Most PEO contracts describe co-employment in broad strokes. They’ll tell you the PEO is the employer of record for payroll and tax purposes, that the client retains control over day-to-day operations, and that both parties share certain employer obligations. What they won’t tell you is who handles the unemployment claim when a terminated employee files in a state you just expanded into three months ago, or who owns the OSHA 300 log when an incident happens at your facility.
That gap between what the contract says and what actually happens is where liability lives. A shared responsibility matrix is the tool that closes it. It maps every meaningful HR function to either the PEO, your company, or both, and it documents not just who’s supposed to do something but who decides, who executes, and who absorbs the consequences if it goes wrong.
This isn’t a compliance checkbox exercise. It’s the difference between running a co-employment relationship with clarity and running it on assumptions. And assumptions in HR, especially across payroll, terminations, and multi-state compliance, have a way of becoming expensive problems at the worst possible moments.
Why Co-Employment Creates Ownership Confusion by Default
Co-employment splits employer duties between two legal entities, but the split isn’t clean. The PEO and the client company each hold different pieces of the employer relationship simultaneously, and the exact division depends heavily on context. For payroll tax purposes, a certified PEO (CPEO) may be the employer of record. For OSHA purposes, the company controlling the worksite typically bears primary responsibility. For EEOC claims, both entities can be named as employers depending on who exercised control over the employment decision.
This isn’t a technicality. It’s the fundamental structure of co-employment, and it means you can be the employer for one legal purpose and not another at the same time. The IRS applies common-law rules and economic reality tests to determine employer status for tax functions. OSHA looks at worksite control and day-to-day supervision. State agencies often have their own standards entirely. Your PEO contract doesn’t reconcile all of this. It can’t, because the answer changes depending on which agency is asking the question.
What makes this operationally dangerous is the assumption pattern it creates. The PEO assumes the client is handling anything that touches day-to-day management. The client assumes the PEO is handling anything that looks like compliance. The gray areas, which include onboarding documentation for remote hires in new states, responding to unemployment claims, maintaining OSHA injury logs, and managing ADA accommodation requests, fall into the space between those assumptions.
PEO client service agreements (CSAs) define broad responsibility categories but leave significant interpretation gaps. They’ll say the PEO handles payroll processing and the client retains control over hiring decisions, but they rarely address what happens when a hiring decision triggers a disparate impact claim, or who owns the response when a state auditor asks for new hire reporting records from eighteen months ago. Understanding what your PEO service agreement actually covers is a critical first step.
Without a documented matrix that goes beyond the CSA, both sides operate on assumptions about edge cases. Audits, claims, and lawsuits are precisely the moments when those assumptions get tested, and tested hard. Building the matrix before something goes wrong is the only version of this that actually protects you.
What a Shared Responsibility Matrix Actually Covers
A well-built matrix organizes HR functions into clear categories and assigns each one to the PEO, the client, or both. The categories that matter most in practice are: payroll processing and tax filings, benefits administration and plan compliance, workers’ compensation claims and safety programs, hiring and termination decisions, regulatory filings and reporting, and employee relations including investigations and accommodations.
For each category, there are three possible ownership assignments. PEO-owned means the PEO initiates, executes, and bears primary liability. Client-owned means your company does all of that. Shared means both parties have some role, and this is where most problems live.
Shared responsibility sounds reasonable on paper. In practice, it means neither side is tracking the task proactively. When a function is shared, it needs to be broken down further: who initiates the action, who approves it, who executes it, and who absorbs the liability if it’s done incorrectly or not at all. That four-part breakdown is borrowed from RACI frameworks used in project management, adapted here for HR function ownership. Building a clear PEO legal responsibility matrix requires exactly this level of specificity.
Take benefits administration as an example. The PEO may own plan selection and carrier relationships. You may own employee enrollment decisions and communication. But who owns the notice requirements under ERISA? Who handles the COBRA election notice if an employee is terminated? Who tracks the ACA reporting deadlines for your headcount tier? Each of those is a separate task with its own liability consequence, and “benefits administration” as a single category doesn’t answer any of them.
The matrix should also document what happens when something goes wrong in each category. Not as a legal exercise, but as a practical risk calibration. If payroll tax filings are PEO-owned and a filing is late, does the PEO absorb the penalty? Your CSA may say yes in principle, but the matrix should confirm it and note any conditions that shift liability back to you. If workers’ comp claims management is shared, and a claim is mishandled, the matrix should document who had final decision authority and what the escalation path looked like.
