The HR Audit Checklist I Use to Find Compliance Gaps Before They Find Me

HR University certification badge
By
Josh Fechter
HR University certification badge
Josh Fechter
I’m the founder of HR.University. I’m a certified HR professional, I’ve hired hundreds of employees, and I manage performance for global teams.
More About Josh →

Our reviewers evaluate software independently. Learn how we stay transparent, our methodology, and tell us about anything we missed.

Quick summary
I have run HR audits across every company I have built. This checklist covers the six areas I always check, the questions I ask, and what most teams miss the first time.

The first time I ran an HR audit was at a company with about 40 employees. We had grown fast, hired across three states, and nobody had reviewed our employment files, benefits documentation, or I-9 records in over a year. I assumed we were fine because nothing had gone wrong yet. That is the kind of thinking that gets you a DOL letter.

When we sat down and went through everything, we found expired I-9s, missing acknowledgment signatures on our handbook, inconsistent job descriptions that did not match what people were doing, and zero documentation on one employee’s FMLA leave. None of it was malicious. It was just the kind of drift that happens when you are growing and hiring without slowing down to check the foundation.

Since then, I have made HR audits a recurring process at every company I run. Not because I enjoy paperwork, but because the cost of discovering a compliance issue during a government investigation is higher than the cost of catching it yourself. I built this checklist to be practical, not theoretical. These are real questions I ask, organized into six categories that cover the full scope of what an HR department needs to verify.

If you manage people, whether you have 15 employees or 500, this checklist will help you find gaps before someone else does.

Introduction

HR Audit Checklist Overview

An HR audit is a structured review of your organization’s people practices, compliance documentation, and internal policies. The goal is straightforward: identify where you are out of compliance, where your processes have gaps, and where you are exposed to legal or operational risk.

CMMS Software

I break every audit into six categories. Each one targets a different function inside HR, from high-level organizational questions down to file-level record keeping. If you want a deeper explanation of what an HR audit involves before jumping into the checklist, I wrote a full breakdown of what is an HR audit.

Below, I walk through each category with the specific questions I ask. You do not need to answer every single one in a single sitting. Start with whichever area you are least confident about and expand from there.

HR Audit Checklist Overview

Overall Company

This is where I start every audit. Before you dig into specific functions like payroll or recruiting, you need to understand the baseline: how many people you employ, how they are classified, and whether the company’s foundational documents are up to date.

Here are the questions I work through:

  • Do you have written mission and vision statements, and does the HR department’s strategy align with them?
  • What is your total headcount, including full-time, part-time, and temporary employees?
  • Do employees know their classification status? This sounds basic, but I have seen companies where part-time workers had no idea they were classified differently from full-time staff.
  • How long does a temporary employee remain in that status before conversion?
  • Is the company EEO-1 compliant? If you have 100 or more employees, or you are a federal contractor with 50 or more, you are required to file every year.
  • What are your operating hours and shift schedules? Are they documented?
  • What communication channels does HR use to reach employees and management? Are those channels consistent and documented?

Getting these basics wrong creates problems downstream. I once had a situation where an employee had been classified as part-time for 14 months but was working 38 hours a week. That kind of thing puts you at risk for benefits disputes and potential FLSA violations. If you are building or restructuring your HR function, reviewing your HR policies is a good companion step to this section.

Recruitment

Recruitment is where most compliance issues start, because it is the function with the highest volume of external-facing legal requirements. Every hire touches I-9 verification, ADA compliance, and anti-discrimination law.

Questions I ask during this section:

  • What channels are you using to hire: job portals, social media, employee referrals, staffing agencies, or print media?
  • Do written job descriptions exist for every role, and are they ADA-compliant?
  • Are I-9 forms completed for every employee within three business days of their start date?
  • Are I-9s reviewed once a year, and are expired ones flagged?
  • Is there a system for E-Verify, and is it used for all new hires?
  • Are protected health information and I-9 documentation stored separately from general personnel files?
  • Is the employee handbook current, and does it reflect actual company policy?
  • Do new employees attend an orientation? How long does it take?
  • Are harassment, attendance, and wellness policies in place and reviewed during onboarding?

I-9 errors are the most common compliance gap I find. The form itself is not complicated, but when you are onboarding fast, things get missed. One company I worked with had three employees whose I-9s were completed two weeks after their start date. That is a fine waiting to happen. If your onboarding process needs tightening, I recommend looking at employee onboarding best practices alongside this checklist.

Compensation and Benefits

Compensation errors are expensive, both in back pay and in trust. This section checks whether your pay practices, benefits administration, and classification systems are legally sound and internally consistent.

Key questions:

  • Are all employees classified as exempt or non-exempt under FLSA?
  • Is there a documented compensation structure, and is it applied across roles?
  • Are overtime calculations correct and compliant with state and federal law?
  • Are benefits enrollment records up to date, and do they match what employees are receiving?
  • Are COBRA notices sent on time when employees leave or lose coverage eligibility?
  • Is payroll well processed and on schedule? Are pay stubs detailed enough to meet your state’s requirements?
  • Are deductions documented and authorized by the employee?
  • Do you track and review compensation equity across demographics at least once a year?

Misclassification is where I see the biggest financial risk. An employee incorrectly classified as exempt who should be non-exempt can trigger years of unpaid overtime liability. If you manage compensation decisions, understanding key employee compensation metrics will give you a stronger foundation for this part of the audit.

Employee Relations

Employee relations can reveal cultural problems, not just compliance ones. The questions here are designed to surface whether your managers follow the policies you have on paper.

