Human Resources Best Practices and Audits: Types of Audits
There are many different types of human resources (HR) audits. An audit can be as simple as reviewing employment files to ensure that they are in order or it can involve reviewing effectiveness of corporate HR policies, which may include interviewing supervisors, managers and employees. Audits can be broad, incorporating how a business operates and reviewing efficiencies. They can include a review of a company’s formal and informal systems and procedures to determine whether they meet current and projected future needs. An audit can tell a company where it is with legal compliance and what needs to be done to manage human resources risk. Audits can and should be tailored to an organization’s needs and resources. While comprehensive audits offer the maximum protection, focused and tailored audits can also be beneficial, as they can identify potential problems and lead to the institution of timely corrective measures.
The first installment in this two-part series, Human Resources Best Practices and Audits: Laws and Regulations to Consider, examined some important laws and regulations for which a company should ensure compliance. Discussed below are various types of audits and reasons why each may be useful to a company.
It is not enough to be compliant with the various employment laws. Employers need to demonstrate compliance through production of accurately maintained and stored records. Records audits bring attention to potential violations that can often be remedied expediently. A missing signature on an acknowledgement form, unchecked box on an I-9 or inclusion of medical documentation in a personnel file may appear to be minor issues, but each can subject an organization to fines and penalties, or increase potential damages in a lawsuit or settlement. Below are topics and questions to consider.
- For each employee hired after 11/06/1986, is there a current I-9 on file documenting eligibility to work in the U.S.? Is each form accurate and complete? Are they signed and dated?
- Are your personnel files properly maintained? Are medical and DoT files (where applicable) maintained and stored separately and properly secured?
- Do the personnel files contain W-2's, direct deposit authorization, and emergency contact information? Do they contain all required company records (i.e. job applications, job descriptions, signed confidentiality agreements/contracts, performance evaluations, handbook and acknowledgment forms)?
- Do your HRIS or payroll records confirm compliance with federal, state and/or local minimum wage?
- Is all necessary data being collected and maintained?
- Does the Employee Handbook include all required policies?
- Do any of those policies need to be revised based on changes in the law?
- Does the handbook comply with state and local laws? For example, if you are in Philadelphia, does the paid time off policy comply with the city's paid sick leave requirements?
- Are all required postings current and visible to employees and applicants? Remember, state and local postings require changes more frequently than federal (think minimum wage!).
- Do supervisors maintain their own "shadow" files? What is in those files?
- Do you have an up-to-date records retention policy? Do employees comply with it?
- Does that policy cover electronic data such as emails? Has it been reviewed by litigation counsel?
HR Functions Audit
An HR functions audit looks at the various functions of the HR department, how those functions are being conducted, and whether they are effective and efficient. These audits often focus on specific aspects of the HR functions, for example hiring/recruiting, benefits, compensation/payroll, performance evaluation or termination/post employment.
- Do you have job descriptions and are they accurate, current and ADA compliant?
- Do they include all "essential functions" for the position?
- Is there a formal job posting process in place?
- Where applicable, do your applications comply with "ban the box" regulations? Are your practices compliant with EEO and AA requirements?
- Do your applications include an "at will" disclaimer?
- Is your pre-employment screening process compliant? Have any assessments you use been validated and are the assessments used as intended?
- Are all required screenings conducted (i.e. DOT drug test, driving record verification)? Are applicants provided with required disclosures and is required consent obtained?
- Are all screenings conducted consistently and in accordance with the latest regulations? Are your hiring managers and recruiters aware of the obligation to provide reasonable accommodations for pre-employment drug testing for qualifying individuals or documentation for applicants not selected based on results of a background check?
- Who is involved in the hiring process and who makes the final decision? Does everyone involved complete training relating to permissible interview questions and basis for hiring decisions?
- Are references routinely checked before each hire? All are required documents retained?
- How long does it take from job posting to hiring and how does that time frame compare with others in the industry?
- Is there a procedure for notifying rejected candidates?
- Are your plans and practices compliant with government regulations? Is the company competitive in its benefit offerings?
- How do applicants view the hiring process? Are there postings on Glassdoor or other websites?
- Does the company's practice comply with the ACA? If the company has a wellness program, does it comply with the ACA, ADA and other laws and regulations? Are steps taken to ensure confidentiality of private information?
