May 20, 2010

The Nitty, Gritty About Compliance and Audits

If you follow my tweets or are connected to me through LinkedIn, you will know that I recently began consulting at a small consumer services company. I am thoroughly excited about the company that I am working for; about their concept, their business plan, and even by the corporate culture and dynamics of the team. This is a small, privately-owned company, but one that is profitable ($35 mil in revenue - 2009) and continuously growing. Like most companies in their position, they're going through some growing pains. With just under 100 full-time employees on staff and over 600 independent contractors spread out over 22 states (that's another issue that I'm sure will need to be addressed), there's a lot of room for errors and inconsistency. This is where I come in...

This company has been around for approximately 15 years. It started through very entrepreneurial efforts and took off like a weed. About five years in, the owners decided to partner with a public company in order to be able to have the fiscal capital, credibility and security to continue to grow. It was a bit later that the organization really started taking a long hard look at their organizational processes and realized that they needed to have an HR presence and really need to start to do things the "right" way. Unfortunately for them, they never seemed to find a good fit and there was never any consistency or reliability in their processes. Until now...

About two months ago, the organization made a very wise decision by hiring a good friend of mine and Director of HR for a large (5000+ employees) tech firm. She came into the organization like a bat out of hell, ripping through processes, unearthing the "typical" way things were done and in every essence of the word, creating havoc...true anarchist style (can you tell I love this woman!!). Because she has been a Director for so long, she was very far removed from the tactical side of things and really needed somebody to come in and handle their compliance issues, of which there were many. From inconsistent employee records, to incriminating and unlawful documentation, and incorrect and missing I9s, they had run the gamut of mistakes. Their HR records would have made an EEOC auditor drool! Working with them this past month really got me to thinking about compliance and why, although tedious and a downright snorefest, it's so vital to an organization and their ability to thrive. So, I decided to give some tips and pointers to all those out there that may feel daunted by their own internal compliance audits...

First and foremost...BREATHE! It really is not as bad as you think it is. Yes, the EEOC, OFCCP, OSHA, or other equally scary agency can come in and audit your records at any time (although most must give notice for an audit that is for any other reason than a complaint or potentially harmful situation) but the auditors are not "out to get you" or trap you in a violation. Quite honestly, they simply want to make sure that an organization is following the regulations and are majorly interested in blatant violations. If you do a self audit and realize that you have some serious compliance issues on your hands...

Relax, they can be fixed. Most issues of non-compliance can be fixed. These is where the tediousness comes in. Most government agencies responsible for these audits want to see that the organization is aware of the non-compliance issue and is working to correct past issues and is putting a plan into place to insure against further issues. Let me give you an example...When I started to review the I9 files of the company I am currently with, I came across 54 issues out of the 88 employees on file at the time. That means over 61% of the workforce's I9s were incorrect, or (pause for effect...) missing. Yes! Missing! I immediately got on the phone with an attorney from the USCIS and explained out situation and let me give you the same advice he gave me...

Document everything! The biggest take away from my conversation with him was that we needed to have documentation on everything that we were doing to correct the non-compliance. This meant that for each and every one of the 54 files that needed to be corrected, we had to place a note in their respective file (in this case, the individual I9 file for that employee) documenting how we came across the non-compliance, who the employee was, the date we discovered the non-compliance and an itemized list of what made the document non-compliant.

Consistency is King! We had to be careful, and as HR practitioners this should come as no surprise, that we were not singling anybody out or unfairly putting undue hardship on employees as we worked to correct the situation. This meant that every employee who was affected needed to receive the same information, in the same format and be given the same amount of time to turn in and complete. But honestly, doesn't this go without saying? HR is all about doing for one what you do for all and doing for all what you do for one. But, I guess if this was followed to the letter, there would not be such a need for employment lawyers and EEOC auditors, right?

Start from scratch and make it "Idiot-Proof". For consistencies sake (I mean, this is why we're here, right?) and to make things easier for everybody, we provided each affected employee with a letter requesting what we needed and why we needed it, a new I9 and a sample, pre-filled I9 showing how they should be completed. We wanted to make the process as easy as possible and prevent any potential for mistakes. By starting with a new I9, we could control the process a bit more and have a clean I9 going forward.

Give Ample and Sufficient Notice. The USCIS attorney's recommendation was that we give every employee 30 days from the day we sent notices to send back their information to us. This recommendation was to give each employee the necessary time to provide their documentation to their reviewers (not everybody keeps their driver's license and social security card, or passport in their wallets, you know!) or request any necessary documentation that their need from the appropriate agency, i.e. social security card, updated passport, authorization for employment papers, etc. without creating undue hardship.

USCIS advised that we were doing the smart thing by being proactive and that by doing these self-audits and fixing any errors, omissions, and inconsistencies, that we were on our way to avoiding lengthy and costly audits in the future.

We are twenty days into the process and I am happy to report that, on I9s alone, we have received back over 52% and are on our way to being 100% compliant. I know that doing self audits are not fun and can be a daunting task to overtake, but know that it can be done, you will get through it, and you will be a better organization in the end for having done so. And while I also realize that this post has mainly been about I9 self-audits, realize that these tips and tactics can be applied to almost any audit that you face.


No comments:

Post a Comment

So tell me...what do you think?