Sabrina

Welcome back to the HR Connection, the podcast built solely for those managing human resources in a small employer 1 to 500 employees. My name is Sabrina Baker. I'm the CEO and founder of Acacia HR Solution, and I am your co-host for the HR Connection, along with Marie Rolston, who will be joining me in just a second. Today we are getting a little tactical. We are going to go through our process for conducting an HR audit. We had talked about this a few episodes ago when we were talking about DIY versus intentional HR. We really do believe this is foundational, and it is something that you should be doing if you are coming into a new role or if it just hasn't been done in a while. It is really important that you understand where you are so that you can map out where you're going. Marie, I was looking at our stats for the podcast earlier, and the DIY versus intentional HR is our most popular podcast so far. It's our most popular episode. It's the one that has received the most downloads. And I was reflecting on that and looking at everything that we've downloaded, and I'm really excited for today's episode because I think what can happen a lot with webinars, podcasts, conference events is you talk a lot, a lot, people talk a lot about the theory behind it. So we talk a lot in that episode around DIY versus intentional, and we give people a framework and we give them kind of a high level. But then when you go to actually execute on that, then it's like, what now? And so what I appreciate about what we're going to do with this episode is start to talk about what now. It's not just this episode, but it's also this and a couple after this around what are some very tactical things that you can do when you are trying to build intentional HR. And so I'm super excited to be able to get into this and actually stop diagnosing and start talking about these are the steps and this is how it gets done.

Marie

Yes, exactly. And so today, this episode, it's going to be for two types of listeners specifically. The first is the solo practitioner who knows things are reactive but can't figure out where to put their hands first, right? So you are going to really feel the gaps because you're managing around them every single day. But when you actually sit down to figure out where to start, everything feels equally urgent and you end up not starting at all. I see this all the time and I have felt this. The second person is going to be the HR pro who walked into a role and realized pretty quickly that what they inherited was not what they were told it was. So they're going to see things like the handbook being three years out of date, the onboarding process, it just lives in somebody's head. And then the job descriptions, you know, they might not exist or haven't been touched since the company was half its current size, right? But both of those people, they do need the same thing, and that is a clear picture of what's actually there and a way to sequence what comes after that. So today we're going to share a practice or a system over a theory. We want to give our listeners a tool that they can use. So with that, we're going to go over how to audit what you actually have, how to think about the three pillars that every function needs, HR function needs, and really how to prioritize when everything really does start to feel urgent. You know, we're also going to be pulling back the curtain on how we usually do this at Acacia with our clients because, again, none of this is theoretical here. This is the actual work that we do and that you can do. Okay, so before you can audit what you have, you actually need a framework for what you're looking at. Otherwise, you're just making a list of problems with no way to understand how they relate to each other or which one to fix first. So every audit that we do at Acacia, it's going to be built around three pillars: HR compliance, HR infrastructure, and HR strategy. While these pillars are distinct, they're also very much connected, and you really do need all three for a function that actually holds. So now I want to walk everyone through each one of these pillars because understanding what they are and how they relate to each other really is going to change how you look at what you've got. Pillar number one is going to be compliance. So compliance is the floor. This is not an optional area. It is also not aspirational. It is the legal and regulatory baseline that everything else sits on top of. So think things like I-9s, wage an hour, required policies, workplace postings, like your posters, or even worker classification. When we think about compliance, when there are gaps in this area, everything else that we're going to be building or that you're building is just going to be sitting on shaky ground. When I think about compliance, this is also the thing that gets deprioritized the most often in small business HR. And I get it. I know why. It is unglamorous. It doesn't feel strategic in any capacity. But again, it really is the thing that's going to cost you the most when it breaks. And let me tell you, it will break at the worst possible moment. Pillar number two is going to be infrastructure. And this is really going to be that middle layer. So think about your systems, your tools, you know, the processes that you're running the day-to-day, your HRIS, onboarding workflow, payroll, benefits admin, maybe even your performance management processes. This is where a lot of small business HR functions are held together with duct tape and spreadsheets. And really, again, that is going to work until it doesn't. It is going to break the moment you try to onboard five people at once or someone leaves and takes that process with them, or all of a sudden you find yourself at 80 employees and the thing that worked fine at 30 completely falls apart because everybody wants to do it a different way. This is where infrastructure comes into play because infrastructure is what's going to make the function scalable. And without it, you're really just rebuilding from scratch every single time something changes. Okay, pillar number three, strategy. So strategy is going to be your top layer or, you know, how HR connects to what the business is actually trying to do. I think about talent planning, workforce development, culture, engagement, retention, succession. This is really where most HR people want to spend their time, and it really is important work. But when you think about it, you can't get there sustainably if your infrastructure is broken and your compliance is a mess. You can't run an effective performance management program when you don't have consistent job descriptions, right? You can't build a retention strategy when you don't have a working onboarding process. The order in all of this really does matter because strategy without a foundation is just a plan that doesn't stick.

