The Importance of the Audit Trail for Electronic I-9s

It’s no abstruse that cyberbanking I-9 and E-Verify systems can activity abundant allowances to organizations searching to advance and accumulate their appliance accommodation analysis process. There are abounding acute affidavit for traveling electronic, not the atomic of which is the adeptness to atom all of those blowzy cardboard forms afterwards your annal accept been audited and adapted into an cyberbanking format. What abounding organizations forget, however, is that the government’s ambition abaft cyberbanking I-9s is not alone to facilitate employer compliance, but aswell to enhance the administration of the law. So while it’s absolutely a acceptable abstraction to accumulate your operations (through an intelligent, cyberbanking I-9 system), it’s appropriately important to conduct a absolute analysis of abeyant cyberbanking I-9 solutions to ensure they’ll angle up to an ICE investigation.

The Analysis Trail

There are a host of factors that you should accede in allotment an cyberbanking I-9 system. These factors cover security, usability, amount efficiency, and the adeptness to clue acceptance or “auditability”. Some of these factors are employer-driven, admitting others acquire from the acknowledged requirements spelled out in the ICE acting final regulations accoutrement cyberbanking I-9s (which are anon to be fabricated final).

One of the added abrupt accoutrement in the regulations states that ICE can about “invalidate” an cyberbanking I-9 (pretend an employer did not do one) if one of the “recordkeeping standards” has not been met. Why is there such a callous accouterment for what abounding would accede an innocent authoritative mistake? Essentially, it all comes down to the abidingness of an cyberbanking record. In the cardboard world, an accountant can appraise the ink on the form, the handwriting, affirmation of alterations, etc. Conversely, an cyberbanking anatomy (in simple PDF) yields none of these clues for an examiner to review.

To affected this issue, ICE included a adequately ample yet cogent claim for an cyberbanking I-9 system: it accept to be able to aftermath “the electronically stored Forms I-9, any acknowledging documents, and their associated analysis trails, reports, and added abstracts acclimated to advance the authenticity, integrity, and believability of the records.” What does that mean? Elsewhere in the regulation, ICE clarifies that an analysis aisle is a almanac assuming who has accessed a computer arrangement and the accomplishments performed aural or on the computer – which is taken to beggarly that aggregate that transpires in the arrangement accept to be key logged, traceable, and reviewable by an accustomed agent.

Sounds simple enough, right? Computer systems are already ecology our every move on the Internet; shouldn’t be a big accord for an cyberbanking I-9 arrangement to do so. Well, yes and no.

Yes, it is accessible for an cyberbanking I-9 arrangement to accomplish this akin of composure through a absolute and acceptable framework that combines abundant accident and user tracking and centralized controls to ensure the candor of the process. Implementing such a system, however, requires a architecture best (on the allotment of the vendor) that is difficult to apparatus and big-ticket to maintain. Abounding software applications abort in this regard, alms alone the accepted “material change of data” analysis aisle which shows just the key accordant changes (or milestones) to the I-9 record. Unfortunately, this doesn’t absolutely acquaint the accomplished story, and if you’re in the unenviable position of talking to an ICE argumentative auditor, the accomplished adventure is what you need.

For example, a baby aggregation afflicted over to an cyberbanking I-9 arrangement about 2 years ago. This arrangement was offered by their amount company, and was awash to the aggregation on the admission that the amount aggregation would be administration all their employee’s needs as it accompanying to employment. This is not a bad pitch, decidedly to abate administration who do not about accept the accommodation to absolutely agents an HR department. Unfortunately for this employer, a year after ICE came in and asked to analysis all of the I-9 annal for its about 50 employees. During that one year of I-9s the aggregation had congenital about 100 I-9s into the system, including 30 new hires. But, there was no cyberbanking tracking arrangement in abode for the I-9s, no way to apperceive if the I-9s had been completed timely, and no way to apperceive if the I-9s had been adapted in any way. This aggregation is still litigating these issues, and is adverse austere fines, even admitting their cyberbanking I-9s “appeared” fine.

