Most business owners sign PEO contracts assuming the co-employment arrangement automatically shields them from liability. It doesn’t. The shared employer relationship creates a complex web of responsibilities where gaps in documentation, unclear handoff points, and misaligned practices can leave your company exposed—sometimes without you realizing it until a lawsuit lands.
A legal risk audit isn’t about distrust. It’s about understanding exactly where your responsibilities begin and end, and whether your PEO is actually delivering the compliance protection you’re paying for.
This checklist focuses on the audit areas that matter most: the ones where real liability hides and where most businesses never think to look.
1. Co-Employment Agreement Liability Language
The Challenge It Solves
The biggest misconception about PEO relationships is that co-employment automatically transfers all employment liability to the PEO. It doesn’t. Your contract determines who’s responsible when things go wrong—discrimination claims, wrongful termination suits, wage and hour violations. Many business owners discover this the hard way when they’re named in a lawsuit alongside their PEO and realize their agreement doesn’t provide the protection they assumed it did.
The Strategy Explained
Your co-employment agreement contains specific liability allocation clauses that determine who bears responsibility for different types of employment-related claims. These clauses are often buried in dense legal language, but they’re the most important part of your contract. You need to identify exactly what the PEO indemnifies you for, what remains your responsibility, and what falls into gray areas where liability could be shared or disputed.
Pay particular attention to indemnification language around employment practices liability. Some agreements only cover claims arising from the PEO’s direct actions or advice, leaving you exposed for decisions you make independently—even when those decisions involve employees technically co-employed by the PEO. Understanding PEO risk allocation between parties is essential before signing any agreement.
Implementation Steps
1. Request a clean copy of your current co-employment agreement and locate the liability allocation section—often titled “Indemnification,” “Liability,” or “Responsibilities of the Parties.”
2. Create a simple chart with three columns: “PEO Responsibility,” “Client Responsibility,” and “Unclear/Shared.” Map every employment-related risk category (discrimination, harassment, wrongful termination, wage violations, benefits administration, workers’ comp) into one of these columns based on your contract language.
3. For anything in the “Unclear/Shared” column, request written clarification from your PEO. Don’t accept verbal assurances. Get specific examples of how liability would be handled in real scenarios.
4. Have your employment attorney review the liability language, particularly if you operate in multiple states or have employees in high-risk categories (commissioned sales, independent contractors reclassified as employees, overtime-exempt positions).
Pro Tips
Watch for carve-outs in indemnification clauses. Some PEOs exclude coverage for claims arising from decisions made “against PEO advice” or “outside the scope of services.” These provisions can create significant gaps. If your PEO recommends against a termination but you proceed anyway, you may be on your own if that employee sues. Document all PEO advice and your decision-making rationale to protect yourself in these gray areas.
2. Workers’ Compensation Coverage Verification
The Challenge It Solves
Workers’ compensation seems straightforward in a PEO relationship—they handle the policy, you’re covered. But the details matter enormously. Who owns the experience modification rate? What happens to your claims history if you leave the PEO? Are all your employees actually covered under the policy, or are certain classifications excluded? These questions determine both your current protection and your future costs.
The Strategy Explained
Your PEO’s workers’ comp arrangement affects your liability exposure in ways that aren’t immediately obvious. In some structures, you’re covered under the PEO’s master policy with their EMR. In others, you maintain a separate EMR that follows you. The difference becomes critical if you leave the PEO or if your claims experience differs significantly from the PEO’s pooled rate. You need to verify that coverage is active, comprehensive, and structured in a way that protects your long-term interests.
Claims handling procedures matter just as much as coverage. When an employee gets injured, who files the claim? Who manages the return-to-work process? Where do disputes get resolved? Unclear handoffs in this process can delay treatment, increase costs, and create compliance violations. A thorough workers’ comp program evaluation should address all these questions.
Implementation Steps
1. Request a certificate of insurance showing current workers’ comp coverage. Verify that your company name appears on the certificate, the policy is active, and the coverage amount is appropriate for your payroll and risk classification.
2. Ask your PEO directly: “Do we have our own EMR, or are we pooled under your master policy?” If pooled, ask how your individual claims experience is tracked and whether you can obtain a claims history report if you leave the relationship.
3. Review the claims reporting process in writing. Who is the first point of contact when an injury occurs? What’s the timeline for reporting? Who manages medical treatment authorization? Who handles modified duty arrangements?
4. Check your employee classifications against the policy. Certain high-risk roles or out-of-state employees may require special endorsements. Misclassification can result in denied claims or significant premium adjustments later.
