Re: Login/Logoff Activity

[Shane Williams <shanew () ISCHOOL UTEXAS EDU>]

On Thu, 25 Apr 2013, Will Froning wrote:

> This is a request from the internal auditor to see if it is common practice
> to monitor this in academia (starting to look heavily like NO).
>
> As others on the list have mentioned, this is really a management issue at
> it's core. The rebuttal for that comment was something like: "If technology
> can help us to identify a management weakness, we can make corrective
> policy driven actions to fix the weakness. IT isn't there to fix the
> problem, but to provide visibility into whether or not there is a problem
> to correct."

Setting aside privacy issues (which I suspect are more complex and
worth more consideration than your IA is allowing), I think the next
critical question you have to ask is whether technology does, in fact,
provide you with accurate "visibility" into a possible problem.  After
all, your metrics are only as useful as the accuracy and validity of
the measuring tool.

Their thinking seems to be that being "logged in" is the same as
working, and while I suppose this might be true for some types of
work, I suspect it's the exception to the rule.  If I log out at the
end of the day, then Joe stops me on my way out and we have a 30
minute conversation about something I'm working on, then the logs
under-represent my actual work.  Alternately, if I log in the minute I
show up at work, then go grab some coffee, chat with Bob about the
football match for 15 minutes, sit back down at my workstation and
check my stock portfolio and the international news for another 15
minutes, the log over-represents my work.  And those examples are
probably unintentional "noise" in the metric.  If I'm the type of
person that IA is really hoping to find, I'm likely to spend a lot of
time and energy figuring out even more clever ways to fool the system
into thinking I'm working when I'm not.

Or, as others have mentioned, what if I forget to log out at the end
of the day.  What if I'm particularly forgetful and I regularly forget
to log out at the end of the day.  Will this be viewed as an attempt
to artificially inflate my work hours and how will it be handled by IA
/ Management?  I actually made it a goal at the beginning of the year
to better track my own time (admittedly I'm categorizing my time
rather than just looking at login/logout times) and I can tell you
that I regularly forget to start and/or stop the clock.  I sometimes
forget to stop it when I go to lunch.  Other times, I forget to
restart it when I get back from lunch.  It's not unusual that I forget
to stop it at the end of a day, and once or twice, that day has been a
Friday.  Of course, the tool I use allows me to go back and fix these
mistakes, but then allowing something like that would defeat the
purpose of what IA is wanting to do.

Finally, if IA thinks this would help them get an accurate picture, my
recommendation would be that they try it out themselves for six months
before deciding whether to implement it site-wide.  And I don't mean
this just as a snide "see how they like it" comment.  Testing it
themselves will allow them to determine whether it's accurate and
valid, whether it has unexpected consequences (such as impact to
morale, perhaps?) and whether the cost of collecting metrics is
justified by the results.


--
Shane Williams
Senior Information Technology Manager
School of Information, University of Texas at Austin
shanew () ischool utexas edu - 512-471-9471