How the IRD chooses businesses to audit

Most business owners assume an IRD audit happens because someone has done something wrong. ​

In reality, audits are often the result of uncertainties or inconsistencies in the information a business reports. It’s very rarely a single issue that leads to an audit, but rather a lack of clarity in how the numbers fit together.​

Understanding IRD’s selection process can help remove some of the uncertainty and reduce the stress that an audit can bring.​

​

It can feel like audits happen out of nowhere, but the IRD generally selects businesses based on risk rather than at random.​

Tax information is regularly assessed against risk indicators. The information filed with IRD is analysed and compared with what would normally be expected for businesses of a similar size, structure, and industry. Current figures may also be compared with previous filings to identify any unusual changes or inconsistencies. When something stands out, it can trigger a review.​

Inland Revenue also regularly updates its compliance focus. This means certain industries, activities, or behaviours may be under closer scrutiny at different times.​

If you’re selected for an audit, the IRD may not tell you exactly why you were selected. This is done to protect the integrity of their selection process.​

​

When Inland Revenue reviews a business, they are not looking for small mistakes. They are looking for patterns that don't make sense when compared with the information they hold. ​

These patterns usually appear across your tax returns, bank activity, and reported income and expenses. ​

Common signals that may attract IRD's attention include:​

On their own, any one of these may not mean much, but when several appear together, they can form a pattern that IRD's systems flag for further review.​

​

Each year, the IRD sets specific compliance focus areas based on where they are seeing the highest levels of risk, error, or non-compliance across the country. These focus areas often relate to particular industries, business activities, or types of transactions. ​

If your business operates in a sector that is currently under review, you may be more likely to be selected.​

This is one of the reasons audits can feel unexpected. You may not have changed anything in your business, but IRD's focus may have shifted toward the type of work you do. ​

The IRD periodically publishes information about its compliance focus, but many business owners aren't aware of it. Being in a focus industry doesn't mean you've done something wrong. It simply means your business sits in an area that the IRD is currently monitoring closely.​

​

The IRD doesn't just look at the most recent return. Patterns such as late filings or payments, frequent corrections, or gaps in record-keeping can all contribute to how your business is viewed from a risk perspective.​

If a business has previously been audited, required adjustments, or had ongoing difficulty meeting tax obligations, this history may influence how future returns are reviewed. This doesn't mean you are permanently flagged, but IRD considers past behaviour when assessing whether further scrutiny is warranted.​

​

Many audits don’t start as a full investigation. Instead, it starts with what IRD calls a “risk review”. A risk review is generally handled through written requests and information gathering to evaluate the risk of non-compliance. In many cases, once they have the information they need, the review does not progress further.​

You will usually receive reasonable notice when Inland Revenue begins a risk review or a formal audit. If you use a tax agent for the tax type being examined, IRD will typically contact them first. Both you and your agent will then receive written confirmation outlining what they intend to review and the expected timeframe. ​

A formal audit is different. In certain situations, the IRD has the legal authority to visit business premises without prior notice. If this occurs, you are required to allow the IRD officer access to relevant records and systems. ​

Understanding the difference between a review and an audit makes the process far less confronting. Many cases stop at clarification. Only when concerns remain unresolved does the IRD escalate the matter to a more formal audit.​

​

The IRD approaches large enterprises differently from small and medium businesses, but the underlying principle is the same. They are looking for risk. ​

Large enterprises are subject to ongoing risk assessment rather than one-off reviews. The IRD may monitor different parts of the business over time, including specific tax types, internal systems, and compliance processes. If a significant issue is identified, it may lead directly to a formal audit. Potential risks may also be scheduled for review at a later date. In some cases, targeted reviews of certain business areas or systems are carried out as part of Inland Revenues broader compliance plan. ​

For smaller businesses, this process tends to happen in stages through risk reviews and data analysis. For large businesses, monitoring is more continuous.​

Regardless of size, the IRD focuses its attention where risk signals are strongest.​

​

One part of Inland Revenue's process that many business owners are unaware of is voluntary disclosure. If you realise there is an error in your tax affairs, you can tell IRD before they discover it themselves.​

Making a voluntary disclosure can significantly reduce the penalties that would otherwise apply. It shows IRD that you are acting in good faith to correct a mistake rather than trying to avoid detection. ​

Voluntary disclosure is still possible even after you've received notice that IRD intends to review or audit your business. The earlier you do this, the more favourable the outcome is likely to be. ​

For businesses that suspect something in their records may not be quite right, addressing it proactively can make a substantial difference to how the situation is handled. ​

​

While much of the discussion around audits focuses on what triggers IRD’s attention, it’s equally useful to understand what indicates low risk.​

Businesses that present consistent, logical, and well-documented information across their returns are generally considered lower risk. When your reported income matches your bank activity, your expenses make sense for the type of work you do, and your profit margins sit within expected industry ranges, your numbers don't raise questions. ​

Clear record-keeping also plays an important role. Being able to explain how figures were calculated and keeping business and personal finances separate helps create a consistent picture of how your business operates.​

Filing and paying on time and responding promptly to any IRD communication also contribute to a stronger compliance history over time.​

​

In most cases, IRD audits are triggered by patterns rather than a single mistake. Understanding how patterns are identified helps remove some of the mystery and highlights the importance of clear, consistent reporting.​

For further information, view Inland Revenue’s official audit guide.​