 

Sabrina

Yeah, so here's what I always say about compliance, infrastructure, and strategy. Infrastructure builds on compliance. You have your compliance, which is the absolute floor. Absolutely, infrastructure is going to build on that. So whatever your laws are in the state that you're in or federal laws that you have to abide by, then you build the infrastructure to make sure that you can follow the laws, to make sure that you are doing the things that you follow, follow the compliance pieces. And then strategy informs infrastructure. So the strategy of the business, the strategy of where the business is trying to go, what it wants to be from an employee experience standpoint, informs infrastructure as well. And so what I love about what we're going to be talking about is that we are including all three of these rather than this just be a compliance situation, a compliance look because we want to be legal. That's really important. The other two layers, and especially that infrastructure layer, how do these things get processed? Okay, so Marie, when I first started the business, I was very naive, like insanely naive, and I believed clients. I believed them. When they would say to me in a sales process, "Our HR practices are pretty good. We're following what we need to follow and infrastructure is in place," I believed them. And I would come in and I would start kind of ingraining myself into their workflows, and I would quickly learn that what they thought was in place is definitely not what I thought was in place. So as I learned that, I realized that my first step with every new client was always going to have to be an audit. It didn't matter what they told me. It didn't matter if they had HR before. It did not matter because what I thought was in place and what I thought needed to happen across compliance, infrastructure, and strategy was usually not what they thought or what even the previous HR person thought. There was always something, and no fault to that person. I'm not shaming that person. It could just be something that they missed or didn't realize or, you know, lots of different reasons. So it's not anything against them. It's just things happen. And so I quickly realized that we were going to need to start every new client engagement with an audit. And I'll even have clients now in the sales process who say, "Oh, we just had an audit a year ago." And I'll say, "I'm sorry. I'm going to do another one." I will take those results and it can inform our audit, but we're going to do another one because what I find is that most audits do not look at infrastructure and strategy. They only look at compliance. And they really only focus on compliance in the places where they think it's important, where we are going to be very comprehensive in every single potential piece of compliance. And then if your company doesn't need to abide by that, fine, we'll say that in the audit, but we're still going to go through the checklist of all the things. So it's very, very thorough. So even though our audit process is long and it takes a little while to do, and I'm sure it feels very daunting for you and the generalists who are going through it, I really appreciate how thorough it is and how much it covers. And more importantly than that, I think the roadmap it gives us at the end of it to say, "What do we do next?" So why don't you walk us through our framework that we use?

Marie

The framework that we use at Acacia looks at each of those three pillars across the same questions or the same three questions. So I want to make sure everyone has a second, grab a pen or pencil, get your keyboard ready because I want you to write down these three questions because it really is the whole system. Is this in place? Does this need review or does it need to be created? And that's it. When you are thinking about these questions, you are not grading yourself. You're not building a to-do list just yet. You're mapping reality here. So three pillars, three questions, and that is the base of your audit. So now let me walk through what each of those actually means in practice because the definitions matter more than they might seem. When we think about what in place actually means, it means it exists. It's current. It's being used consistently, and it meets legal requirements. So not just that it exists somewhere in a folder nobody's opened since, you know, 2020. So when we think about in place, in place really is a high bar on purpose. And if you're not sure, it doesn't go in the in place column. So what does need review mean then? So needs review means it exists, but something about it is off, right? Maybe it's outdated. It's inconsistently applied. It no longer fits the business as it exists today. The handbook, you know, I also think about handbooks that haven't been touched in three years or even job descriptions written for a version of the role that no longer exists. You know, those are examples of what is in existence, but it needs to be reviewed. It might need to be updated. And then last is needs to be created. So needs to be created is exactly what it sounds like. It doesn't exist, right? Or what exists is so far from functional that starting over is more practical than trying to fix it. These are going to be your highest risk gaps. And in small business HR, there are usually more of them than people expect. And when you find these, don't panic. Just write them down. And that's the whole job right now. We're just mapping out what needs to or where things are at, not immediately going into fixing.

