Appeared in Volume 31, Issue 2 (Summer 2004)

The HR Audit for Legal Compliance and Safe Business Practices

Joan Curtice

Often in assessing a company’s business practices and legal compliance, the emphasis is on the company’s financial records. It is equally important, however, to assess HR policies and practices, including the less concrete and less tangible areas that deal with employee dignity and well-being. These are harder to measure, but their impact on productivity can be significant. Additionally, poor business practices can lead to very expensive legal sanctions. Just as regular audits help companies ensure proper financial practices, audits can be valuable tools in assessing HR policies and practices and ensuring that the company maintains a safe and respectful work environment.

HR audits typically are conducted as "walk-throughs" in the workplace itself, with the HR department using a multipoint checklist defining those "must haves" to ensure that a company is legally compliant under both state and federal government regulations. The audit specifies conditions that should be met and then determines whether they are or are not. Often, interviews are conducted randomly with employees and managers to determine the culture or climate with regard to acceptable/unacceptable behaviors in the workplace. Once an HR audit is conducted, a company will know exactly what needs to be done to ensure its legal compliance.

This article details some typical elements included in HR audits. Although most examples of legal requirements cite federal legislation, remember that various state laws have similar requirements.

WHAT DOES AN HR AUDIT COVER?

The HR audit is broken into areas of evaluation that include what is needed before a company hires any employees all the way through the process of recruiting new employees, bringing them aboard, enrolling them in benefits programs, safeguarding their confidential information, managing and supporting them, and participating in their exit from the company, if necessary, either voluntarily or otherwise.

This evaluation is conducted with the use of a Human Resources Audit Checklist, a sample of which is included in Exhibit 1. The checklist includes the major visible, tangible areas of HR that can be evaluated for compliance. The items included in each area are checked off as being in compliance with what is legally required or "not up to standard" or "missing." It is then the company’s decision to take the appropriate actions or recommendations included in the report.

Depending on the size of the organization, the number of workplace facilities and other complexities, an audit can take anywhere from a half a day to several days to conduct.

The evaluation and report that follow the audit generally take about ten days to two weeks to prepare.

PRE-EMPLOYMENT REQUIREMENTS

This portion of the audit includes requirements for getting your worksite ready for new hires as well as the materials that should be given to prospective employees.

Mandated Postings

An audit will cover such legal requirements as what postings must be prominently displayed in your workplace. Such postings are required under both state and federal laws. Excellent kits are available that contain the mandated postings, and they can be obtained from several vendors.

The required postings vary, depending on company size and some other factors. Certain companies may be required to post industry-specific information. Typically, required postings are related to the following (Massachusetts law is used as an example to compare state law requirements):

Federal:

• Equal Employment Opportunity Act
• Federal Age Discrimination Act
• Americans with Disabilities Act (ADA)
• Veterans’ Acts
• Fair Labor Standards Act incorporating minimum wage, child-labor, and overtime information
• Family Medical Leave Act (FMLA) (for companies with more than 50 employees)
• Occupational Safety and Health Act (OSHA) (plus annually mandated postings

State:

• Massachusetts Maternity Leave Act (at least six but fewer than 50 employees)
• MCAD Sexual Harassment Policy (Massachusetts Commission Against Discrimination)
• Massachusetts Right to Know Law
• Massachusetts Fair Employment Practices Act
• Employee Polygraph Protection Act
• Unemployment Insurance Information
• Workers’ Compensation information

The Employment Application

As you begin the process of planning to hire new employees, one strongly recommended tool is a legally compliant employment application. The employment application must be designed to capture the information a company needs to begin the process of assessing the candidate’s suitability for both the job opening and the corporate culture. This includes the candidate’s name, contact information, the position applied for, education, work/volunteer history with dates, previous compensation, specific skills, references, and so on.

Additionally, the application serves to make some specific legal statements to potential candidates. Among these statements are some that might state that your company is an "at-will" employer, indicating that it allows the employee or the employer to terminate the working relationship at any time for any reason (or no reason) and does not establish any contracts, implied or otherwise, with its employees. Your application must contain certain statements that allow you to seek additional information about the candidate and release you from any legal repercussions for doing so. It should contain an authorization (signature) by the candidate attesting to the truth of the information provided and the consequences of falsifying information. Some employers use this authorization to cover both the written information on the application and résumé and any information provided in the spoken exchanges during the interview process.

With regard to legal issues, your application should ask whether the candidate has the legal right to work in the United States, but not whether he or she is a citizen (except in certain federal circumstances). It may also probe areas such as conviction for certain felonies or misdemeanors but not arrest information (see also the State Regulations Update in this issue of Employment Relations Today). These are legal specifics that require a review by your employment attorney before putting them on your application.

