To be legal, this stage of the process (including signature match) must have been properly witnessed by observers from both sides.
A proper audit would include checking that this was carried out.
Not in Colorado - and probably most states.
The signatures go through an automated verification process - supposedly checking 30 points of each signature against a known valid one.
This process approves about 40% of the overall signatures.
The 60% that are left then get compared manually - first by one person who can either approve the signature to move forward to count - or mark the signature as needing further verification.
Those needing further verification are then looked at by two people - supposedly one from each major party. They can either approve a signature or mark it as suspect.
All signatures marked as suspect then have an email (if available) and letter sent to the voter informing them of a need to "cure" their ballot - and give info on other documents that would prove their identity.
As you can see, there are multiple places along the line were fraud can occur - in the automatic verification, and in the single person "phase 1" manual verification process.