Most compliance problems with job postings are discovered after the fact — by a candidate complaint, a regulator inquiry, or an internal legal review. The better approach is a proactive audit: systematically reviewing your entire posting inventory before those issues surface. This guide walks you through exactly how to do it.
Step 1: Export your full job posting inventory
The audit starts with a complete list of every active job posting your organisation currently has live. Pull this from every source:
- Your ATS (Greenhouse, Lever, Workday, iCIMS, etc.) — most have a CSV/Excel export of open requisitions
- Your careers page — scrape or manually list every live posting URL
- Third-party boards — LinkedIn, Indeed, Glassdoor may have postings that are out of sync with your ATS
- Staffing agency postings — if you use agencies, their postings about your roles may also trigger your liability
Your spreadsheet should include: job title, posting URL, location(s) listed, whether it's marked as remote, and the date it was posted.
Step 2: Map each posting to applicable laws
Once you have your inventory, identify which laws apply to each posting. The key variables are:
- Physical location of the role — if the job is in California, SB 1162 applies
- Remote/hybrid designation — if the role is remote and candidates can apply from New York, Minnesota, or Colorado, those states' laws apply too
- Your company's employee count — some laws only kick in above 4, 15, 30, or 50 employees
Step 3: Check each posting against the checklist
For each applicable jurisdiction, verify the following:
| Requirement | States requiring it | What to check |
|---|---|---|
| Salary/pay range | CA, NY, CO, WA, IL, NJ, MN, HI, VT, CT, MD + more | Is a min AND max listed? Is it genuine (not $1–$999k)? |
| Benefits description | NY State, CO, MN | Does the posting mention benefits? Even a brief line counts. |
| EEO statement | Federal OFCCP requirement for contractors | Present and not truncated? |
| No salary history language | CA, NY, CO, IL, WA + all EU | Does the posting ask for prior salary anywhere? |
| No discriminatory language | All jurisdictions (EEOC) | Age, gender, nationality cues in language? |
Step 4: Categorise and prioritise violations
Not all violations carry the same risk. Prioritise by:
- High risk: Missing salary ranges in New York or California — active enforcement, candidate complaints common. Fix immediately.
- Medium risk: Missing benefits description in Minnesota — newer law, less enforcement history but penalty up to $10,000.
- Low risk: Minor EEO statement formatting — less likely to attract enforcement if substantively correct.
Step 5: Fix and document
Update each non-compliant posting and log what changed, when, and who made the change. This documentation matters because:
- It demonstrates good-faith compliance effort if a regulator does contact you
- It creates a baseline for your next audit
- It helps identify systemic problems (e.g. a recruiter template that's missing the salary field)
Step 6: Build a recurring audit cadence
A one-time audit isn't enough. New postings go live every week, and laws change every year. Build a cadence:
- Ongoing: Automated scanning (RoleComply checks every posting daily)
- Monthly: Review any new violation flags; spot-check a sample of new postings
- Quarterly: Review any new laws that have passed or are pending in your hiring states
- Annually: Full inventory audit, update job posting templates, retrain recruiting team
Common audit findings
In our experience reviewing postings across hundreds of employers, the most common violations are:
- Missing salary range on remote-designated postings that were grandfathered from before state laws passed
- "Competitive salary" or "DOE" language left in older templates
- Benefits language present on some postings but not others — inconsistency, not intentional non-compliance
- Salary history requests in screening questionnaires that weren't updated when job ad copy was
Each of these is fixable. The key is finding them before a candidate or regulator does.
