In this article
The word "audit" scares contractors for the wrong reason. Most contractors imagine a man in a suit showing up at the shop with a clipboard. That is not what an ISNetworld audit is. An ISN audit almost always happens inside the platform, quietly, before you even know it is happening. You find out because your grade changed.
The good news: If you understand what ISN reviewers are actually looking at, you can prepare for an audit before one is triggered — and in most cases avoid the grade drop entirely.
The three types of ISN audits
1. RAVS document reviews
When you upload a safety program or answer a RAVS question, ISN's Review and Verification Services team scores it against the hiring client's written standards. This is the most common audit — it happens on every upload. You just do not always realize it is an audit. Turnaround is 3 to 7 business days. Each category gets scored, and the score feeds your grade.
2. Client-initiated audits
A hiring client notices something on your scorecard and asks ISN to dig deeper — maybe your EMR went up, a safety statistic looks off, or they are doing a routine supplier review before a big contract. ISN will re-verify your documents, often request additional documentation, and ask clarifying questions through the platform. You find out because the "open requests" section of your ISN dashboard fills up with new items.
3. Regulatory and third-party verification
ISN cross-references your self-reported data against public records. OSHA citations show up in their database within days of being issued. Workers' compensation carrier information is verified directly. You do not get notified before this happens — the first sign is usually when ISN flags something as inconsistent with what you reported.
What reviewers actually check vs. what contractors think
This is the part most contractors get wrong. Knowing what reviewers care about is what separates contractors who stay at A from the ones who slide to C every quarter.
Insurance (Certificates of Insurance)
The COI was uploaded and has current dates.
Named insured matches the legal business entity. Limits meet every client's minimums per-occurrence AND aggregate. Additional Insured language matches the exact required wording. Required endorsement forms (CG 20 10, CG 20 37, WC 00 03 13) are attached as separate pages. Waiver of Subrogation present. Certificate holder name matches preferred wording exactly.
OSHA logs and safety statistics
The numbers they self-reported.
OSHA 300A matches the 300 log data. Posting date falls within the Feb 1–Apr 30 window. TRIR and DART calculations use the correct formula against reported hours worked. Hours worked figures are reasonable for the reported number of employees. Reported citations match what is visible in OSHA's public database.
Math gets verified: If you reported 200,000 hours worked and 15 employees, the math does not work — that is 85 hours per week per employee. Reviewers will flag it.
RAVS safety program answers
The program exists and covers the topic.
Program owner identified by title. Training frequency is specific ("annually" — not "as needed"). Training documentation method described. Equipment inspection schedule specified. Specific OSHA CFR sections cited. Incident response procedure included with specific steps. Program review cycle documented. Hazards specific to your actual work, not generic. Disciplinary policy for non-compliance included.
Reviewers score against a checklist. A program that says "We follow all applicable OSHA regulations" scores near zero. A program that cites specific CFR sections, names the program owner, specifies training frequency and documentation method, and includes a review date scores near 100. Knowing the checklist means you can write to it.
Training and certifications
The worker has the cert.
Training provider is authorized or accredited (some clients require OSHA-authorized trainers only). Cert date is current — 1-year, 3-year, or 5-year validity depending on type. Cert type matches the job role. Refresher trainings are current. Documentation of training content and duration is on file.
EMR letters
The number on the letter.
Letter is on the carrier's letterhead. Issued within the current policy year. Three-year EMR window is specified. EMR is consistent with reported safety statistics — a 0.85 EMR with a 4.0 TRIR is inconsistent and gets flagged.
The triggers that start a client-initiated audit
Any EMR increase, even small ones. An EMR that went from 0.89 to 0.92 will not drop your grade by itself, but it puts your file in the review stack at risk-averse clients.
A new OSHA citation. ISN picks these up automatically from OSHA's database. Any citation triggers an internal flag at most clients.
A recordable incident on their site. If one of your workers had a recordable injury at the client's facility, expect a full audit within 60 days of the incident.
Annual supplier review cycle. Many large industrial clients do an annual or semi-annual review of all prequalified contractors. Timing varies — some do it in Q1, some at the start of their fiscal year.
Before a major contract award. Expect procurement to pull your ISN scorecard and potentially request additional documentation beyond what is already in RAVS.
Upon contract renewal. Master service agreements and long-term contracts often trigger full re-verification before renewal.
If your grade dropped at another client. Some clients monitor their contractors' grades across all clients on ISN. A drop at one can trigger review at another.
The pre-audit checklist
Run this quarterly. It catches 90 percent of what would otherwise trigger a grade drop.
