Employee File Audit Checklist

Pull the I-9, W-4, and the latest payroll register and confirm the name matches character-for-character. Marriage, divorce, and immigration name changes are the most common drift sources — a mismatch between the I-9 and SSA records triggers an SSA no-match letter and a payroll tax filing exception.

Year-end W-2 and 1095-C mailings rely on the address on file. Ask the employee to confirm directly rather than infer from a recent expense reimbursement — secondary residences cause misdelivered tax forms every January.

Confirm Section 1 was signed on or before the first day of work and Section 2 was signed within three business days of hire. Common defects: missing List A or List B+C entries, expired document numbers transcribed, employer signature blank. ICE I-9 audits levy per-form penalties for technical errors.

Mirror what the employee attested in I-9 Section 1. If status is work-authorized non-citizen, the next step captures the visa expiration so reverification lands on the calendar before authorization lapses.

Record the EAD or visa expiration and set a 90-day reminder for I-9 reverification. Letting authorization lapse without a Section 3 update is a hard ICE audit hit and creates an immediate work-stoppage problem for the employee.

Confirm the W-4 is the current IRS revision (post-2020 redesign) and that any claimed exemption is renewed annually by February 15. Pre-2020 forms are still valid until the employee makes a change, but flag them for refresh.

Most states require a separate certificate (CA DE-4, NY IT-2104, IL W-4, etc.). Remote employees working from a different state than the firm's office need a withholding form for their work state — not the firm's state.

Confirm the job description on file reflects the employee's actual responsibilities and FLSA exempt/non-exempt classification. Paralegals doing substantive legal work without supervision and 'administrators' performing exempt duties are the misclassifications that surface in DOL audits.

Every attorney and staff member should have a signed confidentiality agreement extending Rule 1.6 obligations to non-lawyer staff (Rule 5.3 supervisory duty). Lateral hires need an additional screening acknowledgment if any matters required an ethical wall.

Pull beneficiary designations from the 401(k) recordkeeper and the group-life carrier. Marriage, divorce, and births since the last election are the events that make stale designations a problem — ERISA pays the named beneficiary regardless of intent.

Attorney records require bar-status and CLE checks; paralegal and staff records do not. Capture the role here so the next two steps only fire for licensed attorneys.

Pull the current standing certificate from each state bar where the attorney is licensed. Watch for administrative suspensions for unpaid dues or missed CLE — these are common, recoverable, but disqualifying for active practice until cured.

State minimums vary (commonly 12–15 hours/year, with separate ethics, diversity, and mental-health categories). Pull the transcript directly from the state CLE board, not the attorney's spreadsheet — self-reporting drift is the failure mode that suspends licenses every December.

NY, CA, IL, CT, ME, DE, and WA mandate annual or biennial harassment prevention training for all employees. Confirm the completion date is within the state's lookback window.