All guides
Guides

How to Get Audit-Ready: A Renewal & Document Checklist [2026]

Auditors want evidence, not promises. Here's the renewal and document checklist that keeps you audit-ready year-round, from free methods to a real tracker.

Lapsewise TeamJuly 11, 202613 min read
How to Get Audit-Ready: A Renewal & Document Checklist [2026]

If an auditor walked in tomorrow and asked to see your current certifications, active contracts, valid insurance, and any outstanding compliance obligations, how long would it take you to pull everything together?

For most teams, that question is uncomfortable. Not because the documents don't exist, but because they're scattered across inboxes, shared drives, filing cabinets, and one person's memory. Audit-readiness isn't about having the right paperwork someday. It's about having it in one place, current, and provably so, right now.

This guide covers the renewal and document categories that auditors and compliance reviewers most commonly check, how to build a working audit register using free tools, and what a dedicated tracker adds when the spreadsheet stops being enough.

What "audit-ready" actually means

Being audit-ready doesn't require that nothing has ever lapsed. It means you can demonstrate, at any point, that your critical obligations are current and being actively managed. That has two distinct parts:

  1. The document is valid. It hasn't expired, the scope matches your current operations, and it's the most recent version.
  2. The renewal is being managed. There's a responsible person, a logged expiry date, and a system that will warn you before the deadline.

Auditors aren't just checking the certificate. They're checking whether you have a system around it. A certification that expired and was silently renewed the day before an audit looks different from one that's tracked in a dashboard with a documented review date and a named owner. The evidence of the process matters as much as the document itself.

The 7 renewal categories auditors check most

Different audits focus on different areas, but these seven categories come up across quality, compliance, procurement, and financial audits. If you can produce a current, signed document for each item below - plus the next due date and the person responsible - you're audit-ready.

Certifications

ISO 9001, ISO 27001, food hygiene, first aid, industry accreditations. The certificate needs to be in-scope, current, and traceable to the issuing body.

Licenses and permits

Business licenses, trade permits, operator licenses, professional registrations. Many have fixed renewal windows; miss one and you may need a full reapplication.

Insurance policies

Public liability, professional indemnity, employers' liability, product liability. Coverage dates must match your contract or procurement period, with no gaps.

Contracts and agreements

Supplier, service, and customer agreements. Auditors check that you know when they expire or auto-renew, and that the decision to renew (or not) has been logged.

Employee qualifications

Role-specific certificates, mandatory training, right-to-work checks, medical clearances. Compliance requires tracking expiry at the individual level, per person.

Inspections and calibration

Fire safety inspections, equipment calibration certificates, vehicle roadworthiness checks, pressure vessel tests. Frequency is often legally mandated.

Grants and funder obligations

Reporting deadlines, spend-by dates, milestone sign-offs. A funder audit checks both the documents and the timeline of deliverables against the grant agreement.

For a broader look at what falls into each category and typical renewal cycles, see our Expiry Tracking 101 guide.

The audit-readiness register: how to build it for free

A spreadsheet and a shared folder are all you need to start. The structure matters more than the tool.

Step 1: List every item One row per obligation. Columns: Category, Item name, Issuing body or counterparty, Issue date, Expiry date, Action date (see step 3), Owner, Document location, Status (Active / Renewing / Expired / Under review).

Step 2: Pull dates from the actual document Don't guess or rely on memory. Open each certificate or contract and read the expiry date directly. Common errors: certifications often run on the anniversary of first issue, not the date of the most recent renewal; contracts usually have a notice period that makes the real action date months before the stated end date.

Step 3: Calculate the action date for each item Expiry date minus lead time equals the date you need to start acting. That's the date your reminder should fire - not the expiry date itself. Typical lead times:

| Item type | Minimum lead time | Why | |---|---|---| | Certifications (ISO, safety) | 45-60 days | Booking a surveillance visit or reapplication takes time | | Contracts with 30-day notice | 37 days | Notice period plus a week buffer | | Contracts with 90-day notice | 97 days | Miss this and you're locked in for another term | | Insurance policies | 30-45 days | Getting competing quotes takes time; don't wait for the broker's renewal letter | | Licenses and permits | 60-90 days | Some require supporting evidence or have processing queues | | Employee qualifications | 30 days | Booking training or a certification exam has a lead time |

If you're unsure about the notice period in a contract, our guide on contract renewal reminders walks through how to read and calculate that window correctly.

Step 4: Set the reminder at the action date Put each action date in a shared team calendar and assign an owner. The reminder should say: what it is, what action is required, and when the hard deadline falls. "Renew public liability insurance by 15 Aug - get quotes by 31 Jul" is more useful than "insurance renewal."

Step 5: Attach the document to the register The spreadsheet cell should link directly to the file, not to a folder where the file might be. When an auditor asks for the document, you click once.

Step 6: Review monthly Set a fixed date - first working Monday of each month works well. Filter for anything due in the next 90 days. Update statuses. Mark anything that has renewed as Active and log the new expiry date. This is the audit-readiness review, even if it's five minutes.

The catch with spreadsheets A spreadsheet register works when one person maintains it consistently. It breaks when that person is away, changes role, or leaves. There are no reminders that fire automatically, no audit trail showing who reviewed what, and no way to attach documents that stay attached. When the auditor asks "how do you manage this process?", the honest answer tends to be "we check the spreadsheet when we remember to" - which is rarely what an auditor wants to hear.

