Compliance and legal functions within Human Resources ensure the organization adheres to employment laws, protects employee rights, and upholds workplace safety standards. Internal auditors use a matrix of assertions and internal controls to evaluate the reliability and effectiveness of these practices. Weak controls in this area can expose organizations to legal liability, reputational damage, or regulatory penalties.
Elements of Compliance and Legal
-
Employment Law and Regulations – Adhering to federal, state, and local labor laws.
-
Equal Employment Opportunity (EEO) Compliance – Preventing discrimination and ensuring fair treatment.
-
Occupational Health and Safety Standards – Maintaining safe workplace conditions.
-
Employee Rights and Protections – Enforcing protections such as privacy, leave, and non-retaliation policies.
Assertions and Internal Controls Matrix – Compliance and Legal Example
| Assertion | Potential Misstatement | Example of Internal Control | Relevant Questions / Audit Tests |
|---|---|---|---|
| Occurrence | Compliance reports filed without proper supporting evidence | Legal/HR review and documentation before report submission | Are compliance filings supported by approved documentation? |
| Completeness | Missed reporting deadlines or gaps in legal compliance | Compliance calendar with assigned owners and tracking system | Are all required filings and reports completed on time and in full? |
| Authorization | Policy changes implemented without legal review | Required approval workflow for HR policies and legal notices | Were new or revised policies reviewed and approved by legal counsel? |
| Accuracy | Errors in compliance data submitted to regulators | Reconciliation procedures and cross-verification with HR systems | Are submitted compliance reports accurate and error-free? |
| Cutoff | Late submissions or outdated policies | System alerts for approaching deadlines and scheduled policy reviews | Are compliance activities completed within the correct reporting period? |
| Classification | Misclassification of incidents or policy violations | Use of standardized codes in case management systems | Are compliance cases correctly categorized and tracked? |
Practical Example:
In a manufacturing company audit, the internal auditor noted that EEO incident reports were submitted without documented investigation results, breaching occurrence and authorization assertions. The company lacked a centralized case management tool. Auditors recommended implementing a compliance tracking system with mandatory legal review fields.
This approach ensures HR compliance efforts are transparent, defensible, and aligned with legal expectations—safeguarding the organization against avoidable risks.