Top four human resource risk factors: Address these issues before they're bigger issues
All organizations face risk, regardless of size or industry. Addressing the risk involves identification, prevention, avoidance, mitigation and risk shifting through training, insurance and ongoing inspection of systems and property.
While many issues confront business operations, this article addresses four critical areas that business owners should be aware of and vigilant about: employee misclassification, I-9 audits, disaster planning and HR compliance audits.
1. Misclassification of employees.
Many employers mistakenly classify individuals as contractors and not employees, denying them the ability to receive benefits such as unemployment, workers compensation, FICA, etc. In addition to Internal Revenue Service (IRS) issues, this may also create ERISA plan issues if employees are not covered under benefit plans to which they are entitled.
The IRS established guidelines to identify the behavioral, financial and relationship features between employers and contractors. It's not as simple as an "if this, then this" calculation -- employers need to carefully and continually review this issue by referring to www.tinyurl.com/irscontractor. If individuals are misclassified, employers may find themselves paying hefty back taxes, fines, workers compensation and unemployment claims.
In July 2015, the Department of Labor (DOL) issued an "administrative interpretation" to clarify employee vs. contractor status. The DOL issued a six-point "economic realities" test. While no single factor is determinative, these serve as a guide to classify workers properly. Additional information may be found at www.tinyurl.com/dolclass.
Additionally, employers may improperly classify employees as exempt from overtime instead of non-exempt. The Department of Labor recently announced proposed changes to the Fair Labor Standards Act, which would increase the minimum salary level for exempt employees from $23,660 per year to $50,400 per year, regardless of hours worked, and quality or quantity of work produced. These proposed changes should be closely monitored as they are expected to go into effect in early 2016.
Exempt employees must also meet the primary duties test in which at least 50 percent of their duties must fall into one or more of five general categories. The primary duties tests can be tricky. More information on commonly used exemptions is available at www.tinyurl.com/dolduties.
Key questions to ask:
- Do we satisfy the IRS requirements for classifying an individual as an independent contractor?
- Is there a contract in place?
- How specialized are the services?
- Is the contractor free to work with other organizations?
- Does the contractor agree they are a contractor?
- Have we properly classified employees as exempt and non-exempt?
- Are we following the record keeping requirements for non-exempt?
- Are we properly paying overtime after 40 hours in a week?
2. I-9 audit.
U.S. Citizenship and Immigration Services frequently updates the I-9 form and requirements. The current form expires March 31, 2016. While current employees do not need to complete a new I-9 form, employers should audit their files to ensure they have properly completed documents. I-9 forms should be kept outside of personnel files and in a secure area with limited access. Employers should conduct a compliance self-audit of all I-9 forms for current employees.
The number of audits is increasing along with fines for noncompliance. It's important to note: Part one of the form must be completed on day one of employment, and the identification and employment authorization must be completed within three days of employment.
Key questions to ask:
- Have we conducted a full audit?
- Are we using the most current I-9 form?
- Are managers trained in I-9 completion?
- Is the document proving identification and eligibility to work from the appropriate list?
- Is the document current and non-expired?
- Has the employee completed part one on the first day of work?
- Is the form completed with all dates and signatures completed?
- Have employees with now expired documents provided current documents as required? Note: This is only required with work authorization documents.
3. Not planning for disaster.
While not expected, major catastrophic events can and do occur. Disasters can fall into several broad categories:
- Personnel risk (fraud and error)
- Physical assets (business environments)
- Technology (viruses and breaches)
- Relationships (lawsuits)
- External/regulatory (external fraud)
For purposes of this article, let's break it down into three broad categories: human, technology and environmental.
This includes theft, sabotage, fraud, violence, employee replacement due to sudden illness, accidents, or an unplanned departure, strike, civil disobedience and pandemics. Proper hiring practices, including detailed background and reference checks, and having employees complete application forms, are methods to reduce risk. Also consider succession planning, business continuity plans, checks and balances, cross training, internal audits, access controls with passwords, and security cards.
Key questions to ask:
- Do we provide adequate training for supervisors?
