What an Accessibility Audit Actually Checks: A Shopify Audit Deliverable Sample

If you've never received a credentialed accessibility audit, the deliverable is more structured than most merchants expect. A WCAG 2.2 Level AA audit produces a 30-60 page report with criterion-by-criterion findings, evidence in the form of screenshots and screen reader transcripts, severity classifications, and recommended remediation. This article walks through what each section contains, what "good" looks like in audit deliverables, and how to evaluate the audit quality you receive from a vendor.

What Are the Standard Sections of an Accessibility Audit Report?

Eight standard sections. Executive Summary. One-page overview: scope, methodology, top-level findings, recommended next steps. Useful for board or executive stakeholders. Methodology. What was tested, what tools and techniques were used, who performed the audit (credentials, dates), what assumptions or limitations apply. Conformance Statement. WCAG version targeted (typically 2.2 AA), scope of testing (which pages/templates/flows), conformance status (Supports / Partially Supports / Does Not Support per criterion).

Findings by Criterion. The largest section. Each WCAG criterion gets its own entry: criterion text, applicable status, specific findings if not supported, evidence (screenshot, code snippet, screen reader transcript), severity, recommended remediation. Findings by Page. Cross-reference: each tested page lists the criteria it failed and the specific instance (e.g., "Homepage hero — alt text missing on image #3"). Recommendations. Prioritized remediation list — typically by severity (critical, major, moderate, minor) and effort (small, medium, large). Conformance Statement. Final recommended status for the audited site against the targeted WCAG version and level. Appendices. VPAT 2.4 Rev 508 format, methodology details, glossary, vendor disclosures.

For broader audit format context, see our accessibility-audit-report-guide and interpret-wcag-audit-report.

What Does the Findings-by-Criterion Section Actually Contain?

Per criterion, the typical entry includes: Criterion text ("1.1.1 Non-Text Content (Level A): All non-text content that is presented to the user has a text alternative that serves the equivalent purpose..."), Applicable status (Applicable / Not Applicable), Conformance level (Supports / Partially Supports / Does Not Support / Not Applicable), Findings (e.g., "Of 23 product pages tested, 14 had at least one image with missing or generic alt text"), Evidence (URLs, screenshots numbered Figure 1.1.1.A, Figure 1.1.1.B, etc.), Severity (Critical / Major / Moderate / Minor), Recommended remediation (specific guidance, e.g., "Backfill alt text via Shopify Admin API across product catalog. Establish editorial process for new content.").

A thorough audit produces 30-50 criterion entries (some criteria are Not Applicable for typical ecommerce; some have no findings). Each entry is 100-500 words. The total findings section runs 15-30 pages depending on store complexity.

For Shopify-specific audit examples, see our shopify-accessibility-audit-checklist-wcag-22-liquid.

What's the Severity Classification Pattern?

Auditors typically use a 4-tier severity scale, though terms vary across firms. Critical: complete barriers (can't checkout, can't navigate, can't perceive product information). Affects all users with the relevant disability; must be fixed before launch or compliance claim. Major: significant barriers that block specific tasks (variant picker not announceable, focus order broken on cart drawer). Affects substantial user populations; should be fixed in the current sprint. Moderate: usability barriers that don't fully block but degrade experience (low-contrast secondary text, missing skip-link). Affects users intermittently; planned remediation in the backlog. Minor: edge-case or non-blocking issues (missing landmarks on pages with strong heading structure, decorative elements with empty alt). Documented for completeness; lower-priority remediation.

Severity classification matters because it drives remediation prioritization. A store with 50 minor and 5 critical findings is in materially better posture than a store with 50 critical and 5 minor; both have 55 total findings, but the first is closer to compliance posture.

What Evidence Should Each Finding Include?

Three evidence types together produce audit-grade documentation. Screenshot. Visual reference to the failing element, typically with annotation (red box, arrow). Multiple screenshots when the failure has visual states (default, hover, focused, error). Code snippet. The HTML/CSS/JavaScript responsible for the failing pattern, with the location (file path and line number when available). Screen reader or keyboard transcript. What the screen reader announces (or doesn't), what happens when keyboard navigation reaches the element. Verbatim transcripts for screen reader output ("[NVDA, 2026-04-15] Reads: 'Image. Image. Image.' for product gallery").

Audits without code snippets and screen reader transcripts are less rigorous — the auditor saw the visual but didn't verify the assistive-tech experience. Procurement teams and counsel routinely check evidence quality when evaluating audit deliverables.

