In light of the recent IOIPay and MyPayrollHR scandals, it is understandable that many businesses are nervous about allowing a third-party to handle your payroll. With a few simple steps, you can perform your own due diligence to determine whether they are a reliable company and up to the task of meeting your needs.
Oversight is, perhaps, the most critical. There can be numerous approaches to this suggestion. For example, a board of directors typically have a vested interest in keeping the organization honest. Another might be a Governance, Risk and Compliance (GRC) Committee, or other governing body tasked with ensuring compliance with laws, regulations, policies, and procedures.
Understand the company’s structure. Who owns the company? Is it privately held or publicly traded? Who are the majority owners and how much control do they have over the flow of funds? Are there affiliated companies that could impact a payroll vendor? In other words, if an affiliate went bankrupt, would it damage the business with whom you are relying upon?
Verify basic information, such as the legal business name, mailing address, all physical locations, websites, and operable phone numbers. When researching the legal name, it is also important to look for “doing business as” or d.b.a designations. This will help ferret out true ownership behind the scenes.
Verify license status. Are business licenses current? Are they displayed at the place of business? Most states require an annual report to update any changes in the entity’s name or ownership. Typically found on the Secretary of State’s website, the business will be listed with a “Certificate of Good Standing” if they are current.
Review publicly available complaints. Online reviews found on Yelp, Google, and other sites can be a good indication of a business’s credibility. Negative new searches can be another good indicator. The Better Business Bureau also records consumer complaints.
Payroll companies should make available some form of audits. Publicly traded companies will make financial reports available to the general public. Likewise, Service Organization Control (SOC) I audits are conducted by a third-party to document internal controls relevant to a company’s financial statements.
Proof of insurance should be provided by companies to show they are prepared. They type of insurance may vary based on the situation.
Last, but not least, is security. A solid security program will have documented policies and procedures, business continuity plan, disaster recovery plan, and incident response plan in place. Additionally, a SOC II audit will provide Here evidence that a third-party has verified all of these security controls are in place and function as intended.
Follow these steps to perform comprehensive due diligence of a potential payroll vendor. These inquiries should help answer some basic questions about the dependability and trustworthiness of a payroll vendor and get your relationship off to a good start.
Disclaimer: The opinions expressed are those of the author(s) and do not necessarily reflect the views of Netchex or its clients. This post is for general information purposes only and is not intended to be and should not be taken as legal advice.