Comprehensive Software Reviews to make better IT decisions
Don’t Assume Payroll Is Your Highest BC/DR Priority
Workarounds and buffers in the payroll cycle make it far less time-sensitive than most organizations think. Payroll is often automatically labeled as Tier 1 in BC/DR planning, and mistakenly given a higher priority than other truly time-sensitive services (e.g. customer-facing services).
Most organizations can tolerate a day of downtime and still execute an accurate payroll run, so high availability (HA) is not required. Furthermore, even if your normal payroll can’t be executed, there are workarounds to ensure at least base salaries are paid, limiting the impact.
Ensure you are clear on the following before assuming payroll can’t tolerate any downtime:
- Payroll time-sensitivity
- Workarounds to reduce payroll risk
- Criteria for assessing criticality
We’ll look at these issues from the perspective of a Financial Services organization, but the same concepts are true for most industries.
Clarify Time-Sensitivity in Your Payroll Process
Document and review your payroll process to identify time-sensitive steps. Typically, the most time-sensitive step is the actual creation, review/approval, and submission of the payroll file. Clarify how much leeway you have. For example:
- Typically payroll files are submitted Tuesday night or Wednesday morning, and payment goes out end of day Thursday (to show up Friday in bank accounts).
- The net result is most organizations have a 24-hour window (e.g. Wednesday morning to Thursday morning) to recover from a payroll disruption. HA is not required.
- If you have other services where impact is felt more immediately (again, consider client-facing services), they need to be prioritized higher both in terms of recovery order and disaster recovery (DR) investment (e.g. invest in HA for your phone system if that is core to customer service and sales before investing in HA for your payroll system).
Similarly, consider other time-sensitive steps, such as submission of timesheets and payroll adjustments (e.g. salary changes, bonuses awarded). For example:
- Timesheets (or equivalent) might be due on Friday, which allows time on Monday to process changes and review exceptions.
- If time collection was delayed to Monday due to a Friday outage, can that delay be absorbed?
- Also consider adjusting your process (e.g. alter your deadline for time entry and payroll adjustments).
Formalize Workarounds to Further Reduce Payroll Risk and Time-Sensitivity
Every organization I’ve worked with has been able to identify a workaround, but it needs to be formalized, tested, and pre-approved to avoid delays and mistakes in executing those workarounds.
Work with your Finance team to identify what fits your requirements. Below are a few examples:
Workaround 1: Create and maintain a base payroll file as a stop-gap.
This ensures all staff receive at least their base pay. For part-time staff, use the average hours worked. Alternatively, allocate the upper-end of the range of hours worked by part-time staff to err on the side of overpayment.
Workaround 2: Modify base payroll file to get closer to an accurate payroll run.
This option works in conjunction with Workaround 1, but takes it a step further if possible depending on the nature of the outage. The goal here would be to resolve the most problematic issues to minimize goodwill impact with staff and reconciliation efforts for next payroll. For example, remove part-time staff who did not work that pay period.
Workaround 3: Instruct your bank (or payroll service provider) to re-run the same payroll file from the previous pay period.
This is the easiest option and ensures staff are paid a reasonable (if not accurate) salary, but is also potentially the most problematic as it does not allow for adjustments and variability week to week. Potential issues include:
- Casual or part-time staff whose hours might vary greatly.
- Variable compensation (bonuses, commission, etc.).
- Salary adjustments due to promotions.
For all of the above workarounds, be prepared to:
- Work with your bank (or payroll service provider) to clarify options and limitations (e.g. options for submitting a payroll file late, or making adjustments after submission).
- If you have to execute a workaround, communicate payroll status and the plans to reconcile discrepancies (e.g. that staff will only receive base pay, and when/how discrepancies will be resolved).
- Manage exceptions:
- Give managers the ability to escalate potential issues (e.g. an employee who counts on their monthly commission check to pay their mortgage).
- Clarify the process for approving and providing direct payments (e.g. hand-writing checks) where necessary to manage exceptions.
- Reconcile discrepancies. This includes tracking actual payments made, plus ensuring that recovering payroll data (e.g. timesheet entries) is part of your disaster recovery plan (DRP) so that discrepancies can be identified and resolved.
Conduct a Business Impact Analysis to Assess Criticality
Payroll is a great example of why organizations need to conduct a business impact analysis (BIA) to determine criticality, rather than go by gut feel. Conduct a BIA to ensure payroll is properly ranked based on impact and time-sensitivity:
- Financial/cost (e.g. inability to sell services: consider peak times such as RRSP season).
- Goodwill or reputational impact (e.g. frustration over service delays, especially if there is also a cost impact for the customer due to delays processing investment requests).
- Legal/regulatory compliance impact (e.g. delays in providing compliance reports).
- Health and safety impact. For a Financial Services organization, this is typically not a relevant criteria. However, more-general examples might include impact on services that provide personal safety/security (e.g. for a university, this would include impact on campus security services such as patrols and security cameras).
For payroll disruptions, the impact is indirect (e.g. staff are upset about delays in pay or inaccurate pay, and that can affect job performance; however, ask yourself if staff in your organization would actually walk out and risk their careers over a one-day pay delay). Furthermore, some downtime can be incurred before there is any impact, and that impact can be mitigated by implementing workarounds.
- Document and review your payroll process to better understand tolerance for downtime.
- Identify and implement workarounds that fit your requirements.
- Conduct a BIA to ensure payroll is properly ranked in your list of BC/DR planning priorities.
Don’t assume payroll is your highest priority for DR and business continuity. Yes, people need to be paid, but most payroll processes can tolerate downtime. Furthermore, workarounds can reduce payroll downtime risk without implementing an expensive HA solution.
Want to Know More?
Ansible from RedHat has steadily gained market share since its introduction and has now surpassed its two main rivals (underscoring how quickly things change in DevOps). Will Ansible push Chef and Puppet out of the open-source configuration management tool market?
In its latest release, Ayehu has enabled users to create custom activities. This marks a significant shift in Ayehu’s product strategy.
Red Hat Ansible Automation’s latest features enable organizations to better manage and leverage existing automation playbooks, plug-ins, and modules as the depth and breadth of automation continues to expand.
Ayehu gives users a helping hand in building workflows. The firm’s strategy aligns with a trend in the automation market, in which vendors are competing over usability and ease of implementation.
Puppet has rolled out Remediate. This release aligns with the ongoing consolidation between IT Operations and IT Security.
Ayehu is working to bridge the gap between IT Operations and Security Operations. We expect to see more vendor product offerings follow suit.
Rundeck markets itself as an enabler of self-service IT operations. This marketing strategy aligns with the transition of IT operations from order-takers to engineers. But organizations must change their way of working to make self-service successful.
Enterprise IT environments are complex – and Puppet thinks that’s not going to change anytime soon.
IT automation tools such as Ayehu make automating easier than ever, leaving process work as the hardest part.