← All articles · Compliance · 8 min read
Most small business owners don’t wake up worrying about HR compliance — until something goes wrong. After 15+ years auditing small and mid-sized employers across nearly every industry, the same ten mistakes show up again and again. None of them are exotic. None of them require a law degree to fix. But each one is a quiet bet against your business that you may not realize you’re making.
Here’s what I see most often, why it matters, and what it costs when it goes wrong.
This is the most common — and most expensive — mistake I find. A business has someone working set hours, using company equipment, doing work that’s core to the business, and they’re paying them as a 1099 because it’s “simpler.”
Federal and state agencies don’t care about “simpler.” The IRS, DOL, and many states (Wisconsin, California, and Massachusetts especially) apply strict tests, and a misclassified worker almost always loses on those tests in hindsight. Consequences: back payroll taxes, penalties, interest, and potential class actions if you have multiple misclassified workers. A single misclassification can run $5,000–$50,000+ once everyone’s done counting.
Anything medical — FMLA paperwork, ADA accommodation requests, doctor’s notes, workers’ comp claims, health insurance forms — must be stored separately from the employee’s general personnel file. Same goes for I-9s.
I find this in nearly every audit of a business that hasn’t been audited before. It usually happens because the person doing HR also opens the mail, and everything gets tucked into one folder. Consequences: ADA and HIPAA exposure, and if a discrimination claim ever arises, plaintiff’s counsel will use it to argue the company had access to protected health information when making employment decisions. The fix is simple: separate folders, separate access.
Every employer is required to complete an I-9 for every employee hired since 1986. Sounds basic, but the I-9 is the single most common compliance failure I see. Forms get filled out incompletely, the wrong version of the form is used, supporting document sections are blank, or the form was never created at all for early hires.
Consequences: Civil penalties range from $250 to $2,789 per violation, per employee, even for paperwork errors with no intent to hire unauthorized workers. ICE audits are real, and they’re selective — small businesses get caught up regularly because the agency wants high-volume, low-resistance wins. A clean I-9 binder is one of the cheapest forms of insurance you can buy.
This one comes from the most stubborn HR myth in small business: if I pay someone a salary, they’re exempt from overtime. Not true. To be exempt, a role has to pass both the salary basis test ($684/week federal minimum, higher in some states) AND a duties test that varies by exemption category (executive, administrative, professional, computer, outside sales).
The roles I see misclassified most often: office managers, assistant store managers, “coordinator” positions, and inside sales reps. They get paid a flat salary, work 50+ hour weeks, and are technically owed overtime that the company never paid. Consequences: Up to two years of back overtime (three if the violation is found to be willful), plus liquidated damages that double the amount owed, plus attorney’s fees. Six-figure exposure is common for businesses with even a handful of misclassified roles.
I open a lot of handbooks that were written in 2018 or 2019 and haven’t been touched since. Meanwhile, employment law has shifted dramatically — NLRB rulings on confidentiality and social media policies, expanded state paid leave laws, pay transparency requirements, marijuana use protections in many states, pregnant worker protections under the PWFA, and more.
The worst case isn’t that the handbook is missing something — it’s that the handbook actively contradicts current law. Consequences: Unenforceable policies, NLRB unfair labor practice charges, employee complaints that gain teeth in court because the company’s own handbook proves bad practices were policy. An annual handbook review is genuinely cheap insurance.
In many small businesses, “discipline” consists of the owner pulling the employee aside and saying “shape up.” Sometimes that’s appropriate. But when termination time comes, the lack of documented progressive discipline is the single biggest gift you can give a plaintiff’s attorney.
The fix isn’t complicated: a written progressive discipline policy (verbal warning, written warning, final written warning, termination), and documentation at each step. Consequences: Without it, wrongful termination claims and unemployment battles become much harder to win, and EEOC charges find more traction. With it, you have a defensible paper trail showing that the employee was treated fairly and given a chance to correct course.
The required posters (FLSA, EEOC, OSHA, FMLA, state-specific minimum wage and rights) seem like the most boring compliance item in HR. They’re also the easiest to get wrong, and they’re the first thing a regulator looks at when they walk in the door.
I find this issue in about 90% of first-time audits. Posters from 2019 are still up; the current state minimum wage isn’t posted; remote employees never received the required electronic notices. Consequences: Per-poster fines are modest ($100–$1,000 typically), but missing postings undermine every other compliance defense and signal to regulators that other things probably aren’t buttoned up. Don’t skip this.
The ADA applies to employers with 15 or more employees. Many small businesses don’t realize they’ve crossed that threshold, or they don’t have a process for when an employee asks for an accommodation (a quieter workspace, flexible hours for a medical condition, modified duties after an injury).
The ADA requires an interactive process — documented back-and-forth with the employee about what they need and what the company can reasonably provide. Most small businesses skip the documentation entirely, even when they handle the accommodation well in practice. Consequences: EEOC charges, ADA lawsuits, and settlements that easily exceed the cost of having a documented process in the first place. The interactive process isn’t scary; it’s just talking, in writing, with the employee.
Terminations are emotional moments. Paperwork gets done later, or not at all. Final pay rules vary dramatically by state — some require final pay on the last day of employment, some allow until the next regular payday, and the rules differ for resignations vs. terminations.
The states where this gets ugly fastest: California, Massachusetts, Illinois, New York. Wisconsin is more forgiving but still has rules. Consequences: Final pay violations carry per-day penalties in many states. Combined with poor termination documentation, the result is a wrongful termination defense that’s harder to win, an unemployment claim that’s harder to contest, and an angry former employee with leverage you didn’t intend to give them.
The remote work boom of 2020–2022 created a problem most small businesses still haven’t addressed: employees living in states other than where the business is headquartered. Each one of those employees creates compliance obligations in their home state — state tax withholding, unemployment insurance, workers’ comp, minimum wage, paid leave laws, final pay rules, and posting requirements.
I’ve audited companies with employees in eight states who’d only registered in one. Consequences: Tax penalties, state agency back-payments, exposure to wage-and-hour claims under more aggressive state laws (especially California, New York, and Massachusetts), and the discovery that your handbook’s “all employees” policies might actually only be compliant in your home state. If you have remote workers anywhere outside your home state, this is the single most important area to audit.
Most of these are fixable with documented processes, current policy language, and a clear-eyed look at what you actually have on file. That’s exactly what an HR compliance audit does: surfaces the gaps before someone else does, with a roadmap to close them.
HR Audit Co. offers flat-fee audits starting at $997 for businesses with 1–10 employees, scaling up to comprehensive audits for businesses with 51–150 employees. Most clients go from “I don’t know what I don’t know” to “I know exactly where I stand” in 7 business days.
Seven days from intake to findings — with the documents and support to fix what matters.