HR Compliance and Audit-A Checklist

Women on the phone

Perhaps you already have an HCM solution in place and are doing an annual review of your requirements. Or, perhaps you’re in the midst of evaluating a new solution. Ensuring that you include a review of the solution’s capabilities to meet your organization’s compliance and audit requirements is a must. Your chosen solution should help your organization to enable compliance, mitigate compliant risks, and support the ability to perform data audits to meet your compliance standards.

 

How do compliance requirements vary?

If you have never reviewed compliance requirements then it is important to keep in mind that these vary among organizations and are dependent upon a variety of factors. Examples of these factors, which govern the depth to which compliance and audit requirements need to be addressed, include:

HR_Audit_and_Compliance_Factors.jpg

  • Countries in which the organization operates (Canada, U.S. or internationally),

  • Structure of the organization as a private or public corporation,

  • Industry and nature of the organization’s business,

  • Types of information systems and business solutions in place, and

  • Delivery platforms on which those systems are implemented and maintained.

 

Here is a list of Compliance and Audit requirements for HR/Payroll and Reporting that you should use to ensure your organization is covered from all legal stand points:

 

HR and Payroll Legislation audit requirements:

 

  1. Requirements to satisfy Canadian and U.S. taxation authorities, to fully accommodate the country-specific tax computations and filing (TD1s and W4s) and all HR legislative and compliance requirements.

  2. HR compliance for local, provincial, state and federal requirements achieved through depth of functionality, access to reliable and accurate data and integration among HR supporting solutions.

  3. Employee benefit support provisions and legislative requirements with regard to open enrolment, COBRA and HIPAA programs.

  4. Support for the U.S. Immigration and Naturalization Service’s requiring the completion of an I -9(Employment Eligibility Verification) Form by a hired employee.

  5. Support for the provisions of the ADA(Americans with Disabilities Act) in the U.S. relative to job application procedures and privileges of hiring, employment, advancement and training.


    Reporting:

  1. Employment Equity (Canadian) to support compliance reporting including the identification of gender, persons with disabilities, Aboriginal people, and members of visible minorities.

  2. Equal Employment Opportunity (EEO – U.S.) including company employment data categorized by race and ethnicity, age, gender, persons with disabilities, and job category.

  3. Audit reporting capability for data input changes including user-defined parameters for date ranges, old and new values, change dates and user IDs among changed records.

  4. Audit reporting of user system log-ins, all transaction activity and system exits.

  5. Affordable Care Act (ACA) compliance reporting for employee health benefits in the U.S.

 

You have a list of audit requirements now what?

You should work closely with your own I.T. and Finance Department, inquire with your vendor as to the extent of their technical standards, compliance and audit provisions, and security. Items of interest to cover in your detailed review should include:

  • Security, data privacy and verification of the vendor’s audit controls, compliance levels and standards within their operations.

  • Disaster recovery sites and business continuity safeguards for their customers.

  • Physical and environmental security provisions in place within the vendor’s hosting facilities.

  • Specific certifications and audits that they may subscribe to, and to what frequency are they conducted to ensure active compliance?

  • Type of audit report that may be available from the vendor (i.e. SAS 70 or SSAE16), what is included in the report, and how frequently is that report made available to the customer if required?

  • Compliance of the vendor with your organization’s application development standards, for any customization work or professional services that may be required.

  • Compliance with service and support for your organization, the accessibility of the vendor, service response and levels to which support is included within the service agreement

  • Controls and audit points within data handling procedures and data interfaces.

  • Audit of the performance of the application, regular maintenance procedures, and the scope of that provided maintenance including system updates.

  • Provision of vulnerability assessments on a regular basis performed by a recognized 3rd party

 

Paying for Non-Compliance:

Organizations which select and implement solutions which do not comply with their own organizational standards, or those of the governing bodies within their obligation, may be the focus of unwanted challenges that include, for example:

  • Financial penalties and fines for non-compliance within tax filing, auditing and government reporting requirements.

  • Lost business opportunities which have been forfeited to your competitors which are compliant.

  • Corrupt or missing data among systems which are not structured within a compliant and regularly-audited framework surrounding development, service and support.

  • Business disruption, or closure, through system failure or inadequate support and infrastructure to recover from disaster.

The compliance and audit-related requirements will vary among organizations. While the list of compliance items above is not exhaustive, and although not all of these may apply to your organization specifically, ensure that a comprehensive review of compliance and audit requirements is not glossed over within your HCM solution review process.

 

Find out if it is time for you to review your HR system in our Free ebook !

Get The eBook Now!