Payroll and Security: A Great Combination
By Vicki M. Lambert, Author, Payroll: A Guide to Running an Efficient Department
March 2005 (SmartPros) The days of the old time payroll clerk or paymaster sitting behind the lone desk counting out the cash for the pay envelopes and marking everything down in a ledger while wearing a green visor is long gone. Today the payroll professional uses state-of-the-art computer software to produce checks and record transactions. Record keeping is even going paperless, with payroll departments recording time and attendance by computer programs. Employees today can even complete a Form W-4 online and submit it directly to the payroll department via an intranet program without ever touching the paper form.
But one thing has not changed -- in fact, the need for it has increased over the years -- and that is security in the payroll department, the need to keep the records confidential and secure. And in these times, to keep the staff secure, as well. No longer can that payroll clerk of yesteryear just lock up the ledger in the old safe when going home for the night. The payroll professional must make sure that the computer records are secure, the paper files are still confidential and that the staff is safe before turning out that light at night. Here are several areas that the payroll department needs to review to ensure that payroll records are secure and that the staff is safe.
The Payroll Department
The job duties of each staff member should be reviewed to determine the highest computer access needed. Not all staff members need complete access to all computer files and programs.
Example: Submitting the payroll itself to the payroll service may only be done by the supervisor or manager of the department. This function could even be limited to only one computer that is kept in the manager’s or supervisor's locked office. Or if the staff member only inputs timecards or Forms W-4 then total access to report writers or to payroll submission would not be necessary. This type of determination can go along way in keeping the payroll secure. This type of limited access is also helpful in audit trails and internal security.
Example: only certain staff members have access to the check writing program. This limits the number of people who can write manual checks and helps with the internal security requirements.
Human Resources or Benefits Department
Access to the payroll system by the human resources or benefits departments is dependent on how the company delegates the input of new hires and benefit deductions. If the computer systems are not integrated and these two departments do not handle any of the input for the payroll system then they should have a read only access to payroll computer screens. This is critical in the report writing capabilities as well. The HR or Benefits department should not be able to produce reports for payroll areas that they have limited or no access to. If the human resources or benefits departments do handle the input for these areas for payroll then of course, full access to the screens will be necessary.
IS or IT Department
Of course programmers would need access to an internal payroll system software to be able to handle upgrades and software adjustments. But this access should be limited to the software and not allow the employee to make changes to benefits or payroll screens that affect data such as hourly wage or Form W-4 information. Their access should be thoroughly examined to determine just who needs what access to perform their job functions. This judgment should not be made by IT alone. These discussions should include the payroll department as well. Programmers or IT personnel who do not interact with the payroll software but handle other software functions should not have access to the payroll department’s information.
Example: IT personnel who maintains the websites or email do not need payroll computer access.
The Physical Department Security
Example: There is trouble with the payroll manager’s hard drive or computer programs. She is having trouble getting her email to work or has to have a new software installed. Whatever the reason, this should be done when someone is there to accompany the employee who is doing the repair or installation. If the company has set up a customer service area for a combined employee services department or just one for payroll, this should be a secured area and separate from the main payroll processing area. It should not be just the first desk inside the door. Nonpayroll employees should never have access to the main payroll department area. Even managers and supervisors should be excluded.
The Staff Security
Security of the payroll records, department and staff is an ongoing concern for all payroll managers and professionals. But with proper support and diligence the payroll department can maintain a level of security needed that can actually increase efficiency and productivity by working in a secure and organized environment.
VICKI M. LAMBERT is a certified payroll professional with over 25 years of multi-state payroll experience. She has authored many nationally distributed works such as The Complete Guide to Federal and State Payroll Compliance and The Complete Guide to Federal and State Wage and Hour Compliance published by IOMA, and Payroll: A Guide to Running an Efficient Department, published by John Wiley & Sons Inc.2005 SmartPros Ltd. All rights reserved.