Pro Tips
Request a loss run report annually. This document shows all workers’ comp claims filed under the policy, their status, and costs incurred. Even if you’re under a PEO master policy, you should be able to get a report specific to your employees. This data becomes essential if you’re evaluating a PEO change or negotiating renewal terms. Some PEOs are reluctant to provide detailed loss runs—that reluctance is itself a red flag.
3. Employment Practice Documentation Ownership
The Challenge It Solves
When employment disputes arise, documentation determines outcomes. But in a PEO relationship, it’s often unclear who owns what records. Are employee files maintained by the PEO, by you, or split between both? Who controls handbook updates? Where do performance reviews live? If you need to produce documentation in a lawsuit or government audit, can you access it quickly? These questions become urgent when you’re facing a compliance deadline or legal discovery request.
The Strategy Explained
Documentation ownership in co-employment arrangements is rarely clean. The PEO typically maintains certain HR records—payroll history, benefits enrollment, some compliance forms. You maintain others—performance evaluations, disciplinary records, role-specific training. The problem is that most businesses never clearly define these boundaries, leading to gaps where critical documentation doesn’t exist or can’t be located when needed.
Your employee handbook presents a specific risk. Many PEOs provide a template handbook, but modifications to reflect your specific policies, state requirements, or operational practices may not be properly documented or legally reviewed. If your handbook contains outdated provisions or contradicts actual practice, it becomes evidence against you rather than protection. Understanding PEO audit trail requirements helps ensure proper documentation practices.
Implementation Steps
1. Create a documentation matrix listing every type of employment record (offer letters, I-9s, tax forms, benefits enrollment, performance reviews, disciplinary notices, termination documentation, handbook acknowledgments). For each category, identify who creates it, who stores it, and who can access it.
2. Audit a sample employee file. Pick three employees at random and attempt to compile their complete employment record. Can you access everything you’d need to defend against a wrongful termination claim? Are there gaps?
3. Review your current employee handbook. Compare it to your actual practices. Do the policies reflect reality? Has it been updated for recent state law changes (particularly leave laws, which change frequently)? Who made the last updates—you or the PEO?
4. Establish a clear protocol for documentation handoffs. When you conduct a performance review, does a copy go to the PEO’s file? When the PEO processes a benefits change, do you receive documentation? Gaps in this handoff process create liability exposure.
Pro Tips
Maintain your own shadow files for any employee you consider a potential legal risk—poor performers, employees with accommodation requests, anyone who’s raised complaints. Don’t rely solely on PEO systems for documentation that might be critical in a dispute. Store contemporaneous notes about conversations, decisions, and incidents. These records often matter more than formal documentation when reconstructing events during litigation. Your PEO won’t create these notes for you.
4. Multi-State Compliance Accountability
The Challenge It Solves
State employment laws vary dramatically, and the differences create real liability exposure. Sick leave mandates, family leave provisions, final paycheck timing, meal break requirements—each state has its own rules. When you have employees in multiple states, compliance complexity multiplies quickly. Your PEO should be managing this, but many business owners discover too late that their PEO either doesn’t operate in certain states or doesn’t actively monitor compliance in jurisdictions where they have just a few employees.
The Strategy Explained
Your PEO relationship should include clear accountability for state-specific compliance, but the reality is often messier. Some PEOs only guarantee compliance in states where they’re registered and actively operating. Others provide coverage in all 50 states but rely on you to flag when you hire in a new jurisdiction. The question isn’t whether your PEO can handle multi-state compliance—it’s whether they’re actually doing it for your specific employee locations.
Leave law compliance is where most problems surface. States like California, New York, Washington, and Colorado have complex leave requirements that go far beyond federal FMLA. If your PEO’s systems aren’t configured to track these state-specific entitlements, you’re exposed to claims even if you’re following the PEO’s guidance. Conducting a state employment law risk review before signing helps identify these gaps.
Implementation Steps
1. List every state where you currently have employees. Then ask your PEO directly: “Are you registered to operate as a PEO in each of these states?” Some states require specific PEO licensing or registration. If your PEO isn’t properly registered in a state where you have employees, that’s a significant compliance gap.
2. For each state, identify the three most significant employment law requirements that differ from federal standards (this usually includes leave laws, final paycheck timing, and meal/rest break rules). Ask your PEO how they ensure compliance with each one.
3. Test the system with a real scenario. Pick your most complex state and ask your PEO: “If we need to terminate an employee in [state] today, what’s the deadline for final paycheck, and what leave payout is required?” If they can’t answer immediately or need to research it, that’s a warning sign about their operational capability.