Insurance readiness
- All COIs on file are current (expiration more than 30 days out)
- Each client's specific Additional Insured wording is verified against their most recent requirement
- All required endorsements are attached as separate document pages
- Policy limits meet or exceed every client's minimums — not just the most generous
- Umbrella or Excess coverage is in place where required (many high-hazard sites require $5M+)
- Workers' Comp policy is valid in every state where your workers operate
Safety statistics accuracy
- OSHA 300 and 300A match each other
- Hours worked match payroll records
- TRIR and DART calculations use the correct formula (per 200,000 hours)
- EMR letter is less than one year old
- EMR is consistent with reported safety stats — no inconsistencies that suggest underreporting
RAVS readiness
- Every safety program has a named owner with title
- Every program cites specific OSHA CFR sections
- Every program specifies training frequency in measurable terms (not "regularly")
- Every program includes an inspection schedule with documentation method
- Every program has a review date within the last 12 months
- Generic "we follow OSHA regulations" language has been replaced with specifics
Documentation hygiene
- W-9 is current
- OSHA 300A was posted in the workplace Feb 1 through April 30
- Training certifications are current for every worker who will be on-site
- Any outstanding citations have corrective action documentation on file
- Any rejected documents from prior reviews have been resubmitted
Client-specific awareness
- You have read each client's scorecard in ISN within the last 90 days
- You know each client's specific passing threshold
- You have responded to every open request from every client
- You have reviewed each client's requirements for any changes in the last quarter
What to do when you are in the middle of an audit
Do not panic. Most audits result in no grade change. The ones that do usually cause a one-letter change that recovers within weeks.
Respond to every request within 48 hours. ISN tracks response time. Slow responses get scored as non-compliance even if the answer is correct.
Ask clarifying questions through the platform, not by phone. Written record is your friend.
Do not submit partial answers to get it over with. A rushed half-answer scores lower than a delayed complete one.
Loop in your insurance agent and safety consultant immediately. Give them a heads up before you need the paperwork.
Communicate proactively with the hiring client. A short email that says "We received the ISN review request, here is our timeline to respond" goes a long way.
Document everything you submit. Screenshot every upload. Save every message. If something gets misattributed later, you have the record.
The annual audit ritual that keeps grades up
Around the same time every year — many do it in January before the OSHA posting window starts — run a comprehensive internal audit of your own ISN account:
- Pull every client scorecard and review the thresholds
- Verify every COI, endorsement, and policy document matches every client's requirement
- Read every RAVS answer and rewrite any that feel generic
- Update every safety program with current OSHA citations and review dates
- Verify EMR is current and consistent with safety stats
- Train whoever manages ISN on anything that changed in the past year
It takes a day or two. Compare that to the cost of a C grade that takes 30 days to recover and potentially costs you an awarded contract in the meantime.
The honest takeaway
Most ISN audits are preventable. The contractors who get blindsided are not lazy or irresponsible. They are busy running their business, and ISN's review criteria are buried in documentation nobody has time to read.
Knowing what reviewers actually check transforms audit prep from a mystery into a checklist. The checklist is boring. The checklist is also the entire difference between staying at A and sliding to C.
If running this checklist quarterly sounds like a full-time job on top of your actual work, that is because it is. The contractors who do this well either have a dedicated compliance person, pay a consultant, or use software that tracks every document expiration and flags every RAVS category that drops below threshold. Those are the three options — choose one.
More ISNetworld Guides
OSHA 300 vs 300A vs 301: The Three Logs Every Contractor Must Keep
OSHA Form 300, 300A, and 301 serve three different purposes — and confusing them is the most common recordkeeping mistake contractors make. Here's what goes on each form, the Feb 1–April 30 posting rule, electronic submission deadlines, and how ISNetworld uses your injury log data.
Read guide →
Waiver of Subrogation Explained for Contractors (Without the Legal Jargon)
What subrogation actually is, why hiring clients demand the waiver, how the WC 00 03 13 and CG 24 04 endorsements work, and why ISN checks for this on every COI.
Read guide →
What Is RAVS? A Contractor's Guide to ISN's Review and Verification Services
A complete plain-English guide to ISNetworld RAVS — what it stands for, how the review process works, what the 40 questions cover, how answers are scored, and what contractors can do to perform well.
Read guide →
PrequalPilot
Never get caught by an expired document again.
Automated 60/30/7-day expiry alerts, RAVS answer tracking, and COI parsing in one place.
Claim your founding spot →