Surviving a Personnel File Audit

March 29, 2021
Computer and files

Any and all documentation that you have on an employee related to their employment activities (including recruitment, hiring, work authorization, compensation, performance benefits, and medical/health-related data) is considered an employment record and is regulated by the Equal Employment Opportunity Commission (EEOC).

It’s important to make sure you have good processes in place to ensure that what you’re retaining on an employee is legal and that only those who need to have access to the files. Otherwise, you may find yourself in legal trouble if the department of labor comes knocking.


We’ve broken down the ins and outs of personnel records to help you survive your personnel file audit.

Employee File Best Practices
One of the most important things to remember is that all of the information you have on an employee should be filed separately. You should have three files for each employee: the personnel file, the benefits/medical file and the payroll/confidential file. You should also maintain recruitment files for each position you fill as well as separate files for your Form I-9s. It’s important to keep these files separate to ensure that only those permitted can access them.

Personnel File
This file includes:

  • New hire information, such as offer letters, resumes, transcripts or certifications, staff agreements, confidentiality/nondisclosure agreements or non-compete agreements
  • Any type of performance documentation, like performance evaluations, performance write-ups, Performance Improvement Plans, or any positive communication about the employee’s performance
  • Compensation information, such as pay change notifications, change in FSLA status or bonus notifications. This also includes job and position information, such as job descriptions, promotion/demotion notifications or job change notifications
  • Any outside training and certifications that the employee obtains
  • All employee handbook and policy change acknowledgements

The only people who should be granted access to this file are the employee, the employee’s supervisor, manager or someone with that chain of command, HR and law enforcement or the EEOC.

Benefits/Medical File
This file includes anything related to an employee’s benefits and medical information.

  • Enrollment forms for medical, dental, vision, life insurance, flex spending, HSA/HRA, voluntary benefits, other benefits and retirement.
  • Any reasonable accommodation requests, medical leave requests, doctors’ notes, or any and all documentation referencing the health of the employee and/or the employee’s family. This includes any FMLA documentation.

The only people who should be granted access to this file are the employee, HR and law enforcement or the EEOC.

Payroll/Confidential File
This file includes an employee’s personal information (Social Security Number, bank account information, legal information, etc.):

  • W-4
  • Direct Deposit
  • Legal documents, like marriage, divorce, child custody, death certificates, wage garnishment, criminal history/documentation
  • Verification of employment requests and/or responses
  • Loan documentation
  • Background check results
  • Any documentation affecting employment decisions that do not “fit” in the personnel file or benefit/medical file, including harassment investigations or workman’s compensation claims

The only people who should be granted access to this file are the employee, HR and law enforcement or the EEOC.

Need help keeping your HR policies and procedures up to date?

Recruitment File Best Practices
There are many reasons you should retain your recruitment and hiring process information, from keeping candidates’ skillsets straight to defending your decision when accused of unfair hiring practices.

You should have a separate recruitment file for each position, organized by position and candidate status:

  • Hired
  • Offer Extended – Not Hired
  • Interviewed – Not Selected
  • Phone Screened – Not Selected
  • Not Qualified
  • Withdrew
  • Failed Background Check or Testing

The files will include the following information:

  • Resume (you can also keep a copy of this in the personnel file)
  • Application (you can also keep a copy of this in the personnel file)
  • Educational transcripts or certifications (you can also keep a copy of this in the personnel file)
  • Phone Screen and/or interview notes
  • Interview feedback forms or notes
  • Background check, drug test results, references or skill set testing results
  • Offer details
  • Voluntary EEO information

HR and the EEOC may access EEO information. Only HR should have access to the background check and drug testing results. General recruitment information, including references and skill set testing results, can be accessed by the hiring manager, HR and governmental agencies such as law enforcement or the EEOC.

Need help with your recruiting strategy? We’ve laid out the key considerations to creating a successful recruiting strategy.

Form I-9 Best Practices
We perform many organizational audits, and the biggest mistake we see is in the Form I-9. The Form I-9 is used to document an employee’s legal authorization to work in the United States. With the Department of Homeland Security Immigration & Customs Enforcement increasing Form I-9 audits by 60% since 2018, you’ll want to make sure you get this part right.

Obtaining Form I-9 Documentation
The first step you should take in obtaining I-9 information comes when the employee has accepted your offer and you’ve established their start date. As part of your onboarding process, you should share a copy of Form I-9 Page 3 and let the new hire know that during orientation they will need to bring their Form I-9 documentation. This should give the employee enough time to access their documentation. You are legally required to prove work authorization within 72 hours of your new employee’s start date. Failure to do so may result in penalties.

It is important to note that you cannot tell employees which documentation to bring; you must let them choose which documents to present from the Lists of Acceptable Documents. It’s also important to note that you should not “over-verify” their documentation—only document a List A item or a List B and List C item.

Completing Form I-9
Your organization should have one specific person designated to complete Form I-9. They will review Page 1 to ensure that the employee completed every box and every question on that page. They will then review and document the employee’s work authorization documentation and complete the employer section on Page 2. If an employer chooses to make copies of work authorization documentation, they must attach the documentation to the employee’s Form I-9. This is not required, but if an employer follows this practice, they must do so consistently for every employee.

Correcting Form I-9
If an employer believes they have Form I-9s that include errors, they can correct those errors. Making corrections demonstrates a good faith effort on the part of the employer to properly document the work authorization of their employees by getting the Form I-9 into compliance, and may mitigate or lessen fees if the EEOC or ICE performs an audit on your files.

Any corrections made to the form must be done by:

  • Drawing a line through the incorrect information
  • Entering the correct information
  • Initialing and dating the correction

Section One corrections must be made by the employee:

  • If the employee’s employment has been terminated, the employer should attach a written explanation to the Form I-9 explaining the error.
  • Section Two and Section Three corrections must be made by the employer.
  • To correct multiple errors on the form, you may redo the section on a new Form I-9 and attach it to the original form.

A note (or memo) regarding corrections should be included in the Form I-9 file.

Form I-9 Files
You need to keep two separate I-9 files: one for current employees and one for former employees. For your current employees, you should include:

  • Pages 1& 2 of the Form I-9
  • Copies of the employee’s work authorization documentation (if you have a practice of making copies of work authorization documentation)

For your former employees, you should include:

  • Pages 1 & 2 of the Form I-9
  • Copies of the employee’s work authorization documentation (if you have a practice of making copies of work authorization documentation)

These documents should be retained for 1 year from termination date or 3 years from start date, whichever is later

Access to these files should only be granted to HR and governmental agencies. We recommend keeping track of your terminated employee Form I-9s so that you can destroy them once the retention period has been reached. Retaining Form I-9s with errors will result in penalties if you are audited by ICE, regardless of whether the employee is still employed with you or not.

Why You Should Perform an Audit on Your Employee Records
Conducting an audit of your employees records can help you identify gaps or inconsistencies with your HR processes. It can also assist you with identifying missing documentation. Correcting any inconsistent practices will mitigate risk with regards to your practices and employment laws.

Having consistent practices will provide the opportunity for leaders to focus on those business operations that move the company forward, making it more attractive for potential hires and current employees.

Let's Talk

Does this sound like a lot? We can help. We combine our people skills with knowledge of HR and legislation to help you determine the best policies, procedures and processes for your organization.

Expand Full Article

We're Here to Help

We are here to help
From business growth to compliance and digital optimization, Eide Bailly is here to help you thrive and embrace opportunity.
Speak to our specialists