It seems every few weeks you here about a new data breach or ransom in the payroll business. But the latest news should have every business owner asking questions about their payroll provider: the FBI is currently investigating a privately-held payroll company that abruptly shuttered recently, leaving more than 250,000 employees across the U.S. without paychecks. The New York state-based payroll provider allegedly diverted an estimated $35 million from employee checks and accounts.
So how can you be sure your payroll provider can be trusted? Ask these four questions:
• Do you have SOC I Type 2 audits? A Service Organization Control (SOC) 2 audit tests and reports on the design (Type I) and operating (Type 2) effectiveness of a service organization’s controls. Public companies like Asure Software are required by law to pass SOC I Type 2 audits that assess: Security, availability, processing integrity, confidentiality, and privacy. Specifically, Type 2 SOC reports require audits a minimum of 6 months to prove ongoing operational controls are in place and performing as planned.
• Can I review the tax filings you’re making on our behalf? All tax filing reports from your payroll provider should be reconciled with federal, state, and local taxing jurisdictions online. If your payroll company is filing on your behalf, you will be able to inspect every pay period. A good place to start is the IRS website: Small Business and Self-Employed>Depositing and Reporting Employment Taxes.
• Where do you keep my money that funds payroll? Payroll processors should never co-mingle funds. Any reputable service provider will hold client funds in trust accounts and have the proper controls in place to prevent your money from getting mixed in with operating accounts.
• How do you comply with NACHA guidelines? the Automated Clearing House (ACH) has measures in place to protect consumers and is governed by the National Automated Clearing House Association (NACHA). NACHA is an organization that establishes the standards and rules followed by financial institutions for transferring payments and their operating rules are the foundation for every ACH payment. You will find details about compliance with ACH rules in a company’s SOC 1 Type 2 report.
As a leading payroll services provider, Asure Software maintains the most sophisticated systems and controls to protect you and your employee’s money and their data. Because we’re a publicly traded company (NASDAQ: ASUR), we must pass SOC 1 Type 2 audits every six months and our SOC audits are completed by an independent third party to ensure all controls and systems are in place, being followed and are secure.
Many smaller firms have difficulty with the financial overhead and resources required to comply with and pass SOC audits but, ultimately, this provides you and your employees the protection you deserve. As a condition of Asure’s SOC 1 Type 2 certification, all client funds are held in trust accounts that cannot be commingled and we’ve established clearly defined lines of separation between those submitting ACH files and those reconciling the account’s funds which are then audited and balanced. We check our work!
Concerned about the security of your payroll? Let’s talk!
For information on Asure Software’s payroll processing services, contact Asure.