4. Review how new state requirements get communicated to you. When a state passes a new leave law or changes its overtime rules, does your PEO proactively notify you and update policies, or do you need to monitor changes yourself?
Pro Tips
Pay special attention to states where you have just one or two employees. These are the jurisdictions most likely to fall through the cracks in a PEO’s compliance monitoring. If you’re hiring remote workers in new states, establish a protocol with your PEO: you notify them before making an offer, they confirm they can support compliance in that state, and they document the state-specific requirements that apply. Don’t assume coverage exists just because your PEO operates nationally.
5. Benefits Administration Liability
The Challenge It Solves
Benefits administration in a PEO relationship involves complex legal responsibilities that most business owners don’t fully understand. ERISA fiduciary duties, ACA reporting requirements, COBRA administration, Section 125 plan compliance—these aren’t just administrative tasks. They’re legal obligations with significant penalty exposure if handled incorrectly. The question is whether your PEO is truly assuming these responsibilities or whether you retain liability even though they’re doing the administrative work.
The Strategy Explained
In most PEO arrangements, the PEO serves as the plan administrator for benefits, but fiduciary responsibility can be shared or remain partially with the client company depending on how the relationship is structured. This matters because ERISA fiduciary breaches can result in personal liability for company owners, not just corporate penalties. You need to understand exactly what role your PEO plays and what responsibilities you retain.
Enrollment errors and coverage gaps create immediate liability exposure. If an employee believes they enrolled in coverage but the PEO failed to process the election, who’s responsible for medical bills incurred during the gap? If ACA reporting contains errors that result in IRS penalties, does the PEO indemnify you? These scenarios happen more often than you’d expect, and the contract language determines who pays. Understanding benefits administration outsourcing helps clarify these responsibilities.
Implementation Steps
1. Request a copy of your benefits plan documents, including the Summary Plan Description (SPD). Verify that these documents accurately reflect the benefits you’re actually offering and that they’ve been provided to employees as required by ERISA.
2. Ask your PEO to clarify fiduciary roles in writing: “Under our agreement, who serves as the plan administrator? Who has fiduciary responsibility for plan management? What fiduciary duties, if any, remain with our company?”
3. Review the error correction process. Ask your PEO: “If an employee’s benefits enrollment is processed incorrectly, what’s the protocol for correction? Who bears financial responsibility for claims incurred during a coverage gap caused by administrative error?”
4. Audit ACA compliance specifically. If you’re an applicable large employer (50+ full-time equivalent employees), verify that 1095-C forms are being filed correctly and that affordability and minimum value calculations are accurate. Errors here result in IRS penalties that can be substantial.
Pro Tips
Request an annual benefits compliance audit from your PEO. This should include verification that all required notices have been distributed (Summary of Benefits and Coverage, COBRA notices, HIPAA privacy notices, Medicare Part D creditable coverage notices), that plan documents match actual practice, and that all regulatory filings are current. If your PEO can’t provide this audit or doesn’t perform it as standard practice, that’s a significant gap. Consider engaging a benefits attorney to review your arrangement independently, particularly if you’re in a high-penalty-risk category.
6. Termination Process Alignment
The Challenge It Solves
Terminations are the highest-risk employment action, and in a PEO relationship, they require careful coordination between your decision-making and the PEO’s execution. The handoff between these steps is where most problems occur. You decide to terminate an employee, but the PEO processes it incorrectly—wrong termination date, final paycheck delayed, COBRA notice not sent, benefits cut off prematurely. Each of these execution failures creates legal exposure, even though the termination decision itself was sound.
The Strategy Explained
The termination process in a co-employment arrangement involves multiple steps that must happen in a specific sequence with clear accountability. You make the decision and conduct the termination meeting. The PEO processes the final paycheck, terminates benefits, sends required notices, and handles unemployment claims. But if the handoff isn’t clearly defined and consistently followed, gaps emerge. Implementing wrongful termination risk mitigation strategies can help protect your business.
State-specific termination requirements make this more complex. Final paycheck timing varies by state—some require payment on the termination date, others allow until the next regular payday. Unused vacation payout requirements differ. If your PEO isn’t configured to handle these state-specific rules automatically, you’re relying on manual processes that are prone to error.
Implementation Steps
1. Document your current termination process step-by-step. Who makes the termination decision? Who reviews it for legal compliance? Who conducts the termination meeting? Who notifies the PEO? What’s the timeline between decision and execution?
