Payroll is not just another software category. It processes people's income. Errors have legal consequences — unpaid taxes, incorrect PF contributions, wrong TDS deductions — and human consequences. The technical due diligence for HR and payroll software must go beyond code quality to cover calculation accuracy, compliance currency, and the operational reliability of something that cannot fail on the 1st and 15th of every month.
This guide covers the specific evaluation challenges of HR and payroll software acquisitions in the Indian market.
Why payroll software is high-stakes
Payroll software failures are not recoverable with an apology and a hotfix:
- Regulatory violations: Incorrect PF, ESI, TDS, or professional tax calculations create employer liability — not the software vendor's liability. But customers will churn, and the reputational damage is permanent.
- Employee impact: Getting someone's salary wrong — especially deductions — creates immediate personal financial stress and destroys trust.
- Audit exposure: Payroll records are subject to government audits. Errors discovered during an audit can result in penalties, interest, and in serious cases, prosecution.
Payroll calculation accuracy audit
This is the first thing to verify. Request:
Sample payroll reconciliation
- Take 3 months of payroll data (anonymised) for a sample of 50 employees across different employment types (full-time, part-time, probation, variable pay, multiple pay structures)
- Re-calculate manually or with a known-good reference
- Identify discrepancies
What to verify specifically:
- Basic + HRA + allowance splits and their taxability
- PF calculation: employee and employer contribution, correct ceiling application (₹15,000 wage ceiling for statutory PF)
- ESI calculation: applicable employees, correct rates, ceiling thresholds
- Professional tax: per state, per income slab — does the software maintain current slabs for each state?
- TDS calculation: is the New Tax Regime vs Old Tax Regime applied correctly? Are perquisites and other income components handled?
- Gratuity and leave encashment — if calculated, are the formulas correct?
Edge case handling
- Mid-month joins and exits — are they prorated correctly?
- Salary revisions effective mid-month — is the revision applied from the correct date?
- Arrear calculations — are historical runs reprocessed correctly?
- Variable pay and bonus processing — are they taxed correctly in the month of payment?
Compliance currency
Indian labour law is in active transition. The four new Labour Codes (Wage Code, Industrial Relations Code, Social Security Code, Occupational Safety Code) will significantly change payroll when implemented. Evaluate:
- Current compliance: Is the software current with all existing regulations across the states the customers operate in?
- Update velocity: When the minimum wage notification changes (every 6 months in many states), how quickly is the software updated? Days or months?
- State coverage: How many states are fully supported vs. partially supported vs. not supported?
- New Labour Codes readiness: Is there a plan and timeline for implementing the new codes?
Red flag: No dedicated compliance team and no documented process for regulatory updates. This is an ongoing operational cost the acquirer must plan for.
Data handling and privacy
HR and payroll systems contain some of the most sensitive personal data:
- Salary and compensation history
- Bank account details
- PAN and Aadhaar numbers
- Address and personal contact information
- Performance records and disciplinary history
Data security requirements
- Is PAN and Aadhaar data encrypted at rest? (Storing Aadhaar numbers requires UIDAI compliance)
- Is banking data (account numbers, IFSC codes) encrypted?
- Who has access to salary data? Is it appropriately restricted by role?
- Are there audit logs of who viewed salary information?
- Is there a data retention policy, and is it implemented?
DPDP Act (India's data protection law)
The Digital Personal Data Protection Act, 2023 is operational. HR systems are squarely in scope:
- Is there a lawful basis documented for processing each category of employee data?
- Can individuals access and correct their own data?
- Is there a data breach response procedure?
Integration reliability
Salary disbursement
The most operationally critical integration: can the software actually pay people?
- Bank file generation: Does the software generate correct NEFT/RTGS bank files? Are there known issues with specific banks?
- NetBanking integration: If direct bank integration exists, what is the failure rate? What is the retry logic?
- Manual upload path: Is there a fallback for when automated disbursement fails?
A disbursement failure on salary day is a severity-1 incident for every customer simultaneously.
Government portal integrations
- PF filing: EPFO ECR file generation — is it current with the latest EPFO format?
- ESI filing: Monthly ESI challan generation and submission
- TDS filing: 24Q and 26Q quarterly returns — are they generated correctly?
- Professional tax: State-specific filing integrations
How many of these are automated vs. manual? Manual filing assistance is a support cost.
Attendance and biometric hardware
Many HR systems integrate with biometric attendance devices (ESSL, Suprema, ZKTeco, etc.):
- Which devices are supported?
- How is attendance data pulled? Push API, pull API, or file upload?
- What happens when the device goes offline — is attendance data recovered when connectivity returns?
- Are there customers running custom integrations? These are a support and maintenance burden post-acquisition.
Customer concentration and churn risk
HR software has specific retention dynamics:
- Implementation stickiness: Once payroll data history, pay structures, and employee records are in a system, migration is painful. This is a retention asset.
- Year-end dependency: March end (Indian financial year) is a critical period — customers will not switch payroll software in Q4. Migration happens in April–June.
- SMB vs enterprise: SMB payroll customers churn more readily; enterprise customers have higher switching costs but also higher support requirements.
Ask: what is the annual churn rate? Why do customers leave? Is it price, compliance issues, or functionality gaps?
Post-acquisition operational risk
The payroll calendar waits for no one:
- Salary cycle timing: When does the acquisition close relative to salary processing dates? The first few months post-acquisition are operationally high-risk.
- Support team retention: The support team knows the system's quirks — which compliance edge cases, which integrations break during which events. Losing key support staff post-acquisition creates immediate customer risk.
- Regulatory update calendar: What regulatory changes are coming in the next 6 months? Is there capacity to implement them?
Valuation considerations
| Finding |
Implication |
| Payroll calculation errors found in audit |
Liability risk; negotiate representations/warranties |
| Compliance update lag > 30 days |
Ongoing compliance cost; factor in dedicated resource |
| No salary disbursement integration |
Operational gap; customer expectation risk |
| PAN/Aadhaar stored unencrypted |
Regulatory violation; remediation required pre-launch |
| State coverage gaps |
Limits TAM; factor into growth assumptions |
| Customer concentration (top 3 > 40% revenue) |
Churn risk; investigate relationship health |
Acquiring HR or payroll software and want an independent technical assessment covering calculation accuracy, compliance currency, and integration reliability? Contact us — we conduct payroll-specific technical due diligence with a focus on the regulatory and operational risks that generic assessments miss.