Proven digital strategies for sales and use tax audits

By Lindsay Galvin, J.D.; Elizabeth Schraeder, CPA; and Daniel Gwin, CPA

Editor: Moshe Bell-Jacobs, J.D.

If you have never had the privilege of working through a sales and use tax audit, particularly local audits, now is your chance to stop reading. However, for those who have experienced a revolving door of state and local auditors examining whether your company collected, accrued, and remitted the correct amount of sales and use tax, you likely have witnessed the evolution of the role of data in the audit process. By the end of this column, you may want to trade in the tried-and-true methods for the opportunity to manage big data when it comes to audit defense with indirect taxes.

The evolving role of big data

The early 2000s saw enterprise resource planning (ERP) solutions develop and expand into a full back-office support function. Tax departments were able to download monthly transactional data fairly easily and leverage simple desktop tools to pivot and manually analyze the data.

Fast-forward to 2023: ERP options are moving into cloud solutions to handle big data. “Big data” is not just a fun term — it is an industry-acknowledged way to describe data that has greater volume, variety, and velocity.

The transactional nature of sales and purchases directly results in a tremendous amount of data each month. Digital Commerce 360 estimates that the COVID-19 pandemic pushed e-commerce sales to new heights, adding over $219 billion to e-commerce’s bottom line over the past two years. While the taxability of these transactions depends on several factors, the data is still recorded, mostly in real time, and analyzed for sales and use tax applicability.

Key triggers of increased audit pressure

In addition to big data, recent key triggers have resulted in greater complexity of tax administration and demands on state auditors — and, therefore, increasingly difficult audits.

Marketplace facilitator laws have been evolving since 2017, with states enacting these requirements in a rolling fashion. Every state with a statewide sales tax has adopted marketplace facilitator laws, shifting the burden of reporting and with it the need to manage data for sales tax compliance and audit defense. At the same time, these states have adopted economic nexus thresholds for sellers, which can result in disputes between purchasers and these newly tax collecting sellers.

Another key factor increasing audit pressure is state and local revenue needs. Tax collection accounts for more than 50% of revenue in several states, with income tax revenue making up the majority in only a handful of states. Most local jurisdictions rely on indirect taxes, primarily sales tax and property tax, for their tax revenue streams. Further, some states — especially California — are forecasting revenue shortfalls due to a recent decrease in state income tax receipts. Revenue concerns could be one reason why companies are now experiencing even more pressure to close outstanding audits and are seeing more new audit notices.

Common strategies in audits

One common strategy in managing audits is to take advantage of sampling methodologies. Every jurisdiction and auditor has a different approach, and taxpayers need to know their options when responding to an audit notice. The most common sampling methodologies are the following:

Statistical sampling:

  • Simple definition: Statistical sampling is the selection of transactions that represent the population during an audit period. Many jurisdictions employ statistical sampling software during an audit.
  • Considerations: Starting with an agreed-to chart of accounts to limit the population of transactions, especially within expenses, is a necessary first step. Additionally, confirming the strata against prior audits’ sampling methodology and business trends upfront is vital. A taxpayer does not have to immediately agree with every auditor recommendation for stratification breaks.

Block sampling:

  • Simple definition: This method is the selection of periods during the audit cycle to represent the population of transactions. Block sampling is one kind of nonstatistical sampling, although states may employ other nonstatistical methods.
  • Considerations: Block sampling can be beneficial for cyclical industries and organizations that undergo system changes. Care in selecting periods that accurately represent the population — while strategically maneuvering around periods that may not be representative from a data perspective — can help create a less painful audit. Considerations for selecting block sampling periods include ERP or tax engine implementation or upgrades, compliance provider changes, and the exemption certificate process.

Error rate roll-forward:

  • Simple definition: While not as common as performing a complete audit, “rolling forward” prior audit period error rates into the current audit period is becoming more accepted among auditors as they look to manage their backlog of audit work.
  • Considerations: Performing a “mini audit” is necessary to gain confidence that a prior error rate still applies. However, more than just prior results needs to be considered. Many companies have a best practice to update their tax systems and accruals after an audit to address audit issues with their top vendors, for example. While issues with these vendors may have been fixed, these vendors may no longer be in use. Examining the new top spend for vendor-charged tax and use tax accrued, combined with analyzing the exemption certificates available for exempt sales, can help to determine an appropriate acceptance of the prior audit error rate. Consider the time and effort of performing a complete audit as well in the calculations of the benefit of an error rate roll-forward.

