by Richard Dutton, account director, Symatrix
With companies across the UK switching to remote working since the pandemic took hold, issues around the robustness and security of IT have come to the fore. There are few areas of the economy more cognisant of this than financial firms and few areas of business operations that need to be more closely guarded than payroll. For many organisations, the value passed through payroll makes it their largest monthly outgoing. Clearly, finance teams and directors are focused on ensuring money paid to employees is paid accurately and securely.
So what are the main threats to secure and accurate payroll processes when managed by a remote workforce and how can financial organisations mitigate these risks?
Scoping the Challenge
Those financial organisations that run on-premise applications have struggled with the lockdown most. With people sent home, the challenge has been how to access their payroll engine remotely in a secure and reliable fashion.
Having reliable, secure access to the payroll system via a virtual private network (VPN) is critically important for any business. Financial firms need a resilient, secure system in place to guard against hackers. But organisations may find that when they send employees home, their VPN is unable to manage. The business may have ‘sized’ the VPN for 350 people, so when 3,500 start trying to use it at the same time, it simply can’t cope. From the context of payroll, that presents a problem as it means the payroll team is unable to access their on-premise system, and the business risks unacceptable delays to payments or teams finding ‘work-around solutions’ to their connectivity challenges that have insufficient security built in.
Another key area of risk is around data security and confidentiality. Every organisation has a duty of care on data. They are governed by GDPR. Moreover, regulators like the Financial Conduct Authority (FCA) are applying strict guidelines and controls on the financial industry and financial organisations generally are far more risk-averse, in part because of the structure and the governance applied by the financial industry.
In this context, compliance with the ISO27001 standard can help to ensure best practice and high standards in payroll. However, many internal payroll departments are not covered by this standard. This puts the emphasis on the employees to ensure compliance and if they are working from home, it may be difficult to know whether the approach is fully secure. And that in turn could put those businesses at risk.
Finding a Solution
These are the challenges but what are the solutions? Organisations are hugely advantaged if they have already moved to cloud solutions. Where an organisation has moved to the cloud, they can typically access a cloud system that has a strong infrastructure of security and governance. If they have a cloud system in place they can avoid many of the security risks they might otherwise face.
Cloud is the enabler here then but the way businesses set their organisation up within the cloud to deliver great payroll services is even more important. Many organisations, after all, have cloud payroll engines but if they are fed by another HR system, the data will originate in that system and that can cause connectivity and efficiency problems. In contrast, a single cloud-based HR and payroll system removes the requirement for the transfer of data from HR to payroll and takes away the need for manual interventions.
You can see, all across the traditional payroll outsource sector, clients that have needed to create little cottage industries of administration to manage the impact of a HR application feeding a separate payroll application. These cottage industries are very expensive; add little true value and can result in businesses incurring multiple millions of pounds in costs.
Organisations will, of course, also need to have stringent processes in place to ensure the confidentiality and integrity of their data. For many, adherence to the ISO27001 standard will be the answer. ISO27001 can give finance firms reassurance that the way they operate with regard to security, data confidentiality and operational processes is excellent and robust. It is a mature and strong governance model able to give firms the comfort and confidence that their processes including payroll are being managed correctly.
Combining HR and payroll
In summary, cloud brings many benefits in this context but a single cloud HR and payroll system is better and more secure because it removes human intervention and therefore much of the risk to the process. If financial businesses don’t have one HR payroll solution and their whole HR pay benefits cycle is made up of data coming from multiple systems then that is a bigger risk to them.
The key point is that a single HR payroll system delivered in the cloud, is a driver for increased security better control and less risk. It is interesting to note that the current period of lockdown has also been one of the busiest for financial processes and activities. It will have been stressful for every payroll team but for financial services businesses operating in the cloud, with a joint HR and payroll system, that process is likely to have been just a little less concerning.
