An ATO audit — whether a formal review, a compliance check or a simple letter requesting information — is disruptive and expensive even when the outcome is favourable. The businesses that experience the most audits are not necessarily the ones doing the most wrong. They are the ones whose data patterns trigger algorithmic risk flags. Understanding those patterns is the first step to avoiding them.
How the ATO Selects Businesses for Audit
The ATO uses a combination of algorithmic risk scoring and targeted campaigns. The core data inputs are:
- STP Phase 2 data — wages, super, allowances and income types reported after every pay run.
- BAS returns — GST collected, input tax credits claimed, PAYG withheld.
- Income tax returns — business income, deductions, depreciation, drawings.
- Third-party data — bank data, payment platform data (Square, Stripe, PayPal), property records, share registries.
- Industry benchmarks — the ATO publishes small business benchmarks for hundreds of industry categories, comparing expense ratios, gross margins and income patterns.
- Superannuation fund data — clearing house remittance records, fund receipt confirmations.
When your reported figures diverge from expected patterns — either relative to your own history or to your industry benchmarks — the risk score increases. High-risk-score businesses are selected for review.
Red Flag 1: GST Discrepancies
GST credits disproportionate to revenue, or BAS figures that don't reconcile with bank statements
This is the most common GST audit trigger. The ATO cross-references GST reported in your BAS against income tax returns, bank data and industry benchmarks. Significant mismatches — particularly overreported input tax credits — are a primary selection criterion.
Common causes: GST claimed on private purchases or mixed-use assets without appropriate private-use adjustments; GST on bank fees or insurance that aren't GST-applicable; input credits claimed on invoices that don't meet tax invoice requirements. Each of these is a bookkeeping error, not a deliberate fraud — but the ATO's risk profiling cannot tell the difference.
Correct GST coding from day one — applied by a registered BAS agent or qualified offshore accountant who reviews transactions before lodgement — eliminates the discrepancies that generate audit triggers.
Red Flag 2: Cash Businesses — Especially Hospitality and Trades
Revenue levels inconsistent with known industry cash handling patterns
Hospitality, beauty, cleaning, gardening and trades businesses that accept significant cash payments are subject to more intensive ATO scrutiny. The ATO uses industry benchmarks and lifestyle indicators to identify businesses where reported revenue is implausibly low relative to observable business activity.
The protection is not to reduce cash transactions — it's to record them completely and consistently. Every POS transaction, every cash payment, every daily cash balance: recorded in Xero or MYOB accurately, reconciled against the bank, and reported in BAS. A business with clean cash records is indistinguishable from a card-only business in an ATO data analysis.
Red Flag 3: Contractor Misclassification
Workers classified as contractors who meet the ATO's employee criteria
The ATO uses a multi-factor test to assess worker classification. Businesses with large contractor workforces that pay no PAYG withholding and no super are flagged when STP data shows minimal employee headcount against revenue levels that imply a significant workforce.
From 1 July 2026, Payday Super applies to eligible contractors in the same way as employees. An incorrect contractor classification now creates simultaneous PAYG withholding liability, SG liability, Payday Super shortfall liability and payroll tax risk. The ATO's STP cross-referencing makes contractor misclassification increasingly visible.
Red Flag 4: Large or Unusual Deductions
Deductions significantly above industry benchmark ratios, or deductions that spike without explanation
The ATO benchmarks expense ratios for every industry. A hospitality business claiming cost-of-goods-sold at 70% when the benchmark is 35–45% stands out. A professional services business claiming vehicle expenses of $45,000 when industry peers average $8,000 stands out. Either triggers a risk flag.
Legitimate high deductions — genuine business expenses accurately claimed — are defensible with documentation. The problem is businesses that claim mixed-use expenses as 100% business without records to support the allocation. Every deduction above the industry average should have a paper trail.
Red Flag 5: Payday Super Shortfalls (New from 1 July 2026)
STP-reported wages without matching clearing house remittance confirmation
This is new for 2026. The ATO now cross-references every STP lodgement against clearing house remittance data. Any payday where wages were reported but super did not reach employee funds within seven business days is directly visible to the ATO — no audit required to detect it.
