Open Source Payroll Software: A Risks and Recommendations Report
Average rating: 3.5 (from 40 votes)
By Dave Foxall
Minimizing Risk as Part of an Open Source Payroll Software Strategy
As evidenced by the solutions already available on the market, open source payroll software is steadily emerging as a significant option in the business application marketplace; thanks in large part to a host of options not found in traditional licensed solutions. While open source payroll’s defining feature is the total availability of the source code, this payroll software model also brings the potential advantages of improved reliability, a lower total cost of ownership (TCO), and near limitless configurability (predicated on having access to the necessary programming expertise). However, for organizations inclined to fully commit to the philosophical and bottom line business benefits of open source payroll, there are (as with any strategy) a number of risks. A 2011 report from consulting firm Ernst & Young (E&Y), Open Source Software in Business-Critical Environments, brings new research to bear on open source software risk analysis and offers some mitigating recommendations.
Open Source Payroll Software Risk #1: License Breach
Contrary to some misperceptions, “open” does not mean unlicensed. As such, when an organization’s IT or payroll strategy includes using the source code access to make changes and tailor the software more closely to the organization’s needs, care is required. E&Y cite an example: “If, under a particular license, open source code is integrated into in-house software due to an oversight and then distributed outside the organization, this can result in the mandatory publication of the entire programming code for the in-house software. Otherwise the organization risks going to court for failure to comply with licensing laws.”
Have lawyers experienced in the software field review the relevant licenses and what is required for compliance when using, integrating, and approving the open source payroll software.
To ensure consistency across development activities and projects, agree, distribute, and maintain guidelines regarding the development and integration of open source components.
Open Source Payroll Software Risk #2: Unrestricted Use
As with any application, the license is not the sole component of the software’s TCO and the absence of a license fee does not mean there are no hidden or unexpected costs that can accrue. Many vendors offer free downloadable versions of their open source payroll software and this route of acquisition can often lead to the bypassing of an organization’s procurement protocols—resulting in the software being installed without appropriate checking of architecture specifications. As E&Y point out, “Apart from the legal risk this poses, this can also result in a jumble of products and components that is hard to maintain in the long term and leads to increased costs”. Hence, by sticking to proper procurement procedures and due diligence, the process can take into account specific open source software selection criteria (e.g. licenses, community size, developer heterogeneity, support availability, release management, legal ownership, etc.).
Adopt a standardized quality assessment framework tailored to both open source payroll issues as well as the usual concerns regarding functionality, user interface, stability and security.
Pay attention to the long term maintenance of the IT architecture and put guidelines in place for the use of open source payroll technologies.
Open Source Payroll Software Risk #3: Ongoing Support
Depending on the nature of the development model, open source payroll may have radically different options for longer term support and maintenance. The first model is “institutional” in that a single company or agency has developed the software and then released it under an open source license. In all likelihood then, with this model the parent company will maintain the expertise to maintain and upgrade the software over time—offering support packages on some type of subscription arrangement with a service level agreement (SLA). The second model is the popular conception of open source which is development by a volunteer community of programmers. Support and problem fixes are often prompt and are certainly cost-efficient; however, in the absence of an agreed service contract, this decentralized model offers few guarantees.
The majority of open source payroll software follows the first model and upgrade and maintenance arrangements are similar to those used with ‘traditional’ software. However, thorough checking of available support is required before committing to the application.
Open Source Payroll Software Risk #4: Migration Failure
As with any change in a payroll technology platform, migration is a critical part of the implementation process that can carry heightened risk. Proprietary systems tend to be highly integrated and, more importantly, closed. As E&Y point out, “These kinds of technical dependencies and incompatibilities, as well as inaccessible data or lacking interfaces can make it hard to integrate open source solutions.” Of course, in addition to these technical aspects of migration, user adoption can also be a problem. In the current workplace, employees are still more familiar with the major brands and their particular functionalities and interfaces. As such, if anything, stakeholder engagement and a robust change management strategy are even more crucial when implementing open source payroll over a more well-known proprietary brand.
Incorporate a comprehensive migration strategy in the implementation project plan; covering both pilot trials and parallel running tests for the technical functioning, as well as intensive user training and awareness measures to cover the people angle.
Final Thoughts on Open Source Payroll Software Risk Management
It is worth acknowledging that the above risks (i.e. license breaches, unrestricted usage, ongoing support, and migration) and their countermeasures are particularly necessary for organizations that wish to fully embrace open source and make it their core business IT strategy (even part of the corporate philosophy and culture). However, even for those companies wishing to initially experiment with a single open source application (such as one of the many free downloadable payroll solutions like TimeTrex, Easy Time Control or PayPunch), these risks will be present in some form (albeit of reduced severity) and will need to be taken into account.