COI Compliance Audit Checklist: 15 Things to Check Before an Auditor Arrives
An insurance auditor, carrier, or owner is asking for your subcontractor compliance records. Here's exactly what they're looking for and how to make sure you pass.
TL;DR: Pass any insurance, owner, or workers' comp audit by producing 15 specific records on demand: a complete sub list with EINs, W-9 for every sub paid $600+, current COIs covering each sub's actual work dates, GL limits that meet contract minimums, AI endorsements, WC certificates or exemptions, and signed lien waivers. Build a single source of truth so you can produce the full file in under 30 minutes instead of reconstructing it from QuickBooks.
At some point, every general contractor will face a compliance audit. It comes in one of three forms:
- Your own insurance carrier's audit: typically annual, where the carrier reviews your loss runs, subcontractor documentation, and classifications to determine your final premium.
- An owner's compliance review: larger owners (hospitals, universities, government agencies) audit their GCs' subcontractor records as a condition of contract.
- A state Workers' Comp audit: states audit GC Workers' Comp classifications periodically, especially in monopolistic states.
In all three cases, the audit goes one of two ways: fast and painless, or slow and painful. The difference is entirely about how organized your subcontractor compliance records are before the auditor arrives.
This post is a 15-point checklist of exactly what auditors look for and how to pass each one.
1. A Complete List of Every Subcontractor
First question from any auditor: "Give me a list of every sub you worked with during the audit period." This should include:
- Legal business name
- Business entity type (LLC, Corp, Sole Prop)
- Federal EIN
- Total amount paid during the audit period
- Projects they worked on
Pass criterion: You can produce this list in under 30 minutes, accurate and complete. Fail criterion: you have to go through QuickBooks and project files to reconstruct it.
2. A Valid W-9 for Every Sub You Paid
For every sub on the list, you should have a W-9 on file dated before the first payment. The W-9 should be complete, signed, and legible.
Pass criterion: 100% of subs who received $600+ have a W-9 on file. Fail: any missing W-9, which also triggers backup withholding questions.
3. A Current COI for Every Sub
For every sub who did work during the audit period, you have a COI on file that was active during their work, which means not necessarily their current COI but the COI that covered them when the work was happening.
Pass criterion: Every sub's work period is covered by a COI you can produce. Fail: gaps where a sub's COI expired mid-project, or periods where no COI exists at all.
4. Proof of General Liability Limits Meeting Contract Requirements
Your subcontract requires certain minimum GL limits. The auditor will check that every sub's COI actually met those limits.
Pass criterion: Every sub's GL limits equal or exceed your contract minimums. Fail: subs with below-minimum limits, even if the work was otherwise fine.
5. Additional Insured Endorsements on File
Auditors increasingly ask for the actual AI endorsement documents, not just the COI reference. This means CG 20 10 and CG 20 37 for each sub.
Pass criterion: For any sub you claim as Additional Insured coverage, you have the actual endorsement pages on file. Fail: only a COI reference with no underlying endorsement.
6. Primary and Non-Contributory Language
Either as a standalone endorsement (CG 20 01) or as language built into the AI endorsement. Auditors especially check this on loss-runs subs where the carrier may dispute coverage.
Pass criterion: P&NC language documented for every sub. Fail: missing or not verified.
7. Waiver of Subrogation Documentation
CG 24 04 for general liability and WC 00 03 13 for Workers' Comp. Both required if your subcontract requires waiver of subrogation.
Pass criterion: Endorsements on file for every sub. Fail: missing endorsements even if the COI mentions the waiver.
8. Workers' Comp Coverage for Every Sub With Employees
The auditor will ask: "For every sub with employees who worked on your job, where's the WC coverage?" Either on the COI (most states) or from the state fund (monopolistic states).
Pass criterion: WC coverage documented and active during the work period for every sub with employees. Fail: missing WC documentation, or gaps where a sub's WC lapsed mid-project.
9. WC Exemption Documentation for Sole Proprietors
If a sub claims WC exemption because they're a sole proprietor with no employees, you need a state-issued exemption certificate on file, not just the sub's word.
Pass criterion: Valid exemption certificate for every exempt sub. Fail: "they told me they were exempt" with nothing on paper.
10. Licensed Contractor Documentation
For trades and states where licensing is required, a copy of the sub's state license (or registration) on file, valid during the work period.
Pass criterion: License verified through the state board lookup at project start, documented in the sub's file. Fail: unlicensed subs, or subs whose licenses expired mid-project.
11. Signed Subcontractor Agreements
Every sub you paid has a signed subcontract on file. The subcontract must contain the insurance requirements the auditor is checking compliance against.
Pass criterion: Every sub has a signed contract and every contract specifies the compliance requirements you're enforcing. Fail: handshake deals, unsigned contracts, or contracts that don't specify insurance requirements (making enforcement questionable).
12. Documented Stop-Work Procedures
The auditor may ask: "What happens when a sub's COI expires mid-project?" They want to see that you have a documented procedure, automated alerts, and a history of enforcement.
Pass criterion: You can show the auditor a log of expiration alerts, sub communications, and resolution actions. Fail: no documented process, or "we try to stay on top of it."
