It is a requirement of the legislation to keep confidential all payroll records for each employee.
Back-up and recovery
Every business needs a strong disaster recovery plan. Disaster recovery is the ability to continue work after any number of catastrophic problems, ranging from a computer virus or hacker attack to a natural disaster such as flood, fire, or earthquake. Data disaster recovery often includes making frequent backups of all critical data and records, both digital and hard copies, and storing them in a secure, remote location.
Having a disaster recovery plan in place takes a little time and effort, but the peace of mind it brings and the ability to continue work after the unthinkable are well worth it.
While each electronic payroll system may be a little different, the principles of each are the same — keep documents and data safe and accessible.
- Manual: For a manual payroll system, the backup and recovery is manual as well. Considerations need to be made about keeping source files and binders secure and safe. Investments in fireproof cabinets or other measures of disaster mitigation must be planned for and maintained with vigilance. Privacy and disruptions to paying employees on time are at increased risk without serious consideration of recovering quickly from theft, fraud, flood, fire, and earthquake.
- Digital: Similar to a manual system, a digital system must be protected by the people who set it up and maintain it. Excel files can be password protected and should be behind a firewall. Digital file backups should be taken on a daily basis, and ideally stored on the cloud with a private business account. Otherwise, hard drives should be used for backups, and stored in a secondary location from the business, ideally one that would not be affected by the same natural disaster. In addition, source files must be protected and secured behind fireproofing or other security measures to protect against theft and destruction.
- Working with cloud-based storage and security would provide the most effective security and peace of mind. Different from Cloud-based payroll systems, which include security as part of their feature set, a digital system requires pro-active security management. There are multiple companies in Australia that you can use as off-site backups. Each company will offer something different in regards to services offered so some research will need to be done to find the correct one for the business.
Some of the options are:- OnTheNet are specialists in offsite backup and online data storage, offering only the highest quality services to businesses all over Australia. Having developed leading offsite data backup systems, OnTheNet has been providing incomparable image, data and disaster protection services to its clients, ensuring consistently superior levels of service.
- Motionwave provide a variety of disaster recovery solutions designed to help your business manage server failures and network outages. If you have any additional questions, please email support@motionwave.com.au
- DataBank has developed systems and processes specifically designed for the offsite data storage industry. These take into account the industry's unique requirements for routine backup tape cycles. The web-based tracking and media retrieval system is unique to DataBank, and helps clients locate media at any stage of its life.
- Working with cloud-based storage and security would provide the most effective security and peace of mind. Different from Cloud-based payroll systems, which include security as part of their feature set, a digital system requires pro-active security management. There are multiple companies in Australia that you can use as off-site backups. Each company will offer something different in regards to services offered so some research will need to be done to find the correct one for the business.
- Cloud-based: For most Cloud-based systems, such as MYOB, security and disaster recovery is mostly a breeze. They take full responsibility for backing up business data and providing access at all times. There are still the paper-based source documents that must be protected just as in the other types of systems. If your business collects these types of documents, they must be protected and kept confidential.
- MYOB | Security and Trust Centre - Highlights MYOB's security commitment to their clients.
- MYOB | Status of products - Indicates the status of service for all of their products. If you don't see MYOB Business at first, select the toggle for Show Affected Only, next to Small to Bigger Business Solutions, so it shows all products in their Small business range.
Your system — whether it's computerised or not — is only as secure as are the people that access the data. MYOB Business provides two categories for the people that have access — Users and Advisors.
1When you invite someone to access your MYOB business, you'll choose whether they'll be a user or an advisor. They'll be sent an invitation to access your MYOB business, which has all the info they'll need to get started.
User - This is the default user type for most of your staff members.
Advisor - This could be your accountant advisor, bookkeeper or any other person that you may want to help manage your books.
Not everyone has permission to invite others into the MYOB business. To invite users to your MYOB business you must be either:
- the owner of the business (the person who created the subscription)
- a user with the Administrator role and have been invited to access All businesses under this serial number.
Take a look at the users page:
Go to your Business Name menu > Users
The Users page is where you can:
- invite users and advisors to access to your MYOB business
- choose which parts of your MYOB business users can access
- check a user's status
- edit and delete users.
Everyone you invite to access your data will be able to access your MYOB business at the same time, and there are no user limits. But you'll keep your data safe by choosing which parts of your MYOB business each user can access.
1Roles and permissions, available in the Access section of the Users page, control the parts of your MYOB business a user or advisor can access.
For example, a user with the Sales role can only access sales related functions and reports. But the Administrator role gives a user access to all features and functions.
