Choose an area of interest:
Search 

Choose an area of interest:


Payroll and Security: A Great Combination
By Vicki M. Lambert, Author, Payroll: A Guide to Running an Efficient Department

March 2005 (SmartPros) The days of the old time payroll clerk or paymaster sitting behind the lone desk counting out the cash for the pay envelopes and marking everything down in a ledger while wearing a green visor is long gone. Today the payroll professional uses state-of-the-art computer software to produce checks and record transactions. Record keeping is even going paperless, with payroll departments recording time and attendance by computer programs. Employees today can even complete a Form W-4 online and submit it directly to the payroll department via an intranet program without ever touching the paper form.


But one thing has not changed -- in fact, the need for it has increased over the years -- and that is security in the payroll department, the need to keep the records confidential and secure. And in these times, to keep the staff secure, as well. No longer can that payroll clerk of yesteryear just lock up the ledger in the old safe when going home for the night. The payroll professional must make sure that the computer records are secure, the paper files are still confidential and that the staff is safe before turning out that light at night. Here are several areas that the payroll department needs to review to ensure that payroll records are secure and that the staff is safe.
 
The Payroll Department
The job duties of each staff member should be reviewed to determine the highest computer access needed. Not all staff members need complete access to all computer files and programs.
 
Example: Submitting the payroll itself to the payroll service may only be done by the supervisor or manager of the department. This function could even be limited to only one computer that is kept in the manager’s or supervisor's locked office. Or if the staff member only inputs timecards or Forms W-4 then total access to report writers or to payroll submission would not be necessary. This type of determination can go along way in keeping the payroll secure. This type of limited access is also helpful in audit trails and internal security.
 
Example: only certain staff members have access to the check writing program. This limits the number of people who can write manual checks and helps with the internal security requirements.
 
Human Resources or Benefits Department
Access to the payroll system by the human resources or benefits departments is dependent on how the company delegates the input of new hires and benefit deductions. If the computer systems are not integrated and these two departments do not handle any of the input for the payroll system then they should have a read only access to payroll computer screens. This is critical in the report writing capabilities as well. The HR or Benefits department should not be able to produce reports for payroll areas that they have limited or no access to. If the human resources or benefits departments do handle the input for these areas for payroll then of course, full access to the screens will be necessary.
 
IS or IT Department
Of course programmers would need access to an internal payroll system software to be able to handle upgrades and software adjustments. But this access should be limited to the software and not allow the employee to make changes to benefits or payroll screens that affect data such as hourly wage or Form W-4 information. Their access should be thoroughly examined to determine just who needs what access to perform their job functions. This judgment should not be made by IT alone. These discussions should include the payroll department as well. Programmers or IT personnel who do not interact with the payroll software but handle other software functions should not have access to the payroll department’s information.
 
Example:  IT personnel who maintains the websites or email do not need payroll computer access.
  • Hard Copy or Paper Files: Generally, hard or paper copies of payroll records should always be kept locked within the secure payroll department. However, there are a few areas that need special attention.

  • Off-site Storage: If an off-site facility or facilities is used to store the previous year's payroll data, the payroll department needs to make sure that this area is secure as well. Payroll records should still be kept under lock and key with only payroll staff having access. They should never be mixed in with other department's records to "save space and money." It must be remembered, no matter how old the records are, they still contain sensitive payroll data. Better yet, have all records that are moved to storage electronically stored and destroy the paper copies. The government agencies now accept electronically stored data on microfiche or CD-ROM.

  • Garnishment Records: Records relating to garnishments need special security even within the payroll department. The garnishments themselves, court and related documents should be kept in a separate locked cabinet within the payroll department. Access to this cabinet should be given only to those payroll staff members who deal directly with garnishments. Other nonpayroll personnel should have no access to these records. Since most federal and state laws limit the actions an employer may take against an employee with a garnishment or garnishments, human resources or the benefit department would have no reason to have access to these files. If possible, even the screens on the payroll system relating to these items should have limited access.

  • Auditors: Whether internal or external, the payroll department should have an established policy on what auditors may see or copy in the payroll department. This will prevent misunderstandings later on when an auditor wants to copy and remove information from the department.