What's a "Good" Audit Deliverable?

Five quality signals. Independent auditor. Audit performed by IAAP-certified CPACC or WAS, ideally from an established firm or specialist platform. Comprehensive scope. Tests cover the full customer journey (homepage, category, product, cart, checkout, account, customer service, accessibility statement) plus mobile, plus key apps. Conservative ratings. Auditors who record Partially Supports for borderline criteria (rather than Supports) produce more defensible documents. Specific evidence. Screenshots, code snippets, screen reader transcripts per finding — not just summary statements. Actionable recommendations. Remediation guidance specific to the finding, not generic ("fix per WCAG").

Vendor-self-issued audits frequently lack one or more of these signals. Procurement teams and EU regulators read audits with these criteria in mind. For broader audit-quality context, see our accessibility-audits-vs-remediation-effectiveness.

How Does TestParty Produce Audit Deliverables?

TestParty's standard service includes monthly expert manual audits with date-stamped compliance reports for legal counsel. The reports follow the standard ACR/VPAT 2.4 Rev 508 format with criterion-by-criterion findings, evidence (screenshots, code snippets, screen reader transcripts), and prioritized remediation guidance. Daily automated scans add the regression-detection layer; the monthly manual audits add the qualitative depth automated tools can't reach.

In our experience working with 100+ brands, the audit deliverable supports three downstream uses: procurement (Plus enterprise contract requirements), demand-letter response (legal counsel exhibits), and EAA regulator engagement (member-state market surveillance authority requests). Each use has slightly different formatting expectations but the underlying audit content is shared. TestParty was named to the Forbes Accessibility 100 in 2025.

For the broader audit cadence framework, see our continuous-monitoring-vs-point-in-time-audits.

Frequently Asked Questions

How long does a complete audit deliverable run? 30-60 pages for a typical Shopify Plus store. Smaller stores with simpler templates produce 20-30 pages; complex Plus stores with multiple checkout extensions and B2B catalogs reach 60-80 pages.

What's the difference between an audit and a VPAT? A VPAT (Voluntary Product Accessibility Template) is a structured template format. An ACR (Accessibility Conformance Report) is the completed VPAT with audit findings filled in. The audit produces the ACR; the ACR uses the VPAT format. In casual conversation, "VPAT" and "ACR" are used interchangeably. See our vpat-accessibility-conformance-report.

Can I see a sample audit before engaging a vendor? Most reputable audit firms and platforms can share redacted sample audits (with sensitive client information removed). Reviewing sample format helps evaluate the vendor's audit quality and methodological rigor before committing.

What's the typical audit cost? $5,000-$25,000 for a complete WCAG 2.2 AA ACR for a typical Shopify Plus store. Range depends on scope (templates tested, mobile coverage, app coverage), auditor credentials, and turnaround time. Annual ACR refresh sits at the upper end; quarterly delta audits at the lower end. See our accessibility-audit-cost.

How long does it take to produce a complete audit? 2-4 weeks for a typical scope, including testing time (1-2 weeks) plus report drafting and quality review (1-2 weeks). Faster turnaround is possible (1-week rush) at premium pricing. Annual ACR work typically schedules 4-6 weeks ahead.

Can the audit be performed by my internal team? Internal-team audits are valuable for ongoing monitoring but typically aren't accepted in procurement or legal contexts as the authoritative ACR. The pattern: internal team performs monthly audits; external auditor produces quarterly or annual ACR. For broader internal-vs-external context, see our working-with-external-accessibility-auditors.

Are accessibility overlay vendor "audits" comparable? In our assessment, no. Overlay vendor self-audits typically lack independent methodology and are treated as marketing material in legal contexts. The FTC fined accessiBe specifically $1 million in April 2025 for related marketing claims. Procurement teams check methodology disclosure on any vendor-issued accessibility document.

How often should I refresh the audit deliverable? Annual ACR for the authoritative document. Quarterly delta audits for major changes. Monthly manual audits for ongoing monitoring. The cadence-and-deliverable map is in our continuous-monitoring-vs-point-in-time-audits framework.

Humans + AI = this article. TestParty uses a cyborg approach to content — combining human accessibility expertise with AI capabilities to produce accurate, comprehensive guides. This content is for educational purposes and reflects our analysis of publicly available information as of the publication date. TestParty competes in the digital accessibility market, and we encourage readers to evaluate all solutions independently based on their specific needs.