The Employee Handbook

A handbook can be an effective vehicle for communicating company culture and benefits as well as any expectations the company has of its employees—in other words, its policies. Written policies help ensure equal and consistent treatment of employees by managers if used as a guide and can help avoid employment lawsuits. However, the handbook must be reviewed and updated regularly to reflect changes in employment law as well as in company circumstances. An outdated handbook can cause serious problems and may be worse than not having one.

There are some cautions, however, as you include information in the company handbook. You should avoid promising that all employees will be treated in a certain way all of the time. Sometimes even promising to use progressive discipline standards can backfire into wrongful discharge if you terminate someone for egregious behavior without this process. Avoid using a probationary period for new hires; do not imply "permanent" employment following any initial trial period. This chips away at the at-will employment doctrine and may be construed as an implied contractual commitment. As a rule of thumb, avoid including policies that limit the company’s ability to use its discretion in making employment decisions, and do not "guarantee" in advance how all decisions will be made.

Be sure that your handbook makes all the legally mandated statements. These statements are similar to the mandated postings and include policies related to equal opportunity, nonharassment, and maternity, family, and medical leaves (if applicable). The handbook is also a good place to describe the company’s ownership of communication equipment, e.g., electronic forms in particular (e-mail and Internet access). Be sure to clearly outline company expectations about how such services are to be used.

Legal counsel should review the handbook to ensure that it is compliant with state and federal requirements. In general, if there is a conflict between state and federal mandates, the federal mandate takes precedence unless the state mandate is more stringent, i.e., more favorable to employees. So, the better you treat your employees, the safer you are from a legal compliance standpoint.

Interviewing Standards

As you move through the process of bringing new employees aboard, you may rely on your current employees to help select new employees. At a minimum, it is strongly suggested that you provide your interviewers with a basic list of the do’s and don’ts of interviewing.
If possible, a training seminar on the topic will be more effective in both listing and explaining the interviewing taboos. Those who are new to the role of interviewer may inadvertently inquire about an area of the candidate’s life that constitutes "protected information," which cannot be legally part of a company’s decision to hire an employee. Some examples include a person’s marital status, whether or not the person has children, questions about a disability or other impairment (obvious or not), ethnic/racial/national origin, religious affiliation, and sexual orientation/lifestyle. A quick training on this topic can save you legal hassles later on.

HIRING PROCESS

If your company does any pre-employment testing (e.g., skills, medical, or drug testing), there are legal complexities associated with these assessments.

Skills Testing

When testing is conducted to determine the skills needed to do the job, the requirements are straightforward. The test should measure what you wish to know about a candidate’s ability to perform specific tasks that are relevant to a particular position (e.g., for an administrative assistant position, how many words per minute does someone type on a keyboard and what is his or her error rate?). Additionally, the guidelines to prevent any hints of discriminatory hiring practices include giving the same test to all applicants who apply for that same job, in the same circumstances and under the same conditions. So, don’t test one applicant in a quiet, well-lit room and another in the middle of a busy and noisy open workspace.

Medical Testing

Many companies require a pre-employment physical. This can be conducted only after an offer of employment has been provided to an applicant and only if physicals are required of all candidates considered for that specific position. The offer of employment can be contingent on successfully passing the required physical. However, a candidate can be refused employment only if an aberrant condition is discovered that directly affects his or her ability to perform the essential functions of the job for which he or she is being hired.

Companies whose work product or service directly affects the well-being of the general public—e.g., as is the case with drivers of company vehicles or airplane pilots—usually conduct pre-employment drug testing. Those who work with delicate instruments, children, or the elderly or who handle toxic materials could also be expected to pass a drug test. Most companies avoid random drug testing, but it is legal to conduct such a test if such a policy is clearly stated to all employees. A specific drug-free workplace policy including all this information usually accompanies a company’s drug-testing program.

Offer Letter

Most companies fail to recognize the significance of offer letters, even though they create legal commitments on the part of the company to a candidate. The offer letter must accurately reflect the position that is being offered, restate basic requirements of the position or company expectations, and describe certain conditions of employment, such as employment being contingent on passing a medical exam, providing documentation to prove the right to work in the United States, or signing a noncompete agreement. An audit can include items to review (or create) the language of your standard offer letter. There may be different standard templates depending on whether the employee is exempt or nonexempt.

Typically, offer letters should not state an annual salary, but rather the amount that will be paid to a nonexempt person in hourly rates or to an exempt person in the amount usually paid in the "pay period." For most companies, this is monthly or bimonthly. Stating an annual salary can be construed as a contract for a year’s worth of employment and can be very costly if you have to terminate the person within that first year. As mentioned previously, be cautious in describing probationary periods for new employees because this could suggest to employees that at the end of the probationary period employment will be permanent. Permanent should never be used to describe an employee’s status. Companies should describe new hires as regular employees or full-time or part-time employees.

