CRM Audit Checklist

Run Klaviyo's duplicate-profile finder and merge by email-as-primary-identifier. Watch for profiles created from Shopify checkout (email lowercase) versus pop-up forms (email mixed case) — same person, two profiles, split history. Document any merges that affect VIP segment membership.

Pull the last 30 days of campaign and flow sends. Flag any send with bounce rate > 2%, complaint rate > 0.1%, or open rate sharply below the rolling baseline (likely Apple MPP noise vs. real engagement drop). Confirm DKIM, SPF, and DMARC are still aligned in the sending domain settings.

Soft bounces older than 90 days that have since shown engagement are candidates for re-activation. Hard bounces and unsubscribes stay suppressed. Don't blanket-clear suppressions — that's the fastest path to a sender-reputation crash and a Gmail spam-folder placement.

Country values stored as 'US', 'USA', 'United States', and 'us' all break geo-segmentation. Standardize to ISO-3166 alpha-2 via Klaviyo's properties, and confirm Shopify customer attributes write back consistently.

Confirm VIP thresholds (e.g., $500 LTV / 3+ orders) still match this year's AOV. Static thresholds set 18 months ago drift as pricing changes. Cross-check segment counts against last quarter — a 40%+ swing usually means a definition or sync problem, not real customer behavior.

Place a real test order halfway through checkout, abandon, and confirm the trigger fires within the configured delay. The race condition to watch for: customer completes checkout while the abandonment email is queued — Klaviyo's 'Placed Order since starting flow' filter must be set on every message, not just the first.

Sample 10 recent orders and confirm the post-purchase flow branched to the correct product-specific path (review request, replenishment reminder, cross-sell). SKU-renames in Shopify often break conditional splits silently.

Pull customers whose last purchase was 90, 180, and 365 days ago. Confirm each cohort lands in the right winback flow with offer escalation that matches margin tolerance. A 30% off winback to a customer who already bought at 30% off is margin-destroying.

Spot-check 5 active and 5 cancelled subscribers — Klaviyo properties should match Recharge dashboard exactly. Stale 'active subscriber' tags on cancelled accounts trigger inappropriate retention emails and FTC click-to-cancel concerns.

Create a test Shopify customer and a test order; confirm the profile, order events, and product properties land in Klaviyo within 5 minutes. Repeat for a guest checkout — guest-to-known-profile linking is where most syncs silently lose data.

Open 5 recent Gorgias tickets and confirm each shows Shopify order history and Klaviyo profile in the customer sidebar. Missing context here is the #1 reason CX agents send canned replies that don't match the customer's actual order status.

Confirm 'Reviewed Product' events flow back to Klaviyo with star rating and product. This drives the 1-star-review apology flow and the 5-star-reviewer referral ask — both of which break silently when Yotpo updates its API version.

Check the integrations dashboard for any source showing 'last sync' > 24 hours ago or any webhook with a failure rate above 1%. A stalled integration looks identical to 'no activity' in the UI — confirm by event count, not by absence of error banner.

Reauthorize the failing connection (most often: rotated API key or expired OAuth token after a Shopify staff change). Trigger a manual backfill for the gap window. Document the gap in the audit log so attribution numbers can be flagged in reporting.

Sample 25 SMS subscribers and confirm each has a captured opt-in source, timestamp, and the disclosure language that was shown at the time. Missing express-written-consent records are a per-message TCPA exposure ($500-$1,500 each). Postscript and Attentive both expose this in subscriber detail.

Send a test, unsubscribe, and confirm removal across all lists within 10 business days (CAN-SPAM ceiling). Confirm the physical postal address in the email footer is current. Confirm STOP keyword on SMS removes the subscriber from all SMS flows, not just the originating one.

Pull the DSAR log from the past quarter. Each request needs evidence of fulfillment within 30 days (GDPR) or 45 days (CCPA). Confirm the 'Do Not Sell or Share' link on the storefront actually flows through to a suppression on Klaviyo, Meta CAPI, and any other audience partners.

Compare the privacy-policy retention schedule to actual data in the CRM. Customers who haven't engaged in 5 years still sitting in a marketable list is a common gap. Either the policy needs updating, or the data needs purging — pick one and align.

For subscribers flagged in the TCPA audit, suspend SMS sends and trigger a re-opt-in via email with full disclosure language. Do not resume sending until a fresh consent timestamp is recorded. Keep the audit gap documented in case of complaint.

Klaviyo's attributed revenue should reconcile against Shopify total revenue within the configured attribution window (default 5-day click, 1-day open). Large variances usually mean a tracking gap — UTMs missing, cookie consent blocking, or the Shopify integration being out for a period (cross-reference with the integrations audit).

Confirm cohorted LTV in Lifetimely or Triple Whale matches a manual SQL pull within 2%. Confirm CAC includes platform fees, agency retainer, and creative production — not just media spend. Bad LTV/CAC numbers drive bad acquisition decisions for an entire quarter.

Capture the audit decision, an owner and target date for each gap, and attach the full report. Distribute to the marketing lead, CX lead, and ops lead. Schedule the next audit on the calendar before closing this run.