Employee Records File Audit

Confirm the name on file matches the Social Security card to avoid W-2 mismatches and SSA no-match letters. Common gotcha: marriage or divorce name changes never propagated past the original onboarding form.

Section 1 must be signed by end of first day of work; Section 2 within 3 business days. Verify document combinations from List A or List B+C are valid. Store I-9s separately from the main personnel file — ICE audits look for clean segregation.

Re-verify within 3 business days. Use a new Form I-9 if the original is missing; correct errors in ink with initials and date — never backdate. Document the remediation in a memo to file.

Confirm a current federal W-4 plus the applicable state withholding certificate. Multi-state remote employees may need multiple state forms. Direct-deposit authorization filed in the payroll subfolder, not the main personnel file.

Standalone FCRA disclosure plus signed authorization for any background check run through Checkr, Sterling, HireRight, or similar. Disclosure must not be embedded in the application — class-action territory.

Confirm acknowledgments for the current handbook revision, anti-harassment policy, code of conduct, and electronic-communications policy. Re-acknowledgment required after any material handbook update.

Both salary threshold and duties test must be satisfied for exempt status. Re-check after any role change, comp change, or salary-threshold update. Roles labeled "manager" without genuine management duties are the most common misclassification finding.

Confirm medical, dental, vision, FSA/HSA, 401(k), and life elections from the HRIS or benefits-admin platform. Waivers require a signed waiver form. SBC delivery and HIPAA notice acknowledgments belong here too.

Capture leave type, start/return dates, hours used, and recertification dates. Maintain leave files separately from the general personnel file — FMLA medical certifications and ADA medical documentation must be segregated under HIPAA and ADA confidentiality rules.

CA requires biennial; NY, IL, CT, DE, ME require annual. Confirm certificates from the LMS (TalentLMS, LinkedIn Learning, Litmos) match the employee's work-state cadence. Missing the cadence is itself the violation.

Capture license number, issuing body, and expiration date. Set HRIS reminders 60 days before expiration for licenses that gate the role (driver CDL, RN, CPA, security clearance).

Each PIP needs documented metrics, cadence (typically 30/60/90), and coaching notes. PIPs issued days before termination read as pretext in court — confirm the paper trail tells a coherent story.

Title VII complaints require prompt and thorough response — investigation typically begins within 48 hours. Files should be tracked in HR Acuity, AllVoices, or NAVEX rather than the main personnel folder.

Investigation records must live outside the main personnel file with access limited to ER lead, HR Director, and counsel. Audit access logs for the prior 90 days. Improper disclosure can taint the investigation and create defamation exposure.

Confirm executed copies of confidentiality, IP assignment, and any restrictive covenants. Re-check non-compete enforceability against the employee's current work state — CA, MN, ND, OK ban most non-competes, and FTC rulemaking remains under court challenge.

Confirm dependent SSNs, dates of birth, and proof-of-relationship documents for medical and 401(k) beneficiary records. QLE-driven mid-year changes (marriage, birth, divorce) need the supporting document on file within 30 days of the event.

For employees in a recognized bargaining unit, confirm CBA classification, dues-deduction authorization, and seniority date. NLRA Section 7 protects concerted activity for non-union employees too — keep handbook confidentiality clauses out of this file.

Capture the employee's stated limitation, accommodations considered, accommodation granted or denied, and any undue-hardship analysis. Store in the confidential medical file, separate from the main personnel folder. PWFA and religious-accommodation records follow the same separation rule.