Back

Certificate of Insurance Tracking: How to Do It Right at Scale

Tracking certificates of insurance is simple when you have five vendors. You request a COI, file it, set a calendar reminder for the expiration date, and move on. At five vendors, even a spreadsheet works.

At 50 vendors, the spreadsheet starts breaking. At 200, it’s a liability. At 500 or more, manual COI tracking is one of the biggest unmanaged operational risks in your business — and it’s almost invisible until a claim happens or an audit uncovers the gaps.

This guide covers the full process for tracking certificates of insurance at any scale: what the process should look like, where it consistently breaks down, and what changes as your vendor count grows.

Why COI tracking is harder than it looks

On the surface, COI tracking seems like a filing problem. You get a document, you store it, you check the dates. In practice, it’s a coordination problem involving multiple parties with conflicting incentives and no natural deadline pressure.

The vendor doesn’t want to deal with insurance paperwork. Their broker may not move quickly. Your team has other priorities. The certificate expires quietly on a random Tuesday. And you don’t find out until someone tries to process a payment — or until a claim happens.

$30k+
average construction general liability claim
15–25
certificate expirations per month per 200 active vendors
10–20 hrs
weekly staff time spent on manual COI management at scale

The three root causes behind most COI tracking failures:

  • No proactive expiration tracking. Someone entered a date when the original COI arrived, but no system sent a renewal request when that date approached. Expiration discovery happens at payment time, not 30 days before it.
  • No structured collection process. COI requests go out via email. Responses come back via email. The document gets filed — or not — depending on who received it and whether they were busy. There’s no standardized intake.
  • No document review. A COI arrives and gets filed without anyone checking whether the coverage limits are sufficient, the endorsements are correct, or the insured name matches the legal entity you’re contracting with. A filed COI and a compliant COI are not the same thing.

What changes at different scales

The right process depends on how many active vendors you’re managing. Here’s how the problem changes — and what it demands — at each tier:

1–25
Manageable manually
A spreadsheet with expiration dates and a 30-day calendar reminder works. The risk is human error and staff turnover — not volume.
25–150
Manual starts breaking
Expirations pile up faster than one person can chase them. Errors multiply. A dedicated process or tool is necessary.
150+
Manual is a liability
At this volume, manual tracking creates unmanaged risk daily. Automated collection, review, and ERP sync are table stakes.

Most construction firms are operating in the 25–150 range where they know manual tracking is straining but haven’t made the switch yet. That middle zone is where most COI-related claims and audit failures originate.

The 5-step COI tracking process that works at scale

A reliable COI tracking process has five stages, and they need to happen in sequence for every vendor relationship. Skipping any step creates a gap that surfaces later.

1
Define requirements before onboarding
Before you request a COI, know what you need. Your contract should specify minimum coverage limits, required policy types, endorsement requirements (CG 20 10, CG 20 37, primary and non-contributory), and whether additional insured status is required. Without documented requirements, you can’t review a COI — you’re just filing paper.
2
Collect through a structured channel, not email
Email COI collection is the single biggest source of tracking failures. Documents get attached to threads that move to different inboxes, get forwarded, or never get filed. A structured collection channel — whether a dedicated compliance portal or a standardized intake form — gives every COI a consistent landing place and a timestamp. At scale, this is non-negotiable. If you don’t have a portal yet, our free COI tracking template is a starting point, but it has real limits above 25 vendors.
3
Review against your contract requirements — not just for existence
A COI that’s been collected but not reviewed is not a compliant COI. Review means checking: (1) coverage limits match your contract minimums, (2) the insured name matches the legal entity you contracted with, (3) the policy effective dates cover the project period, (4) required endorsements are present and correct, (5) your firm is listed as additional insured where required. This review step is where most manual processes fail — either it doesn’t happen, or it’s done by someone without insurance expertise who misses endorsement gaps. The AI Review Assistant automates this entirely.
4
Track expirations and send renewals proactively
Every COI has an expiration date. Your tracking system needs to watch those dates and trigger outreach to the vendor and their broker at least 30 days before expiration — 60 days is better for vendors who are slow to respond. The goal is that renewals arrive before the old certificate lapses, not after you discover the gap at payment time. This is the step that eliminates AP holds driven by expired certificates.
5
Maintain an auditable compliance trail per vendor
When a lender, insurer, or owner requests a compliance audit, the question is not just “do you have a current COI?” It’s “was the vendor compliant when they were on-site?” That requires a timestamped record of every COI you received, when it was reviewed, what the outcome was, and what the coverage was at any given point in time. A folder of PDFs doesn’t answer that question. A structured compliance trail does. Our 2026 audit-ready checklist covers what that trail needs to include.

