It sounds like a perfect contradiction: we associate Payroll with precision, maximum security and data protection. The term cloud, on the other hand, gives the impression that data is somewhere in cyberspace - wherever there is space. However, combining the positive aspects of both worlds creates an innovative business model for the still very traditional world of payroll administration.
Salary administration plays a major role in everyday HR and corporate life. In many companies, monthly payroll accounting remains almost the only, albeit fleeting, point of contact between employees and the HR department. Errors in payroll accounting or a lack of confidentiality damage employer branding more than any other weakness in HR. After all, we are particularly sensitive when it comes to money.
Business models of yesterday and today
In everyday language, the terms payroll accounting, payroll administration and payroll are often used interchangeably; the context determines what exactly is being referred to. In reality, however, there are two interlinked but separate processes: master data administration and payroll accounting. Payroll accounting exclusively comprises monthly payroll production with the associated follow-up activities.
Offboarding was not relevant in the past. In many companies that run payroll administration in-house, one and the same person is responsible for both master data and payroll accounting. This scenario is the classic among the tried and tested business models: payroll accounting remains in-house. Software is purchased and installed on the company's own servers, and payroll accounting is carried out by the company's own staff. Often, especially in small companies, the responsibility rests on the shoulders of a single person, who would do well not to fall ill or go on holiday around the time of the monthly payroll run.
Weighing up the benefits and risks, some companies come to the conclusion that the potential internal security gaps and personnel risks are greater than those of a professional outsourcing provider. The entire payroll administration is outsourced. It therefore runs on the outsourcing provider's payroll system, which, depending on the selected service level, also takes over the entire payroll production with all the associated follow-up activities. The HR master data is managed either by the outsourcer or by the company itself on the same system.
Next generation solutions
Cloud Payroll creates a clear cut between master data management and payroll production. This break is not artificial, but is due to a new generation of HRIS systems (Human Resources Management System). Under the heading of HRIS from the cloud, companies can rent a complete HRIS system and use it to handle all operational and strategic HR processes. Cloud-based talent management processes are now nothing new, but this is about much more: global and local master data and organisational management. Of course, employee master data has been maintained in cloud-based solutions for several years now, but such applications were generally limited to global (globally standardised) data and did not include any master data that was directly or indirectly relevant to wages. The new HRIS systems from the cloud, on the other hand, are true all-rounders that are in no way inferior to their in-house competitors. They fulfil country-specific local requirements, take company-specific needs into account and maintain a precise employee history. But they can do even more than their predecessors. Employee Self Services and mobile apps are part of the standard programme and do not require complex technical implementation. One click in the app store is all it takes for a manager to have their team's employee data directly on their smartphone. However, the advantages and flexibility of an HRIS system from the cloud are only fully accessible to a few companies today. HR departments notice how much easier such a system is to navigate, especially in turbulent times of reorganisations, company acquisitions, takeovers and other events with a major impact on the personnel structure.
People talk about HRIS systems from the cloud, but technically it is usually a private cloud in a physical data centre of the software manufacturer.
Payroll as a pillar model
If a company opts for a cloud-based HRIS system of the latest generation, only one "small" piece of the puzzle is missing to complete the HR processes: monthly payroll production. All the relevant data and information is already available. However, error-free payroll production must be docked on - naturally for each country concerned in accordance with the applicable legal requirements.
As a rule, the company will not implement this payroll accounting in-house, as this would contradict the chosen cloud strategy. Instead, payroll accounting is handed over to a dedicated outsourcing partner who reliably prepares the wages month after month based on the data from the cloud HRIS system and provides the payslips to the employees electronically. For the company itself, the Payroll system remains a black box to which it has no direct access - nor does it need it. Data sovereignty remains with the company, which is still responsible for its HR data. The Payroll system simply acts as a "calculating machine" whose results and legal analyses are regularly made available to the company by the outsourcing partner. The services and results of Payroll are regulated by transparent service level agreements between the company and the service provider. In the end, the only thing that counts is the result: correct payroll accounting in accordance with legal requirements and punctual salary payments to employees' accounts. What used to be considered the "sacred cow" of the HR department is increasingly becoming a commodity product that is sourced where the price-performance ratio is right.
To summarise, Cloud Payroll is based on three pillars: HRIS from the cloud, a lean Payroll solution and a "magical" third component that ensures the clean integration and communication of the two core pillars. These are not simple interfaces, but online communication based on web services. This ensures that as soon as a new employee is recorded in HRIS or a change is made, this data is also reflected in the Payroll solution.
Security - so let he who binds himself forever...
If a company's HR department is enthusiastic about such a business model, a security officer can quickly dampen this enthusiasm by confronting the provider with critical questions about security. Security must be guaranteed at all levels. On the one hand, this concerns the networks and communication channels, which must run over encrypted connections. On the other hand, the software provider's data centre must withstand the critical scrutiny of security experts. Topics such as data storage, backup procedures, recovery procedures, data access in support and many more are the focus here.
Even if the data centre shines with ISO certificates and audit reports (e.g. ISAE 3402), this is often not enough to dispel all security concerns. The shared service centre where payroll processing is carried out must also be closely examined. How do the employees in this centre work? Do they adhere to the prescribed procedures and safety guidelines? Where is the service centre located? It could be, for example, that the data centre is located in Switzerland, while the service centre operates in Ireland - possibly involving a network of subcontractors distributed around the world. Who can guarantee that the service centre will not be relocated to India in the near future?
It is virtually impossible to contractually regulate all conceivable eventualities in advance to the satisfaction of all parties. Therefore, trust in the provider, its business policy and its employees is required. A look at the provider's existing customer base and an exchange with existing customers can be helpful in the decision-making process and underpin the gut feeling. However, this gut feeling must be supported by clear arguments in order to answer the above questions in the best possible way. A residual risk remains - especially in times of the NSA. However, with the right provider, this risk can be minimised considerably.