“Systems haven’t been adapted properly for the Holidays Act, even though it’s been there since 2003.”

Let’s analyse that in relation to this post.

Here are some specific issues mentioned.

1. “One of the issues affecting midwives was the payroll system treating their 12-hour shifts as eight-hour shifts, which meant one-and-a-half days was deducted from their leave entitlement instead of one.” – This is the job of a rostering / time and attendance system. Most payroll systems are inherently unaware of shift patterns. To add to that, this is not a software coding issue but a configuration issue. Who is responsible? Well, we don’t know the ins and outs but at some point, someone will have had to draw up a requirements document, test, parallel run, sign of, oh and use the system for 18 years and only now it comes to light? Only one thing comes to mind – people, not systems or The Act.
2. “Annual leave was determined in weeks, not hours or days, which added complexity. The group had spent months trying to determine what a week was, Ovens said“ – Let’s wind back to the 2004 or 2005 when MBIE (then department of labour) had their first set of guidelines to the act released. Guess what? It explicitly allowed the use of hours. Do you think every payroll system in New Zealand would consciously write their software to be non-compliant? I don’t think so. In addition to this, weeks really is the most fair representation of “time off” and it really is not that hard – it is a case of pure maths. Who is the culprit here? I’d like to suggest MBIE themselves.
3. “A lot of midwives also picked up extra shifts but had not received the corresponding increase in annual leave entitlement.” – Had leave been accounted for in weeks as per the holidays act, this would become a non-issue. Regardless of how many shifts / hours you work, you get 4 weeks (per minimum legislation) – it’s that simple. This issue again points to the original guidelines from MBIE allowing for hours. Had weeks been enforced from day 1 of the act, the majority of the remediation issues would not exist today.
4. “Some boards had also not calculated employees’ gross earnings properly when they left or moved to another health board” – This is definitely not a system issue as all systems allow you to choose what to include in gross earnings. To get gross earnings right, it requires some homework to appropriately categorise all your allowances and set them up accordingly. People will have been involved at some stage to make a call on what to include and exclude.

Going back to the opening statement, yes many systems have not been adapted to calculating in weeks. One could say this has something to do with the original guidelines released by MBIE and from then on it seems to have become habit. Other than that, none of the other issues mentioned are system development issues but decisions and utilisation by people.

Who has to pay?

In the case of the DHBs, the government (ministry of Health) will be forking out the monies owed to employees. Could we use $1.15BIL in a better way? Sure!

• Hospitals are under-staffed
• Nurses are not paid enough in my view
• Some hospital buildings are appalling
• St. John is laying off staff as it cannot afford to operate

The problem is not that current and former staff are getting money back – they are owed this and deserve it. The issue is that millions of dollars are being paid to consultancy firms to help with the recalculations and also that the memorandum of understanding is far more favorable than the act itself. Yes, staff will get more money but guess what? So will the government in taxes.

No one talks about compliance going forward

Even with all that in mind, few actually talk about how systems and processes can be made compliant going forward. This is the real key because otherwise DHBs and all companies for that matter, may very well be non complaint again the very next day after paying their backpays.

We don’t need payroll systems, we need rostering, scheduling and strong time and attendance systems. These are key to accurately calculating in accordance with the act for complex environments like DHBs. Yes, payroll is important and has a lot of calculation to do as well but the best payroll system will not achieve compliance without a proper time and attendance and award interpretation engine.

What we also need is competent people owning payroll. It appears no one at these organisations themselves is at fault here, it is always a system or The Act. People should be held accountable and the profile of payroll and the importance of getting it right needs to be raised to one of the most important functions in a business.

Billion Dollar Nightmare

*This article was originally published on Newshub.*

“Cyber security reports rose 65 percent last year compared to 2019, Cert NZ, a Government agency that supports businesses, organisations and people affected by cyber security fraud, said Kiwis lost $3 million in cyber security fraud in the first quarter of this year”

That is a huge increase in online security attacks, meaning we are now more exposed than ever. This affects individuals and companies alike.

Payroll is one of the most critical business functions when it comes to privacy and security and should be taken very seriously. With the new privacy act 2020 and the rise of cyber attacks, every business should be reviewing their IT security, privacy policies and clamping down.

Payroll databases hold personal identifiable information and even if you think your payroll system is secure (which I would question), data is often transferred from one place to another and might be susceptible to interception. Examples include:

• Bank files
• Reports sent to third parties like unions and Southern Cross
• Integration with other systems like HR and T&A
• Reporting tools like SSRS, Crystal

Here are 6 basic steps to improve your security:

1. Install software and operating system update regularly.
2. Back up business and customer data on a segregated network so if it’s lost or stolen, it can be recovered quickly.
3. Use a password manager to keep track of passwords for each online account and as an extra layer of security, put two-factor authentication on. Password managers can generate highly complex and random passwords for you and you don’t have to remember them – only one Master Password.
4. Enable logging to keep records for investigative purposes.
5. Monitor logs for unusual activity and talk to service providers about how they can help detect unusual activity on the network.
6. Have an incident response plan to enable the business to be prepared if the worst happens.

Here are some extra ones for Payroll:

1. Regularly review your users who have access to the system and disable those who should no longer have access.
2. Do not send any payroll data over plain text, excel etc. Rather use secure file transfer software like SendSafely | The End-to-End Encryption Platform.
3. Publish payslips to employees via a secure online self service portal.
4. Make use of two-factor authentication as much as possible.
5. Cloud platforms are highly secure.
6. Do not share your username or passwords, make sure every user has their own.
7. Always ask for identification if someone calls and asks about payroll information.

Six ways businesses can reduce their cyber security risk as incidents rise | Newshub