The Annual Operations Audit Every Founder Should Run: A 21-Question Checklist

Most founders only audit their operations when something breaks. By that point, it's a fire-fighting exercise — not a strategic review. The annual operations audit is the discipline that turns reactive fixing into proactive improvement, and it's the single highest-ROI exercise we recommend to growth-stage businesses.

The audit takes one day. Done annually, it surfaces vendor leakage, process drift, and the silent margin killers that don't show up in any dashboard until they've already cost you. Here's the 21-question checklist we run.

How to Run the Audit

Block one full day. Get your operations lead, finance lead, and one front-line operator from each major function (fulfilment, customer service, supply chain) in the same room. Walk through all 21 questions. For each, score:

• Green: we have this, it works.
• Yellow: we have something, but it's incomplete or outdated.
• Red: we don't have this and need to build it.

The output is a colour-coded list of 21 items. Reds are immediate; yellows are quarterly; greens get re-audited next year.

The 21 Questions

Process & Documentation (Q1–Q5)

1. Are the top 10 most-frequent processes documented as one-page SOPs with a named owner?
2. Has every SOP been reviewed in the last 6 months?
3. Does every new hire reference SOPs in their onboarding within their first week?
4. Are critical processes (refunds, escalations, financial close) tested annually?
5. Is there a single source of truth for "how we do things here" — searchable, not folder-buried?

Vendor Management (Q6–Q9)

6. Do you have a list of every recurring vendor with contract end-date and renewal terms?
7. Are vendor invoices reconciled against contracted rates monthly? (This is where leakage hides.)
8. Have your top 5 vendor contracts been benchmarked against alternatives in the last 18 months?
9. Do you have a clear process for vendor offboarding when a contract ends — including data, IP, and access cleanup?

Quality & Customer (Q10–Q13)

10. Do you measure NPS or CSAT monthly with at least 50 responses?
11. Is there a formal process for surfacing recurring complaint themes to leadership?
12. Do refund / return rates get tracked against industry benchmarks, not just internal trend?
13. Is there a closed-loop process — "we got the complaint, we did X, we told the customer"?

Systems & Tooling (Q14–Q17)

14. Do you have an inventory of every SaaS tool you pay for, with owner, cost, and last-reviewed date?
15. Have you cancelled at least one tool in the last 12 months as redundant or unused?
16. Is data flow between your major systems (CRM, ERP, accounting, marketing) actually working — not duct-taped?
17. Are user access reviews done quarterly to remove ex-employee or stale accounts?

People & Capacity (Q18–Q21)

18. Is every operations role measured on output, not just hours? (KPIs that mean something.)
19. If a key operations person left tomorrow, would the function continue running for 30 days?
20. Are there clear escalation paths for ambiguous situations? Does anyone get stuck waiting for "someone to decide"?
21. Do you have a documented capacity plan — what happens to operations at 2× current volume?

The audit isn't about finding what's wrong. It's about finding what's invisible. Half the answers will surprise the person you thought owned that function.

The Most Common Reds

Across hundreds of operations audits, these are the questions that come back red most often:

• Q7 — Vendor reconciliation. Founders pay invoices without checking them against contracted rates. Leakage of 3–8% is normal, and entirely avoidable.
• Q14 — SaaS tool inventory. Most growth-stage businesses are paying for 30%+ of tools that nobody uses meaningfully.
• Q19 — Single-person dependency. Critical knowledge concentrated in one person who hasn't documented it.
• Q21 — Capacity planning. No one has thought about what breaks first when volume doubles.

From Audit to Action Plan

The audit by itself does nothing. The follow-through is where value is created. After the audit:

1. Every red gets an owner and a 90-day deadline.
2. Every yellow gets an owner and a 180-day deadline.
3. Progress is reviewed monthly until the worst items are green.

When to Bring in a Third Party

The first audit is best run internally — you'll learn more by struggling with the questions yourself than by being walked through them. By the second or third year, an external audit becomes valuable: you've normalised your own answers and stopped seeing the gaps. A fresh eye finds what you've stopped noticing.

Working through this and want hands-on help? Explore our Operational consulting services — we offer retained partnerships, project sprints, and 30-day audits.