Human Resources compliance auditing refers to the auditable areas in the organization that fall under federal and state laws pertaining to the employer-employee relationship. For any operating business, the legal risks and ramifications associated with failing to comply with HR legal requirements, as well as reputational risk to the company and potential impact on employees, are too significant to overlook. Scenarios that can trigger an HR audit differ from organization to organization and may range from the company implementing a new HR audit software system to an inquiry from the legal department regarding recent lawsuits.
For auditors tasked with building a human resources audit program, it is helpful to know that laying the foundation for an effective human resource audit process can lead to efficiencies year after year. Below are the best practices for planning an HR Audit and a five-step HR Audit Checklist.
What Is an HR Audit?
Auditing Human Resources, or HR, often includes reviewing a series of compliance, operational, and strategic risks that can impact the organization’s overall success in meeting its objectives. HR is a multifaceted area that includes hiring, onboarding, development, promotion, performance management, compensation, and employee well-being. With the increase in a talent shortage, employee stress, and focus on productivity, having an effective HR department is critical to every organization.
HR audits vary in nature and can be performed by either internal auditors or HR professionals. Often, HR professionals will perform self-testing against legal requirements as a regular detective control to ensure compliance. They may use an HR audit spreadsheet or other HR audit checklist they have developed on their own.
When internal auditors are involved, the scope of the audit is generally focused on the preventive controls and overall control environment in which the HR professionals are working.
Types of HR Audits
While there are many types of HR aAudit, these typically fall into three categories: compliance audits, operational audits, and strategic audits.
Many audit teams include a review of the organization’s compliance to legal requirements such as the Americans with Disabilities Act (ADA) or the Family and Medical Leave Act (FMLA) regulations or to internal policies. Common audits such as I-9 file compliance, tax reporting, and salary laws are often tested with HR audit checklists.
HR operations include auditing daily processes like compensation and benefits administration, performance management, and safety practices.
Much of an organization’s strategy starts with HR. Management objectives such as filling key positions, ensuring non-discriminatory hiring practices, developing and training the current staff, and succession planning represent key risks within every organization.
What Does an HR Audit Consist of?
While HR is a unique area within an organization, an HR audit still consists of common audit practices. We start with defining the management objectives within the scope of the project, then identify the risks and controls related to the objectives. The auditors then test the controls as usual.
How to Plan an HR Audit?
The decision to conduct a human resource audit begins during the audit planning process as a conversation between internal audit and the company’s leadership team. This discussion regarding which HR areas are of the biggest concern to the company will lay the groundwork for the human resources audit program that internal audit is responsible for implementing.
HR Audit Checklist
For compliance audits, the key to success is often completeness —– this is where an audit checklist can help. We want to include all applicable regulations, policies, and procedures in the checklist for maximum efficiency in the audit.
1. Study and understand federal and local laws.
When initially developing your audit procedures for a human resource audit, develop them based on federal laws and the local laws in your state. The focus of an HR audit is to provide coverage over legal requirements and reputational risks your company has concern over; as such, creating your audit procedures based on the law is the surest way to address these risks. Familiarize yourself with employment forms (W-2, I-9, etc), how they should be filled out, and the rules and penalties associated with these contracts. Ask yourself “What are the rules that should be followed and what kind of testing can I perform to make sure we are addressing those rules?”
2. Always double-check the law.
Human resource laws do not change very often, allowing internal auditors to create templates to leverage from audit to audit. Nonetheless, it is always wise to double-check for changes or updates to regulations before proceeding to roll-forward existing templates.
3. Expect the process to be manual.
Due to the sensitive nature of handling employees’ personal information, plan your audit processes accordingly. Set aside time to perform in-person testing, knowing you will not be allowed to leave the premises with documents containing sensitive information.
4. Escalate issues immediately and fix in real-time.
Because most issues identified during a human resource audit should be addressed immediately to avoid legal ramifications — or, in the case of HR-related SOX findings, turning into misstatements on a company’s financial reports — it is important to escalate issues immediately and prioritize fixing them in real-time. Addressing how to prevent these issues from occurring in the future can be done in the HR audit report later.
5. Be a value-add where you can.
For example, some HR areas are also covered from a financial reporting (Sarbanes-Oxley or SOX) perspective. Internal auditors performing SOX testing who notice HR-related operational problems can set aside time to address those issues with the HR department, as these problems have operational ramifications for the company.
Ready to Streamline Your HR Audit Process?
To learn how AuditBoard can help you streamline your HR audit process from end to end, contact us today for a customized demo by filling out the form below.
Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.