Skip to content
Free audit kit

Spreadsheet Audit Checklist Template

Catch the spreadsheet errors that look correct. This page is a template-first utility hub: a checklist, a 60-second risk score, and a repeatable audit procedure (Silent Failure Edition).

Want the deeper story (why manual audits miss silent failures)? Read SheetSage vs Manual Auditing.

Template links are placeholders for now; the page structure + audit flow are ready. (Install works via /install redirect.)

Quick start (10–15 minutes)

  1. Make a copy of the template.
  2. Run the 60-second risk score.
  3. Audit in priority order: R1/R3 → R4 → R5 → R2.
  4. Log fixes (what changed, why, and how you validated it).
  5. Re-check outputs (sanity tests + edge-case tests).

The goal isn’t perfection. The goal is to eliminate the most common silent failure patterns systematically.

60-second silent failure risk score

Tick what’s true for your workbook. Score 1 point for each “Yes”.

  • We use lookups (VLOOKUP / MATCH / INDEX-MATCH) and don’t always enforce exactness.
  • We hardcode column positions (e.g., “3” to mean column C).
  • We copy/drag formulas across months, regions, or product lines.
  • People insert columns/rows into model tables over time.
  • We have constants inside formulas (*1.08, *0.9, +500, -2).
  • Multiple people edit this workbook.
  • We validate by comparing to last month more than by test cases.
  • We have hidden/helper tabs.
  • Assumptions aren’t centralized into a single “Inputs” tab.
  • A spreadsheet mistake here would change a real decision (pricing, payroll, inventory, close, forecast).

Interpretation:

  • 0–2 (Low): Keep it disciplined. Still audit before sign-off.
  • 3–5 (Medium): Silent failures are likely present.
  • 6–10 (High): You’re running a production system with thin guardrails.

What’s inside the template (preview)

Tab 1 — START_HERE

  • Workbook name, owner, audit date
  • Criticality (Low / Medium / High)
  • What this workbook is used for (pricing, payroll, close, etc.)

Tab 2 — RISK_SCORE

  • Your 0–10 score
  • Risk band (Low/Med/High)
  • Fix-first recommendation (auto)

Tab 3 — CHECKLIST_R1_R5

  • Rule (R1–R5)
  • Where found (tab name + area description)
  • Why it’s risky (picklist)
  • Severity (Critical/High/Med/Low)
  • Fix decision (Fix now / Fix later / Accept risk)
  • Validation test (what you ran to confirm)
  • Notes

Tab 4 — FIX_LOG

  • Date / owner
  • Change summary
  • Before/after output check (pass/fail)
  • Rollback plan
  • Links to evidence (screenshots, comments, exports)

Tab 5 — SIGN_OFF

  • What changed
  • What was validated
  • Remaining risks accepted
  • Final reviewer name + date

The audit procedure

Step 1 — Identify the workbook type

Pick one: pricing/quoting, payroll/commissions, inventory planning, monthly close reporting, forecasting/budgeting, other.

Then do one sanity check immediately: “What output is most sensitive to being wrong?” Log it as your primary output.

Step 2 — Run the “3 tests” (fast validation)

  • Test A: Boundary check (first/last/smallest/largest; does it behave at edges?)
  • Test B: Missing-key check (what happens when a lookup key doesn’t exist?)
  • Test C: Structure-change check (in a copy: insert a column into a key table; do results silently change?)

Log pass/fail in FIX_LOG. These tests become your proof later.

Step 3 — Audit in the highest-impact order

R1 / R3: Lookup fragility (highest frequency + highest cost)

  • Validate: run Test B (missing keys) and Test A (boundaries); try unsorted data in a copy if sorting is assumed.
  • Rule of thumb: for pricing/payroll/close sheets, treat unsafe lookup behavior as Critical.

R4: Reference drift (silent misalignment)

  • Validate: copy a block down 10–20 rows in a copy and compare totals.
  • Rule of thumb: if it touches totals, drift is usually High.

R5: Magic numbers (assumption debt)

  • Validate: change the policy number in one place—does the workbook update cleanly?
  • Fix rule: centralize assumptions into an Inputs tab and reference them consistently.

R2: Column index brittleness (structure-change time bomb)

  • Validate: run Test C in a copy and compare outputs.
  • Rule of thumb: if the workbook evolves monthly, R2 is usually High even if it “works today”.

Fix playbook (copy/paste)

Use consistent notes so the audit log stays clean across teams.

  • If you find R1/R3: “Lookup exactness not enforced. Ran missing-key and boundary tests. Updated logic to fail loudly on missing keys.”
  • If you find R4: “Reference drift risk in copied block. Validated by copying rows in sandbox and comparing totals. Anchored fixed inputs.”
  • If you find R5: “Magic number representing a policy assumption. Centralized to Inputs and replaced constants with references.”
  • If you find R2: “Hardcoded column index depends on table structure. Validated by inserting a column in sandbox and observing output change.”

The fix-first decision tree

  1. Does this workbook affect real money or decisions? If yes, proceed.
  2. Are there lookups anywhere? If yes, fix R1/R3 first.
  3. Is anything copied across months/regions? If yes, fix R4 next.
  4. Are there embedded constants representing policy? If yes, fix R5 next.
  5. Do tables get columns inserted over time? If yes, fix R2 next.

Privacy & data handling (short)

This kit is just a template. If you’re using SheetSage: by default, no spreadsheet content is transmitted externally; operational data stays local unless you enable optional features. Full details link to permissions/privacy.

FAQ

Is this only for Google Sheets?

The checklist is written for Google Sheets workflows. The same logic applies to Excel, but function specifics differ.

How often should we do this?

  • High-stakes sheets: before every sign-off
  • Medium-stakes: quarterly, or after structural changes
  • Low-stakes: when the workbook changes owners

Run a scan in Google Sheets

Install SheetSage and use the checklist as your audit log.

Install Free See pricing

Requires Google Sheets — No credit card required