HR-18 Employee performance reviews

What is this control about?

An employee performance review is a periodic assessment of an employee’s job performance. This review is documented and evaluated by the employee’s manager.

This process is mandatory and can be performed using a formal tool or informal documentation. Regardless of the format, it has to be traceable and available for audit purposes.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them.

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – no template for this control

Control implementation

Define and document a process for periodically evaluating your company’s employees. The process does not need to be formal. For small startups, we’ve seen recurring 1×1 meeting calendar provided as documentation during an audit. If this is the case, just document as such in your Human Resources (HR) policy.

Some considerations for a formal process:

• Employees must define and document their goals and objectives for the period in review
• The manager must review the employee’s goals and objectives
• The manager must document the review of the evaluation
• There must be a regular review (at least once a year)

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide most recently completed performance review for an employee

Evidence example

From the suggested action above, an example is provided below.

1. Provide the most recently completed performance review for an employee.

Examples demonstrate the employee’s goals and evaluation from the manager.

Google search