DEV Community

GrimLabs
GrimLabs

Posted on

Your COI Spreadsheet Is Giving You False Confidence

#insurance #riskmanagement #propertymanagement #compliance

A property manager I know (lets call him Dave) ran his COI tracking on a beautifully maintained Google Sheet. Color-coded columns. Conditional formatting that turned cells red when policies were within 30 days of expiring. Dropdown menus for vendor categories. He was genuinely proud of it.

Then his biggest commercial tenant slipped on ice in the parking lot. $340K claim. Dave pulled up the landscaping contractor's COI to verify coverage. Everything looked green in the spreadsheet. $2M general liability, current through March 2025.

Except the contractor had renewed 4 months earlier and quietly dropped their GL limit from $2M to $500K. The old certificate was still in Dave's file. His spreadsheet still showed $2M because nobody had checked the renewal. The new policy didn't come close to covering the claim.

Dave's firm ate the difference. And fired him two months later.

The regression problem nobody talks about

In property management circles, everyone talks about expired certificates. Thats the obvious risk. But theres a sneakier problem that spreadsheets are completely blind to: coverage regression.

Coverage regression is when a vendor renews their policy but with lower limits, fewer endorsements, or different terms than what you originally approved. It happens more than you'd think. According to the Insurance Information Institute, premium increases of 15-25% across commercial lines in recent years have pushed many small contractors to reduce coverage to keep costs manageable.

And honestly? You cant blame them. If your GL premium jumps from $4,800 to $6,200 and you're a three-person HVAC shop, dropping from $2M to $1M in general liability saves real money. The contractor isnt trying to scam you. They're just trying to keep the lights on.

But your minimum coverage requirements exist for a reason. And if a vendor drops below them without telling you (they almost never tell you), you've got a compliance gap thats invisible to anyone relying on manual tracking.

What your spreadsheet actually tracks vs what it should track

Here's what a typical COI spreadsheet captures:

  • Vendor name
  • Policy number
  • Expiration date
  • GL limit
  • Workers comp status
  • Maybe additional insured status

Heres what it probably doesnt capture:

  • Whether the current certificate matches the one on file from last year
  • Whether limits have decreased since the last renewal
  • Whether the additional insured endorsement is actually on the policy (not just the certificate)
  • Whether the per-occurrence limit meets your requirements (not just the aggregate)
  • Whether umbrella/excess coverage is still in place
  • Whether the certificate holder and additional insured are correctly listed as separate items
  • Whether completed operations coverage is included

That's a lot of gaps. And every single one of them represents a scenario where you think you're covered but you're not.

The "green means go" illusion

The most dangerous thing about a well-designed spreadsheet is that it looks authoritative. When every cell is green and formatted nicely, your brain treats it as truth. Your boss treats it as truth. Your insurance broker treats it as truth during audits.

But a spreadsheet only knows what you tell it. If nobody re-keyed the data from the latest renewal certificate, the spreadsheet is showing you stale information and smiling about it.

I talked to a risk management consultant who told me she audits 15-20 property management firms a year. Her finding? On average, 34% of vendor files contain certificates that dont match the current underlying policy. Some are expired. Some have reduced limits. Some have incorrect additional insured language. And the property managers had no idea because their tracking system said everything was fine.

34%. More than a third of your vendor files might be wrong right now.

What "real" compliance tracking looks like

After living through my own version of Dave's nightmare (different specifics, same sick feeling in my stomach), I started thinking about what a COI system actually needs to do to be trustworthy.

It needs to:

  1. Read the actual document, not rely on someone typing numbers into cells
  2. Compare every new certificate against the previous one and flag any reductions
  3. Know what the minimum requirements are for each trade category
  4. Differentiate between aggregate limits and per-occurrence limits
  5. Verify additional insured endorsements specifically (not just "yes/no")
  6. Track umbrella/excess layers separately
  7. Alert immediately when something doesnt match requirements

This is what I built COIPulse to handle. The AI extraction reads every certificate when it comes in and compares it against the previous version. If a landscaper renews with lower GL limits, it flags it as a regression before it ever hits your compliance dashboard. No manual comparison needed.

But even if you dont use any tool at all, you should be doing manual regression checks. Every time a vendor sends a renewal certificate, pull up the previous one and compare side by side. I know its tedious. But its the difference between real compliance and spreadsheet theater.

A simple regression checklist

If you want to catch coverage regressions manually, check these fields on every renewal:

  • [ ] General liability per occurrence limit (same or higher?)
  • [ ] General liability aggregate limit (same or higher?)
  • [ ] Workers compensation coverage still active?
  • [ ] Additional insured endorsement still present?
  • [ ] Your company name spelled correctly on certificate?
  • [ ] Umbrella/excess coverage still in place?
  • [ ] Professional liability (E&O) if applicable, same limits?
  • [ ] Auto liability same limits?
  • [ ] Certificate holder vs additional insured correctly distinguished?

Takes maybe 10 minutes per vendor if you're doing it manually. With 200 vendors renewing throughout the year, thats about 33 hours annually just on regression checks. Not counting the time to chase vendors who failed.

It adds up. But the alternative, trusting your spreadsheet blindly, is how you end up like Dave.

Turns out the thing that makes you feel safest might be the thing thats hiding your biggest risk. Your spreadsheet looks like a compliance system. But its really just a snapshot from whenever someone last bothered to update it.

And in insurance compliance, "last time someone bothered" is not a standard that holds up in court.

Top comments (0)