If you have employees, you must maintain personnel files. Once the workforce reaches 15, federal guidelines determine what records you must keep and for how long with the help of an M&A advisor. You are now in the world of document management with critical compliance risks in your way:
- Incomplete or missing documents
- Non-compliant record keeping on how long documents should be kept and how organizations should respond to audits or disputes
- The risks associated with sharing personnel documents
- These risks can be avoided with the right practices and the right technology.
HUMAN RESOURCES TECHNOLOGIES AND RECORDKEEPING
It is important to address the issue of HR technologies when discussing HR document management compliance, as each system has an impact on compliant recordkeeping. Most organizations have a human resources information system (HRIS), a component of an integrated management software package (ERP/ERP) or an external service provider.
Over the past few years, more companies have adopted onboarding or recruiting software and variations of human capital information management tools. In 2012, analysts estimated it to be a $4 billion+ market, and growing.
Bersin of Deloitte estimates that a large human resources department uses an average of at least seven different systems, not counting those related to time and attendance. Each technology has a purpose, but together they create silos of information.
The same documents or information may exist in more than one system, with people printing documents from one system so they can put them into another. It is thus almost impossible to have an overview of an employee.
Since most of these systems were designed to manage HR data rather than documents, they don’t really make record keeping much easier. At best, they offer a way to upload attachments to an employee file. HR technology silos contribute to increasing the risk of document non-compliance.
HR needs to connect these systems, make them communicate with each other and simplify the HR document management process.
It’s good practice to use a checklist for new hires, but gathering all the required documents, both on paper and digitally, can be difficult. While hiring managers collect some documents and staffing agencies or recruiters collect others, HR ultimately retains responsibility for complete records. As documents are added to multiple systems, it becomes increasingly difficult to locate and keep them up to date.
Legal and HR experts agree that complete and up-to-date personnel records are an organization’s best defense against litigation. However, incomplete records, such as missing performance reviews, unsigned acknowledgments or the wrong version of offer letters, continue to plague organizations.
The Society for Human Resource Management (SHRM) notes that employee-related lawsuits have increased over the past 10 years. In 2012, Equal Employment Opportunity Commission (EEOC) statistics revealed more than 99,000 discrimination charges against private sector employees, and the EEOC is not involved in most employee lawsuits. The amount of money employers spend on lawsuits is staggering.
NON-COMPLIANT RECORD KEEPING
The requirements and retention criteria for different documents make record keeping a real challenge. In addition to federal regulations from the US Citizenship and Immigration Services (USCIS) and the EEOC, nearly all federal employment laws (such as ERISA, ADA, FMLA, and OSHA) establish document retention guidelines. States do have needs that change over based on industry.
Every organization needs a records retention schedule and a written policy. Policies should specify what records are created and maintained, by whom, and where. You also need a policy and mechanism to preserve documents in the event of an audit or dispute until the issue is resolved.
You also have to be careful about retention, which drives up costs. If you have recordings that should have been deleted, they may be subject to legal action. An appropriate retention schedule provides for defensible destruction of records.
To maintain a compliant record-keeping program, HR must manage documents and information throughout the employee lifecycle, from hire to retirement. As new forms, policies and regulations are implemented, files should be updated, and outdated documents should be reviewed and deleted.
Legal and HR professionals know that some employee documents don’t belong in the same file as other documents. Best practices for compliant record keeping indicate that payroll, medical documents and background checks should be kept separate. Some companies maintain an investigation file containing documentation relating to employee complaints. If you have paper files, separate those documents to avoid inadvertently giving access to the wrong people.
Unemployment insurance claims are another reason to have compliant and well-organized files. Companies with high employee turnover spend a lot of time responding to complaints. Poorly maintained personnel documents complicate the response window.
The final compliance risk is document sharing. HR professionals know that employee files need to be closely monitored. In companies where employee files are on paper, the file room and/or filing cabinets should be locked and a log should be kept showing who has accessed the files.
Personnel files are shared with people outside of HR, creating compliance issues. Employees can request a copy of any document they sign and can request other documents when they leave. Managers often need access to the documents that make up the employee file, such as performance reviews and training evaluations. During litigation or an audit, employee documents may be disclosed to outside legal counsel or to external auditors and regulators.
In a survey conducted by Access, 34 percent of HR professionals said they share their personal documents with third parties at least once a month. Emailing scanned images and sending physical copies of files were the two main methods of sharing information, and both carry risks.
Emailing a personal document means you lose control of the security of the document and have no idea how many additional copies are created. There is no way to determine who sees the email or where it ends up. This multiplies risk, increases an organization’s exposure and creates a challenge for monitoring a retention program that requires records to be disposed of in a timely manner.
Compliance issues are also compounded when sharing physical copies. Copies are mailed, faxed or archived, which is obviously not the best way to protect confidential documents.
HR professionals have a responsibility to protect their organization while safeguarding employee information. Due to the sensitive nature of personal documents, a data breach can lead to identity theft or worse. HR must protect employee confidentiality.
IT’S TIME TO ACT
The best way to mitigate these risks is to set up a secure central repository to manage personnel documents. Here are some tips to keep in mind when considering different technologies:
Solutions can’t ignore paper: Going paperless can be a waste of time and resources if the technology doesn’t meet the needs of the HR department. When the right technology is deployed, HR document compliance risks are reduced, information flow is accelerated, and costs are significantly reduced.
Technology that recognizes lost documents also reduces the nervousness of possibly incomplete files. The system works like an automated document checklist: Once it identifies a missing document, it initiates a workflow to find it and ensure it’s added to the files. This puts you in a better position to deal with lawsuits, audits or claims for unemployment benefits.
Technology should monitor document retention: If the repository has document retention rules and is monitoring the triggers that determine the rules, such as date of hire or last certification, then the system can drive the whole of the process. It will then become common to delete documents when their retention period expires. If documents need to be put on hold due to an audit or a dispute, your technology should take care of it.
Share links, not copies: Rather than sending electronic or paper copies of documents, your technology should provide a secure link to the repository where you can control what people do with the documents. Your technology should provide an audit trail of what was reviewed and when. It should be able to send a link that delivers only the requested documents and controls the recipient’s access time.
Electronic forms, not paper: Paper documents are easily transformed into digital versions, which reduces paper, improves efficiency and reduces costs. A solid electronic form mechanism manages campaigns and provides a dashboard to track progress and results.
Your HR and personnel documents need to remain secure, and there are risks when information is incomplete, record keeping is inconsistent or when documents are shared. Being aware of these issues and implementing the right technology will help you avoid risk and stay compliant through M&A advisory.
Top 5 Tips to Reduce Risk and Enhance Compliance
Implement technology that addresses risk, reduces paperwork and improves efficiency.
Enforce and develop record keeping procedures and policies.
Create a retention schedule for each type of document.
Train your managers to understand their role in maintaining a compliant program; policies and procedures are only effective if they are supported by training and education.
Consider self-audits to identify areas for improvement; better yet, implement the right technology to perform the audit continuously for you.