Payroll-pocalypse: The Definitive Guide to Creating a Payroll Disaster Recovery Plan
Ever wondered what would happen if your bank went under? Or if your entire HR or Finance team disappeared overnight, with no one left to run payroll?
Payroll fiascos do happen, which is why it’s important to have a payroll disaster recovery plan in place. In this definitive guide, we explore what counts as a ‘payroll disaster’, some examples of what could happen as well as the steps you can take to mitigate any fallout.
And keep reading till the end for our step-by-step checklist for putting your own plan together.
What qualifies as a ‘payroll disaster’?
It’s a good question, indeed. The truth is that there’s no real definition of what a payroll disaster truly is. Sorry to disappoint.
Yes, we’ve listed a few specific scenarios in this blog that might arise and that you should keep in mind. But what constitutes a payroll disaster really depends on your business and the circumstances you’re facing - and it’s something that will dictate the makeup of your payroll disaster recovery plan
In theory, a payroll disaster could be anything from a small payroll mistake like forgetting to apply a new tax code for a director (resulting in an overpayment) to a major external event which thwarts your next payday completely. On the surface, it may be something that seems small. But if it matters to your business and has a significant impact on the wellbeing of your employees, or your ability to remain compliant, then it’s something that really matters.
How effectively you respond in the wake of an incident should be your foremost priority. And this will depend on a few factors, including:
The health of your business - Businesses that have contingency funds set aside are likely to cope better with a major payroll incident.
The scale of the incident - Is it something that affects only a few key members of staff? Or your entire workforce?
The criticality of the event - Is it something that’s easily fixed? Or will it take time to recover from?
Why it’s important to have a payroll disaster recovery plan in place
The key to how well you recover from a payroll disaster will be whether you have a solid plan in place or not. And that’s where a payroll disaster recovery plan comes in.
A disaster recovery plan, in its simplest form, is a set of instructions that define how you respond to a disruptive business event such as a cyber attack, natural disaster, pandemic or bank failure. But as explored before, it’s also there for dealing with smaller events, such as missed overtime payments or underpayments.
These instructions should guide you in how to minimise the effects of any payroll issue up to a full-scale disaster and also clarify how your organisation should course-correct post-event.
The importance of having a payroll disaster recovery plan in place for your company shouldn’t be underestimated. The consequences of not having one could result in severe fines from HMRC for late payments to employees missing bills or mortgage payments.
That last one, financial strain, might be enough for loyal, hard-working employees to pack up their bags and look for work opportunities elsewhere, especially in the midst of the Cost of Living Crisis.
Payroll disaster scenarios you could encounter
Here are 5-6 likely scenarios and what to do for each of these if they happen:
Scenario 1: you experience a payroll data breach
The threat of hackers getting their hands on personal information has never been more acute.
The pandemic and subsequent shift to remote work have given rise to much higher levels of security breaches. Just recently, a group of companies, including the BBC, British Airways, and Boots, were subject to a nasty payroll data breach. Further to this, a recent survey conducted by Fortinet revealed 75% of organisations had experienced at least one data intrusion in 2023 alone.
That number paints a pretty stark picture. And it’s not only personal information - funds can be stolen from your company as well. One way this can happen is through HMRC liability payments - these are able to be redirected somewhere else by somebody. You could then suddenly find yourself in a situation where you owe HMRC and your employees a lot of money.
So what should you do if your payroll becomes the subject of a data or security breach?
The most important thing to do is to react quickly but calmly. You’ll want to secure any compromised accounts or administrative logins by changing passwords as soon as you can and encouraging affected parties to do the same. You’ll also need to report the payroll data breach to ICO as part of the General Data Protection Regulations (GDPR).
However, it’s also possible to no longer be able to access that data if it’s been stolen or your outsourced provider cuts off access while they investigate. In this situation, you’ll need to resort to making your payments manually by estimating your employee’s pay based on what they earned last month. Not a perfect solution, but a stopgap.
You’ll also want to put a clear but concise plan in place for how you want to communicate the attack. The last thing you want to do is to cause a panic. At the same time, you need to inform all parties that may have been affected (that includes your employees).
Having a payroll disaster recovery policy in place (more on this later) will guide you through exactly everything you need to do to help your organisation recover from the attack.
Scenario 2: Key members of your HR or finance team vanish
Payroll is the heartbeat of every business. But what happens when the heart stops beating?
It happens. Key members of staff responsible for running payroll could all come down with a mysterious flu. Or, more bluntly, they could decide to walk out. The latter actually did happen in the wake of Elon Musk’s takeover of Twitter when the entire payroll department quit en masse, along with parts of the finance function.
The world is a topsy-turvy place. And you can suddenly find yourself in the Upside Down, with none of the right professionals in sight and no backup solution to fall back on. So what can you do?
