← Back to blog

HR audit and compliance in Sri Lanka: the ultimate checklist

2025-09-25Teametix Editorial
HR audit and compliance in Sri Lanka: the ultimate checklist

Why audit now? Regulatory expectations evolve, teams churn, and spreadsheets drift. A structured HR audit helps you surface risks early, standardize data flows, and prevent compliance issues before the next payroll cycle. The most effective audits are lightweight but regular—quarterly is ideal—so your team can fix problems incrementally rather than scramble during year‑end.

Scope and ownership. Define what your audit covers: contracts and files, payroll configuration, EPF/ETF treatment, attendance integrity, leave policy enforcement, grievance logs, and data protection controls. Assign an owner for each domain—HR operations, finance/payroll, IT/security—and set a two‑week window to collect evidence and close actions.

Contracts and files. Confirm every employee has a signed offer letter, job description, confidentiality and IP clauses, and any role‑specific addenda. For fixed‑term contracts, verify end dates and renewal triggers. For contractors, check scopes, payment terms, and that they are not misclassified employees. Store documents centrally with access logs.

Payroll configuration. Reconcile gross‑to‑net formulas, tax tables, and the exact EPF/ETF contribution base. Validate the ‘contributory map’ for each earning type and confirm rates with effective dates. Spot‑check payslips across departments for correctness and timing. Ensure maker‑checker approvals exist for back pay, ad‑hoc allowances, and terminations.

Attendance and leave integrity. Compare device logs, approved requests, and self‑declarations. Investigate unapproved absences and edge cases: half‑days, overtime rounding, night shifts, and shifts crossing midnight. Ensure the attendance policy in your handbook matches what the system actually enforces.

Statutory compliance. Validate EPF/ETF categories, employer/employee splits, and remittance timelines. Keep a calendar of statutory filings and designate backups to avoid single‑point failures. Archive submission receipts and payment proofs in a searchable repository.

Data protection and access. Implement role‑based permissions in your HR system. Review who can view medical data, salary, and performance notes. Ensure offboarding triggers promptly remove access for leavers. Enforce MFA for admins and audit API keys and integrations.

Health metrics and reporting. Produce a monthly pack: headcount movement, leave balances and utilization, OT, attendance anomalies, and payroll exceptions. Add a trend view to catch drift early. Present highlights to leadership with a simple red/amber/green status.

Incident handling. Maintain a register of grievances, disciplinary actions, and terminations. Check that procedures were followed, notes are complete, and timelines met. Use patterns to improve training and policy clarity, not just to close files.

Remediation and SOPs. Convert findings into tickets with owners and deadlines. Update SOPs with the new standard, and train the team. Keep changes small but steady—automation and clearer workflows beat heroic manual cleanups.

Outcome. A disciplined quarterly audit reduces surprises, accelerates payroll close, and builds trust with employees and regulators. Over time, it transforms HR from a reactive function to a reliable operating system for the company.

HR AuditComplianceSri LankaPolicy