- Do we have appropriate employment standards, such as code of conduct, ethics and organizational values, in place?
- Are our employment policies current and up to date? Are they communicated to employees and uniformly enforced?
- Have we conducted employee and manager training on conduct, such as threats, violence, harassment and bullying?
- Do we have a performance management system in place?
- Are personal information protection guidelines followed?
- Do we provide adequate employee orientation and onboarding?
- Do we have employment practices liability insurance coverage?
This includes viruses, hacking, cyber theft, handling of negative or disparaging comments about employees on social media, lack of clear social media and email guidance, computer theft, access to systems and data, and downloading controls. Employers need clear policies on use, access controls, password protection with screen savers, data encryption, and offsite backup systems. Access for contractors and vendors should be regularly assessed with required renewals at short intervals. Additionally, data encryption must be used for HIPAA protected data such as health care, doctors' notes, medical conditions and health care claim information.
Key questions to ask:
- Do we have cyber liability insurance coverage?
- Have we trained employees on data access?
- Do we have clear guidelines on data downloads and file uploads, including personal photos, music and gaming?
- Do we have clear policies on social media in line with recent NLRB rulings?
- Have we included technology and offensive comments as part of our harassment policy and code of conduct policies?
- Do we have adequate controls toward firewalls, password controls, screen savers, etc.?
This includes fire, flood, tornado, power outages, pipes freezing, access and security. Ensure that a business continuity plan is created, updated annually and tested. Disaster plan templates may be purchased for customization.
Key questions to ask:
- Do we have a disaster recovery and a business continuation plan?
- Is it stored offsite and accurate?
- Does it have employee contact information?
- Have we tested the plan?
- Is there a designated individual in charge of business continuity and disaster recovery?
4. Conducting an HR compliance audit.
Keeping current with regulations and court opinions, filing requirements, revised forms, NLRB changes, court decisions, Affordable Care Act requirements and other information is difficult. Additionally, if you have employees in multiple states, you need to stay current with state-specific legislation as well as changes to the federal regulations.
Employers should conduct an HR compliance audit every year to make certain their employment law posters, employee handbook and HR policies are current and updated. For Minnesota-based employers, here are key features and statements that should be in your employee handbook:
- The Women's Economic Security Act, including compensation and benefit discussion
- Addressing pregnant women and the need for break time or light duty
- Expansion of sick and paid time off programs to include extended relatives
- Same-sex marriage
- Familial status as protected class
- Recording of conversations and photographing employees at work
- NLRB social media policy changes
- Taking meal breaks at desks or work stations
Other key questions:
- Do we have the new Minnesota minimum wage posters up in employee breakrooms?
- Do we have a designated room for nursing moms with an electrical outlet and privacy?
- Do we provide training to managers on FMLA, discussions with employees on accommodations under the Americans with
- Disabilities Act Amendments Act (ADAAA) and harassment issues to understand their obligations?
- Have we addressed cell phone use while at work and driving on company business?
- Have we filed EEO-1 reports of more than 100 employees each Sept. 30?
- Are we preparing and submitting 5500 reports annually for qualified plans with 100 or more participants, or a one-participant plan if the total of the plan's assets maintained by the employer at the end of the plan year exceed $250,000?
- Are we tracking employee and dependent information on eligibility and participation for the Affordable Care Act filings in February 2016?
Risk management is an ongoing issue for all employers. Don't be left behind and caught off guard. Laws and regulations affecting the human resource aspects of employment continue to evolve and change. The above is only a partial listing of employment-related concerns. Compliance audits and fines are ever-increasing. Employers must continue monitoring these issues to avoid costly litigation and penalties for noncompliance, even if not intentional.
Larry Morgan, MA, SPHR, SHRM-SCP, GPHR, is the MNCPA HR Hotline expert. He is also owner of Orion HR Group, LLC, an independent consulting organization specializing in the alignment of compensation and benefit programs with business strategies. He has more than 30 years of human resources (HR) experience in industries such as retail, high-tech, manufacturing and financial services. Previously, Morgan served in lead HR practice roles for organizations including Best Buy, Lawson Software and Grant Thornton.