- Are benefits offered to all full-time employees? Have all new hires received written notice regarding the availability of government-run health insurance exchanges?
- Is the value of employer-sponsored healthcare benefits reported on employees' W-2s?
- If benefits are offered to dependents, is eligibility audited under the program?
- Are employees properly classified as exempt or non-exempt under the FLSA; full-time or part-time under the ACA?
- Is the classification of workers as independent contractors supported by a written independent contractor agreement specifically drafted for the relationship?
- Are all employees paid at least minimum wage? Is the company paying competitive wages for the industry? If an employee is paid overtime, is the "regular rate" of pay properly calculated? Does it include non-discretionary or bonus pay?
- Are employees classified as exempt being paid on a salary basis? What steps are taken to ensure that improper deductions are not being made from their pay? Does the company have a "safe harbor" policy? If so, how is it disseminated to employees? Are non-exempt employees being paid for all time worked?
- What criteria does the organization use to determine wage increases? Are these practices monitored to ensure equal pay practices for females or minorities?
- Are time keeping records adequately maintained?
- Is there a system for evaluating employee performance? Is it consistently followed?
- Are employees provided with written job expectations? Are performance evaluations reviewed for consistency? Are employees provided an opportunity to comment on performance evaluations?
- Who is involved in termination decisions?
- What factors/documents are considered? Is the decision reviewed by HR or legal?
- Who informs the employee of the termination? Who else is present?
- Does the company have a severance plan? Is the employee's final paycheck properly calculated and issued in a timely manner? Is the employee provided with all legally required notices (i.e. COBRA)?
- What steps are taken to secure company property/passwords, etc.? Are all terminated employees reminded of post-employment obligations (i.e. confidentiality, non-competition, non-solicitation)?
- Are exit interviews consistently conducted and findings from those interviews shared?
Legal Compliance Audit
A legal compliance audit measures how well an organization is complying with federal, state and local employment and labor laws and involves a thorough review of HR policies and procedures to ensure legally mandated requirements are incorporated and followed. A legal compliance audit will include the records audit described above, but also includes a review of a company's written and unwritten policies and considers whether those policies increase or mitigate HR risk. It is often helpful to approach the review with specific laws in mind.
Family and Medical Leave Act (FMLA)
The federal FMLA entitles covered employees to up to twelve workweeks of unpaid, job protected leave in a 12-month period, for qualifying family and medical reasons. Employers are also required to maintain preexisting group health plan coverage for an employee exercising his/her right to take said leave. The FMLA provides a cause of action for employees who feel their FMLA rights have been interfered with, in addition to the usual retaliation cause of action found in most employment laws. Because of this, administration of FMLA is particularly important.
Policy and Procedure Review
- Does the company have a written FMLA policy? Does the policy include all of the requirements for FMLA to apply?
- Does the policy have the correct definition of spouse in light of Windsor? Read our alert on the topic here.
- Are required postings prominently displayed?
- Do written job descriptions accurately define job duties?
- Does the company's attendance policy comply with the FMLA? Does it comply with state leave laws?
- Has there been any training on FMLA requirements and how to process FMLA requests? Do supervisors know generally what the FMLA requires?
- How are FMLA absences (including intermittent leave) treated for payroll and attendance policies?
- Is there a procedure for what happens if an employee seeks leave? When is paperwork sent to the employee and who coordinates it? Who determines whether the employee is entitled to FMLA leave? If leave is intermittent, does it comply with the law and the company's policy?
- Are steps taken to protect the employee's medical information?
Fair Labor Standards Act (FLSA)
The FLSA governs minimum wage, overtime and record keeping requirements. Employers are required to pay the higher of the federal, state or local minimum wage rate to all non-exempt employees for all hours worked. Enforcement remedies for violations include payment of unpaid minimum wages and/or unpaid overtime, back wages, liquidated damages and civil penalties. In addition, many states have their own wage and hour laws which have additional requirements.
Policy and Procedure Review
- Are there accurate written job descriptions?
- Are posters outlining federally mandated and any state and local laws prominently displayed?
- Does the employee handbook include a "Safe Harbor" policy and complaint procedure to address possible improper deductions to exempt employee pay and protection of the salary basis?
- Is there a policy forbidding working of overtime without prior authorization? Are supervisors aware that employees must be paid for all time worked (approved or not)? Is there a policy requiring non-exempt employees to record all work time? Is that policy enforced?
