Another hospital network disclosed underpayments last month. The headlines focused on the dollar figure. They always do. Tens of millions. Years of liability. Thousands of affected staff. The remediation gets announced. The consultants get hired. The CEO says the right things.
Nobody asks the obvious question.
How did four separate systems, rostering, HR, credentialing, payroll, all report "compliant" while staff were being underpaid for years?
Because each system was compliant. Within its own boundary.
Here's what actually happens. A nurse gets reclassified from Level 2 to Level 3 in the HR system. Correct. The Nurses Award (MA000034) rate for Level 3 gets updated in payroll. Also correct. But the penalty rate mapping in payroll, the table that cross-references employment type, shift pattern, and classification to produce the actual dollar amount, was configured by someone in a different team, and that person doesn't get told about the reclassification, or they do, three weeks later, in an email they miss. The base rate is right. The penalty calculation is still using Level 2 loadings.
Every Sunday shift from that point forward is underpaid by $8 or $12.
One nurse. Maybe $400 over a quarter. Now multiply that across a classification change affecting 200 nurses across 6 hospitals, where each hospital has its own payroll configuration maintained by a different person, and suddenly you're looking at a number that requires lawyers.
The second failure mode is worse because it's invisible. Award rates change every July. Base rates get updated. But the site allowance trigger table, the one that maps employment type by shift pattern by location, doesn't get touched. Why? The person who built it left eighteen months ago. Nobody else knows the table exists, let alone how to update it. So an allowance worth $8.40 per shift quietly stops applying to a subset of staff.
Across 2,000 employees over two years, that's a headline.
The third failure mode is the most common. An allowance or loading correctly configured in March becomes silently incorrect in July when the FWC publishes new rates. Base rate updates. Derived value doesn't. The system keeps calculating. The payslip looks normal. Nobody notices because the error is $3 per shift, not $30, and $3 per shift is invisible until you multiply it across 800 employees working multiple shifts per fortnight for a year and realise the number has six figures and it accumulated while every system reported green.
After every disclosure, the remediation playbook is the same. Engage auditors. Review configurations. Retrain staff. Implement quarterly reviews. This catches static errors, a rate entered wrong, a classification coded to the wrong level. It does not catch dynamic errors. A rate that was correct in March and silently became incorrect in July will pass every quarterly review that doesn't independently recalculate from the award source.
The quote that stays with me
I spoke with a payroll manager after one of these remediations. She said something I haven't been able to forget.
"We fixed everything they found. But I still don't have a way to know, today, whether the systems agree with each other."
That's the whole problem in one sentence. The remediation fixed the past. It didn't fix the architecture. The structural conditions that produced the underpayment, multiple interdependent systems with manual governance of the handoffs between them, are identical the day after remediation as they were the day before. The only difference is the configurations were rechecked. They'll drift again.
They always do.
Every large healthcare employer in Australia has the same architecture. Rostering system. HR system. Payroll system. Credentialing system. Four systems, four teams, four update cycles, and the data flows between them on trust because HR classifies, rostering schedules, payroll pays, and each team assumes the previous handoff was correct because they don't have the tools or the training to verify it.
The next hospital to disclose will have the same architecture. The one after that will too. The question isn't whether it will happen again. It's whether anyone will fix the architecture before it does.