A (manual) accessibility audit is the only way to determine WCAG conformance. Automated scans flag approximately 25% of issues, which leaves the majority of accessibility problems invisible to software. Conformance requires human judgment applied against every success criterion, across real user flows, on real pages. That is what a (manual) audit delivers and what scans cannot.
Compliance follows from conformance. If the work has not been evaluated by a qualified auditor, there is no credible claim to make about ADA compliance, EAA compliance, or Section 508 alignment. The audit is the foundation. Everything else (remediation, validation, documentation, the ACR) depends on it.
| Factor | Why It Matters |
|---|---|
| Scan coverage | Scans flag approximately 25% of issues. The remaining 75% require human evaluation. |
| Conformance determination | Only a qualified auditor can apply WCAG 2.1 AA or 2.2 AA criteria to real content and interactions. |
| Legal defensibility | A (manual) audit report is the documentation that supports ADA, EAA, and Section 508 positions. |
| Remediation accuracy | The audit identifies specific issues with code context, which makes fixes targeted rather than speculative. |
| ACR credibility | A VPAT without an underlying manual audit is not credible. An ACR reflects real evaluation, not assumptions. |
What does a scan actually catch?
Automated checkers are useful for surface-level signals. Missing alt attributes, empty links, low contrast ratios in simple cases, form inputs without labels. These are real issues and worth identifying quickly.
But scans cannot evaluate whether alt text is meaningful. They cannot confirm a custom dropdown works with a keyboard. They cannot tell if an error message is announced to a screen reader user at the right moment. The 75% gap is where most compliance risk lives.
Why human evaluation is non-negotiable
WCAG success criteria are written in language that requires interpretation. “Meaningful sequence.” “Name, role, value.” “Consistent identification.” An auditor reads the code, operates the interface with assistive technology, and decides whether the criterion is met.
That decision is the heart of the audit. It is also the reason (manual) accessibility audits are key to achieving compliance. Without it, there is no conformance claim, only a scan report with a score.
How the audit connects to compliance
A thorough audit produces a report that lists every issue, the criterion it violates, the page or screen where it appears, and guidance for remediation. That report feeds directly into the work developers do next.
Once issues are fixed, validation confirms the work. The cycle ends with documentation: an accessibility statement, and if the asset is software or a SaaS product, an ACR built from the audit findings. Regulators and procurement teams look for this chain of evidence.
What about WCAG 2.1 AA versus 2.2 AA?
Most organizations target WCAG 2.1 AA today because it is the standard referenced in ADA Title II, Section 508, and EN 301 549. WCAG 2.2 AA builds on 2.1 and is increasingly requested by enterprise buyers. Either standard works as an audit target, and the choice depends on the contract or regulation driving the work.
The evaluation method does not change. Both standards require human judgment applied to every applicable criterion.
Where scans still fit
Scans are valuable for ongoing monitoring between audits. They catch regressions on high-traffic pages. They help development teams spot common issues before code ships. They are a supporting tool.
What they are not is a substitute for the audit itself. Treat them as a signal layer, not a conformance method.
FAQ
Can I get compliant without a manual audit?
No. Conformance with WCAG requires evaluation against each applicable success criterion, and that work can only be completed by a qualified auditor. Compliance claims for ADA, EAA, or Section 508 rest on that evaluation.
How often should I conduct an audit?
A full audit every 12 months is a reasonable cadence for most websites and apps. Significant product changes, redesigns, or new feature launches warrant an additional audit scoped to the new work.
What is the difference between an audit and an ACR?
An audit is the evaluation. An ACR is the completed document (built from a VPAT template) that reports WCAG conformance based on audit findings. The audit comes first, always.
Do scans have any role in compliance?
Scans support monitoring and catch a portion of issues quickly. They do not determine conformance. Use them alongside audits, not instead of them.
The audit is not a formality. It is the evidence that the work was done and the basis for every compliance position that follows.
Contact Kris to discuss your accessibility audit needs: Contact Kris Rivenburgh.