What Auditors Actually Look for in Corporate Records

Who this is for

This guide is for anyone who will eventually hand their corporate records to someone external for review. In practice, that usually means:

• Founders and CFOs preparing for a financial audit, diligence process, or financing round.
• Corporate secretaries and general counsel responsible for records that may be examined.
• Accountants advising clients through audits and tax reviews.
• Board members who want to understand what a clean record looks like before it matters.

The goal is specific: know exactly what auditors examine so you can prepare the records proactively, rather than reacting during a request.

The short answer

Auditors examine three things, regardless of whether the audit is financial, regulatory, or transactional:

1. Existence. The required documents are present and properly executed.
2. Consistency. The documents agree with each other. Registers match certificates, resolutions match appointments, filings match internal records.
3. Traceability. Every material decision can be tied to a date, an authority, and a record of how it was approved.

Most corporations pass the first test. They fail on the second or third. That is where preparation matters.

The auditor’s checklist, category by category

What follows is the working checklist auditors actually run through. It is not exhaustive, but it covers what almost every reviewer will ask to see.

1. Corporate existence and good standing

Auditors start by confirming the corporation actually exists in the form you say it does. They look for:

• Articles of incorporation and any amendments, current and historical.
• Bylaws and amendments, with dates.
• Certificate of incorporation and any continuance or amalgamation documents.
• Current certificate of good standing or equivalent from the jurisdiction.
• Evidence that annual returns have been filed and the corporation is not dissolved or suspended.

If a corporation has been administratively dissolved and restored, the reviewer will want documentation of that restoration and the periods it covers.

2. Authority and decision-making

Auditors then look at whether people acting on behalf of the corporation had the authority to do so. This is where inconsistent documentation causes the most friction. Expect questions about:

• Board resolutions approving material actions, including share issuances, officer appointments, major contracts, financing, and distributions.
• Written consents in lieu of meetings, signed by all directors or shareholders as required.
• Shareholder resolutions for matters requiring shareholder approval (amending articles, approving mergers, certain related-party transactions).
• Delegation of authority, if officers executed agreements beyond their default powers.
• Consistency between the action taken and the authority documented. A share issuance without a corresponding resolution is a classic finding.

3. Share capital and ownership

This is usually the most scrutinized category and the one with the most common inconsistencies. Auditors check:

• Authorized share structure matches the articles and any amendments.
• The shareholder register is current, complete, and identifies each shareholder, share class, and number of shares held.
• Share certificates have been issued, are sequentially numbered, and correspond to register entries.
• Transfers are documented with cancellation of prior certificates and issuance of new ones.
• The total number of issued shares matches across the register, certificates, and any cap table provided separately.
• Consideration for each issuance is documented (cash, services, property, or other lawful value).
• Share class rights and restrictions are clearly documented in the bylaws or articles.

An auditor comparing the shareholder register, the certificate register, and the cap table should see three views of the same truth. When they drift, the drift is the finding.

4. Directors and officers

Reviewers verify who holds authority, and when. They expect:

• A current register of directors with full names, addresses where required, appointment dates, and resignation dates where applicable.
• A current register of officers with titles, appointment dates, and terms where applicable.
• Consents to act and resignation letters where required by statute.
• Consistency between internal records and the corporate registry’s public record. A director listed internally but absent from the registry (or vice versa) will surface.
• Chronological clarity. Overlapping or undocumented transitions are red flags.

5. Compliance and filings

Auditors verify that the corporation has met its ongoing obligations. They check:

• Annual returns filed for each applicable year, in each relevant jurisdiction.
• Corporate tax filings where applicable.
• Jurisdiction-specific filings (PSC register, beneficial ownership filings, sector-specific licenses).
• Registered office address and registered agent on file, current and correct.
• Any consent orders, regulatory notices, or settlements affecting the corporation’s standing.

Missed or late filings often lead directly into questions about internal controls. “Why was this missed?” is a question with no good answer unless the records show it was caught and corrected promptly.