This level of documentation feels like overkill until you need it. Then it’s the only thing that keeps a manageable problem from becoming a costly one.
The Gray Zones That Create the Most Exposure
Termination decisions are the single biggest gray area in most co-employment relationships. The standard arrangement is that the PEO advises and the client decides. That’s reasonable in principle. The problem is that when a termination triggers a wrongful discharge claim, a retaliation allegation, or a discrimination complaint, both entities can be named as defendants regardless of who technically made the call.
The matrix needs to document the approval chain clearly: who recommended the termination, who approved it, what documentation was reviewed, and whether the PEO’s HR team signed off. That documentation doesn’t eliminate risk, but it creates a defensible record of process. Without it, you have two entities pointing at each other during a claim, which is the worst possible outcome for both. Understanding the full scope of PEO regulatory enforcement risks makes this documentation even more critical.
State-specific compliance is the second major gray zone. Many PEOs handle “compliance” broadly, meaning they track federal requirements and major state-level employment laws. What they often don’t track proactively are local ordinances: city-level paid sick leave laws, county wage theft statutes, pay transparency requirements that vary by municipality. If your company has employees in several states and a handful of major cities, the compliance surface area is larger than most PEOs actively monitor.
This isn’t necessarily a failure on the PEO’s part. It may simply reflect the scope of what they contracted to cover. The problem is that clients often assume “compliance” means all compliance, everywhere their employees work. The matrix forces that assumption into the open. Either the PEO explicitly covers jurisdiction-specific local ordinances, or they don’t, and you need to know which it is before a city auditor shows up.
Workplace safety and OSHA recordkeeping is the third major gray zone, and it varies more by PEO than almost any other function. Some PEOs take genuine ownership of safety programs: they conduct site assessments, maintain the OSHA 300 log, manage incident investigations, and handle regulatory responses. Others provide templates, training resources, and general guidance, then leave enforcement and day-to-day implementation entirely to the client. Knowing how PEO workers compensation management actually works in practice helps clarify these boundaries.
Both models exist, and neither is inherently wrong. But the matrix must reflect the actual arrangement, not the version described in the sales deck. If your PEO provides a safety program template but your operations manager is the one actually maintaining the 300 log and managing incident reporting, the client owns that function in practice, regardless of what the contract implies. That operational reality needs to be documented.
Building the Matrix: Start With What You Already Have
The starting point is your actual PEO client service agreement. Pull it out and read it with a highlighter. Mark every section that assigns responsibility to either party, and separately note every HR function your company performs day-to-day. Then cross-reference the two lists: which functions does the contract address, and which ones does it leave unaddressed or ambiguous?
The functions the contract doesn’t clearly address are your first priority. Those are the gaps where assumptions have been filling in for however long you’ve been with the PEO.
For each HR function, build a four-column structure. The first column is the task itself, described specifically enough to be actionable. Not “payroll” but “quarterly payroll tax filings to state agencies.” Not “compliance” but “new hire reporting to state workforce agencies within required timeframes.” The second column is who owns it per the contract. The third column is who actually does it today in practice. The fourth column is the liability consequence if it’s done incorrectly or not done at all. Understanding PEO responsibility for payroll tax penalties is essential when filling in that fourth column.
The gap between columns two and three is where your risk lives. If the contract says the PEO owns new hire reporting but your HR coordinator is actually the one submitting those reports, you have a misalignment. Either the PEO should be doing it and isn’t, or the contract doesn’t reflect the actual operating model. Either way, it needs to be resolved explicitly.
Once you’ve built the draft, schedule a working session with your PEO account manager and walk through it together. The goal isn’t to be adversarial. It’s to get explicit confirmation on gray areas, in writing, so that both sides have the same understanding. Ask directly: “For this function, if it’s done incorrectly, who absorbs the liability?” If the answer is unclear or hedged, that’s the answer, and it tells you something important about where you need to either build internal capacity or renegotiate scope.
Update the matrix annually as a minimum. Any time you expand into a new state, add a significant number of employees, or change your operating model, the matrix should be revisited. Incorporating the matrix into your PEO internal audit process ensures it stays current and actionable.
