| By Dave Foxall
Understanding the Cloud Payroll Vendor Point of View
The SaaS sector is no longer in its infancy and it shows no sign of going anywhere but up. The THINKstrategies Consultancy’s Cloud Computing Showplace (www.saas-showplace.com) lists over 1,900 cloud vendors across more than 90 application and industry categories. The listing for payroll automation software currently shows 43 individual providers and THINKstrategies’ site does not include the larger traditional software vendors — such as Microsoft, Oracle and SAP — that have SaaS offerings. However, many software buyers are wary of SaaS payroll deployments; a caution that is endorsed by a survey carried out by Grant Thornton at the end of 2011: “The relative youth, diversity and as yet loosely defined nature of the SaaS industry all pose risks for those who participate in or support it. The lack of a clear set of criteria to define SaaS has opened the door to a formidable number of players offering a wide array of hosted software services that vary greatly in their functional capabilities and measurable benefits. This has created intense competition along with customer confusion.”
The Grant Thornton report (Issues and Trends: Assessing and Managing SaaS Risk) consulted and aimed at the SaaS C-suite and addresses concerns from a vendor perspective, looking at how the SaaS industry can turn its phenomenal initial interest and success into long-term sustainability. One of many key strategies to employ to steer clear of cloud payroll pitfalls when selecting a given software application is to use a contextual understanding of the market landscape to judge different offerings against a common backdrop. The Grant Thornton report offers payroll software buyers the opportunity to view the transaction from the other side.
First, some worrying statistics for payroll software buyers…
Of the C-level executives that responded to the survey:
- 34% indicated that SaaS compliance management systems are no better — or are worse — than in-house compliance systems.
- 38% find that SaaS risk management practices are no better — or are worse — than risk management practices developed in-house.
- 63% believe that the SaaS sector needs to improve its credibility.
- The vast majority do not use standard risk management practices such as ISO 27001certification or SSAE 16 (formerly SAS 70) or SysTrust audits.
As such, it would seem that the SaaS vendors themselves are fully aware that there is work to do to improve their image with software buyers. What follow are the three key risk categories identified in the survey and Grant Thornton’s broad recommendations.
SaaS Payroll Vendor Challenge #1: Financial risk
Any financial risk to the company threatens vendor stability which in turn will ‘devalue’ the vendor’s proposition to a buyer. As relatively young businesses, pure-play SaaS payroll companies face certain financial risks; not least how to develop sustainable revenue and sales in the context of a rapidly-evolving technological landscape. Grant Thornton’s recommendations to vendors are:
- Ensure the house is in order - contracts are current, licenses and patents are up to date, and any litigation is being addressed.
- Be firing on all financial cylinders - focus on 12-month revenue and EBITDA; eliminate or reduce discretionary spending without skimping on necessary business expenditures.
- Focus on the future - think strategically; have a 12-month budget, better still a five-year projection.
- Get audited - independently audited financial statements give comfort to buyers and investors.
SaaS Payroll Vendor Challenge #2: Operational risk
While the financial risks above may be of more interest to potential investors and merger prospects, the operational risks are directly relevant to the services that a software buyer will be receiving: 24/7 operability, highly effective business continuity plans, and high caliber data management and security protocols. Grant Thornton’s recommendations to vendors are:
- Data security - know exactly what data is created, stored and transmitted; use audit controls such as data segregation practices, roles-based data access practices, and password procedures.
- Availability - to maximize data availability, every contract should provide for adequate business continuity planning, which should include robust disaster/data recovery procedures.
- Operating level agreements - an operating level agreement (sometimes known as a service level agreement) should be clearly governed by the contract between the provider and the customer.
- Fraud prevention - fraudulent interception of data could have significant effects for anyone in the data stream; buyers should verify that the vendor has and uses the highest grade of encryption system.
- Complexity - both vendors and clients need to be aware of how shared data is used on both sides of the equation; prudent operational risk management requires both client and provider to be cognizant of such considerations.
- Data integrity - to verify that data is being manipulated consistently, vendors should create baseline client-side and provider-side reports early in the relationship and provide periodic updates throughout the engagement.
SaaS Payroll Vendor Challenge #3: Compliance risk
National and global compliance requirements are increasingly complex; as Grant Thornton puts it, “For that reason, companies frequently overlook or minimize the value of critical control and efficiency practices, including SSAE 16 audits, ISO certifications, SysTrust audits and other standard industry compliance tools.” Having the right set of compliance controls is not only about meeting regulations, but also enhancing the payroll vendor’s market credibility. Grant Thornton’s recommendation to vendors is: “taking a negative view of compliance measures can mean overlooking the fact that their underlying goal is to help organizations rise to the next level of control and credibility.” Vendor organizations should be embracing opportunities to meet SSAE 16 and ISAE 3402 (the international equivalent) as well as looking to how their products can assist with issues such as payroll compliance.
Cloud Payroll Software Con #2: Configuration and Customization
The flip side to the SaaS reputation for agile, highly configurable solutions is that for the vendor, profitability comes from the economies of scale that SaaS deployment offers (e.g. multi-tenancy). Thus, although SaaS offerings are far from off-the-shelf “one size fits all” solutions, there is a limit to the amount of tailoring to client needs that is possible. Knowledge Infusion's Heidi Spirgi sums up the situation by saying, "In SaaS, you are limited to the capabilities the vendor provides". As such, it is crucial that organizations clearly understand the capabilities of any given payroll solution (and the complexity of integrating it with other applications) before any agreement is initiated.
SaaS Payroll Vendor Challenges - The Bottom Line for Buyers
Although SaaS payroll appears to be a deployment model whose time has come, it may be that early enthusiasm for its benefits is effectively papering over some of the vendor deficiencies. Grant Thornton points out that the future success of the SaaS sector depends on a number of variables:
- continued technical advancement and adoption of the Internet as a viable means of data transfer;
- continued innovation among SaaS providers regarding technological advancements;
- continued development by SaaS providers of business and service models that maximize the value of Web-based data interaction; and
- increased attention to financial, operational and compliance controls, especially among pure-play SaaS providers
From the payroll software buyer’s perspective, all of the above makes for an interesting alternate perspective and it would seem nothing less than an exercise in due diligence to take into account the Grant Thornton risk recommendations when assessing vendor offerings.
Categories: Payroll In The Cloud
Tags: SaaS Payroll Vendor Challenges
Author: Dave Foxall