How to Prepare for a PoSH Audit: A Practical Checklist (That Your Current System Probably Fails)

Rainmaker February 18, 2026 Featured, Prevention of Sexual Harassment 6 min read
How to Prepare for a PoSH Audit: A Practical Checklist (That Your Current System Probably Fails)

Why PoSH Audits Are No Longer a Tick-Box Exercise

Many Indian organizations still treat PoSH compliance as a one-time policy exercise: form an Internal Committee, run an annual training, submit an Annual Report, and move on. But when a complaint escalates to a regulator or court, what matters is not what your policy says – it is what you can prove you actually did.

As we discuss in our blog on why a professional case management system increases reporting, employees judge you on process, transparency and trust, not on the existence of a policy document. PoSH audits, whether internal, by external counsel, or by the District Officer, are increasingly focused on documentation, timelines, and evidence of due process.

This PoSH Audit Readiness Checklist is designed for CHROs, IC members, legal and compliance leaders who want to know: If we were audited tomorrow, would we be ready?

1. Timelines: Can You Prove You Never Missed a Deadline?

The PoSH Act prescribes clear timelines: inquiries should be completed within 90 days, and the recommendation submitted to the employer within 10 days thereafter. These timelines are frequently tested when matters reach courts or regulators.

Key audit questions:

  • Can you show when each complaint was received, acknowledged, investigated and closed?
  • Can you demonstrate that no case crossed the statutory time limits without documented reasons?

Typical manual failure points:

  • Dates entered manually into Excel sheets are prone to error and retrospective “corrections.”
  • Emails get deleted, archived, or lost when employees leave the organization.
  • There is no single place to see which cases are at risk of breaching timelines.

How CaseManager helps:

  • Every complaint is logged with an automatic time-stamp from intake to closure, creating a defensible audit trail.​
  • The system triggers reminders to the Internal Committee (IC) as deadlines approach, so cases do not slip through the cracks.
  • Dashboard views allow IC chairs and HR to see pending, ongoing and overdue cases instantly, instead of reconciling multiple spreadsheets.​

You can also read how we compress complex reporting timelines in our blog: From 40 Hours to 40 Minutes: How to Automate Your Annual PoSH Report.​

2. Confidentiality: Is Your System Built to Prevent Leaks?

Confidentiality is at the heart of PoSH, and breaches can seriously undermine employee trust and expose employers to legal risk. Section 16 of the PoSH Act restricts the publication or making known the contents of complaints, identities, and proceedings.

Key audit questions:

  • Who has access to complaint details at each stage of the process?
  • Can you demonstrate that access is limited to those who need to know?
  • Have there been incidents of accidental disclosure, misdirected emails or shared drives with open access?

Typical manual failure points:

  • Complaints and evidence circulate through email chains, with people being added in CC or forwarded unnecessarily.
  • Sensitive documents are stored on shared drives without properly configured access controls.
  • Physical files and printouts are left in meeting rooms or unlocked cabinets.

How CaseManager helps:

  • Role-based access ensures only authorized IC members and designated HR/legal personnel can see case details.​
  • Evidence (documents, audio, images) is stored in a secure, encrypted repository instead of multiple mailboxes or USB drives.​
  • Activity logs show who accessed which file and when, which can be invaluable in demonstrating robust confidentiality controls during an audit.​

For a deeper dive into why manual tracking is risky, see our blog on manual PoSH tracking risks and how CaseManager helps.​

3. Documentation: Are Your Files “Court-Ready”?

A PoSH audit often goes beyond checking whether a policy exists. It examines whether your IC is following principles of natural justice and keeping proper records. Poor documentation is one of the most common reasons employers struggle to defend themselves in disputes.

Key audit questions:

  • Do you maintain clear minutes of each IC meeting, including who was present and what was discussed?
  • Is there written proof that both complainant and respondent were heard and that relevant evidence was considered?
  • Are recommendations and actions taken documented and communicated in writing?

Typical manual failure points:

  • Minutes are scribbled inconsistently, stored in different formats, or never signed off by the IC.
  • Key steps in the process are handled informally over calls or messages and not recorded anywhere.
  • Case files are incomplete or scattered across multiple email threads, personal folders, and physical files.

