COI Audit Checklist: 20 Items to Verify Every Time

Every certificate that crosses your desk deserves the same level of scrutiny. Not the same amount of time — but the same systematic process. The difference between a compliance program that catches gaps and one that misses them is not expertise. It is consistency.

This checklist covers 20 verification items organized into five categories. Each item includes what to check and why it matters. Use it as your standard operating procedure for every COI audit.

Identity Verification (Items 1-4)

1. Named Insured matches contract entity

What to check: The "Insured" field on the ACORD 25 must match the exact legal entity name in your contract. "ABC Construction LLC" is not "ABC Construction Inc." and is not "ABC Builders LLC."

Why it matters: Insurance policies cover the named insured. If the certificate is for a different entity than the one you contracted with — even a parent company or affiliate — there may be no coverage for the contracted entity's operations.

2. Producer information is present and complete

What to check: The producer (insurance agent/broker) section in the upper-left should include a firm name, contact information, and phone number.

Why it matters: The producer is your point of contact for corrections, additional documentation, and renewal certificates. Missing producer information makes follow-up difficult and may indicate a certificate generated outside normal channels.

3. All carriers have valid NAIC numbers

What to check: Each insurer listed in the "Insurers Affording Coverage" section should have a five- or six-digit NAIC number. Verify at naic.org if unfamiliar.

Why it matters: Legitimate admitted carriers have NAIC numbers. A missing NAIC may indicate a surplus lines carrier (which may be acceptable) or a non-admitted carrier (which may not meet your requirements). Verify the carrier's status and financial rating.

4. Carrier financial ratings meet requirements

What to check: Verify each carrier's AM Best rating against your minimum requirement (commonly A- VII or better).

Why it matters: A carrier's financial strength rating indicates its ability to pay claims. An underrated or unrated carrier may not have the resources to honor its obligations when a large claim occurs.

Coverage Verification (Items 5-10)

5. All required coverage types are present

What to check: Compare the coverage types on the certificate against your requirements checklist. Typical requirements include CGL, Workers' Compensation, Commercial Auto, and Umbrella.

Why it matters: Missing coverage types create uninsured exposures. If you require Workers' Compensation and it is absent, the vendor's employees have no work injury coverage on your premises — and you may face statutory liability.

6. General Liability limits meet minimums

What to check: Verify Each Occurrence, General Aggregate, Products/Completed Operations Aggregate, Personal & Advertising Injury, and Damage to Rented Premises limits against your requirements.

Why it matters: Limits below your requirements mean the vendor's insurance may be insufficient to cover a significant loss, leaving you to absorb the excess.

7. Workers' Compensation shows statutory coverage

What to check: The "Per Statute" checkbox should be marked. Employers' Liability limits (Coverage B) should meet your minimums, commonly $500,000 or $1,000,000 each.

Why it matters: Workers' Compensation is governed by state statute. "Per Statute" confirms the policy meets state requirements. Employers' Liability covers claims that fall outside the WC statutory framework.

8. Auto Liability limits and coverage symbols are correct

What to check: Verify the Combined Single Limit meets your minimum. Check which vehicles are covered: "Any Auto" is broadest. "Hired and Non-Owned" may be acceptable for vendors without company vehicles.

Why it matters: Auto incidents can generate large claims quickly. Inadequate coverage or the wrong vehicle symbols can leave gaps for specific vehicle types.

9. All policies are currently in effect

What to check: Verify that today's date falls between each policy's effective date and expiration date. Check every coverage line — they may have different dates.

Why it matters: An expired certificate is evidence of nothing. It tells you the vendor had insurance at some point. Until you have a certificate showing current dates, the vendor is uninsured as far as your compliance program is concerned.

10. General Liability is on occurrence basis

What to check: Verify the GL policy is occurrence-based rather than claims-made. If claims-made, note the retroactive date.

Why it matters: Occurrence policies cover incidents that happen during the policy period regardless of when the claim is filed. Claims-made policies only cover claims filed during the policy period, creating coverage gaps if the policy is not renewed or the retroactive date changes.