2. Request a written termination checklist from your PEO that outlines their process: final paycheck calculation and delivery, benefits termination, COBRA notice mailing, unemployment claim handling, final documentation. Compare this to your internal process and identify any gaps or handoff points that aren’t clearly defined.
3. Test the process with a hypothetical scenario in your most complex state. Walk through each step with your PEO and verify that timing requirements, payout calculations, and notice obligations are handled correctly.
4. Establish a notification protocol. How much advance notice does your PEO need to process a termination correctly? What information must you provide (termination date, reason, final hours worked, unused PTO balance)? Who is the specific point of contact at the PEO for termination processing?
Pro Tips
Create a termination notification form that you complete and send to your PEO every time you terminate an employee. This form should capture every data point the PEO needs to process the termination correctly—employee name, termination date, reason (voluntary/involuntary), final hours worked, unused PTO balance, state of employment. Require written confirmation from the PEO that they’ve received the notification and processed the termination. This paper trail protects you if something goes wrong. Don’t rely on phone calls or informal emails for termination notifications.
7. Data Security and Privacy Compliance
The Challenge It Solves
Your PEO has access to massive amounts of sensitive employee data—Social Security numbers, bank account information, health records, salary details. If that data is breached, who’s liable? What notification obligations exist? How quickly can you determine which employees were affected? Data security isn’t just an IT issue; it’s a legal compliance issue with specific requirements under state privacy laws and federal regulations like HIPAA.
The Strategy Explained
Data security responsibility in a PEO relationship is often poorly defined. Your PEO stores and processes employee data, but you remain responsible for ensuring that data is protected and that breaches are handled appropriately. Many business owners assume the PEO’s security measures are adequate without ever verifying what those measures actually are or whether they meet current regulatory standards. Reviewing PEO contract liability risks helps identify data security gaps in your agreement.
State privacy laws are evolving rapidly, with states like California, Colorado, and Virginia implementing comprehensive data privacy requirements. These laws create specific obligations around data handling, employee rights to access their data, and breach notification procedures. Your PEO should be managing compliance with these requirements, but you need to verify that they actually are.
Implementation Steps
1. Request documentation of your PEO’s data security measures. This should include information about encryption standards, access controls, employee data handling policies, and third-party security audits (such as SOC 2 compliance). If your PEO can’t provide this documentation or hasn’t completed independent security audits, that’s a major red flag.
2. Review your contract’s data breach notification provisions. Who is responsible for notifying affected employees if a breach occurs? What’s the timeline for notification? Who bears the cost of credit monitoring or other remediation services? These provisions should be specific, not vague.
3. Ask your PEO about their breach response plan. If employee data is compromised, what’s the protocol? How quickly will you be notified? What support will the PEO provide for regulatory notifications and employee communications?
4. Verify compliance with state-specific privacy laws in jurisdictions where you have employees. California’s CCPA, for example, gives employees specific rights to access and delete their personal data. How does your PEO handle these requests? Is there a documented process?
Pro Tips
Include data security as a standing agenda item in quarterly business reviews with your PEO. Ask about any security incidents (even minor ones), changes to security protocols, and updates to compliance with evolving privacy regulations. If your PEO is resistant to discussing security or treats these questions as unnecessary, that’s a warning sign. Data security should be a priority for any reputable PEO, and they should be able to discuss their measures transparently. Consider requiring your PEO to carry cyber liability insurance that specifically covers data breaches involving your employee information.
Putting It All Together
Running this audit isn’t a one-time exercise. Schedule quarterly reviews of your highest-risk areas—co-employment liability language, workers’ comp positioning, and termination documentation. Annual deep dives should cover the full checklist.
The goal isn’t to find reasons to distrust your PEO. It’s to ensure the protection you’re paying for actually exists on paper and in practice.
When gaps surface, address them directly with your PEO. Most issues stem from assumptions rather than bad faith. Document everything, get clarifications in writing, and involve your employment attorney for anything that affects your liability exposure.
Your PEO relationship should reduce risk, not create new exposure through unclear accountability and undocumented processes. This audit gives you the clarity to make that happen.
Before you sign that PEO renewal, make sure you’re not leaving money on the table. Many businesses unknowingly overpay because of bundled fees, hidden administrative markups, and contracts designed to limit flexibility. We give you a clear, side-by-side breakdown of pricing, services, and contract terms—so you can see exactly what you’re paying for and choose the option that truly fits your business. Don’t auto-renew. Make an informed, confident decision.