In addition to sampling methodology, technologies such as robotic process automation (RPA); extract, transform, and load (ETL); and optical character recognition (OCR) have become common audit tools. The use of RPA to automate PDF download/save/ hyperlink to the audit schedule is a great workaround if bulk extraction is not available. Combined with OCR to scan the PDF and convert to data, these tools can save significant resource time — for example, the time required to download, save, and manually input invoice details into audit workpapers.

Many organizations took this automation one step further and bolted on analytics through visualization software to formulate trends and comparisons of transactions before finalizing the audit methodology.

Exemption certificates: More than just a piece of paper

While RPA, OCR, and ETL can make an impact quickly, it is also important to understand platform solutions so that supporting documentation can be available when under audit. This column does not focus on tax engines and the benefit of those solutions. It does, however, address exemption certificate management, starting with customer exemption certificates. These are the proof that customers provide to represent that they do not have a duty to pay sales tax, due to industry exemptions or goods and services usage exemptions.

The typical process begins with a sale, and the customer indicates it should not be charged tax. The customer provides a certificate or electronic information, which should be saved for future documentation. The tax engine, point-of-sales system, and/or ERP are then updated to reflect that customer exemption.

Assume that three to four years later the business is defending this exempt transaction under audit. While you may be able to summarize the overall customer certificate process in just a few sentences, validation and maintenance can result in thousands of manual hours each year, even when leveraging technology. Tools in the market can streamline the process for both customer certificate collection and vendor certificate issuance. However, few organizations have fully integrated these solutions into their ERP and tax engine to make the most of the experience, resulting in the need for manual processes. So how do you address it?

Aside from technology, the first area to examine is how the team is validating certificates. There are two possibilities: Either there is minimal validation, which results in customers uploading their grocery list (often not accepted by auditors), or the team is validating every aspect of the certificate, spending two or three hours researching just one customer and declining their certificate because of a missing/wrong “issued to seller” address.

The hours can quickly add up and may require hiring three full-time resources just to validate certificates. The fastest way to address this is by following a few simple rules:

  • Make the business decision to accept certificates that are missing the issued-to-seller information. This requires proactively working with auditors to accept the certificate because it was sent to an email address of the seller — it more than makes up for the manual hours spent declining and validating revised certificates.
  • Accept a certificate in good faith — in most states, the taxpayer is not obligated to do in-depth research on the customer to determine how they are registered; instead, it can accept the certificate in good faith.
  • The business also is not required to research whether the signer of the certificate is in fact an officer, director, or another person authorized to sign it. Instead, the signature can be accepted in good faith.

In addition to addressing the human element of the validation process for customer certificates, the issuance of vendor certificates also can create problems when under audit. While the business often does not need to provide this proof of documentation, an unstructured vendor certificate process can result in local stores, business units, or factories providing a certificate to purchase goods and services without tax when tax should have been paid. The tax department may notice no tax was paid and accrue use tax — or it could go unnoticed and then result in significant tax, penalties, and interest under audit.

Some best practices include:

  • Establishing a centralized process for requesting vendor certificates through a workflow management tool, many of which are readily available through the organization’s IT group.
  • Not having tax approve each request, just the material impact, and/or perform a cadence review of what has been issued.
  • Educating purchasers throughout the organization of use tax basics, if possible, including a high-level matrix decision tree of when to provide a vendor certificate during purchases.

Similar to a proactive cadence review of vendor certificate issuance, an automated comparison of exempt sales to customer certificates is also a key method of examining risk. Leveraging citizen automations (i.e., strategies developed by nontechnical business users), such as the ETL tools mentioned above, can quickly create a reconciled file between exempt sale customer names and certificate customer names.

If the record systems are not clean enough to create a straight match of names, fuzzy matching is a great capability within many ETL tools that can help to match similar, but not identical, names. Ideally, the business will want to work with its IT department to capture the correct matching data-points to tie out customer information between sales data and exemption certificates — both to streamline the proactive comparison in seeking to ensure certificates are on file for exempt sales and to retrieve certificates for audit documentation support.

Exactly what are ‘audit-ready files’?