13. Payroll Separation Between Subs and Employees
This is the big one for Workers' Comp audits. Insurance carriers want to know that the people you're treating as subs really are subs rather than misclassified employees that should be on your payroll.
They check:
- Payments to subs are documented on 1099, not W-2
- Subs supply their own tools, vehicles, insurance
- Subs have multiple customers (not just you)
- Subs are paid by job, not by hour
- Subs sign contracts for specific work, not indefinite employment
Pass criterion: Clear records of sub status (contract, COI, W-9, business entity) for every 1099 sub. Fail: "subs" who look like employees. No contract, no insurance, paid hourly, only working for you.
14. Retention of Records for the Full Audit Period
Most states have a 7-year retention requirement for Workers' Comp and tax records. Some specific documents (like AI endorsements for completed-operations claims) should be kept for the full statute of repose (6 to 10 years depending on state).
Pass criterion: Records retained in an organized, retrievable format for the required period. Fail: missing historical records because "that was before we changed systems."
15. A System, Not a Pile of Paper
The thing that makes everything above either easy or impossible is whether you have a system. An auditor opening a three-ring binder will find things you didn't even know were missing. An auditor opening a dashboard that shows every sub's compliance status for every project will get what they need and leave.
Pass criterion: The records are searchable, organized by sub and project, date-stamped, and auditable. Fail: records scattered across email, Dropbox, project managers' desks, and an Excel file that hasn't been updated since 2024.
The Consequences of Failing an Audit
Workers' Comp audits in particular can be punishing. If an auditor determines that some of your 1099 subs were actually misclassified employees, the carrier can charge you back-premium for those subs' payroll, retroactively. We're talking about 10 to 30% of the subs' payment totals being added to your WC premium after the fact.
On a GC who paid $2 million to subs in a year, a 5% misclassification finding could cost $10,000 to $60,000 in back-premium plus penalties. This is not hypothetical. It happens constantly, especially in states with aggressive WC auditing.
On the other hand, a clean audit where all your documentation is in order typically results in no adjustment, fast processing, and a carrier who views you as a low-risk client at renewal.
How to Prepare for Your Next Audit
If you don't have a compliance system in place today, here's a realistic 30-day plan:
Week 1: Pull a complete list of every sub you've worked with in the past 12 months. Identify gaps: missing W-9s, missing COIs, missing licenses.
Week 2: Reach out to every sub with gaps. Request the missing documentation. Most will comply within a few days.
Week 3: Set up a central system to store everything. Organize by sub and project. Get every current document uploaded.
Week 4: Install expiration tracking so you never fall behind again. Automate reminders. Build a compliance dashboard.
By week 5, you're in a position to handle any audit that shows up.
How PaperBoss Helps with Audit Preparation
PaperBoss is the system described in point 15. For every sub, every document, every expiration, you have a searchable, organized, date-stamped record. When an auditor arrives, you export a compliance report covering any date range, any subset of subs, any project. In seconds.
The GCs who use PaperBoss tell us the same thing: the first audit after they started using it was the first audit they didn't dread. Everything was there, everything was organized, and the auditor left satisfied in an hour.
Start a 14-day free trial, no credit card required.
Frequently Asked Questions
How often do insurance carriers audit GCs?
Annually for most commercial CGL and Workers' Comp policies. The audit typically happens within 60 days after the policy expires.
What if my audit reveals gaps I can't fix retroactively?
Be honest with the auditor. Explain what happened, what you've changed, and show evidence of the new process. Auditors will usually work with you if you're proactive. They penalize cover-ups much more than honest mistakes.
Can an auditor ask to see records from before I owned the company?
Yes, if the audit period includes that time. Acquire records along with the company during any purchase, or negotiate the audit period with the new carrier.
What's the most common audit finding?
Subcontractor misclassification on Workers' Comp audits. Followed closely by missing W-9s on tax audits. Both are preventable with proper onboarding.
How long does a typical audit take?
With organized records: 2 to 4 hours for carrier audits, 1 to 2 days for larger owner or state audits. Without organized records: days to weeks of back-and-forth.
This article is for educational purposes only and does not constitute legal, insurance, or tax advice. Consult qualified professionals for your specific audit situation.
Ready to automate your compliance tracking?
PaperBoss collects COIs, W-9s, and compliance documents from your subs automatically. 14-day free trial, no credit card required.
Start Free TrialRelated articles
How to Handle a Workers' Comp Audit as a General Contractor
Workers' comp audits are inevitable. Here's how to prepare, what auditors actually look for, how subcontractor records affect your premium, and how to avoid a surprise bill.
The 2026 1099-NEC Threshold Change: What the $2,000 Rule Means for General Contractors
The One Big Beautiful Bill Act raised the 1099-NEC reporting threshold from $600 to $2,000 starting in 2026. Here's what changed, how it affects your sub payments, and what GCs need to do right now.
30/60/90 Day Implementation Plan for COI Tracking Software
Rolling out COI tracking software is simple in theory and messy in practice. Here's a 30/60/90 day plan that gets your team from chaos to clean compliance.