Manual vs automated tracking: what actually differs

The instinct when volume is low is to keep tracking manual and add automation later. In practice, the cost of manual tracking compounds as vendor count grows — and the switch happens during a crisis rather than as a planned upgrade. Here’s what the comparison looks like in practice:

Task Manual process Automated process
Initial COI request Email to vendor, follow up manually if no response Automated request sent; reminders triggered if no response within set window
Document intake Email attachment filed by whoever received it Structured portal submission with timestamp, indexed to vendor record
Coverage review Manual review by staff (may miss endorsement gaps) AI review against contract requirements; flags deficiencies immediately
Expiration tracking Calendar reminders or spreadsheet; manual follow-up Automated alerts at 60 and 30 days; renewal requests sent to vendor and broker
Status in ERP / Procore Manual data entry after receiving document Automatic sync; compliance status updated in real time
AP hold resolution Reactive: discovered at payment, researched manually Proactive: renewals handled before expiration reaches AP queue
Audit response Search email threads and file servers for historical records Per-vendor compliance trail with full history accessible on demand
Time cost (200 vendors) 10–20 hours/week 1–3 hours/week (exception handling only)

COI tracking and your ERP

For contractors running construction ERPs, COI tracking doesn’t exist in isolation. The compliance status of your vendors needs to be visible where payment decisions are made. That means it needs to flow into your accounting system.

The specific mechanism depends on which ERP you’re running:

  • Viewpoint Vista: Billy connects through the Trimble AppXchange. A BILLY compliance code in Vista’s compliance setup receives status updates from Billy, surfacing current compliance in Vista’s AP Verify flag. Full details: how compliance tracking works in Vista.
  • Sage 300 CRE: Daily COI sync between Billy and Sage 300 keeps vendor compliance status current across both systems. Payment controls reflect Billy’s current review status.
  • Sage Intacct: Real-time sync via Calance. Compliance status updates appear directly in Intacct, enabling automated payment holds and releases based on current COI status.
  • Procore: Billy’s Side Panel integration puts compliance status directly inside Procore’s vendor directory, commitment views, and project pages — so project teams see it without leaving Procore.
  • Autodesk, CMiC, JD Edwards: Direct integrations sync compliance data to each platform’s vendor and AP workflows.
The connection that matters most

The ERP integration isn’t about convenience — it’s about closing the loop. COI status that lives only in a compliance platform but not in your accounting system creates a split where AP makes payment decisions without current compliance data. That’s where claims and audit exposure come from.

What to look for in COI tracking software

If you’re evaluating tools, these are the capabilities that separate effective platforms from glorified file folders:

Automated collection and vendor outreach

The platform should send collection requests, follow up automatically, and handle reminders — without your team chasing vendors. If you’re still sending emails manually, the tool isn’t doing its job.

Document review, not just storage

COI storage is table stakes. Review means checking actual coverage: limits, endorsement types, additional insured status, effective dates. COI tracking software that only stores files doesn’t protect you from the most common compliance gaps.

No-login vendor submission

Requiring vendors to create accounts reduces submission rates. The best platforms accept documents from vendors and their brokers without any login required. Higher submission rates mean fewer gaps.

ERP and project management integrations

Check which specific integrations are available and how they work — real-time sync vs daily batch. The depth of integration matters: surfacing compliance status in an AP workflow is more valuable than a dashboard in a separate tool.

Managed services option

At high vendor volume, some teams need more than software — they need someone to handle the chasing, reviewing, and exception management on their behalf. Managed compliance services pair human expertise with automation for teams that don’t have the internal capacity to run a compliance operation.

Per-vendor audit trail

Every document, every review outcome, every status change — timestamped and accessible. Not just a current snapshot but a full compliance history per vendor. This is what protects you in a claim investigation or audit.

Quick-start checklist: is your COI tracking process working?

Run through this before assuming your current process is solid:

  • Can you pull up the current COI for any of your top 20 vendors in under 60 seconds?
  • Do you know which vendors have certificates expiring in the next 30 days?
  • Has someone reviewed coverage limits and endorsements — not just the existence of a COI — for each vendor in the last 12 months?
  • If a vendor’s coverage lapsed last month, would your team have caught it before processing an invoice?
  • If a lender audited your vendor compliance tomorrow, could you produce a timestamped compliance history?
  • Does your AP team see current compliance status when processing invoices, or do they have to check a separate system?

If the answer to any of those is “no” or “I’m not sure,” the gap is real and it carries financial exposure.

See how Billy handles COI tracking at your scale

Tell us your vendor volume and your current ERP. We’ll walk through what the process looks like with Billy connected.

Book a Demo →

Related reading

Foundation
What Is a COI? Certificate of Insurance Explained
What a COI is, how to read one, and what every section means.
Vista
Vista AP Holds: Why They Happen and How to Stop Them
How expired COIs turn into payment holds — and how to prevent it.
Free Tool
Free COI Tracking Template for Excel
A starting point for teams under 25 vendors managing manually.
Free Tool
2026 Audit-Ready Compliance Checklist
What your compliance trail needs to include to survive an audit.

Summary

Certificate of insurance tracking works at low volume with manual processes. As vendor count grows past 25–50, manual tracking creates compounding risk: expirations slip through, endorsements go unreviewed, and AP holds fire reactively rather than being prevented upstream. The five-step process — define requirements, collect through structured channels, review against contract terms, track expirations proactively, and maintain an auditable trail — is the foundation of a compliant operation at any scale.

For teams past the manual threshold, automating that process through software that connects to your ERP eliminates the gaps that create claims exposure and audit risk. The integration isn’t optional — compliance status that doesn’t live in your payment workflow doesn’t protect you when a payment gets processed.

Similar Posts