How Your Operating Reality Shapes the Matrix
A 15-person single-state company and a 200-person company operating across eight states need fundamentally different matrices. This isn’t just about scale. It’s about the compliance surface area each company faces and how much of it the PEO is realistically covering.
Multi-state operations push more compliance burden onto the client unless the PEO explicitly covers jurisdiction-specific requirements in your agreement. State unemployment insurance rates, paid family leave programs, state-specific final pay timing rules, and local sick leave ordinances all vary. Some PEOs have deep compliance infrastructure across all fifty states. Others are stronger in certain regions. The matrix forces you to document which jurisdictions the PEO actively monitors versus which ones you’re responsible for tracking yourself.
Industry matters in ways that are easy to underestimate. A construction company or a manufacturer needs granular workers’ comp and safety responsibility assignments. Who owns the safety program, who maintains the OSHA 300 log, who manages incident investigations, who handles regulatory inspections: these are high-stakes questions in high-risk industries. A professional services firm can largely set those sections aside and focus more heavily on employee relations, non-compete enforceability, and state-specific wage and hour compliance.
The matrix should reflect the actual regulatory weight your industry carries, not a generic HR function list. If your company is in healthcare, staffing, or any other sector with sector-specific employment regulations, those need their own rows in the matrix with explicit ownership assignments.
Companies with an in-house HR person or team add another layer of complexity. The matrix needs to clearly delineate where internal HR authority ends and PEO authority begins. Without that boundary, you get duplicated effort at best and conflicting guidance to employees at worst. An employee gets two different answers about their FMLA eligibility from your HR manager and the PEO’s HR line. That’s a real operational problem, and it’s entirely preventable with a clear matrix that defines who is the primary point of contact for specific question types. A practical guide on using a PEO with an internal HR department can help you set those boundaries.
Using the Matrix to Evaluate Providers Before You Sign
The matrix isn’t just a management tool for your current PEO relationship. It’s one of the most useful evaluation instruments you can bring to a PEO selection process.
When you’re comparing providers, send your draft matrix to each prospective PEO and ask them to fill in their column. Ask them to specify, for each function, whether they own it, you own it, or it’s shared, and if shared, how they define their role. The differences in what each provider is willing to own versus push back to the client reveal more about actual service depth than any sales presentation will. Comparing top PEO providers side by side using this approach gives you far more useful data than feature lists alone.
A provider that takes clear ownership of high-risk functions, including compliance monitoring across your operating states, claims management, regulatory filings, and workplace investigations, may justify a higher per-employee cost. They’re absorbing more liability. That reframes the pricing conversation from “which PEO is cheaper” to “which PEO is actually taking on more of my risk.” Those are very different questions with very different answers.
Post-implementation, the matrix becomes an accountability document. If your PEO claimed ownership of a function during the sales process and consistently underdelivers on it in practice, the documented matrix gives you specific, concrete leverage. You’re not arguing about general service quality. You’re pointing to a specific function, a specific ownership assignment they agreed to, and a documented pattern of non-performance. That’s a much stronger position for renegotiation, and a much cleaner basis for exit if it comes to that.
The Bottom Line on Ownership Clarity
The “I thought you were handling that” moment is one of the most expensive moments in a co-employment relationship. It usually surfaces during an audit, a claim, or a regulatory inquiry, when the cost of the gap is highest and the ability to fix it quickly is lowest.
A shared responsibility matrix doesn’t prevent every HR problem. What it does is eliminate the ambiguity that turns manageable problems into costly ones. It forces both parties to be explicit about who owns what, documents the operational reality rather than the contract ideal, and creates an accountability structure that holds up when something goes wrong.
Start with your existing CSA. Build the matrix against your actual operations. Get your PEO to confirm gray areas in writing. Update it when your business changes. Use it to evaluate new providers with the same rigor you’d apply to any other vendor relationship.
If you’re approaching a PEO renewal and haven’t done this work yet, now is the time. Responsibility gaps compound over time, and the cost of clarity upfront is a fraction of the cost of discovering a gap mid-audit. Use the matrix as both a risk management tool and a provider accountability document, and make sure the PEO you’re paying is actually earning what you’re paying them.
Don’t auto-renew. Make an informed, confident decision. Before you sign anything, make sure you know exactly what your PEO owns, what you own, and whether the pricing reflects the actual risk transfer you’re getting.