You likely have heard about “audit-ready files.” Building on the use of citizen automations and software systems to handle big data and appropriate methods to address common issues regarding exemption certificates, other considerations can help businesses respond to stacks of audit notices. Cadence is a priority here; it is more important to have a realistic process in place. Here are suggestions to create a process that can result in files ready to audit:

  • Whether sales and use tax returns are prepared in-house or outsourced to a compliance provider, the primary objective is to make the data you will eventually provide an auditor tie to the data used for the company’s returns (which, in turn, tie to your trial balance or general ledger totals). Creating a database through cloud technology or old-school SQL servers can allow “stacking” the data used for compliance month over month, automating reconciliation against the file amounts reported on returns. Watch for your IT organization to use terms such as “global platform,” “data mart,” “data warehouse,” or “data lake” as a cue to ensure sales and use tax is in those solutions. Your team and/or your compliance provider can support taking the initiative to also incorporate credit tracking and rebate capabilities into a one-stop shop of data.
  • The traditional approach of linking supporting documentation can save time in material review. Incorporating hyperlinked invoices into the database through invoice extraction automation, combined with analytics to highlight troublesome trends in vendor purchases and customer sales, can allow a streamlined review to occur without significant manual effort.
  • The process of self-audit can be time-consuming and frustrating to gather documentation for. If an organization is struggling to articulate a return on investment on creating audit-ready files, the ability to self-audit seamlessly and reduce reserves while improving cash flow should help in seeking leadership support for the audit-ready file effort.
  • The power of artificial intelligence (AI) has started to unfold, especially as marketplace facilitator taxation has evolved. Consider leveraging the power of AI to predict differences in tax engine calculations and/or supplement the calculation of use tax in place of a tax engine — feeding data back into the audit-ready file process to proactively true-up differences prior to audit problems.

Cadence of review is trumped by process when it comes to getting ahead of auditor data and documentation requests. Still, it is important to commit to a regular cadence of reconciliation, test sampling, and tracking audit history. Consider engaging the organization’s internal audit team to collaborate in undertaking a regular cadence of sampled self-audit reviews.

Forward looking

Looking forward, there are three key takeaways from this column:

First, government technology and systems likely will continue to be years behind the evolution of data handling. Numerous state and local jurisdictions still require paper filings each month, in contrast to the holistic, end-to-end automation trends in industry sales and use tax processes. Some jurisdictions have technology for sampling but still cannot leverage appropriate file transfer mechanisms and require the taxpayer to break up files. Even the use of citizen automation is relatively unfamiliar to many, which equates to confusion when a taxpayer considers using AI for use tax accruals or cloud-based global tax marts. So, how can you as the taxpayer take advantage? Set the tone with a managed audit–style response to audit notices. Provide audit data reconciled with hyperlinked supporting documentation, leveraging the sampling methodology discussed above.

Second, out-of-date government IT processes eventually will catch up to advancements already in place with global taxation. Many countries already are using e-invoicing, which eliminates the “paper” exchange of invoices. Some U.S.-based organizations are ahead of their competitors and began to implement e-invoicing capabilities years ago. These programs likely herald a continuing evolution of sales and use tax technology, and, in time, the current sales and use taxation system may be replaced with blockchain technology, allowing taxpayers to move toward real-time compliance. This would change the entire aspect of U.S. taxation, with a heavy impact on sales and use tax engines, data requirements, and audit capabilities.

Third, until then, state revenue departments may face limited resources and massive backlogs of audits. There has been a recent uptick in the number of auditors accepting or even suggesting the roll-forward of error rates from a prior audit. Be sure to include the estimated cost of documentation, data preparation, and auditor negotiation in your planning of how to move forward with the audit, prepare audit-ready files, and create lasting processes that should reduce audit anxiety.


Lindsay Galvin, J.D., is principal; Elizabeth Schraeder, CPA, CMI, is director; and Daniel Gwin, CPA, is senior manager, all of Indirect Tax at PricewaterhouseCoopers LLP, with Galvin and Gwin in Pittsburgh and Schraeder in Dallas. Moshe Bell-Jacobs, J.D., is senior manager of State and Local Tax, Washington National Tax, at RSM US LLP in the Washington, D.C., area and chair of the AICPA State and Local Tax Technical Resource Panel. For more information about this column, contact

Tax Insider Articles


Business meal deductions after the TCJA

This article discusses the history of the deduction of business meal expenses and the new rules under the TCJA and the regulations and provides a framework for documenting and substantiating the deduction.


Quirks spurred by COVID-19 tax relief

This article discusses some procedural and administrative quirks that have emerged with the new tax legislative, regulatory, and procedural guidance related to COVID-19.