How to Audit Your HR Compliance in 10 Minutes (Free Score Inside)
A step-by-step HR compliance audit you can run right now — covering documentation, classification, leave, and hiring — plus a free 10-question score to benchmark where you actually stand.
Most Companies Don't Know Their Compliance Score Until Someone Else Finds It
An HR compliance audit sounds like something that happens to you — a government inspector, a plaintiff's attorney, a state labor agency. In reality, the most useful audits are the ones you run yourself, before anything goes wrong.
This is the audit framework we use with new clients: a structured walk through the four areas where compliance failures are most common, most expensive, and most correctable before they become claims.
If you want to skip straight to a score, the free HR Health Score gives you an instant benchmark across all four areas — 10 questions, result out of 100, top gaps identified. No login required. Come back here after for the full framework.
The Four Areas That Matter Most
Most compliance exposure in small businesses concentrates in the same four categories:
- ✦Documentation — Do you have what you're supposed to have, in the format you're supposed to have it?
- ✦Classification — Are workers and employees categorized correctly under FLSA and state law?
- ✦Leave — Are you administering leave entitlements correctly and consistently?
- ✦Hiring — Did you actually follow the rules at the point of hire?
Let's walk through each.
1. Documentation Audit (15–30 minutes)
Start with what you can verify in a file cabinet or folder.
Employee handbook. Does one exist? When was it last updated? A handbook that predates your state's current paid sick leave law, pay transparency requirements, or bereavement mandate is creating quiet compliance gaps. At minimum, it needs an at-will employment statement, an anti-harassment policy with a complaint procedure, and leave policy language that reflects current state law.
Offer letters. Pull three recent offer letters at random. Do they state at-will employment? Do they specify compensation clearly? Do they contain any language that could be read as a promise of continued employment ("as long as your performance is satisfactory," "we see this as a long-term role")? That language creates implied contract risk in many states.
I-9 forms. Every employee needs one, completed correctly, within three days of start. Pull five I-9s — ideally from employees hired in the last two years and employees who've since left. Check that Section 2 was completed on time, documents were listed correctly, and the employer certification is signed. I-9 audit findings are common and frequently correctable if caught early. See I-9 Compliance: The Mistakes Employers Make Most Often for the full list.
Performance documentation. If you've had any performance-related conversations in the past 12 months, is there written documentation? Verbal warnings, performance improvement plans, and disciplinary actions need paper trails. The time to discover documentation gaps is before a termination decision, not after.
2. Classification Audit (30–45 minutes)
Classification errors are invisible until they're expensive.
Exempt vs. nonexempt. List every salaried employee currently classified as exempt. For each:
- ✦Are they paid at least $684/week (federal) or your state's higher threshold?
- ✦Do their actual job duties — not their job title, their actual work — satisfy one of the white-collar exemptions (executive, administrative, or professional)?
The most common failure is classifying employees as exempt based on title or salary alone, without confirming the duties test. An "Office Manager" who primarily performs data entry is not exempt. A "Marketing Coordinator" who executes tasks without meaningful discretion is not exempt. The Exempt Status Checker walks through this analysis for a specific role.
Independent contractors. List every person currently engaged as a contractor who does regular work for the company. For each:
- ✦Do they work for multiple clients, or primarily for you?
- ✦Is the work they perform outside your core business activity?
- ✦Do they control how and when they do the work?
If the answer to any of these is "no" or "not really," the classification deserves a closer look. See Worker Misclassification: The Real Cost of Getting It Wrong for the applicable tests by jurisdiction.
3. Leave Administration Audit (20–30 minutes)
This is where small businesses are most likely to have unintentional violations.
FMLA tracking (if you have 50+ employees). Have any employees taken medical leave in the past 12 months for a potentially serious health condition? Was it designated as FMLA in writing? Were the required notices provided within the required timeframes? Failure to designate qualifying leave is itself an FMLA violation — even if the leave was approved.
State leave law compliance. What state(s) do your employees work in? Does your state have:
- ✦A paid sick leave law? (Most do now.)
- ✦A paid family and medical leave program?
- ✦Bereavement leave requirements?
- ✦Jury duty or voting leave requirements?
For multi-state employers, this layer gets complex fast. The Leave Law Configurator generates a state-specific leave matrix. For the FMLA layer, the FMLA Administration Kit produces required notices for specific employee situations.
Consistency. When you look at how leave was handled across the last 12 months, was it consistent? Different treatment for similar situations — especially across demographic lines — is both a legal risk and a culture problem.
4. Hiring Compliance Audit (15–20 minutes)
The point of hire creates compliance obligations that can't be retroactively fixed.
Pay transparency. If you're hiring for roles in Colorado, California, New York, Washington, Illinois, Massachusetts, or several other states, salary ranges must appear in job postings. Postings for remote roles that might attract applicants from those states are increasingly subject to the same requirements. Review your last three job postings.
Background checks. If you use a third-party background check service, the FCRA requires a specific pre-adverse action and adverse action notice process before taking negative employment action based on background check results. Pull one recent background check decision — was the process followed correctly?
Ban-the-box. More than 35 states and localities restrict when and how employers can ask about criminal history. If you're in a covered jurisdiction and your application asks about prior convictions before the conditional offer stage, you have a violation in every application you've collected.
New hire reporting. All states require new hire reporting to the state directory within a defined timeframe (typically 20 days). This requirement applies to all employees — including part-time and temporary hires. Is your payroll provider handling this, or is it falling through the cracks?
How to Score Your Audit
After walking through these four areas, you have a rough picture of where your compliance posture stands. For a more structured benchmark:
The free HR Health Score asks 10 targeted questions across documentation, classification, leave, and hiring — the same four areas covered here — and gives you:
- ✦A score out of 100
- ✦A grade (Strong / Room to Improve / Significant Gaps / High Risk)
- ✦Your top 3 specific gaps with suggested next steps
- ✦A shareable link you can send to clients or stakeholders
It takes under five minutes. No login required.
What to Do With Your Findings
An audit is only useful if it turns into action. For each gap you identify:
Minor documentation issues (missing signatures, outdated policy language, unsigned handbooks) — fix them now. These are low-effort corrections that close real liability.
Classification concerns — flag them for deeper analysis. Don't reclassify unilaterally without understanding the retroactive pay implications and choosing the right remediation approach.
Leave administration gaps — create a defined process going forward. Designate someone responsible for identifying FMLA situations, a checklist for state leave entitlements, and a tracking log.
Hiring compliance issues — update your job postings, application, and onboarding workflow immediately. These are forward-looking fixes that prevent future violations.
The goal of an HR compliance audit isn't to find perfection — it's to surface the gaps that create real exposure and address them before someone else does.
Get your score now: Take the free HR Health Score → — 10 questions, instant result out of 100, your top 3 compliance gaps identified. No login required.