How CaseManager helps:

  • Standardised templates for notices, minutes, and recommendations ensure consistency and completeness across all cases.​
  • The system prompts IC members to upload or record key documents at each stage before moving to the next, reducing the risk of missing steps.
  • At closure, each case file becomes a consolidated, time-stamped record of the entire process, ready to be produced in an internal audit or legal proceeding if required.​

4. Patterns and Trends: Do You Have a View of Repeat Signals?

Even when the law does not specify special penalties for “repeat offenders” as a separate category, repeated complaints involving the same person, team, or location can signal deeper issues that may draw scrutiny from courts or regulators.

Key audit questions:

  • Have there been multiple complaints involving the same individual, department, or site in recent years?
  • What corrective action, if any, has been taken at a systemic level (training, coaching, team restructuring, policy reinforcement)?
  • Are you able to surface such patterns proactively, or only when something escalates?

Typical manual failure points:

  • Different branches or business units maintain separate PoSH records, making it difficult to see cross-location trends.
  • IC and HR teams rely on memory or anecdotal knowledge rather than data to identify repeat issues.
  • Leadership receives only aggregated numbers, without insight into where the real cultural risks lie.

How CaseManager helps:

  • A centralized case repository consolidates PoSH data from across locations, enabling you to spot recurring patterns early.​
  • Analytics can highlight hotspots (by function, geography, or level) and support targeted interventions such as focused training or policy clarifications.​
  • Leadership receives meaningful insights, not just counts, helping them treat PoSH as a culture and risk issue, not just a statutory formality.​

5. Annual Reports: Can You Generate Accurate PoSH Data in Minutes, Not Weeks?

Under Section 21 of the PoSH Act, the IC must submit an Annual Report with prescribed details to the employer and the District Officer. In practice, this report often becomes a year-end fire drill, with HR and IC members scrambling to compile data from different sources.

Key audit questions:

  • How long does it take you today to gather data for your Annual PoSH Report?
  • Are you confident that the numbers are accurate and backed by underlying case records?
  • Can you easily produce trend data for previous years if the authority asks for it?

Typical manual failure points:

  • Consolidating information from multiple Excel sheets, email trails and physical files can take days or weeks.
  • Risk of double counting or missing cases when manually aggregating data.
  • Inability to quickly validate numbers with supporting documentation if a regulator or court asks questions.

How CaseManager helps:

  • Real-time dashboards keep your data audit-ready throughout the year, instead of a last-minute rush.​
  • Annual Reports in the required format can be generated with just a few clicks, including data on complaints received, disposed of, pending, and actions taken.
  • Historical data is stored securely, enabling you to show three to five years of trends when needed without rebuilding spreadsheets each time.

To understand how this translates into time savings, explore our blog: From 40 Hours to 40 Minutes: How to Automate Your Annual PoSH Report.​

Are You PoSH Audit-Ready Today?

If you had to face a PoSH audit or respond to a regulator’s notice next week, would you be able to:

  • Produce complete, time-stamped case files for the past three years?
  • Prove adherence to statutory timelines in each case?
  • Demonstrate robust confidentiality controls and limited access?
  • Generate accurate Annual Reports and trend data in minutes?

If your answer is “not yet,” your current system—especially if it relies on email and Excel—may already be a compliance and culture risk. Our blog on manual PoSH tracking risks explores this in more detail.​

Book a Free 20-Minute CaseManager PoSH Audit Readiness Demo

Ready to test your PoSH audit readiness in 20 minutes?

Book a free 20-minute CaseManager walk-through with our PoSH experts. In this session, we will:

  • Review how you are currently tracking complaints, timelines and documentation (email, Excel, HRMS, or mixed).
  • Map your current process against a practical PoSH Audit Readiness Checklist.
  • Show you how CaseManager can:
    • Centralise PoSH complaints from all locations into a secure, searchable system.
    • Create time-stamped audit trails for every action taken by the IC.
    • Generate accurate PoSH Annual Reports and management dashboards in a few clicks.

Schedule your CaseManager demo now and see what a truly audit-ready PoSH process looks like in practice.

CaseManager Compliance Audit HR Compliance India Internal Committee POSH Act India PoSH Annual Report PoSH Audit PoSH Case Management PoSH Compliance workplace harassment India workplace investigations
WhatsApp