The CRM Audit Checklist: 27 Checks We Run Before Touching Any Client CRM

Ryan Iyengar, CEO, Full Stack GTM

Every engagement we run starts with the same audit, before anyone proposes changing anything. The checklist below is that audit. It’s organized into six areas; each item is written as a rule you can evaluate mechanically, because an audit finding without evidence is just an opinion.

Two ground rules before you start:

  1. Snapshot first. Export contacts, companies, and deals before auditing — you want a frozen baseline, and you’ll want it even more before fixing anything. (Why this matters: see the full cleanup process.)
  2. Record evidence per finding. Every flagged record should show which rule fired and the field values that triggered it.

1. Duplicate records

  1. Contacts sharing an exact email address.
  2. Contacts sharing normalized name + company domain (catches the j.smith@acme.com / jsmith@acme.com pairs exact-email matching misses).
  3. Companies sharing a domain.
  4. Two or more open deals on the same company — the costliest duplicate type, because it inflates pipeline directly. When we audited our own HubSpot, an outreach-tool sync had created 10 of these.
  5. Deals with identical names and amounts created within days of each other (a classic import or sync artifact).

2. Ownership

  1. Records (any object) with no owner.
  2. Records owned by deactivated or departed users.
  3. Open deals owned by someone other than the account owner — sometimes legitimate, always worth listing.
  4. Owners with implausible load (one rep holding 40% of open pipeline usually means a dumping-ground assignment rule).

3. Pipeline integrity

  1. Open deals with no logged activity in 30+ days (tune to your sales cycle — we use 30 days for cycles under 90 days).
  2. Open deals with close dates in the past.
  3. Deals sitting in one stage longer than 2× the average time-in-stage for that stage.
  4. Open deals with no next step recorded.
  5. Deals with close dates that have been pushed more than three times.
  6. Amount-free deals past the qualification stage.

Pipeline checks deserve their own cadence after the initial audit — weekly, tied to forecast. More on that in the pipeline hygiene guide.

4. Field completeness

  1. Critical-field completeness rates by object: lifecycle stage on contacts, industry/size on companies, amount + close date + next step on deals. Set a threshold (we flag anything under 90% on deal-critical fields).
  2. Fields that are 100% empty across the database — dead fields that should be archived before they confuse the next analyst.
  3. Fields with more than a handful of free-text variants of the same value (“NY”, “New York”, “new york”) — candidates for picklists.

5. Process conformance

  1. Deals that skipped pipeline stages.
  2. Closed-won deals missing fields your finance or onboarding team needs.
  3. Closed-lost deals with no loss reason.
  4. Deals created directly in late stages (sometimes legitimate partner deals, often process bypass).
  5. Records created outside the expected source channels — for instance, contacts with no original source.

6. Integration drift

  1. Record counts by source system over time — a step-change in records created by one integration is your duplicate factory.
  2. Fields that two systems both write — last-write-wins fights show up as values flapping between syncs.
  3. Records modified by integration users at abnormal rates.
  4. Sync errors and quarantine queues in each connected tool (the mess you can see in the CRM is usually smaller than the queue of failures you can’t).

Scoring and what to do next

Don’t turn the audit into a single health score — a number hides the structure. Instead, report count + trend + evidence per rule, grouped by the six areas. The cleanup priority almost always orders itself:

  1. Open-deal duplicates and pipeline integrity first (they distort the number leadership looks at weekly).
  2. Ownership second (unowned records decay fastest — nobody is accountable for them).
  3. Completeness and conformance third.
  4. Integration drift in parallel, because it’s the generator of future findings.

Then fix in reviewed batches, never silent bulk edits — the step-by-step cleanup process covers that. If you’d rather run these checks automatically, the open-source fullstackgtm CLI implements them as deterministic audit rules for HubSpot and Salesforce, with dry-run fixes you approve before they apply.

Frequently asked questions

What is a CRM audit?

A CRM audit is a systematic check of your CRM data and processes against explicit rules — duplicates, ownership, pipeline freshness, field completeness, and process conformance. The output is a findings list with evidence for each issue, which becomes the work queue for cleanup.

How long should a CRM audit take?

The checks themselves should run in minutes once the rules are written — this is mechanical work. Budget a few hours for setup the first time (defining thresholds, connecting data) and a half day to review findings with the people who own the records.

What's the difference between a CRM audit and CRM cleanup?

The audit finds and documents problems; the cleanup fixes them. Keeping them separate matters: an audit with evidence gives you a reviewable work queue and a baseline to measure against, instead of ad-hoc edits nobody can account for later.

What CRM data quality metrics should I track over time?

Track the count from each audit rule over time — new duplicates per week, percentage of open deals with a current next step, percentage of records with owners, average days since last activity on open deals. Trends matter more than absolutes: a spike in one rule usually points to a broken process or integration.

Ready to build your GTM data foundation?

Book a 30-minute call. We'll map your current stack, identify the gaps, and outline what Stage 3+ looks like for your team.