GA4 Audit Guide — Supporting Article

What Does a GA4 Audit Include?

A GA4 audit is a structured review of everything that determines whether your analytics data is trustworthy — from how the tracking code fires, to how the property is configured, to whether the numbers in your reports reflect reality.

Most GA4 problems are invisible. Dashboards still populate, reports still generate charts, and teams carry on making decisions — while the underlying data quietly misses form submissions, counts purchases twice, or credits the wrong channels. An audit surfaces these issues before they compound.

A thorough GA4 audit works through five distinct layers, each building on the last. Skipping to data validation without checking implementation first means treating symptoms rather than causes.

80%+
of websites have at least one analytics tracking issue
50–60%
of implementations miss critical events like form submissions
30–40%
of properties contain duplicate or incorrectly named events

The Four Audit Layers

Each layer addresses a different failure mode. They are designed to be worked through in order.

# Layer What It Checks
1 Implementation Is GA4 installed and firing correctly? Covers tracking code, tag architecture, event triggers, and parameter values.
2 Configuration Is GA4 Admin set up correctly? Covers retention, referral exclusions, cross-domain, Enhanced Measurement, and channel groups.
3 Consent Mode Is privacy compliance handled correctly? Confirms Consent Mode v2, default state timing, CMP updates, and cookieless pings.
4 Data Validation Is the arriving data accurate and usable? Checks bot traffic, duplicate transactions, misattribution, and revenue accuracy.
Layer 1

Implementation

The implementation layer forms the foundation. If tracking is broken here, no amount of configuration adjustment can correct the underlying data. This layer checks:

Installation Method

GA4 can be installed via direct gtag.js, Google Tag Manager, a CMS plugin, or a third-party tool. Each carries different risks. The first audit task is identifying which method is active and whether multiple methods are running simultaneously — the most common cause of duplicate tracking.

Tag Architecture in GTM

Opening GTM Preview Mode and navigating through key pages reveals whether tags fire in a logical sequence, whether the GA4 Config Tag fires before event tags, and whether the Measurement ID is correct for the environment.

Duplicate Tracking

Duplicate tracking inflates pageviews, sessions, and events — making all downstream analysis unreliable. The most common causes are Enhanced Measurement’s page view toggle firing alongside a GTM page_view tag, and a CMS plugin running alongside GTM. Detection involves the Network tab in Chrome DevTools, filtered to collect requests.

🚨
Most Critical Fix A property with duplicate page_view tracking cannot produce reliable session counts, bounce rate, engagement rate, or attribution data. Resolve this before any other audit step.
Custom Event Validation

Every custom event — form submissions, button clicks, video plays, file downloads — is tested manually in GTM Preview Mode to confirm it fires exactly once per interaction, uses the correct snake_case naming convention, and sends all expected parameters with non-null values.

Layer 2

Configuration

Correct tracking paired with misconfigured Admin settings still produces distorted data. Every section of GA4 Admin is reviewed in turn.

What the Configuration Audit Covers
  • Property timezone and currency — wrong settings cause date-boundary mismatches and incorrect revenue figures that cannot be backfilled
  • Data retention — GA4 defaults to 2 months; the maximum for free GA4 is 14 months and must be set immediately after setup
  • Internal traffic filter — office and developer IPs must be excluded to keep conversion data clean
  • Referral exclusions — payment gateways (Stripe, PayPal, Razorpay) must be listed to prevent them overwriting acquisition attribution on return
  • Cross-domain tracking — required whenever users move between domains (e.g. main site to a third-party checkout)
  • Enhanced Measurement — each toggle is reviewed individually; enabling all by default causes duplicate tracking
  • Custom definitions — event parameters only appear in reports and Explorations if registered here
  • Channel groups — miscategorised traffic (email appearing as referral, paid social as organic) is investigated and fixed
  • User permissions — former employees, old agency accounts, and personal Gmail accounts are removed
⚠️
The One Action That Cannot Wait Set data retention to 14 months in Admin → Data Settings → Data Retention today. Data that ages out of the 2-month default window is permanently gone and cannot be recovered. Every other setting can be corrected later — this one compounds urgently.
Layer 3

Consent Mode

Consent Mode v2 is now required for EU/EEA traffic if you use Google Ads conversion modelling or remarketing. The audit verifies four things:

  • The consent default state is declared in HTML before the GTM snippet loads — not after
  • The CMP fires a gtag consent update call on both accept and decline — not just on accept
  • All four consent parameters are included: analytics_storage, ad_storage, ad_user_data, and ad_personalization
  • Advanced Consent Mode is in use — cookieless pings are visible in DevTools for denied users, enabling modelled data recovery
💡
Basic vs. Advanced Consent Mode With Basic mode, GA4 does not fire at all until consent is granted — losing all pre-consent data including bounces and abandonment behaviour. Advanced mode fires for all users while respecting consent signals, enabling modelled recovery of pre-consent behaviour. The distinction matters significantly.
Layer 4

Data Validation

The final layer moves from settings into actual report data. The goal is to confirm that what arrives in GA4 is accurate, uncontaminated, and analytically usable.

Key Validation Checks
  • Traffic source accuracy — high Direct (above 40%) or Unassigned (above 5%) signals missing UTMs or broken channel rules
  • Conversion events — verifying the right events are marked as conversions (purchase, generate_lead) rather than scroll or page_view
  • Duplicate transactions — an Exploration on Transaction ID sorted by Conversions descending exposes any ID appearing more than once
  • Revenue reconciliation — GA4 purchase revenue vs back-end orders; a discrepancy above 15% requires investigation
  • Engagement metrics — engagement rate, average session duration, views per session, and sessions per user benchmarked against expected ranges
  • Bot traffic — zero-engagement sessions, geographic spikes from markets with no marketing presence, and unusual browser strings are flagged
  • Cardinality — page path and custom dimension reports checked for (other) rows caused by session IDs or high-cardinality parameters
When

When Should You Run a GA4 Audit?

  • Immediately after a new GA4 implementation goes live
  • After any website redesign, CMS migration, or platform change
  • When unexplained anomalies appear — spikes, drops, or zero conversions
  • After changes to your consent management platform
  • When onboarding a new client or taking over an existing property
  • Quarterly as a routine health check for active properties
  • After significant GTM container changes or new tag deployments
Tools

Tools Required

A GA4 audit uses a small set of tools, most of which are free and already available to anyone with GA4 access:

Tool Where to Find It What It’s Used For
GA4 DebugView Admin → DebugView Real-time events from a single device for granular event verification
Google Tag Assistant Chrome Web Store Chrome extension that records a session and shows all tags that fired
GTM Preview Mode Inside GTM Shows exactly which tags fired, which triggers activated, and what variable values resolved
Chrome DevTools (Network tab) F12 → Network Filtered by ‘collect’ to inspect raw GA4 requests and consent signals
GA4 Realtime Report Reports → Realtime Confirms live data is arriving
GA4 Explorations Explore tab in GA4 For cross-checking conversion data, transaction IDs, and cardinality issues
BigQuery (optional) Google Cloud Console For validation beyond the GA4 UI retention window and custom SQL analysis

This article is a supporting reference for the Complete GA4 Audit Guide, which contains step-by-step checklists, pro tips, and a complete audit scorecard for each layer described above.  ·  Implementation  ·  Configuration  ·  Consent Mode  ·  Data Validation

Quick Fix Request

Tell us about your tracking issue and we’ll get it resolved fast.