In this instance, your top priority should be to get your employees paid on time or as soon as humanly possible. You’ll likely need to turn to a third-party vendor like an accountant, payroll bureau or payroll consultant. While this solution is far from perfect - these vendors are slow to respond and will be unfamiliar with your company and its processes - it may be the best you can do.
You’ll then want to organise that backup plan so this never happens again. Is it a case of training up more employees to run payroll? Or, might it be time to switch to a more user-friendly payroll software that can automate much of the payroll process for you?
One way to circumvent a disappearing act is by ensuring you have at least two people trained to run the payroll on different teams. Most small companies have a single point of failure (SPOF), in that only one person has access to or knows how to process the payroll.
‘Cross-training’, where two people switch roles regularly so they can alternate running payroll every month, prevents this. Not only does this ensure you’ll always have the knowledge in-house to perform payroll (especially during busy periods), but it also means the duty of payroll is a responsibility that gets shared.
And, of course, the more detailed documentation you have, the easier it will be for someone else to pick up and learn what they need to do in the event of having no one skilled to run your system. All this helps in preventing a situation where there’s a Single Point of Failure (SPOF).
Scenario 3: You’re unable to pay your employees
It’s the nightmare no HR or Finance team wants to find themselves in. Still, there are so many issues that could lead to a payday without any pay.
Maybe it's been a slow month for accounts receivable, or your business has been struck by some unexpectedly large costs. There could even be a glitch with your payment provider or bank’s system. If we’ve learned anything from the Silicon Valley Bank fiasco, it’s that even an established banking institution can run into troubled waters.
If your outsourced payroll provider usually handles payments and suddenly limits access to their service, this can also be a problem. And, similar to the point before this, you might suddenly find you’re not able to get hold of your main payment contact (think your finance director being stuck on a delayed long-haul flight).
All of these situations could lead to a payday where employees open their bank account only to find nothing’s been sent.
But there are ways you can initiate a payroll risk management process, including setting up alternative forms of payment (more on this later).
Scenario 4: Your data is corrupted
Whether it’s from a payroll data breach or simply the incorrect handling of data, the information you store can become compromised. In addition to this, your system may experience downtime, that is, a period of time when a system and its data become unavailable due to bug-related issues or a power cut.
The result? Calculations end up wrong, payroll gets delayed, not to mention the compliance issues you could end up facing if you don’t get on top of things. And if the corruption spans several pay runs, it’s possible you’ll need to re-process payroll from the beginning of the tax year.
In this scenario, it may be worth conducting a quick payroll audit to get to the root of the problem. You’ll then want to think about getting backups put in place to mitigate any data mishaps in future.
A high-quality payroll software, for example, will take a backup every 15 minutes compared to other systems and providers that only take a backup at the end and start of pay cycles. Finally, having reliable payroll software in place can make the storing and managing of data much simpler (in other words, no more Excel spreadsheets that go wimbly).
Scenario 5: A major event gets in the way
COVID-19 is still fresh in the memories of many people and businesses. The global pandemic certainly rocked the workplace in a way we’ve never experienced before, which prompted the government to step in and pay wages for millions of UK workers. There were lots of redundancies and funds being claimed at a time when businesses were finding it difficult to make money. A true perfect storm for the world of payroll.
At that time, there was lots of ad-hoc legislation being drawn up. Payroll, finance and HR teams were quickly overwhelmed by a rapid succession of new laws and rules that left them running to catch up. Many teams would have had to go back to manual calculations to account for their lack of software.
But it’s not just a major event like COVID-19 that can produce this effect. Think back to all the back-and-forth NI changes in 2022. Politics are unpredictable, and legislation changes can happen anytime and at the drop of a hat. A lot of payroll providers, including lower-quality payroll software, found it hard to keep up, leaving customers no choice but to fall back on more manual processes.
Your payroll disaster recovery plan checklist
Before a disaster
Your business should have a plan in place long before any kind of disaster strikes. If this isn’t something you’ve developed from day dot, then you may have to take several paces back. But getting this preparation right will pay dividends in the long run.
✔️ Make sure you can back up your payroll system - a disaster, such as a cyber attack, natural disaster or power outage, can take down your computer systems, leaving you no way to access your data or run payroll. Even worse, it can result in the loss or corruption of your data.
For starters, you should be able to access your payroll system on at least one other device (in case your main one breaks or gets stolen). More importantly, you should have a way to do a payroll backup, whether that be to the cloud or a file-sharing service (we don’t recommend physical drives as these can be lost or damaged easily).
Cloud-based payroll software really is one of the safest and most secure options for storing your payroll data as it’s regularly backed up (PayFit, for instance, conducts payroll backups every 15 minutes) to the cloud and can be accessed from any device.