Five audit-readiness mistakes that cost teams most

Tracking the expiry date instead of the action date. If a contract requires 90 days' notice to cancel and your only reminder is set to fire on the expiry date, you've missed the cancellation window by three months. You're now locked in for another year at whatever the auto-renewal rate is. The action date - the date you need to start acting - is what matters.

Documents stored in personal folders. When the person who filed the PDF leaves or changes role, the document often leaves with them, or becomes inaccessible. Store everything in a shared location that any authorized team member can reach, not in someone's individual cloud drive or email archive.

Single-owner tracking. One person knows where everything is, sets all the reminders, handles every renewal. It works until that person is on holiday the week a certification lapses. Read more on this in our post about what happens when a certificate lapses - the real-world costs start from the first day of lapsed coverage, not from when someone notices.

Scope creep on certifications. A certification covers specific services, locations, or headcounts. If your business expands, the existing certificate may no longer cover the new scope. Auditors check scope, not just dates. Track scope changes alongside renewal dates.

Status recorded as binary. "Valid" or "expired" misses the middle state. Auditors are more comfortable with a status flow they can follow: Active, Upcoming renewal, Renewing in progress, Expired, Under review. The granularity shows a managed process, not a check-when-we-remember approach.

Build your audit register in Lapsewise. Add each item once, attach the document, set the notice period, and Lapsewise emails the right person before action is needed. Free to start, no card required.

Start tracking free

What a dedicated tracker adds

A purpose-built renewal tracker replaces the two weakest parts of the spreadsheet method: the automatic reminder and the audit trail.

Reminders that fire without anyone pressing send. Lapsewise calculates each reminder from the notice period you set. A contract with a 90-day cancellation window gets a reminder 97 days before the end date. A certification that takes 45 days to book and complete gets a reminder at 50 days. You set the lead time once per record and it runs every year automatically.

Per-person, timezone-aware delivery. Each reminder goes out at 08:00 in the recipient's local timezone. A team member in New York gets the nudge at 8am Eastern, not at 3am. You don't have to think about this - it just works.

Documents stored per record. The source certificate or contract PDF sits alongside the expiry date. One click in front of an auditor. No searching folders or waiting for someone to forward an email.

A Runway view sorted by urgency. The dashboard shows every record sorted by what's due soonest, with a health ring that immediately shows whether your posture is green, amber, or red. You can walk an auditor through the live screen and they see a managed system, not a static spreadsheet screenshot.

Logged status changes. Every update - date changed, document uploaded, status moved to Renewing - is timestamped and attributed. That's the audit trail that turns "we manage this" into "here's how we manage this, and here's the log."

Lapsewise covers all seven categories above in one place. Certifications and inspections live in the certificate management module; contracts (with first-class notice-period dates) live in the contract management module; grants, licenses, insurance, warranties, memberships, and employee docs each have dedicated modules too.

Connecting this to the rest of your renewal system

Audit-readiness sits at the output end of a well-run renewal system. If you're building the foundation - identifying everything that expires and setting up a tracking cadence - start with Expiry Tracking 101 for the full picture.

For the certifications piece specifically, the setup for audit-readiness and the setup for renewal tracking are almost identical. Our guide on how to track certificate expiry dates covers the detailed approach by certificate type, including what to do when a cert is issued by a third-party body with its own renewal schedule.

For contracts, the critical detail is the notice period. Our guide on contract renewal reminders explains how to read that window and set reminders that give you enough lead time to cancel, renegotiate, or renew intentionally.

Frequently asked questions

What documents should I have ready for a compliance audit? The core set: current certificates with issue and expiry dates, active contracts with parties and renewal dates, valid insurance policies with coverage dates, and any license or permit relevant to your operations. Each should be filed in one accessible location with a documented owner, next due date, and action lead time.

How far in advance should I prepare for an audit? You shouldn't need to prepare at all - the point is to be ready continuously. Build the register, set the reminders, attach the documents, and keep statuses current. An audit that arrives on short notice shouldn't require a scramble if the system is running properly.

What's the difference between being compliant and being audit-ready? Compliance means your obligations are met. Audit-readiness means you can prove it, on demand, with a documented process around each item. You can be compliant but not audit-ready if your documents are scattered and your renewal process is informal. Audit-readiness is the evidence layer on top of compliance.

What if some certifications lapsed in the past? Document what happened, what steps resolved it, and what process is now in place to prevent it recurring. Auditors are often more interested in your corrective action than in the lapse itself. A running renewal tracker with a change log is the most credible corrective action you can show: here's the date it lapsed, here's when it was renewed, here's the reminder that fires next time at 45 days out.

Is a spreadsheet acceptable evidence for audit purposes? It can be, if it's consistently maintained and documents are attached and current. In practice, a spreadsheet with no automated reminders, no change history, and a single maintainer doesn't give auditors much confidence in the process. A system with timestamped status changes and automatic reminders gives a much more credible answer to "how do you ensure nothing lapses?"

Never let it lapse

Track every certificate, contract, grant, and license in one place. Lapsewise warns you before any renewal or expiry slips - and keeps the evidence ready for when an auditor asks. Free to start, no card.

Never let it lapse

Track every certificate, contract, grant, and license in one place. Lapsewise warns you before any renewal or expiry slips. Free to start, no card.