Note: Some MYOB payroll plans incur payroll fees. If your plan is one of them, only Administrator, Accountant/Bookkeeper and Payroll roles can incur fees on behalf of your business. For additional details see Payroll limits and fees.
This table1 provides the list of available roles and the functions they permit. Assigning users to one of these roles limits the data they can access to what is shown here.
Role | Permitted function |
---|---|
Administrator | All features and functions, including user management. |
Accountant/Bookkeeper | All features and functions, excluding user management. |
Payroll | All features in the Payroll menu Payroll reports Employee reports Custom reports |
Sales | All features in the Sales menu Sales reports Customer reports Custom reports |
Purchases | All features in the Purchases menu Purchases/Bills reports Supplier reports Custom reports |
Banking | All features in the Banking menu Banking reports Contact reports Custom reports |
Contacts | All features in the Contacts menu Contact reports Custom reports |
In addition to assigning your new person a Role, you will assign them a User Type.
User type | Can access |
---|---|
Owner, Online admin, Advisor |
All MYOB businesses you have under this serial number |
File user | Only the business you have invited them into, even if you have several businesses. |
The process of inviting users into your MYOB Business2
The steps are here
- Sign in to your MYOB business as an administrator or owner.
- Click your business name and choose Users to display a list of all users.
- Click Create user to open the Create user page.
- Enter the user’s Name and Email.
- In the Access section:
- Select the access you want to give the user. Learn about access levels
- Choose the User Type - only the owner can make a user an Online admin.
- If you're the business owner and you realise that you've assigned a user the wrong User Type, you can change it.
- To learn more about user management, view the help article at MYOB: Edit and delete users.
- Click Save and send invitation. The user is added to the list on the Users page, with the status of Invited.
- For all File User user types, an email is sent to the user giving them the option to:
- accept the invitation by creating a new user login
- accept the invitation by using an existing user login, or
- decline the invitation.
Note: Online admin user types don't receive this email and don't need to accept an invitation to access a file. To set up another user, repeat from step 3.
- To set up another user, repeat from step 3.
You can resend or cancel an invitation straight from the users page. The invitation does not expire.
Manual Payroll Systems | Computerised Payroll Systems | |
---|---|---|
Storage | Compactor file storage and/or a separate filing room is usually reserved for keeping the employment records and other documents used in the payroll system. | Computerised payroll systems allow businesses to store huge amounts of information in a relative small space |
Cost | The system requires arrangements for physical storage and requires more than one (1) employee to maintain it. Where the cost of a manual payroll system is relatively small, the associated cost of storage and salaries of employees to operate the system can be very high. | Although the cost of buying and maintaining a computerised payroll system is quite high, it does allow saving in other areas. For example, a single employee can process the wages for large numbers of staff relatively quickly. |
Security | A manual system could potentially be locked into a safe for security. | When we start using a computerised system, we also need to implement computerised security protocol. The protocol could include password protection, virus scanners and security for any back up of data. |
Time | Manual systems are often labour-intensive and time-consuming to operate, with information needing to be manually recorded multiple times in a single pay run. | Computers have allowed for information to be carried forward to new periods without the need for it to be duplicated. The information can also be used to produce multiple reports without the need to re-enter information. |
If an employee asks for information in relation to their payment records be made available to landlords, finance companies or other persons, it can only be provided with a signed and dated written letter of authority from the employee that names the individuals or organisations they wish personal information to be shared with, along with details of the specific information to be shared.
This written letter of authority can take on a number of different forms based on the information that the employee is requesting that we share with a third party. An example of a written letter of authority is provided below.
Example of a letter of authorisation
<Employee's name>
<Employee's address>
<Date>
Subject: Release of payroll information
The paymaster <name of the employer>
I have applied for finance approval with <Name of finance company>and need to provide evidence of the content and value of the last <4>weeks wages. When they contact you, could you please provide this information for the period <date from> to <date to>. This may need to include specific information on what is included in the wage payments to me during this period and the likelihood of future continuing employment.
Yours sincerely,
<signature of employee>
Persons with Authority to Access Payroll Information
As you have seen from user roles, there are people who have authority to access private payroll information under specific legislation.
In brief these people include:
- The employer
- The employee
- The person authorised by the employer to process the payroll
- Fair Work Inspectors
- Union officials (for the purpose of establishing if a breach has occurred)
- Law enforcement agencies (on the order of the courts)
Take a moment and answer these questions about adding users to MYOB Business.
Activity 1
Activity: In your trial version of MYOB, add several new users of different types, with different permissions to get a feel for how it works. Use fake email addresses so you don't give anyone a shock.
MYOB takes security seriously. Read about their various policies and targeted practices that keep Payroll and all data safe in MYOB's online environment in the MYOB Trust Centre.