The Payday Super data matching system will generate SGC assessments and compliance referrals automatically for persistent shortfalls. The best protection is a managed payroll service that monitors clearing house confirmation after every pay run.
Red Flag 6: Lifestyle vs Income Discrepancy
Property purchases, loan applications or asset acquisitions inconsistent with reported income
The ATO receives data from financial institutions, state revenue offices and property registers. When a sole trader reports taxable income of $65,000 but purchases a $1.8M property in the same year, the discrepancy triggers a review of business income records going back several years.
This trigger disproportionately affects sole traders and partnerships where personal and business finances overlap. Clean separation between business and personal accounts — maintained through proper bookkeeping — provides the documentation to resolve these inquiries quickly.
Red Flag 7: Industry Benchmark Outliers
Gross profit margins, expense ratios or income-to-assets ratios significantly below or above industry benchmarks
The ATO publishes benchmarks for over 100 industries — from cafes and hairdressers to engineering consultancies and medical practices. Businesses whose ratios fall outside the benchmark range without explanation are systematically flagged for review.
The benchmarks are available on the ATO website and worth reviewing for your industry category. If your numbers fall outside the range, the question to ask is: is this because of a genuine business difference, or a bookkeeping error that's distorting the ratios? The former is defensible; the latter is correctable before it becomes a problem.
How Clean Bookkeeping Protects You From All of These
Every red flag on this list is either caused by bookkeeping errors or made worse by the absence of documentation. Whether you use an in-house team, outsourcing bookkeeping through a managed provider, or offshore bookkeeping through an offshore accountant, the quality of the records is what determines your audit exposure — not where the work is done. Clean books don't prevent audits — the ATO selects businesses based on statistical patterns, and sometimes compliant businesses get selected. What clean books do is ensure that an audit inquiry resolves quickly and conclusively, rather than escalating into a multi-year investigation.
The specific protections:
- Correct GST coding eliminates BAS discrepancy triggers before lodgement
- Daily cash reconciliation creates an unbroken record that explains revenue levels
- Correct contractor classification records support the employment status applied
- Documentation of business-use ratios for mixed-use assets supports deductions claimed
- Clearing house confirmation records demonstrate Payday Super compliance per pay run
- Clean separation of business and personal accounts removes lifestyle-vs-income ambiguity
For Sydney businesses, bookkeeping services that include a registered BAS agent review before every lodgement provide the first layer of audit protection. For Melbourne businesses in hospitality and retail — statistically the highest-audit-risk industries — specialist bookkeeping with correct cash and award handling is essential.
Books That Protect You If the ATO Comes Knocking
OrtúsPro Global's bookkeeping and BAS agent service ensures correct GST coding, accurate payroll records and clean reconciliations — the documentation that resolves ATO queries before they escalate.
Frequently Asked Questions
How does the ATO select businesses for audit?
The ATO uses data matching and risk profiling across STP lodgements, BAS returns, third-party bank and payment platform data, property records and industry benchmarks. Businesses whose reported figures diverge from expected patterns — relative to their own history or industry peers — receive higher risk scores and are more likely to be selected for review.
What are the biggest GST audit triggers for Australian businesses?
The most common GST audit triggers are: input tax credits disproportionately high relative to revenue, BAS figures that don't reconcile with bank statements, GST claimed on private or mixed-use expenses without adjustment, and significant discrepancies between income reported in BAS versus income tax returns.
Can a Payday Super shortfall trigger an ATO audit?
Yes. The ATO cross-references STP Phase 2 data with clearing house remittance records. From 1 July 2026, any gap between reported wages and confirmed super contributions is directly visible to the ATO. Repeated shortfalls without voluntary disclosure are a direct audit trigger under the Payday Super regime.
Does having a bookkeeper or accountant reduce audit risk?
Well-maintained books reduce audit risk in two ways: they reduce the likelihood of errors that trigger audits, and they provide the documentation to respond quickly if the ATO does inquire. An ATO query answered with complete supporting records resolves without escalation. The same query met with disorganised records often escalates to a full audit.