Information in the offer letter should include specifics about the role and duties of the position, the reporting relationship, and the benefits provided by the company. Signature requirements of the employee should be spelled out in the offer letter if they include items such as noncompete agreements or any legal documents the employee must bring on the first day of employment such as identification documents to complete the immigration department’s (INS’s) mandatory I-9 form.

NEW-HIRE ORIENTATION PROCESS

Bringing new employees aboard requires consistency both to facilitate the employee’s assimilation into your culture and to ensure legal compliance with regard to necessary materials that are distributed to and collected from all employees. This is best accomplished with a standard orientation process and new-employee package that includes a checklist indicating the materials an employee is being given to read and keep and those forms that must be completed and returned to the company. The checklist serves as a helpful tracking tool in two ways. First, it ensures that applicable legal documents are returned and executed in a timely manner. For example, I-9 forms must be executed within three days of a person’s hire. Second, it provides a written record verifying the materials received by newly hired employees, which can help protect employers from possible later claims that an employee wasn’t aware of a certain policy or program.

The orientation process also affords an appropriate time to provide a new employee with the employee handbook if you have one. Some companies distribute the handbook and require a signed affidavit of receipt. Many attorneys recommend against this since it can be construed to be the start of a contractual relationship because of the mandated signature. Including it as an item on your checklist and distributing it to all new employees makes it part of your formal business practice, and, as such, it most likely will stand up in court if an employee should claim he or she did not receive a handbook.

WORKPLACE POLICIES AND PRACTICES

Many smaller companies consider it offensive to commit to writing certain aspects of how they conduct business. For some companies, this smacks of a level of formality that is off-putting to its "people-oriented culture." Although admirable in its spirit, this lack of willingness to commit certain policies to writing is patently illegal. Certain laws require that you spell out very clearly what your policies are about guaranteeing specific protections to employees. These protections are wide-reaching, from the information collected on employees to the type of behavior displayed in interactions between managers and their direct reports and employees and their peers.

Safeguarding Employee Information

As soon as employees come aboard, a company begins collecting information that must be safeguarded to protect employee confidentiality. Typically, this is personal information such as marital status, children, and age. Employers are bound to handle this information so that it is locked and protected. Additionally, the employer must keep originals of written information in its files so that separate files are maintained for personal information as contrasted with employment-related information.

The goal of this effort is to remove personal information from any decision-making that ensues regarding the employee’s career with the company. So, for example, the issue of an employee’s marital status or number of children is not included in the employee’s "work" file, which may be requested by a manager wishing to take some employment action on behalf of the employee. The employment decision needs to be made on work/performance-related information, not the personal information. Relevant materials in the work file include information on the employee’s education, related work experience, and performance evaluations in other positions within the company. An audit can clarify what information must be segregated and the laws that govern employees’ access to and copying of their files.

Other employee information that must be safeguarded includes any materials that contain medical information. Employers are strongly advised not to maintain any of these records on the premises. A third-party administrator or insurance carrier is the best monitor to maintain and process information such as for an employee’s medical leave. The employee should deal with these services directly.

Employee Performance Management

An audit will review your company’s job descriptions for ADA compliance (i.e., to determine whether the descriptions list the essential functions of the job). Additionally, because so many legal issues arise out of performance problems, the audit will review or recommend standard items such as:

• A 90-day written standard performance-evaluation form,
• An annual written standard performance-evaluation form,
• A performance management/performance improvement plan, and
• A description of the company’s policy for both voluntary resignation and company-initiated termination.

Additionally, to ensure consistency in compensation, an audit will review your:

• Wage and salary administration program
• Bonus/stock option criteria (if applicable)

Safe Work Environment

Audit practices will vary considerably among companies when considering factors that contribute to a safe work environment. A company may choose to develop an audit sheet tailored to a particular issue, such as the company’s zero-tolerance policy for harassment. For example, a company may wish to review and evaluate its practices of dealing with inappropriate harassing behaviors in its workplace. (See Exhibit 2.) Reviewing other business practices such as sanctioning discriminatory remarks or behaviors, preventing embarrassing or humiliating incidents, and dealing with senior managers who may be offenders can be done with a similar process.

The companion policy to a zero-tolerance policy for harassment is a clear statement that the company will not retaliate against anyone who makes a complaint about such a violation. The nonharassment policy is only as good as the company’s willingness to allow it to work. It cannot work in an environment that contains fear of retribution. A nonretaliation policy sends a clear message that retaliation won’t be tolerated and that it also is illegal.