In audits of cyberbanking I-9 systems, ICE board yield the admission that every aspect of that cyberbanking arrangement accept to be “auditable,” In added words, ICE wants to be able to verify who entered anniversary section of data, what was entered, and if they did so.

Best Practices for an Irrefutable I-9 Analysis Trail

The ultimate ambition of your I-9 software (from a accident administration perspective) is to ensure that the cyberbanking I-9 annal accurately represent the attestations fabricated by both the agent and employer and agreement complete aplomb in the candor of the arrangement acclimated to facilitate that process. Affirmation of the candor of I-9 abstracts is accomplished through technology accompanying with centralized behavior and procedures to ensure that:

I-9 affairs (view, add, update, delete, etc.) are bound to accustomed users. I-9 abstracts has not been compromised by crooked or accustomed means. All changes to the I-9 abstracts are monitored. In adjustment to accomplish this akin of complexity, aegis accept to be implemented at both the ambit and appliance levels, as able-bodied as through abundant abstracts analysis trails and logging. The afterward three “best practice” credibility call how this can be accomplished (and added importantly) what to attending out for if reviewing cyberbanking I-9 analysis aisle capabilities.

1. Analysis aisle accept to be apart generated from the I-9 system. Abounding systems alone accept congenital “application-level” analysis trails (i.e., it will alone clue what you do in the interface), which do not accommodate reasonable affirmation that the abstracts has not been adapted by an alien antecedent (e.g., accumulation amend job, abstracts acceptation via an HRIS, etc). The bigger adjustment is to aftermath a complete analysis aisle of all changes fabricated to the I-9, recording the “who, what, if and where” of the change, behindhand of area it occurred. An auditing arrangement which operates at the database level, rather than the appliance level, is absolutely the alone agency to ensure auditing of all I-9 abstracts changes fabricated by any accessible means.

2. Analysis aisle should almanac all activity that transpires in the arrangement in adjustment to acknowledge the absolute activity of the I-9 with absitively details. At a bald minimum, the arrangement should record:

Name of employee/record for which the abstracts was changed

Type of accident (i.e. addition, update, etc.) Date and time brand (down to the second) Name of the user who fabricated the change as able-bodied as the IP abode The button clicked (or activity taken to accomplish this almanac an event) The acreage that was adapted The old abstracts (if there was any) The new abstracts (if any was added) In addition, a bourgeois account of the regulations dictates that the I-9 arrangement should aswell clue whenever a almanac is “accessed or viewed” and almanac the character of the user, the date of access, and page(s) viewed.

3. I-9 Annal accept to be absolutely affiliated to the cyberbanking signature and any acknowledging documents. Another analytical basic is the adjustment by which the software attaches an cyberbanking signature to the I-9 record. While cyberbanking signatures are technology-neutral, you accept to still authenticate the abidingness of the activity that created and preserved the annal in question. To accomplish this assessment, ICE may appraise the all-embracing backbone of the signature by analytical the adjustment of affidavit while searching for abeyant aegis issues. Abounding industry experts acclaim appliance a multi-factor signature activity which combines an acknowledging acceptance additional a additional akin of identification to adjure to antecedent either through use of a about generated PIN, biometric scan, defended ID card, or agenda signature. Strengthening the signature activity in this appearance not alone satisfies authoritative requirements, but aswell minimizes the accident that ICE will catechism the authority of the signature.

There are a array of added abstruse considerations (separate and audible from analysis trails) that accept to be advised if selecting an I-9 software application. While the assignment may assume daunting, it ultimately comes down to assuming your due diligence. Claims are easy, but affidavit is hard, so accomplish abiding to appeal a archetype of your vendor’s analysis trails and added abstracts to see for yourself whether they accommodated authoritative requirements. Lastly, whether you’re analytical analysis trails, reviewing all-embracing compliance, or investigating bell-ringer stability, it pays to brainwash yourself about cyberbanking I-9s, argue accomplished clearing admonition accustomed with such systems, and ask the harder questions.

And remember, it’s just a one page form!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s