User Manual

TaskRox Help & User Manual

Select a topic from navigation to view one module at a time.

Topic: Payroll execution (AU federal + NSW)

Payroll execution (AU federal + NSW)

Phase E v1 Australian payroll EXECUTION on top of a pre-configured payroll setup. Lifecycle + artifact generation: PAYG via ATO Schedule 1, Superannuation Guarantee at 12% per SGAA §19, Payslip content compliant with Fair Work Regulations 2009 Reg 3.46, Single Touch Payroll Phase 2 PAYEVNT.0004 file generation, BECS Direct Entry bank file export, two-person payroll-admin grant model. There is no in-product setup path in v1 — setup primitives (settings, worker profiles, pay periods, pay items) are populated via implementation / back-office configuration outside the shipped UI. Self-service setup UIs and operator-driven pay-run origination are queued for a future phase. See the v1 scope & compliance disclosure below for what v1 does NOT cover.

v1 scope & compliance disclosure (mandatory)

TaskRox Payroll v1 supports Australian federal + NSW only. PAYG uses ATO Schedule 1 (NAT 1004 — 1 July 2026 update set, effective from 2026-07-01). Superannuation Guarantee at 12% per Superannuation Guarantee (Administration) Act 1992 §19. STP Phase 2 PAYEVNT.0004 files are generated for the employer to route through a registered Sending Service Provider, BAS/tax agent, or future PLS-certified provider; v1 does NOT lodge STP directly with the ATO and is NOT a Digital Service Provider. Award and EBA rate verification is the user's responsibility — TaskRox does not interpret modern awards or enterprise agreements. Termination payments (including unused leave on termination — ATO Schedule 7 governs), ETP / genuine redundancy (Schedule 11 / former Schedule 30), bonus tax methods (Schedule 5 Method A/B), backpay adjustments, salary sacrifice, foreign-resident (Schedule 9), working-holiday-maker (Schedule 15) scales, and Medicare-levy-variation (NAT 0929) handling are NOT in scope for v1.

Pay run

Pay runs are the unit of payroll execution. The lifecycle is draft → reviewed → finalised → STP P2 handoff payload generated → external lodgement recorded with reversed / amended branches off the finalised states.

  • Draft holds in-progress pay events for review.
  • Reviewed is the operator confirmation that the run is ready to finalise.
  • Finalised binds the active ATO Schedule 1 ruleset version + SG rate to every pay event in the run; this version stays bound forever (the ruleset row is immutable).
  • STP P2 handoff payload generated produces the downloadable PAYEVNT.0004 file.
  • External lodgement recorded captures the SSP/BAS-agent tracking ID once the operator routes the file externally; both the lifecycle audit row AND a dedicated payroll.stp.externally_lodged audit row land atomically (the wording is explicit that lodgement is external, never an ATO submission).
  • Reversed creates a new reversal run pointing back at the original.
  • Amended issues a post-finalisation correction event matched against the original.

Payslips

Payslip content is compliant with Fair Work Regulations 2009 Reg 3.46(1)(a)-(j) — every paragraph the regulation requires is rendered in the payslip output and SHA256-snapshotted for tamper detection.

Payslips are generated as PDF artifacts (via the storage spine) plus an immutable JSON snapshot of the pay-event inputs and outputs. A regulator can recompute the calculation offline from the snapshot if needed.

BECS Direct Entry bank file

The bank file export uses the BECS Direct Entry ABA file format (AusPayNet BECS framework — the de facto Australian batch-payment standard accepted by all major banks).

The generator takes the employer trace BSB and account number at the time of generation (per-run; a future polish revision may add per-workspace defaults). Each worker's bank account must be active in the worker bank account register before the BECS file can include them.

Payroll-admin grant

Access to payroll surfaces is gated by an active payroll_admin grant — not by workspace admin membership. The bureau-workflow pattern: a regular workspace member CAN be granted payroll-admin without becoming a workspace admin.

Granting payroll-admin requires two different workspace admins (propose-then-confirm) or a super-user direct grant. The proposal expires after 24 hours if not confirmed; an opportunistic expiry sweep runs every time the governance UI loads to keep the live state accurate.

Revoking requires a written reason that's kept in the audit trail. Every transition writes a workspace.payroll_admin.* audit row.

Audit trail

Every payroll event writes an immutable audit row to the workspace audit log. The full action catalogue: payroll.pay_run.created, .reviewed, .finalised, .stp_file_generated, .external_lodgement_recorded, .reversed, plus payroll.pay_event.created, .amended, .reversed, plus the payslip / STP / BECS file lifecycle actions (generated, downloaded, cleanup_failed, read), plus the worker_bank_account create/deactivate actions, plus the workspace.payroll_admin grant actions (proposed, confirmed, revoked, expired).

A future report surface in the admin panel will let you filter the log by action / pay_run / worker / time range.