 

Sabrina

Yeah, I think that's a really important point is your first pass-through is just answering those three questions. Is it in place? Does it need to be updated, need to be reviewed, or does it not exist? That's it. Don't start working on any of them. Just go through the whole thing and make your marks on which one it is. And you know what's interesting? When I was talking earlier about how clients will often say to me that everything's in place, everything's good, what I realized is that a lot of them that believe that, they fall into that it needs to be reviewed column because they do have policies, but those policies haven't been looked at for 10 years. You know, they have a handbook that's five years outdated. And so especially in a state like California, there's a whole bunch of stuff that's been added since the last time they added their handbook.

Marie

Yep, 100%. We are just wrapping up our audit and really going into strategizing how we're going to create projects based on the findings of that audit. And in this organization, there's definitely an infrastructure, but everything needs to be reviewed and revamped and all of that. So that baseline is there, but there's a lot of work that's going to go into getting things updated and functioning properly. But so I do want to stay on documentation for a second because I do think this is the most underestimated risk in small business HR. So to your point, a process that lives in one person's head is not a process. It is institutional knowledge with an expiration date. And the day that person leaves, the process is going to leave with them. And whoever comes next is going to have to rebuild it from scratch, usually in the middle of something else that also needs their attention. And we've done a whole episode on this, so I'm not going to go really deep in on this. But when you are doing your audit and you find yourself writing in place because you know how to do something, just stop. If it's not written down and accessible to somebody else, it does not go in the in place column. On the other side, when I think about actually doing the audit, the part about documentation that comes into place is also really important. So when you actually have to do the audit yourself, I want you to block two to four hours on your calendar. And that's it. That's a great place to start. Once you have done that and once you are sitting down in your block time, I want you to work through those three pillars one at a time. Compliance first, then infrastructure, then strategy. For each of those areas, ask those three questions honestly. Is it in place? Does it need review? Does it need to be created? And whatever comes to mind, just write it down. You're getting there, but you are not building a to-do list just yet. This part of the process is where you're building a risk map, and those things are very different. When you think about your to-do list, that is telling you what to do. When you're creating a risk map, that tells you what you're actually working with, and you have to map those out before you start your to-do list.

Sabrina

Yeah, I think that's a really important point that we want to understand the entire picture. And I know that what can happen because I've been guilty of it is you start an audit and you see something that is often, maybe it's like a legally compliant thing, and you want to stop in the middle of the audit and go fix it, right? Because it feels so urgent. And it is urgent. I mean, we're not going to deny that it's not urgent, but it's not in that moment urgent, right? It's not like, stop what you're doing. You need to be able to look at the entire picture because if you stop the audit and you go fix that, it could be days and weeks before you come back to that audit. And what if there's something even bigger that you never even got to that's out of place? And I think the biggest thing that's important for listeners to hear is that there's no shame in this. And when we go into clients like the audit that you're closing up right now and we deliver our results, so we go through this process, exactly what you just said, we just go through and check boxes. Which one is it? Which one of these three? And then we do a readout, right, back to our clients. And we're not doing that in a way that we want to make them feel guilty or shameful that they didn't have these things. It's very common. Like we would be shocked, right, to come into a client and find that everything is in place. We might be out of business if that happened. It never happens. And it's no way shameful. Sometimes it's just they didn't know better or they thought what they were doing was enough, right? They thought that the way maybe they had, like in California, they had meal waivers was enough, but we come to find out it's not, the form's not right, or, you know, whatever. So it's often that they were trying to do the right thing or they thought they had the right thing in place and it just didn't because they don't have that expertise that we have.

 

Marie

Yes, exactly. You have to get that risk map done first, right? So, okay, once you have your risk map, the next question is going to be sequencing. And really, this is where most HR people either freeze or try to do everything at once. And really, neither of these actually work. When I think, and I'm coming from experience because when I started doing audits, I would get very overwhelmed at what I would find, and it would be really difficult for me to sit down and create project plans around how to attack everything. I've also been in that spot that Sabrina talked about where I find something so critical that I just change it and then completely get swept away for weeks at a time only to remember the audit has to be finished or there are other things to map out while I'm like in the shower getting ready for work. So compliance first. This is not a priority decision. It is a now decision. So if something has a legal exposure attached to it, things like a misclassification, missing I-9s, wage and hour issues, maybe there are required postings that aren't posted or available online to your employees. It doesn't go on a prioritized list. It goes on today's list because legal risk does not wait for a convenient time. You know, it doesn't care that you're also trying to launch a new onboarding program or roll out a performance review cycle. It will cost you when it breaks regardless of what else is going on. So it's really important to pay attention to those things. Close the compliance gap first. Close the compliance gaps first. Everything else can wait.

