Overview
The Performance Review Process is a structured, periodic evaluation of employee performance against defined role expectations and company values. It supports SOC 2 CC1 by demonstrating management’s commitment to competence, accountability, and ongoing employee development.
Step-by-Step Process
Define review scope and criteria
The HR Manager defines the annual performance review scope, including eligible employees, review period, and evaluation criteria aligned to job descriptions and company values. This ensures consistency and alignment with SOC 2 control expectations. The output is a documented review framework or cycle configuration in the HR tool.
Role: HR Manager
Configure review cycle in HR tool
The HR Manager configures the performance review cycle in the selected HR platform, setting timelines, reviewer assignments, and question templates. This step operationalizes the review process. The output is an active review cycle visible to managers and employees.
Role: HR Manager
Notify participants and provide guidance
HR sends system-generated or manual notifications to employees and managers with instructions and deadlines for completing reviews. Guidance ensures participants understand expectations and scoring criteria. The output is timestamped notifications or emails.
Role: HR Manager
Collect self-reviews and manager reviews
Employees complete self-assessments and managers complete performance evaluations within the tool. HR monitors completion status and follows up on overdue reviews. The output is completed review records for each employee.
Role: Employees and People Managers
Review and calibrate results
The HR Manager reviews submitted evaluations for completeness and consistency and facilitates calibration discussions if required. This helps ensure fair and objective assessments. The output is finalized performance ratings or summaries.
Role: HR Manager
Conduct feedback and development discussions
Managers meet with employees to discuss results, feedback, and development plans, documenting outcomes in the HR tool. This reinforces accountability and performance improvement. The output is logged feedback notes or development plans.
Role: People Managers
Archive records and confirm completion
HR confirms all reviews are completed and archives records according to retention requirements. Evidence is retained for audit purposes. The output is a completed review cycle with audit-ready records.
Role: HR Manager
What You Need Before Starting
- Current employee roster with roles and managers
- Approved job descriptions and performance criteria
- Access to HR performance management tool (admin rights)
- Annual performance review schedule
Evidence Your Auditor Expects
- Screenshot of configured performance review cycle showing start and end dates
- Exported list of completed reviews with employee names and completion timestamps
- Sample completed performance review PDF or record dated within the review period
- Email or system notification log showing review launch date
How This Looks In Your Tools
Lattice
In Lattice, navigate to Admin > Reviews > Create Review Cycle. Select the review type, set the review period dates, assign reviewers, and choose or customize question templates aligned to performance criteria.
Once launched, monitor progress under Reviews > Active Cycles, using the completion dashboard to track self-reviews and manager reviews. After completion, export review results via Reviews > Cycle Results > Export for audit evidence.
Culture Amp
In Culture Amp, go to Performance > Reviews and select Create Review. Define the review cycle name, timeframe, participants, and competencies or goals to be assessed.
Track review completion under Performance > Reviews > Manage, and send reminders to participants as needed. After closing the review, download review summaries or reports from Performance > Reviews > Results.
BambooHR
In BambooHR, navigate to Performance > Performance Reviews and click New Review Cycle. Configure the review type, employee groups, reviewers, and schedule.
Monitor status under Performance > Performance Reviews > Active Cycles and ensure all reviews are completed. Use Reports > Performance Management to export completed review records with timestamps.
Common Audit Findings
- Incomplete performance reviews
- This occurs when employees or managers do not complete reviews by the deadline. Prevent it by tracking completion dashboards weekly and sending documented reminders before the cycle closes.
- Lack of documented review criteria
- Auditors flag reviews that are subjective or inconsistent across employees. Maintain standardized templates and retain approved criteria aligned to job descriptions.
- Missing evidence of review completion
- Organizations often rely on verbal confirmation instead of system records. Always export dated completion reports and retain them in the audit evidence repository.
- Reviews not performed on required frequency
- Annual reviews may be delayed or skipped due to operational priorities. Mitigate this by scheduling review cycles at the start of the year and assigning HR ownership for enforcement.