- Are employees given all legally required breaks? If minors are employed, are all state and federal laws regarding employment of minors, work hours and breaks being followed?
- Do supervisors receive regular training? Are they aware of the requirements of the FLSA?
- Are supervisors taking steps to make sure that time cards for hourly employees accurately reflect all time spent working? Do payroll and HRIS systems collect and maintain all required information? Are worked hours accurately recorded and records properly retained?
- Are employees properly classified as exempt or non-exempt? For all exempt employees, do the employee's actual duties support their classification as exempt? Are all exempt employees paid on a salary basis? Are any deductions taken from their pay permissible?
- Are all non-exempt employees paid at least the minimum wage required? Are they paid overtime pay of one and one-half times the regular rate of pay for all hours worked? In calculating the "regular rate" of pay, is all required compensation included?
- Is overtime paid in accordance with the FLSA, state requirements and company policy or Collective Bargaining Agreement (which may require more lucrative policies such as paying overtime for hours over eight in one day)?
- Are employees provided all required pay information (including pay days,deductions, etc...)?
ANTI-DISCRIMINATION/ANTI-HARASSMENT AND ANTI-RETALIATION
Policy and Procedure Review
- Does the company have an adequate anti-harassment and anti-discrimination policy? Does it include all protected classes? Is it based on state and local laws?
- Does it include a procedure by which those who believe they are being discriminated against or harassed can complain? What if the claim is against a supervisor or senior manager?
- Does the policy say what will happen if a complaint is received? Does the policy discuss retaliation (and explicitly state the company will not retaliate)?
- How are the policies disseminated to employees?
Training and Implementation
- Is all legally mandated training taking place and are records being kept of those trainings?
- Are supervisors trained on the harassment policy? Are employees trained? Do employees sign an acknowledgement of receipt of the harassment policy?
AMERICANS WITH DISABILITIES ACT (ADA)
The ADA prohibits discrimination against qualified individuals with a disability. It also may require employers to provide reasonable accommodations to qualified employees so long as those accommodations are not unduly burdensome.
Policy and Procedure Review
- Does the company's anti-discrimination policy include disability? Do the company's other policies, including drug testing, discipline, leave and termination comply with the ADA?
- Does the company have a procedure for how to determine when the ADA comes into play and how to address requests for accommodation? Who is involved in discussing accommodation requests with the employee? Are they properly trained on the ADA requirements?
- Are steps taken to protect the employee's medical information from improper disclosure?
- Does the company's attendance policy comply with the ADA? Do the written job descriptions include all essential functions for the job?
Training and Implementation
- Are supervisors and managers generally aware of the ADA requirements and when to get HR involved? Do the people who will be responding to ADA requests for accommodation have adequate training?
- Is there a procedure for discussing ADA requests? Are all company representatives aware of the "interactive dialogue" requirements?
- Are there guidelines for when to obtain functional capacity assessments?
- Does HR know what medical information they can request, from whom and with whom it may be discussed?
- Is there an understanding of when legal counsel should be brought into these discussions?
IMMIGRATION REFORM AND CONTROL ACT (IRCA) OF 1986
Along with the Immigration Act of 1990 and Illegal Immigration Reform and Immigrant Responsibility (IIRIRA) Act of 1990, IRCA makes employment of undocumented workers unlawful and requires all employers to verify employment eligibility status for new hires. It prohibits continued employment of employees whose work authorization is later found to be fraudulent or has expired. It also requires I-9 Forms be completed by both employer and employee and retained on file for three years from date of hire or one year from termination—whichever is later. Revisions to the form were most recently made in March 2013. Click here to access the current version.
Points to audit include
- Is the correct form being utilized? Is it accurate and complete?
- Was the form completed in a timely manner? Are employment authorization documents still valid?
- Are I-9s retained for the appropriate time period?
For a smaller company, the time (and money) it takes to conduct all or some of the audit functions described above is likely to save untold expense and misery in litigation or regulatory actions. If a company can "check" all the boxes, it will have a much easier time during depositions and even trial, should that come to pass.
For questions about HR best practices and audits, please contact Debbie Sandler (email@example.com; 215.864.6203), George Morrison (firstname.lastname@example.org; 610.782.4911) or another member of our Labor and Employment Group.