In truly safe work environments, employees feel confident that they have a place to go when they have work-related problems. A written "open-door policy" fosters this confidence. Such a policy is one in which senior management promulgates the belief that any employee at any time can speak to any manager or supervisor in the company without fear of reprisals if the employee has a problem or a concern. In this environment, executives actively publicize and ensure that all employees know that senior staff members are behind this effort. They model the behavior and communicate relevant procedures and resources so that everyone feels comfort-able and safe. An open-door policy is well worth the effort of writing and then providing training to managers and supervisors regarding how to deal with employees who may come to them with concerns.

Among those practices that a company should regularly assess are those that are the behavioral aspects of how managers react to inappropriate behaviors and activities in the workplace. Also, a company needs to ensure that mechanisms are in place for employees to report such incidents without fear of retribution or retaliation.

AUDITING WORKPLACE BEHAVIORS THAT SUPPORT LEGAL COMPLIANCE

A safe, dignified, and respectful work environment is not only mandated by the law, but also makes good business sense. Increased motivation and productivity typically are the results of a safe environment. People are at their most productive when they are not distracted with concerns for their safety or well-being.

What are the observable behaviors of such a work environment?

• Employees are treated with dignity and respect.
• The work environment is free from verbal abuse or harassment of any kind.
• It forbids "put down" humor or practical jokes.
• It is free from sexual harassment.
• It is free from rude and/or profane language.
• No sexually explicit jokes, calendars, or other pornographic materials are posted anywhere in office areas, desks, or computers.
• No negative references are tolerated regarding race, religious affiliation, national origin, gender, or sexual orientation.
• Bullying behaviors are clearly discouraged, as are comments concerning people’s physical appearance.

The above behaviors must be the standard for all employees at all levels of the company. Members of management are frequently reluctant to place any restrictions on a key producer’s inappropriate behavior for fear of "killing the golden goose." In the case of a very ill-behaved senior manager (the CEO, for example), it is difficult for an HR manager to address the problem. In some cases, a company’s board of directors may become involved.

Ignoring or refusing to take action does not exonerate the company, nor does it make the inappropriate behaviors disappear. Enough dissatisfaction on the part of a very disgruntled employee/employees will take the matter out of the company’s hands and deliver it to the EEOC or a state human rights commission. The fact that an exhaustive investigation can follow such a report is the beginning of one of the most costly pieces of litigation a company can encounter. In many cases, fines have exceeded tens of millions of dollars after years of legal ramifications. So, difficult though the choice may be, the better path to take is to manage such situations inside the company.

The Checklist Audit vs. the Business Practices Audit

In conducting an HR audit with the use of a checklist, the auditor reviews what are considered the "visible" or "tangible" employment-related items that help the employer standardize the employment process. An auditor will walk through the worksite and look for and review such things as offer letters, written policies, and, perhaps, the text of an interviewer training program, confirming that certain items exist and indicating what items are missing or insufficient. A report is then sent to management recommending changes that are needed to bring the company into legal compliance.

The portion of an HR audit that evaluates business practices is more difficult to conduct. To assess the company’s business practices, an auditor should first spend time observing interactions among employees and conduct random interviews. If inappropriate behaviors are observed and/or recounted during interviews, the auditor will conduct a review similar to that described in Exhibit 2. The auditor will search employee files for evidence that employees have been sanctioned through the use of documented verbal warnings, recommendations for counseling to alter inappropriate behaviors, performance improvement plans, and disciplinary warnings up to and including termination if allegations can be proven to have occurred. If inappropriate behaviors are witnessed or discovered through interviews and no evidence is found in any employee files to sanction certain employees, then the auditor will indicate in a report to management that the company is at risk for legal intervention should an angry employee report such behaviors outside the company.

More likely than not, the auditor will recommend prevention training. This type of training usually has two components: one helps all employees understand their rights and protections and can contain an assertion component to help employees protect themselves in situations that cause them embarrassment or offense. Training employees to respond effectively to offensive behaviors helps to build a sense of security and safety. The second component is training for managers and supervisors to teach them how to listen and watch for potential problems even before an employee reports inappropriate behaviors. In addition to these proactive efforts, managers need to learn how to handle difficult situations to prevent disruptions, distractions, and a decline in productivity. A dignified and respectful workplace makes good business sense, as employees are at their most productive when they feel secure and safe in their work environment.

Joan Curtice is a human resources consultant based in Burlington, Massachusetts. She has 20 years of experience designing, developing, and implementing legally compliant HR functions in both established and fast-paced start-up high-technology and biotechnology organizations. She supports clients by conducting HR audits, investigating inappropriate workplace behaviors, and conducting interactive workshops to identify and recommend changes to inappropriate behaviors. She has also consulted to clients in benefits analysis and design, training, career development and outplacement, and recruitment strategies. She can be reached via e-mail at or see www.joancurtice.com.

© 2004 Wiley Periodicals, Inc.
Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/ert.20017