion Protection System. Once traffic has passed through the firewall and the Intrusion Protection System, it’s routed to its destination server where it hits another firewall which is configured specifically for that individual server. After that, antivirus software installed on the server looks at the traffic yet again and blocks or alerts if it sees a problem.
Another example of a defensive measure is encryption of sensitive data, so that even if an attacker were able to break in and steal the data, it would be useless without the proper keys to decipher it. On top of all that, the network and all its systems are closely monitored and configured with alerts for many types of activities. This is to name just a few of the basic defenses in place. There are many more.
HR: What part does user training play in securing our systems?
Brower: Cyber-criminals have recently been turning to social engineering in the form of phishing scams in attempts to bilk users, companies, and governments out of their money, or wreak havoc on their systems if they don’t pay. The reason phishing scams are so effective is because they allow attackers to bypass other layers of defense built into the network. When a user clicks a malicious link or opens an attachment, they are unwittingly inviting the enemy into the castle.
The best way to secure against this threat is to provide security awareness training for users so they know how to spot these scams and report them. The Division of Human Resources, along with other schools and centers, have begun simulated-phishing campaigns along with end-user training to provide the skills we need as a community to combat threats we are now facing.
HR: How can we spot a phishing email?
Brower: Phishing messages usually have these common traits:
- Illegitimate sender address. The email address is not from the institution it purports to be from. However, it is possible to fully spoof a sender’s address, so you should not trust an email just because it appears to be from a trusted address.
- Have a sense of urgency.
- The message will either convey something appealing to take action on (“Click here to receive your bonus!”), or something unfavorable if ignored (“your account will be disabled”).
Here are some of the more common methods hackers use to compromise their targets:
- Send a malicious attachment that infects your computer when it is opened.
- Direct you to a URL that automatically downloads malicious code that infects your computer when you click on it.
- Direct you to sign in to a fake login page to capture your credentials, which they can then use to access the real system as you.
- Request sensitive information by filling out a form or sending it in the body of the reply. The following are common requests:
- Username and Passwords, SSNs, Credit Card numbers, Banking Account information, Intellectual Property.
Since phishing scams are becoming so effective, it is very important to develop the skills and habits required to identify and defeat them. One of the most effective habits you can acquire is to always confirm suspicious messages by going “out-of-band”. This means:
- Never click on links in suspicious email messages. Instead, always type the known legitimate address in your browser.
- Pick up your phone and call to verify the authenticity of the message. For example, if the message appears to come from your bank, call your bank on their known number (not the one in the message) to confirm they sent it.
Another very effective tool against phishing attempts designed to steal credentials is to use Two-Factor Authentication for all accounts that support it. This will ensure that nobody can access your account but you, even if your credentials are harvested.
TIP: If you are using DUO and you receive a “Push” that you did not initiate, make certain to deny it, then login and change your password for that account immediately.
Here are some ways to identify Phishing messages:
- Look for fake URLs. This is easy. Just hover your cursor over the URL and it will display the real destination. For example, hovering your cursor over www.hr.upenn.edu shows it actually takes you to NASA’s main web site.
- You still want to inspect the message body for glaring content, spelling, and grammatical errors. If it doesn’t look right, then confirm it out-of-band or delete it.
- If it seems too good to be true, it’s probably fake.
- Ensure the sender email account is legitimate. This can be difficult since email addresses can be spoofed and therefore undetectable as such in the basic email user interface. To be sure, contact your LSP for further analysis. Barring that, look for easy giveaways, such as using personal accounts for urgent business requests.
Another trick out of the Social Engineering rule-book is to run scams during times of change, confusion, or crisis. You’ll often hear about “donation” scams after major disasters such as hurricanes and earthquakes. Tax season is another favorite. Hackers have also been known to take advantage of companies undergoing mergers, acquisitions, and other changes.
HR: What are a few additional things an individual can do to help prevent their systems from being compromised?
Brower: Don’t store personal information in an unsecured location. Make sure you’re running a currently supported operating system and keep it patched. Windows XP is out of date and Windows 7 expires in January 2020, so if you are running either of them you need to upgrade to Windows 10 or an alternate current operating system. Use antivirus software and make sure its definition files are updating. Windows 10 comes with Microsoft Defender and Penn provides Symantec Antivirus for free. Uninstall programs you don’t need and use a firewall. Software firewalls come installed on systems and by default block all incoming traffic, so unless you’ve purposefully made changes to the rules, nothing should be able to get into your computer unless you invite it.
Choose to Receive Your W-2 Electronically
Penn’s Payroll Department strongly encourages you to elect turning off printing and mailing of paper W-2 forms in Workday@Penn. Doing so will help avoid delays or errors in receiving your year-end tax documents caused by U.S. postal mailing.
Beginning with the tax year 2019, your W-2 will be available in Workday@Penn, the University’s faculty affairs, human resources, and payroll system. You will also be able to upload your tax information into most tax filing software.
To turn off printing and mailing of your W-2, log on to Workday@Penn and follow the simple steps in the Self Service-Access Tax Withholding Forms tip sheet. Change the printing election to electronic before December 31, 2019 so your paper W-2 for the current tax year will not be mailed to the home address indicated in Workday.
Forms W-2 for tax years 2018, 2017 and 2016 are available on the ADP website. For copies of W-2 for tax years 2015 and prior, contact the Penn Employee Solution Center at (215) 898-7372 or email@example.com.
Healthy Meals: Shrimp Stir-Fry
The only thing standing between you and this crunchy, delicious, zesty shrimp-stir fry is the 30 minutes it takes to prepare. Fresh corn, zucchini, and tomatoes with shrimp sautéed in garlic and butter cook quickly for an easy, satisfying meal. Squeeze one lemon over the entire dish for the perfect finish.
Click here to send us your healthy recipes and tips.
Did You Know? Optimize Your Savings During National Retirement Security Week
Retirement security is a critical piece of your financial well-being. During National Retirement Security Week, optimize your retirement plan investments with Penn programs offered by TIAA and Vanguard on October 22 and October 24. Register for these information sessions and take action on your retirement savings.
Is there a Human Resources benefit, program or service you'd like to hear more about?
Send us your suggestions.