Overview
Employee Competency Assessment is the formal process for evaluating whether employees possess and maintain the skills, knowledge, and experience required for their roles. It supports SOC 2 CC1.4 by demonstrating that the organization hires, develops, and retains competent personnel.
Step-by-Step Process
Define role competency criteria
The HR Manager reviews job descriptions and defines required competencies for each role, including technical skills, security awareness, and role-specific responsibilities. The output is an approved competency framework mapped to active job roles.
Role: HR Manager
Configure assessment cycle
The HR Manager sets up the annual competency assessment cycle in the selected HR or performance management tool. The output is a scheduled assessment period with assigned participants and deadlines.
Role: HR Manager
Distribute self-assessments
Employees are prompted to complete self-assessments against defined competencies within the tool. The output is completed self-assessment responses tied to each employee record.
Role: Employees
Conduct manager evaluations
People Managers review employee self-assessments and complete manager evaluations, providing ratings and qualitative feedback. The output is a finalized competency evaluation for each employee.
Role: People Manager
Review assessment results
The HR Manager reviews completed assessments to identify skill gaps, underperformance, or training needs. The output is a documented summary of findings and flagged remediation actions.
Role: HR Manager
Assign development actions
Managers assign training, coaching, or development plans for employees who do not meet competency expectations. The output is a documented development plan with assigned owners and due dates.
Role: People Manager
Retain assessment evidence
HR exports and stores assessment reports and development plans in the compliance evidence repository. The output is dated, auditor-ready evidence demonstrating annual competency assessments.
Role: HR Manager
What You Need Before Starting
- Approved job descriptions with defined responsibilities
- List of active employees and assigned managers
- Access to performance management tool (Lattice, 15Five, or BambooHR)
- Prior year competency assessment results (if applicable)
Evidence Your Auditor Expects
- Exported competency assessment report showing employee names, scores, and completion dates
- Screenshot of assessment cycle settings with annual frequency and timestamps
- Completed manager evaluation record with date and manager name visible
- Documented development plan or training assignment dated within the assessment period
How This Looks In Your Tools
Lattice
In Lattice, navigate to Admin > Reviews > Review Cycles and click “Create Review Cycle.” Select “Competency Review” or a custom review type, define competencies, set the review period, and assign participants and reviewers.
Once the cycle is active, employees complete self-reviews under Reviews > My Reviews. Managers complete evaluations in Reviews > Team Reviews. After completion, export results by going to Reviews > Review Cycles, selecting the cycle, and using the “Export Results” option for evidence retention.
15Five
In 15Five, go to Reviews > Review Cycles and select “Create Review.” Choose a custom or competency-based template and configure competencies aligned to job roles, then set the review schedule and participants.
Employees complete self-reviews from Reviews > My Reviews, while managers complete evaluations under Reviews > Manage Reviews. After the cycle closes, download review summaries and scores from the cycle dashboard using the “Export” button.
BambooHR
In BambooHR, navigate to Performance > Assessments and click “New Assessment.” Define assessment questions aligned to competencies and assign the assessment to relevant employee groups with an annual due date.
Employees and managers complete assessments from Performance > Assessments. After completion, HR can export assessment results by going to Reports > Custom Reports and generating a report that includes assessment scores, completion dates, and employee names.
Common Audit Findings
- Assessments not performed annually
- This occurs when review cycles are not scheduled or tracked consistently. Prevent this by configuring recurring annual assessment cycles and calendar reminders within the HR tool.
- Undefined or inconsistent competency criteria
- Auditors may find that competencies vary by manager or are undocumented. Prevent this by maintaining a standardized, approved competency framework linked to job descriptions.
- Missing manager evaluations
- Some assessments lack manager input due to incomplete workflows. Prevent this by enforcing manager completion requirements and monitoring cycle completion status.
- Insufficient evidence retention
- Organizations sometimes fail to retain exported reports or timestamps. Prevent this by exporting finalized assessment reports immediately after cycle completion and storing them in a controlled evidence repository.