Receiving a Notice of Inspection (NOI) constitutes an official demand, generally originating from ICE, HSI, or the DOJ, that compels your business to submit I-9 files and other pertinent documentation for a compliance assessment.
There are a series of things that can trigger this notice: random selection, an investigation, or complaints/tips. Refer to our Resource Guide here.
If agencies like ICE, HSI, or the DOJ issue your company a Notice of Inspection (NOI), WorkBright offers the necessary functionality to handle the request quickly and safely.
What you need to know.
Important things to note:
The employer (you) has 3 days to respond.
NOI will specify the scope
Examples of scope: I-9s for all current employees, employees hired within a given time period, or all employees within the retention obligation
May also include requests for: Copy of payroll data, List of all active and terminated employees, Articles of Incorporation, Business licenses, E-Verify information, Electronic I-9 software vendor information
IMPORTANT: There is a difference between what is requested and what an employer is required to produce - seek advice from your attorney on what is necessary and best to provide.
NOI needs to have the correct business info and location
Requests outside of NOI do not need to be legally complied with
Subpoenas might be overly broad - requests outside of I-9s may be a red flag
How WorkBright is here for you
Equipped with this information, we can examine how to get ready and the specific ways WorkBright supports your organization’s audit preparedness.
Using our system helps drastically reduce clerical errors, giving you a major head start on compliance. Please keep in mind that these tools work best when supported by solid internal processes. By utilizing electronic audit records and enforcing strict user permissions, your team can go beyond merely passing an inspection to exhibiting a high level of commitment to regulatory standards.
This guide outlines how to utilize WorkBright features to support your audit requirements.
1. Preparing for the Audit
Once you have received an NOI, the first step is to identify the specific records requested. WorkBright allows you to easily isolate these records for auditor review.
Organize Requested Files
Create a Targeted Group: Navigate to Settings > Groups > + New Group. Name this group to clearly identify the audit (e.g., "ICE Audit - [Date]").
Add Employees: Identify the employees listed in the NOI and use the Staff page to add them to this group using Bulk Actions > Add Staff to Group.
Minimizing Audit Vulnerability via I-9 Record Purging
A frequently disregarded strategy for mitigating risk prior to an inspection involves the proactive removal of records no longer mandated for retention by USCIS regulations.
When an audit occurs, organizations are typically obligated to present every file currently in their possession; consequently, even expired or unnecessary forms are subject to scrutiny and potential penalties.
According to federal mandates, the retention period for Form I-9 must extend to the later of these two milestones:
Three years from the date of hire, or
One year following the date of termination
Once these timeframes have elapsed, incorporating the secure destruction of these files into a formalized compliance routine is highly recommended. Keeping obsolete documentation broadens the audit’s reach and increases the likelihood of fines for errors on forms that are legally eligible for disposal.
To maintain best practices, organizations should consider the following:
Implement a systemic, recurring review of all I-9 data.
Ensure uniform application of these rules across the entire staff directory.
Formalize and document all internal purging protocols.
Guarantee that all discarded records are eliminated through secure methods compliant with data privacy standards.
Adopting a proactive approach to record management ensures a more streamlined and defensible inventory, significantly lowering the stakes during a formal compliance review or NOI.
Note: If you utilize a system integration to manage employment status, please reach out to your Customer Success Manager to discuss automating these retention workflows within the WorkBright platform.
2. Secure Auditor Access (Optional)
Instead of exporting files and sending them externally, you can provide the auditor with secure, restricted access directly within your WorkBright subdomain.
You can always download this information via a report form them if that is your team's preference, but if you want to or are required to allow auditor access, you can follow these steps.
Navigate to Settings > Admin Users > + New Admin.
Enter the auditor’s name and email address.
Select "Restricted Access" and choose "Create a Permission Policy."
Group Access: Give the auditor access only to the specific group you created in Step 1. This ensures they cannot view personnel files unrelated to the audit.
Field Visibility: Customize access to profile fields. You can "Deny" access to sensitive information like Pay Rate or SSN that the auditor does not require for the I-9 review.
Form Visibility: Similarly, restrict access to specific form submissions. "Deny" view access for non-essential forms like Health History to ensure only the requested I-9s are visible.
Actions: Ensure you "Deny" the ability to edit any fields, approve, or reject forms.
Other Functions: Deny access to system-wide functions such as running reports or adding employees.
Note: This restricted setup ensures that the auditor has the precise access needed to perform their job without compromising the security of your other personnel records.
3. Utilizing Audit Trails
WorkBright automatically tracks all actions within I-9 and E-Verify cases, providing the necessary documentation for a compliant audit.
Accessing Audit Logs
I-9 Audit Events: You can view the full history of an I-9 by opening the employee’s profile, navigating to the I-9 forms page, and revealing the Audit Events. This shows every step the I-9 has gone through, along with dates and timestamps.
E-Verify Audit Events: Navigate to the E-Verify cases tab and click into a specific case to view the Audit Events. This tracks the status of the case and any actions taken by administrators.
These live logs are fully compliant with audits conducted by ICE, HSI, or the DOJ.
Note: While WorkBright provides the infrastructure for compliance, your internal processes must ensure these logs are utilized correctly. Our customers find that by relying on these digital audit trails and keeping security permissions tight, they can demonstrate full compliance and successfully manage audit requests.
As a leading I-9 management platform, our software produces detailed, live audit trails that capture every update made by administrators. Since WorkBright blocks many frequent paperwork errors, you can enter the audit process with greater confidence in the accuracy of your records.