Questions to work through:

  • Do supervisors work with their teams to create a positive work environment?
  • Is the company’s attendance policy written, communicated, and enforced in a consistent manner?
  • How are performance evaluations conducted? Do employees understand the process and the types of assessments used?
  • Is there a measurable way to assess the quality and volume of work done?
  • Is there a straightforward procedure for addressing performance issues?
  • Do employees have access to a grievance or complaint mechanism that feels safe to use?
  • Are disciplinary actions documented, and is documentation consistent across departments?

The biggest gap I find in this section is inconsistency. Managers in one department give verbal warnings, while managers in another go straight to written warnings. That inconsistency creates legal exposure if an employee ever claims they were not treated well. I have written about how performance management systems can help standardize this, and it is relevant to audit findings in this category.

4. Employee Relations

Safety, Wellbeing, and Workers’ Compensation

Workplace safety audits tend to get treated as a separate process, but they belong in your HR audit because the documentation lives in HR and the liability lands on HR’s desk.

What I check:

  • Are OSHA injury and illness logs maintained and current?
  • Has a workplace safety inspection been conducted in the last 12 months?
  • Are safety training records on file for every employee, including the date of training and the topic covered?
  • Is there a documented process for reporting workplace injuries, and do employees know how to use it?
  • Are workers’ compensation claims processed, and is the claims history reviewed for patterns?
  • Does the company offer a wellness program, and is participation tracked?
  • Are return-to-work procedures documented for employees coming back from medical leave?

Safety is one of those areas where most companies think they are fine until they look at the actual records. I have seen organizations with no documented safety training for over two years. When OSHA comes knocking, the fine is per violation, per employee. That math gets ugly fast.

Record Keeping and Documentation

Record keeping is the last section, but it touches everything else. If your records are incomplete, it does not matter how good your policies are. You cannot prove compliance without documentation.

Questions I ask:

  • Are personnel records, performance reviews, and other HR documents logged promptly?
  • Is there an audit trail showing who made changes to employee records and when?
  • What types of information are stored in personnel files, and is sensitive data separated?
  • Is there a reliable system for storing and retrieving HR documents?
  • Are records retained according to federal and state retention schedules? For example, EEOC requires personnel records to be kept for one year from the date of termination.
  • Is there a documented process for tracking PTO balances, FMLA usage, and workers’ compensation leave?
  • Are terminated employee records archived and accessible if needed for legal proceedings?

One thing I have learned: the quality of your records is a reflection of how organized your HR function is overall. If files are scattered, if there is no naming convention, if half the documents are in email attachments and the other half are on a shared drive with no folder structure, you have a bigger problem than record keeping. If you want to see what strong HR operations look like, that article covers the systems side of this.

Final Thoughts

Running an HR audit is not glamorous work, but it is some of the most important work you can do for your organization. Every company I have built has had at least one moment where the audit caught something that would have been a serious problem six months later. The goal is not perfection. It is awareness. If you know where your gaps are, you can fix them before they cost you money, trust, or legal standing. Use this checklist as a starting point. Customize it for your industry and state requirements. And make it recurring. An audit you run once is helpful. An audit you run every year is protection.

Types of HR audits

FAQ

Here, I answer the most frequently asked questions about the human resources audit checklist.

How often should I run an HR audit?

I run a full audit once a year and do spot checks quarterly on the areas with the highest risk: I-9 compliance, pay classification, and safety records. If your company has gone through a major change, like a round of hiring, a layoff, or a new state expansion, run an audit afterward. Waiting for the annual cycle means you might carry a compliance gap for months.

Do small companies need an HR audit?

Yes. In my experience, small companies are more vulnerable because they don’t often have formal processes in place. A 25-person company with no handbook, no I-9 review process, and no documented performance evaluations is carrying real legal risk. The audit does not need to be massive. Start with the six categories in this checklist and work through whatever applies to your size.

What is the difference between an internal and external HR audit?

An internal audit is conducted by your own HR team or leadership. An external audit brings in a third-party consultant or firm. I prefer starting with internal audits because your team knows the company’s operations, but I bring in external help when we are preparing for a major regulatory event, like a DOL investigation response or a merger. External auditors are also useful when you want an unbiased review of practices that internal staff might be too close to evaluate without bias.

What are the biggest risks of skipping an HR audit?

The biggest risk is not knowing what you do not know. I have seen companies fined for expired I-9s, sued over inconsistent disciplinary practices, and hit with back pay claims because of misclassified employees. All of those were preventable. The audit is what prevents them. Skipping it means you are relying on luck, and luck runs out when the DOL or EEOC shows up.

What risk areas you must audit

Can I use this checklist for a multi-state company?

You can use it as a foundation, but you will need to layer state-specific requirements on top. Employment law varies by state. Paid leave rules, harassment training mandates, pay transparency requirements, and wage and hour laws all differ. I recommend running through this checklist first to cover federal basics, then adding a state-specific appendix for each location where you have employees.

What tools help with HR audits?

I have used BambooHR and Rippling to centralize employee records and flag missing documentation. Most modern HRIS platforms have built-in compliance dashboards that can tell you which employees are missing forms, which training certificates have expired, and where records are incomplete. The tool matters less than the process. If you run the audit and document your findings, even a spreadsheet will get you most of the way there.

Stay up to date with the latest HR trends.

Get the weekly newsletter keeping 30,000+ HR pros in the loop.

HR University certification badge

Josh Fechter

I’m the founder of HR.University. I’m a certified HR professional, I’ve hired hundreds of employees, and I manage performance for global teams.
LinkedIn profile icon mail icon