As we transition into the full implementation of the New Labour Codes in late 2025, the requirements for SMEs have shifted from "paper-heavy" to "data-heavy." A statutory audit under the 2025 Regulatory Framework is no longer a random sampling of files — it is a system-wide data integrity check.
To pass without a "Qualified Report," your HRMS must be your primary line of defense. This checklist walks you through every pillar auditors will examine and what ZiacPay does to keep you ready year-round.
Auditors no longer accept physical files as sufficient documentation. Every record — from attendance timestamps to Appointment Letters for gig workers — must be digitally archived, time-stamped, and retrievable on demand.
The 2026 HRMS Audit Pillars
Auditors under the 2025 regulatory framework will systematically verify four core data areas. Here is what each pillar requires and how to ensure your records are ready:
Pillar 1 — Wage Integrity
Under the Code on Wages, your "Basic + DA" must constitute at least 50% of the Gross CTC. Auditors will verify this formula for every employee record:
Any salary structure where allowances breach the 50% cap triggers a mandatory add-back to the statutory wage base — affecting both PF and ESI contributions. This is the single most commonly flagged finding in current audits.
Pillar 2 — Employee Master Data
Every employee record must contain an Aadhaar-linked UAN, PAN, and a digital copy of the Appointment Letter. This requirement now extends to all worker categories — including gig workers and Fixed-Term Employees (FTEs).
Pillar 3 — Attendance & Muster Rolls
Digital timestamps for all work hours — including overtime — must match payroll disbursement records exactly. The OSHWC Code (2025) mandates overtime pay at 2× the normal wage rate; any discrepancy between clock records and payroll will be treated as wage suppression.
Pillar 4 — Social Security Registers
Monthly ECRs for PF and ESI must be reconciled against bank-statement-derived "Salary Paid" dates. Auditors will cross-check challan payment dates against the 15th-of-month deadline — any late payments surface as compounding interest liabilities.
Read our guide on the 5 Common Payroll Audit Mistakes to understand exactly what auditors look for — and how automation eliminates each one.
HRMS Readiness Checklist
Run through each item below before your next audit window. Every unchecked item is a potential finding:
-
FTE Gratuity Accrual — Are Fixed-Term Employees earning pro-rata gratuity after completing 1 year of service? Under the 2025 codes this is mandatory, not discretionary.
-
TDS Compliance — Are Form 12BB declarations and supporting proofs (80C investments, HRA receipts) digitally archived for every employee for the current financial year?
-
POSH Documentation — Are digital logs of Internal Committee (IC) meetings and annual POSH report filings maintained and retrievable on demand?
-
Vendor Compliance — Do you hold proof of PF/ESI payments from your security, housekeeping, and other third-party contractors? As Principal Employer, you are liable for their defaults.
-
UAN & KYC Seeding — Is every employee's UAN linked to their current Aadhaar and PAN? Unlinked records cause ECR rejection and delay statutory filings.
-
Appointment Letters — Are digital copies of Appointment Letters archived for all workers, including gig, FTE, and contract staff — not just permanent employees?
-
Overtime Records — Are overtime hours recorded digitally via biometric or mobile attendance, with payouts calculated at the mandated 2× rate?
-
50% Wage Rule Validation — Has every salary structure been verified against the Wage Code formula to ensure no employee's allowances exceed the 50% cap without the mandatory add-back?
How ZiacPay Simplifies Audit Preparation
ZiacPay's Audit-Ready Dashboard is purpose-built for the 2026 regulatory environment. Rather than scrambling when an audit notice arrives, your compliance posture is validated continuously in the background.
- One-Click Compliance Health Report: Pull a complete statutory compliance snapshot across all branches and employee categories — flagging wage rule violations, missing KYC links, and overdue filings instantly.
- Automatic 50% Wage Flag: The system automatically identifies any salary structure that violates the Wage Code's 50% rule and calculates the correct add-back before the next pay run — saving you from retroactive penalties.
- FTE Gratuity Tracker: Auto-alerts when a Fixed-Term Employee crosses the 12-month threshold and triggers pro-rata Gratuity accrual on your books, so the liability is never overlooked.
- Digital Document Archive: Appointment Letters, Form 12BB declarations, POSH filings, and contractor compliance proofs are stored in a centralized, encrypted repository — searchable and exportable for any audit request.
- Vendor Compliance Monitor: Track contractor PF/ESI payment status in real time from your Principal Employer dashboard, giving you early warning before liability transfers to your establishment.
Every item on the HRMS Readiness Checklist above is monitored and maintained automatically by ZiacPay — turning a once-a-year scramble into a continuously audit-ready state.
Authority Links & Resources
For the official regulatory backdrop to these requirements, consult:
- Ministry of Labour — New Code on Wages: Official Code on Wages (2019) — the primary legislation governing the 50% wage rule and allowance caps.
- EPFO — Employer Audit Guidelines: EPFO Unified Portal — for ECR filing standards, KYC seeding requirements, and audit inspection protocols.
Conclusion: From Paper-Heavy to Data-Ready
The shift from paper records to digital data integrity is not optional — it is the baseline the 2026 regulatory framework demands. The SMEs that will navigate audits without findings are those whose HRMS does the compliance work continuously, not reactively.
Is your HRMS ready for a 2026 statutory audit? Run a free Compliance Health Check with ZiacPay or book a Demo to see how the Audit-Ready Dashboard keeps every pillar green — year-round.