How often should a small company run an HR audit?

Annual is the minimum. For solo HR practitioners at companies with 50 or more employees — or in states with frequent employment law changes — semi-annual audits are more appropriate. Also run a targeted review any time headcount crosses a compliance threshold (15, 50, or 100 employees), an employee relocates to a different state, or you take over from a prior HR person.

What are the seven areas of an HR audit?

Employment eligibility and I-9 compliance, required workplace postings, employee handbook and policies, wage, hour and classification, leave management and accommodation, performance management documentation, and HR operations and process documentation.

How long must I-9 forms be retained?

For terminated employees, I-9s must be retained for 1 year after termination or 3 years after the hire date, whichever is later. I-9 files should be stored separately from personnel files to support efficient audit response and protect employee privacy.

How should I prioritize findings from an HR audit?

Triage by exposure level. Immediate (this week): active I-9 violations, missing required workplace postings, undocumented ADA accommodation requests. Within 30 days: non-compliant handbook provisions, classification issues, missing FMLA designations. Within 90 days: missing process documentation and outdated policy language that doesn't create immediate liability.

What's the most common HR audit finding at small companies?

Documentation gaps in performance management — verbal warnings that were never documented, performance improvement plans applied inconsistently across employees, and missing written records of the performance conversations that led to a termination decision. These gaps create significant legal exposure in discrimination and wrongful termination claims.

The Complete HR Audit Checklist for Small Companies (2026)

2026-04-20 · HR Cadence Hub Team

When you're the only HR person at a company, the concept of auditing yourself sounds almost redundant. You know what's in the files. You know what got done and what got pushed.

But that's exactly the problem.

When one person handles everything — I-9s, performance reviews, benefits administration, compliance research, and whatever came up this week — it's not a question of competence. It's a question of capacity. Things get delayed, documentation gets informal, and the checklist you meant to run last quarter keeps getting pushed to next quarter.

An HR audit isn't an admission that something is wrong. It's a structured way to find out what's actually in shape and what isn't — before a complaint, an audit, or a lawsuit does the finding for you.

This checklist is built for solo HR practitioners at companies with 10 to 250 employees. It covers the seven areas where documentation gaps create the most legal and operational exposure.

Why HR Audits Matter More When You're a Team of One

In larger HR departments, different people own different areas — one person handles leave administration, another manages recruiting compliance, a third owns compensation. Gaps surface through handoffs and cross-checks.

When you're the department, none of those natural checkpoints exist.

Reddit's r/humanresources is full of threads from solo HR practitioners who discovered gaps only after something went wrong — an employee complaint that surfaced missing documentation, an I-9 audit that revealed incomplete forms, a termination that became legally difficult because there was no paper trail on the performance history.

The recurring pattern: not ignorance, but volume. Solo HR professionals know what needs to be done. They don't always have the bandwidth to confirm that it has been.

A formal HR audit — even once a year — creates a documented checkpoint. It tells you where you actually are, not where you think you are.

The 7-Area HR Audit Checklist

Work through each area and note findings as you go. For each item marked incomplete, capture what's missing and assign a resolution deadline.

1. Employment Eligibility & I-9 Compliance

I-9 violations are among the most commonly cited in federal worksite enforcement — and they're easy to accumulate quietly when a solo practitioner is managing a growing headcount.

- I-9 forms completed for all current employees — Section 1 signed on or before first day of work - Section 2 completed by employer within 3 business days of the employee's first day - List A or List B + List C documents recorded correctly — no unacceptable document types accepted - Re-verification completed for employees with temporary work authorization, before expiration - I-9 files stored separately from personnel files - Terminated employee I-9s retained for the required period: 1 year after termination or 3 years after hire date, whichever is later - Remote I-9 verification completed via authorized agent or E-Verify, if applicable

Audit tip: Pull every I-9 and verify against the checklist above. A common error is Section 1 signed after the start date — a technical violation even when unintentional.

2. Required Workplace Postings

Posting violations carry per-violation fines and are frequently cited alongside other compliance issues during enforcement actions.

- FLSA poster current and displayed in a visible location - FMLA notice posted (required if you have 50 or more employees) - OSHA poster displayed (required for all employers) - EEO poster current — the EEOC updates this periodically, confirm you have the latest version - EPPA (Employee Polygraph Protection Act) poster displayed - USERRA poster displayed - NLRA poster displayed - All state-required posters current — confirm with your state's Department of Labor - For remote or hybrid workforces: electronic posting compliance confirmed per applicable state rules

3. Employee Handbook & Policies

An outdated handbook is often worse than no handbook. It may contain policies that are now illegal, contradicted by actual practice, or non-compliant with laws passed since the last review.

- Handbook reviewed within the last 12 months - At-will employment statement accurate for your state — some states restrict standard at-will language - Anti-harassment policy compliant with current EEOC and state requirements - FMLA policy included if you have 50 or more employees - Meal and rest break policy reflects your state's specific requirements - Pay transparency disclosures compliant with applicable state law (California, Colorado, New York, Illinois, and others have specific requirements) - Non-compete provisions reviewed for enforceability — several states have restricted or banned them in recent years - Social media policy legally defensible under the NLRA — the NLRB has found overbroad social media policies unlawful - Handbook includes the date of its last revision

4. Wage, Hour & Classification

Misclassification — of exempt/non-exempt employees and independent contractors — is one of the most audited and litigated areas in employment law.