Provisions Verification (Items 11-16)

11. Additional Insured status confirmed in Description of Operations

What to check: The Description of Operations box should explicitly state your organization is an Additional Insured. Look for your name or blanket language ("as required by written contract").

Why it matters: Without Additional Insured status, the vendor's insurance does not cover you. This is the most critical provision — everything else is secondary if you are not on the policy.

12. Additional Insured endorsement forms referenced

What to check: The Description should reference specific ISO forms — CG 20 10 (ongoing operations) and CG 20 37 (completed operations), or CG 20 33 (construction blanket).

Why it matters: Endorsement form numbers confirm the scope of your Additional Insured coverage. Without CG 20 37, you have no completed operations coverage — the gap where the largest claims often occur.

13. Waiver of Subrogation present for GL, WC, and Auto

What to check: The Description of Operations should include Waiver of Subrogation language for General Liability (CG 24 04), Workers' Compensation (WC 00 03 13), and Auto (CA 04 44). Also verify the Subr WVD checkboxes.

Why it matters: Without waivers, the vendor's insurers can sue you to recover claim payments. Workers' Compensation subrogation is particularly aggressive and common.

14. Primary and Noncontributory language is present and unambiguous

What to check: The Description should state coverage is "Primary and Noncontributory" with a reference to CG 20 01 or equivalent. Check for contradictory words like "contributory" or "excess" that negate the provision.

Why it matters: Without this provision, the vendor's insurer and your insurer may share losses from the vendor's operations. Your premiums increase, and you subsidize the vendor's liability.

15. Notice of Cancellation is endorsed (not just standard ACORD language)

What to check: Look for specific cancellation notice language in the Description of Operations that references CG 02 24 and states the number of days' notice (typically 30 days, 10 for non-payment). The standard ACORD boilerplate at the bottom of the certificate is not binding.

Why it matters: Without endorsed notice, you will not know if the vendor's policy is cancelled until you request a renewal and discover the coverage lapsed.

16. No contradictory or limiting language in Description

What to check: Read the entire Description of Operations for language that limits or contradicts the required provisions. Watch for "except," "excluding," "subject to policy terms only," or other qualifiers that narrow the stated coverage.

Why it matters: Qualifying language can negate provisions that appear to be present. "Additional Insured subject to policy terms and conditions" may sound standard but could be used to limit coverage based on policy exclusions.

Certificate Holder Verification (Items 17-18)

17. Certificate Holder name matches your exact legal entity

What to check: The certificate holder section must show your correct legal entity name — "Smith Property Management, LLC" not "Smith Properties" or "Smith Prop Mgmt."

Why it matters: The certificate holder name identifies the entity that receives the certificate and may receive cancellation notices. An incorrect name could create ambiguity about which entity is covered or entitled to notice.

18. Certificate Holder address is correct

What to check: Verify the mailing address in the certificate holder section, especially if the certificate includes endorsed cancellation notice.

Why it matters: If you have endorsed cancellation notice (CG 02 24), the address on the certificate is where the insurer will send the notice. A wrong address means you may never receive it.

Final Determination (Items 19-20)

19. All findings classified and documented

What to check: Record every deficiency found during the audit. Classify each as Critical (blocks compliance), Warning (requires resolution but may allow conditional approval), or Informational (noted for record).

Why it matters: Documentation enables consistent decision-making, supports communication with vendors and producers, and creates an audit trail for your compliance program.

20. Expiration tracking is set

What to check: Record the earliest policy expiration date and set automated reminders for 60, 30, and 15 days before expiration.

Why it matters: A certificate that passes audit today is only valid until the earliest expiration date. Without proactive tracking, compliant vendors silently become non-compliant as policies expire.

Using This Checklist

Print this checklist. Pin it to your wall. Build it into your compliance software. The specific items matter less than the consistency of applying them.

Every certificate. Every time. No shortcuts. No "this vendor is low-risk so we can skip the provisions check." The certificate you skip is the one that generates the claim.

Organizations that audit 100% of certificates against a standardized checklist have materially lower compliance gap rates than organizations that use ad hoc review processes. The checklist is the difference.