Sabrina

Yeah. And I think, you know, again, I don't want to beat a dead horse here, but I'm going to a little bit because I think this is another reason why we say do it all at once. Sit down and just do your marks all at once and then do a readout. Go to your CEO or your founder or whoever is a person and tell them what you found. Tell them all of your findings and how you're prioritizing because this is what happens. I know this is what happens is that you come out of this audit and you have this long list of compliance things and you want to work on them because you know the compliance things need to be first. But then your CEO comes in and is like, "Hey, I think we need a new onboarding program," or "I think we need to do 360 reviews," right, which will always be my example. "I think we need to do something that you're not ready for because you have compliance issues and you have infrastructure issues and you're not ready to create those things." And so going through the whole audit and then doing a readout to your leader, whoever that appropriate person is, and saying, "These are the compliance issues. We're going to fix these first. And then we're going to get to these other things so that they will pause on asking you to do anything else until those compliance issues are fixed."

Marie

Yeah, exactly. This does make me think of a question. And so far, listeners who maybe caught last week's episode, Sabrina, as a CEO, when the HR person goes into that meeting to deliver results, is this a moment where HR folks should continue to strive to speak that language that CEOs need to kind of understand how risky these compliance issues are?

Sabrina

100%. And I think that, you know, you can put numbers to it. So it's really easy to look up what the EEOC or wage and hour or whatever charged in the previous year for sexual harassment claims. Let's say you don't have a sexual harassment policy. That's one of your compliance issues you find. Or you're not doing the training that's required by your state. It's really easy to see what was charged in the previous year. And so I would bring those numbers. And so I think it's definitely, you know, when you're doing that readout, talking about the huge risk that can happen, and not only financially, but reputation that small businesses can't afford to take. They can't afford to take a reputation hit. They can't afford to not be able to hire because people know that they had a wage and hour issue or whatever it is. So I think it's definitely one where you lay out the risks, and then that helps you explain why this is what I have to focus on first.

Marie

Good. Thanks. Okay, so let's keep rolling. So once compliance is handled, you prioritize by what breaks most visibly and most expensively. So if your onboarding process is creating confusion and slowing down new hires, that's upstream of a lot of other problems, right? Slow onboarding affects time to productivity, which affects manager bandwidth, which affects team performance. Fix the source here, not the symptoms. If you don't have job descriptions, that's affecting your recruiting conversations, your performance management, your compensation discussions, and your ability to hold anyone accountable for anything. So those are examples of one gap with multiple downstream problems, and that goes near the top of the list. The question to ask for every item on your risk map is going to be, "If this breaks, what else breaks with it?" And that question is going to assist in reordering almost every single list that you can create. For the person listening who inherited a mess, if you walked into a role and what you found was not what you were told it was, I want to talk to you specifically for just a second. You don't have to fix everything within the first 90 days. You don't have to pretend it's not there. What you do have to do is know what's there, communicate the highest risk to leadership clearly, and then have a sequence plan that shows you're on it. So a solid plan buys you time and credibility where silence doesn't. You know, leadership is not going to fill in the blanks in your favor. If they don't hear from you about the gaps, they're just going to assume either that you don't know about them or that you don't think they're worth raising. And neither one of those is a position that you actually want to be in. So it's so important that you know what you have, that you're able to name the risks, and you're able to make a plan. That's really going to be your first job in your first 90 days. Okay, so we've talked on the show before about the stabilized, streamlined build framework, and I want to connect it directly to this audit because they really do belong together. So the audit tells you which phase you're actually in, not which phase you want to be in. If you have active compliance gaps, you're in stabilized. You can't streamline what isn't stable yet. If you try, you're building on a foundation that's still moving. If compliance is solid, but your infrastructure is duct tape and spreadsheets, you're definitely going to be in streamline. You're not ready for strategy work yet, but you are getting close. And then if the foundation is solid and the infrastructure is working, you're already ready to build. This is when the strategy conversation actually makes sense and when it'll actually stick. The audit tells you where you are, and the framework tells you what comes next.