✔️ Set up alternative forms of payment - No matter which payment method you use to transfer funds to employees - cash, cheques, direct deposits - you should always have an alternative payment method. Something could happen that leaves you unable to access your normal way of payment. Having another payment method up your sleeve means you can still make payday.
For example: if you make your salary payments using BACs, a good idea would be to put a faster payment option in place. This is always a handy backup if you’re not able to run payroll for any reason. Plus, you may end up even preferring this option because, as the name suggests, it’s faster.
✔️ Document your payroll policies - We’ve covered some of the more practical aspects to have in place - Now you’ve got to think about how you bring these and other response tactics together. Start thinking about what your payroll policies are with your team and what you’d like your disaster response plan to look like.
At a minimum, you should be able to put together a payroll ‘handbook’. Most importantly, it should be fool-proof enough for any non-payroll person to follow in case it is left up to them to conduct a payroll run. Start gathering information from all corners of your organisation, and consider things like:
Where do I get overtime data from?
Who tells us if an employee is leaving?
Do I need someone to sign off on payroll before we can pay employees?
What is the approval process for bonuses and commissions?
✔️ Draw up a payroll contingency plan - Once you’ve gathered all your payroll policies and information, you’ll want to create official documentation for your payroll contingency plan. Be sure to outline who will be part of your emergency response team and make this document easily accessible for them. You’ll also want to ensure this document is regularly updated with any new process changes.
✔️ Test your payroll contingency plan - If you’ve got the time, then it’s worth testing your contingency plan to see if it works. You could book some ‘rehearsals’ with your team to find out whether the steps you’ve outlined make sense (or need some re-working).
During a disaster
In responding to a major payroll incident, it’s important to remain calm and collected - remember, your staff will look to you for leadership. If you’ve already got your payroll disaster plan in place, follow it as best you can while remaining flexible.
✔ ️ Assess the extent of the damage - To start, you need to understand the scope of the incident fully. You’ll want to assess how many employees have been affected - if there are only a few of them, you’ll want to identify these immediately. If it’s your entire organisation, then you’ll need to start preparing a more comprehensive communication plan.
You’ll also want to get clear on what exactly has gone wrong, so you can better target any recovery. This is also important for any communications you send to your employees (more on this shortly).
✔ ️ Execute payroll contingency plan - Of course, there’s no point creating a plan if you’re not going to use it! At this point, you’ll want to execute that plan you put together at the first stage.
✔️ Communicate with employees - Finally, you’ll need to notify the employees who have been affected and put together a communication plan. When communicating about a payroll incident with employees, it’s important to be timely in your response while also being transparent and empathetic.
Hopefully, if you’ve followed the previous steps well, you’ll already have a very clear idea as to what exactly happened and what may have caused the incident. It’s then a matter of crafting a message that’s clear and concise to explain this to employees and pre-empt any difficult questions.
✔️ Ensure they still get paid - It doesn’t matter what kind of incident you’re dealing with - it’s important for your employees to still get paid. Even if you have no access to the payroll data, your company would still have access to financial reports, or you might be able to check the payments made last month via your bank. You can use this information to roughly calculate how much to pay each employee or use PayFit’s salary calculator to make things quicker.
Employees would probably prefer to be paid at least something on payday so they don't miss their bills, with a caveat that corrections will be made as soon as the system is back up and running.
After the disaster
The steps you take before any disaster strikes are just as important as those you take after. From getting your payroll team and system back on its feet to discussing what went wrong and what you could do better next time, this final stage is essential.
✔️ Restore the payroll system - Once you’ve dealt with any fallout and ensured employees are still paid, you can focus fully on restoring your payroll system. As you do this you’ll want to take note of any system weaknesses that might have led to your disaster in the first place.
You’ll also want to make sure the data in your payroll software matches what employees have been paid. In other words, you might want to process payroll based on what’s actually been paid and make corrections the following month. On top of this, you’ll want to avoid any late submissions or penalties from HMRC.
✔️ Update employees - Communication with your employees doesn’t stop once you’ve made them aware of the incident. As you work on getting your payroll systems back up and running, you’ll want to keep your employees informed regularly. This will not only preempt any questions they may have but help to restore trust in your company.
✔️ Train employees on any new protocols - Once you’ve restored your system and made any updates, you may want to provide some additional training for staff involved in operating your payroll system.
✔️ Schedule a post-mortem - Last but certainly not least, you’ll want to schedule a sit down with your team to do a post-mortem. Explore why the incident occurred in the first place and how the execution of your payroll contingency plan went. Don’t be afraid to talk about what went well but also what didn’t go so well and where you could improve your response next time. If you’ve not done so already, that might include moving your payroll processes to cloud-based payroll software that’s designed with disaster response in mind.