- Every employee classified as exempt or non-exempt — classification documented and reviewed within the last 12 months - Exempt employees meet both the salary basis test and the duties test under FLSA - Current federal minimum salary threshold for exemption confirmed ($684/week as of 2026 — check for pending increases) - State minimum salary thresholds for exemption confirmed — several states require more than the federal minimum - Independent contractors evaluated under the applicable legal test — the ABC test applies in California and other states - Overtime correctly calculated for all non-exempt employees — private employers may not substitute comp time for overtime under FLSA - Final pay timing confirmed compliant with your state's specific law — deadlines vary significantly by state and termination type - Payroll records retained for the minimum required period (3 years under FLSA)

5. Leave Management & Accommodation

Leave management generates a disproportionate share of employee complaints when handled inconsistently. Documentation gaps here are among the most common HR audit findings.

- All FMLA requests designated in writing within 5 business days of a qualifying leave request - FMLA designation notices include required information: leave amount, fitness-for-duty requirements, benefit maintenance obligations - Every ADA accommodation request processed through the interactive process, documented from intake through resolution - Medical documentation and ADA paperwork stored separately from personnel files - State leave law requirements confirmed for your jurisdiction — most state laws exceed FMLA protections - PUMP Act compliance confirmed: private, non-bathroom space available for nursing employees - COBRA notices sent within required timeframes for all qualifying events

6. Performance Management Documentation

Missing documentation in performance management creates legal exposure in termination and discrimination claims. The most common audit finding: verbal warnings that were never documented and performance improvement plans that were applied inconsistently across employees.

- Performance improvement plans documented in writing for all current PIPs - Performance conversations where concerns were raised have written documentation in the employee file - Annual review process completed on schedule — no multi-year gaps in performance documentation - Disciplinary actions applied and documented consistently across employees — inconsistent treatment is a common trigger for discrimination claims - Termination documentation completed for all recent terminations: final pay timing, COBRA notice, system access revocation, separation agreement if applicable

For a full review cycle framework and documentation templates, see our guide to [running performance reviews as a solo HR team](/blog/performance-reviews-solo-hr-guide).

7. HR Operations & Process Documentation

This area is most likely to be skipped when every other item has a legal deadline attached. It's also the area where solo HR practitioners are most exposed when they're sick, overwhelmed, or transitioning out of the role.

- Onboarding checklist documented — covers I-9 completion, system access, benefits enrollment, required notices, and equipment - Offboarding checklist documented — covers final pay, COBRA, access revocation, and exit documentation - ADA accommodation request process documented with clear owner, steps in order, and documentation storage location - PIP process documented — standard template in use, applied consistently - Critical HR processes documented such that someone else could execute them without relying on institutional knowledge

For a deeper look at building these systems, our guide to [building HR infrastructure from scratch](/blog/solo-hr-infrastructure-guide) covers the four foundational pillars: records, compliance calendar, SOPs, and performance management cadence.

How to Prioritize What You Find

An audit almost always surfaces more than one person can fix immediately. Triage by exposure level:

Immediate (this week): Active I-9 violations, missing required workplace postings, open ADA accommodation requests with no documentation. These carry statutory penalties and create ongoing legal exposure with each passing day.

Within 30 days: Handbook provisions that are legally non-compliant, employee classification issues, missing FMLA designation letters for active leave cases.

Within 90 days: Missing process documentation, incomplete performance records for current employees, outdated policy language that doesn't create immediate liability but should be corrected before the next review cycle.

How Often Should You Run an HR Audit?

Annual is the minimum. For solo HR practitioners at companies with 50 or more employees — or in states with frequent employment law changes — semi-annual audits are more appropriate.

In addition to calendar-based audits, run a targeted review any time:

- A significant headcount change crosses a compliance threshold (15, 50, or 100 employees) - An employee relocates to a different state — multi-state employment law requirements may now apply - A merger, acquisition, or significant ownership change occurs - You take over from a prior HR person and haven't verified the state of inherited records

From Checklist to System

An HR audit is a point-in-time snapshot. What keeps you compliant between audits is a system: a compliance calendar with recurring deadlines, documented processes that don't depend on memory, and consistent documentation habits built into every HR workflow.

The audit tells you where you are. The system is how you stay there.

For the calendar layer, our [solo HR compliance checklist for 2026](/blog/solo-hr-compliance-checklist-2026) covers the federal and state requirements that belong on your recurring calendar. For the operational infrastructure underneath — records, SOPs, performance cadence — the [HR department of one infrastructure guide](/blog/solo-hr-infrastructure-guide) walks through how to build each layer.

An audit without a follow-through plan produces a to-do list. An audit followed by system-building produces a compliant operation.

*This post is for informational purposes only and does not constitute legal advice. Employment laws vary by jurisdiction and change frequently. Consult a licensed employment attorney for guidance specific to your situation.*