6. Intercompany relationships (for groups)

If the corporation is part of a group, auditors extend the review across entities:

• Ownership chains documented consistently at both ends (parent’s register reflects the subsidiary; subsidiary’s register reflects the parent).
• Intercompany agreements formalized in writing and held by both entities.
• Shared directors or officers disclosed and recorded in each entity’s register.
• Intercompany transactions documented with appropriate approvals on each side.

A corporation that looks clean on its own can still fail review if the group-level records don’t line up. The multi-subsidiary playbook covers this in more depth.

7. Change history and version control

Increasingly, auditors expect to see not just the current state but the history of how it was reached:

• An activity log that shows when registers were updated, by whom, and with what authorization.
• Document version history for amended bylaws or shareholder agreements.
• Clear chronology for certificate issuances, cancellations, and transfers.
• Evidence that changes were made at the time of the event, not reconstructed after the fact.

This is the category most likely to catch out records kept in shared drives or spreadsheets. A file timestamp is not a governance audit trail.

The specific questions they ask

Experienced auditors use a handful of questions that quickly surface whether records hold together. Expect variations of these:

• “Can you show me the resolution approving this share issuance?”
• “The register shows 1,000 Class A shares outstanding. Can you walk me through each certificate that makes up that total?”
• “This director signed an agreement in March 2022. Can you show me they were properly appointed before that date?”
• “When was the shareholder register last updated, and who updated it?”
• “Your public registry says X is still a director. Your internal register says they resigned. Which is correct?”
• “This amendment was filed in Q3. Where is the board or shareholder resolution that authorized it?”
• “Do you have a certificate of good standing dated within the last 30 days?”

Every one of these is answerable quickly if the records are structured. Every one of them becomes a time sink if they are not.

What “clean” records look like to an auditor

Records that withstand scrutiny share four characteristics.

They are internally consistent

The register, the certificates, the resolutions, and any cap table agree on the same facts. Comparing two views produces the same answer.

They are chronologically complete

Every material event has a date, and the dates form a coherent timeline. Appointments precede actions. Resolutions precede filings. Issuances precede certificate dates.

They are traceable

Each record can be tied to its authorizing event: every share issuance to a resolution, every director to a consent, every filing to its preparing officer.

They are independently verifiable

Third parties can confirm the records without taking the company’s word for it. Share certificates with public verification links. Filings that match the public registry. An activity log that shows when things happened.

The most common failure points

In practice, auditors find the same five problems over and over.

1. Share certificates that don’t match the register. The certificate says 500 shares; the register says 400. Or the certificate exists but isn’t reflected in the register at all.
2. Missing resolutions for actions that clearly happened. A new officer signed a contract. No appointment resolution in the book.
3. Public registry and internal records disagree. Directors or officers listed in one but not the other.
4. Filings that were made but never linked to internal approvals. An article amendment filed with the registry, no corresponding shareholder resolution on file.
5. No audit trail for changes to the records themselves. A register was edited; there’s no record of who changed it, when, or why.

Each one is preventable. None of them is preventable during the audit itself.

How to prepare before the request arrives

The best preparation is structural, not last-minute. Four practical moves:

1. Run the checklist above as a self-audit, annually. It takes a few hours for a well-maintained corporation. If it takes longer, that itself is a finding.
2. Reconcile the three views of ownership (register, certificates, cap table) at least once a year. Fix any discrepancies immediately, while the history is still accessible to people who remember it.
3. Maintain a live activity log. Every change to a register, every issuance, every resolution should be recorded with user, timestamp, and authorization.
4. Keep the minute book in a structured digital system that enforces the consistency checks you would otherwise have to run manually. A shared drive will pass a quick look. It will not pass a thorough one.

Preparation done in advance costs hours. Preparation done under pressure costs deals.

The bottom line

Auditors don’t find problems in corporate records. They find patterns. The patterns are predictable, and the patterns are preventable.

Every corporation will, at some point, have its records examined. The difference between a short conversation and a long one is whether the records were built to be reviewed in the first place.

Structure, internal consistency, traceability, and an audit trail are not what auditors hope to find. They are what auditors assume. When those assumptions hold, scrutiny is routine. When they don’t, the review becomes the story.