  • Employees: Generally there should be no problem with employees seeing their own information within the confines of the payroll department or through the intranet system with appropriate access codes. This assists the employee greatly when he or she they can check to see what he or she are claiming on the latest Form W-4 or what benefits he or she may have. However, proper identification should always be required when an employee requests information in writing or copies of information to be printed by the department. The policy should require employees to pick up such information in person and present proper identification. If the payroll department is located off-site then the information can be sent in confidential envelopes and delivered by the employee's supervisor.

The Physical Department Security
The payroll department itself should be secured under lock and key with limited access. The key can be actual physical keys or combination locks with limited code access. The payroll department should never be an open area where nonpayroll personnel can see or hear the inner workings of the department. Even whispers can be heard if one is determined. All desks and file cabinets should contain locks that can be used during cleaning times or when the department has open access. All computers should be locked or turned off during nonuse hours to prevent hacking or accidental access. Access to the department by nonpayroll personnel should be limited to working hours and always with someone in attendance.

Example: There is trouble with the payroll manager’s hard drive or computer programs. She is having trouble getting her email to work or has to have a new software installed. Whatever the reason, this should be done when someone is there to accompany the employee who is doing the repair or installation. If the company has set up a customer service area for a combined employee services department or just one for payroll, this should be a secured area and separate from the main payroll processing area. It should not be just the first desk inside the door. Nonpayroll employees should never have access to the main payroll department area. Even managers and supervisors should be excluded. 

The Staff Security
The safety and security of the payroll staff is utmost on the minds of payroll managers these days. With violence invading the workplace no one, especially payroll, is safe and secure anymore. There have even been shootings in the workplace over garnishments in the recent past. With this in mind, the following recommendations are made for the security of the payroll staff.

  1. Doors to the payroll department should be locked at all times with only exit capabilities for fire safety.

  2. Only payroll staff and limited upper management should have keys or combination access to the department.

  3. Customer service areas should be adjacent to the payroll department but separate facilities. The employee staffing the facility should have an exit door that is in the opposite direction of where the "customers" enter.

  4. Nonpayroll employees should never be allowed into the payroll department.

  5. What are known as "panic buttons" should be installed in the department in strategic places. These devices are hidden under certain desks and can sound a silent alarm when activated. There should be such precautions in the customer service area and at least two more in the department itself, depending on the size of the department. Possible locations include the manager’s office and the desk closest to the door.

  6. The payroll door should always be a full door and not a "French" or half door.

  7. The name of the payroll staff member who handles garnishments should not be known by the general employee population. It is now customary to include employee’s extensions on department web sites to help employees call the right staff members when they need assistance. But the garnishment number should be the main payroll line or the manager’s number or a separate number with voice mail only capabilities. The call can then be transferred or returned. The employee’s name should never be used. A code name should be used even by the employee when answering the phone. Emails concerning garnishments should also go to a main address or to the manager’s address and then forwarded. Or better yet, have a separate email address that does not include an employee’s name. This can be used for back and forth conversations concerning garnishments.

  8. No employees should be allowed to be abusive or threatening to any payroll staff member. No matter how upset they are or how much "right" they have to be mad about a mistake or perceived error that has been made, no one has the right to be threatening to a fellow employees. This fact is sometimes overlooked when it comes to payroll. Many employees and employers somehow have the mistaken notion that payroll is a place to vent anger at the company. It is not! And any incident should be reported immediately.

Security of the payroll records, department and staff is an ongoing concern for all payroll managers and professionals. But with proper support and diligence the payroll department can maintain a level of security needed that can actually increase efficiency and productivity by working in a secure and organized environment.

VICKI M. LAMBERT is a certified payroll professional with over 25 years of multi-state payroll experience. She has authored many nationally distributed works such as The Complete Guide to Federal and State Payroll Compliance and The Complete Guide to Federal and State Wage and Hour Compliance published by IOMA, and Payroll: A Guide to Running an Efficient Department, published by John Wiley & Sons Inc.

2005 SmartPros Ltd. All rights reserved.

Related Stories
 
 
When It Comes to Fraud, There Is No Silver Bullet
  Related Courses
 
Professional Education Center


 
Would you recommend this article?
5 (yes, highly)
4
3
2
1 (no, not at all) 		Comments:


 
 
About SmartPros | Accounting Products | Professional Education | Marketing Services | Consulting | Engineering Products | Contact Us
2009 SmartPros Ltd.