Sabrina

Okay, so here's what I see happening again, I think, is that new HR people might come into a mix. They might come into a new organization, and they want to start with the culture and the engagement and the high strategic stuff, high strategy stuff that feels more fun and feels like it's going to move a needle. But then on the back end, if their compliance and their infrastructure is not in place, then no one believes them about that other stuff. No one wants to participate in culture and engagement initiatives when their paychecks are always wrong, when their benefits are always messed up, when they can't get information that they need, when no one seems to know how they should request and process a leave of absence. So that's why the sequencing of this is so important and why it's super important that you get the compliance stuff done right, not just from, again, a revenue issue or a potential lawsuit issue, but from a credibility issue. You know, this is why when we talk about the five things that build capacity in an HR person, get the back of your house in order is the first thing we say because that compliance piece, no one trusts you to handle the fun stuff, the strategic stuff, when you've got the tactical stuff that's an absolute mess.

 

Marie

Yes, exactly. So with that, I do want to talk about next what built on purpose actually looks like because it doesn't mean perfect. It doesn't mean that every single policy has to be documented, every system is optimized, or every process being airtight. Like that's not 100% what we're going for here. But instead, built on purpose means intentional. It means your HR function knows what it has, knows what it's missing, and has a plan that sequences the work in an order. You know, that makes sense for where the business actually is or where it's trying to go.

Sabrina

You know, if we look at that client that you were talking about earlier that we came into really just in January, we started an audit, and I know we've talked about them before on the podcast because the difference in where they are today versus where they were when they came to us. It's such a different vibe. It's such a different experience for employees and for leaders and for us as HR people to have it this structured when we walk in because I'm sure you remember the day when we weren't this structured in what we did and how we onboarded clients. And we did kind of let them come in and pour a mess on our lap and just start trying to figure it out. And the difference in us coming in and being this intentional about the way that we design HR, it not only affects the client, like they're happy and they love it, but it does us too.

Marie

I also just want to bring back up something you said earlier about how the audit leads to a strategic map. And so if you are in HR, especially if you're new in HR or if you are, you know, stepping into a leadership role for the first time and taking over an HR department, do the audit, and then the next year is planned out for you right then and there. And it just sets you up for success. So listeners, wherever you are starting from, whether you're building from scratch, rebuilding what you inherited, or just finally taking an honest look at what you have, the starting point is going to be the same. Sit down and get honest about what's there. Use the three pillars to organize what you're looking at. Sequence the work by risk. It doesn't have to be a complicated system. It wasn't built that way. It's just helping you do everything you need to do on purpose.

Sabrina

You know, I wonder if this is a relief or a letdown. The idea that the way you start to build HR intentionally is through an audit. I don't know if that's like a relief to people that it's simpler. Like an audit is a very defined thing. In my mind, it kind of makes it easier than this very aspirational, like intentional HR. What the heck does that mean and how do I do that? Luckily for our listeners, we are absolutely more than willing to share everything that we have with you. And so on our website is our HR audit checklist. So you are going to be able to see exactly what we're talking about. All of the things that we measure, you're going to see HR compliance infrastructure strategy pieces on there. You're going to have your three columns around whether it's in place, needs to be reviewed, or needs to be created. And this is the actual document we use. So this is not something that we're just giving you. This is literally what Marie just went through with a client and did a readout from and created their risk map and then their future roadmap for the projects they're going to be working on. So we actually have that document. We're going to link it in the show notes, but it is on our website along with other resources available to you. So while you're there, certainly click around and see what other resources might be helpful to you. As always, we would love to hear from you. So you can connect with Marie or I on LinkedIn. Our LinkedIn profiles will also be in the show notes. We are currently looking for guests. So if you are in the trenches, so you are somebody managing HR in a 1 to 500, I don't care what your title is. I don't care if you are actually the marketing manager who got stuck with HR. I don't care if you're an HR department of one, HR director, whatever your title is. If you are managing human resources in a 1 to 500, then we want to have you as a guest on the podcast. We're booking out through the rest of this year because we want to hear from other people that are actually doing this work than just us all the time. And so those will be episodes with Marie, which I think will be really fun. If you're not subscribed, please do so. Obviously, every single week we are bringing you tips and tricks from us being in the trenches. When I say us, I really mean Marie and the rest of the team, but being in the trenches with clients and things that we have learned and done over the last 15 years. Anything else? Did I forget? Did I get everything there?

Marie

I think you got it all.

Sabrina

All right. Awesome.

Marie

Thanks, everyone, for being here. We'll see you next time.

Sabrina

Yep. See you next time.