Before you read further — which describes you?
Quick Answer
The California Department of Tax and Fee Administration (CDTFA) selects sales tax audits through four mechanisms: (1) industry-targeted audits based on compliance risk; (2) internal data analytics comparing returns against industry norms; (3) third-party referrals (IRS, EDD, FTB, complainants); and (4) random selection. The short version is that certain industries — cash-intensive retailers, restaurants, construction, auto dealers, e-commerce sellers — face elevated audit risk. Specific red flags include low gross-receipts-to-industry-norm ratios, frequent resale certificate use, sudden reporting drops, and inconsistencies between state and federal filings. Understanding these triggers is the first step in audit prevention.1
Concerned about CDTFA audit risk? A 15-minute consultation is free.
CDTFA audit selection is not random in most cases. The agency uses data analytics, industry targeting, and third-party information returns to identify audit candidates. This chapter walks through the four selection mechanisms and the specific red flags within each.
For the audit process, see California Sales Tax Audit Process. For preparation, see Prepare for CDTFA Audit.
The Four CDTFA Audit Selection Mechanisms
| Mechanism | Basis2 |
|---|---|
| Random | Statistical selection |
| Data Analytics | Return comparison to industry norms |
| Industry Target | CDTFA compliance priorities |
| Referral | IRS, EDD, FTB, complainants, whistleblowers |
Quick Reference
Jump to mechanism: random, data analytics, industry target, or referral. For the triggers reference, see CDTFA red flags lookup. 15-min consultation free.
1. Random Selection
A small percentage of CDTFA audits are random. Random audits calibrate data analytics models and provide compliance monitoring. Random selection is not linked to specific red flags.
If this is you: Audit notice with no obvious trigger. Random selection is possible. Documentation is still important; the audit proceeds like any other.
Random Audit Response
- Treat as any other audit. Documentation, preparation, counsel if stakes material.
- Expect thorough examination. Random audits have less specific scope.
- Prepare standard records. Sales, purchases, resale certificates.
- Engage counsel for complex case.
- Challenge sampling if applicable.
2. Data Analytics
CDTFA compares sales tax returns against industry benchmarks, prior-year patterns, and third-party data. Anomalies trigger audit selection.
If this is you: Your sales figures diverge from industry norms. CDTFA systems may have flagged. Be prepared to document variances with legitimate business reasons.
Common analytics flags:
- Low reported sales relative to industry.
- High resale certificate percentage.
- Sudden reporting drops year-over-year.
- Federal/state mismatch. IRS return shows higher gross receipts than CDTFA.
- Credit card receipts exceed reported sales.
3. Industry Targeting
CDTFA publishes industry-specific audit priorities annually. Recent focus areas include cash-intensive retail, construction contractors, auto dealers, restaurants, cannabis, e-commerce, and used merchandise.
If this is you: Your industry is on the CDTFA priority list. Elevated audit risk regardless of specific return data. Clean recordkeeping and industry-specific compliance is the defense.
4. Third-Party Referral
Referrals from IRS, EDD, FTB, or private complainants produce CDTFA audits with high specificity.
If this is you: A federal IRS audit may generate a state CDTFA referral. An employment audit by EDD often triggers sales tax review. Former employees or competitors sometimes report suspected non-compliance.
CDTFA audit notice received? Understanding the trigger shapes the response. Book a consultation to scope audit strategy.
CDTFA Red Flags Lookup
| Red Flag | Category |
|---|---|
| Cash-intensive business | Industry / Analytics |
| High gross receipts without sales tax | Analytics |
| Frequent resale certificate | Analytics |
| Industry-specific priority | Industry Target |
| IRS / EDD / FTB referral | Referral |
| Whistleblower complaint | Referral |
| Credit card processor data mismatch | Analytics |
| Prior non-filing | Analytics |
| E-commerce nexus question | Industry Target |
| Retailer outside California with CA sales | Industry Target |
Found your letter or notice code? The next step is confirming your exact deadline and whether you need representation. A 15-minute call answers both. Book a free call →
CDTFA Audit Statute of Limitations
- Standard: 3 years from due date.
- Substantial understatement (25%+): 8 years.
- No return filed or fraud: no limit.
- Waiver available via Form CDTFA-122.
CDTFA Audit Rate Patterns
| Business Type | Audit Risk |
|---|---|
| Cash-intensive retail | High |
| Construction contractor | High |
| Auto dealer | High |
| Restaurant / bar | Elevated |
| E-commerce with CA nexus | Elevated |
| Standard retail with clean compliance | Baseline |
| Service-dominated business | Lower |
CDTFA Audit Escalation Pathway
Trigger to Notice
Selection mechanism identifies the taxpayer. Audit notice (CDTFA Form 1164 or similar) issues.
Notice to Examination
IDR (information document request) and scheduled examination. Auditor reviews records, applies sampling where appropriate.
Examination to Notice of Determination
Assessment via CDTFA-345-SP. 30-day petition window opens.
The First 48 Hours After CDTFA Audit Notice
- Confirm the notice is legitimate.
- Identify the audit type. Desk, field, or industry-specific.
- Pull sales, purchase, and resale certificate records.
- Reconcile against federal and bank records.
- Identify likely trigger.
- Engage counsel for material cases.
- Calendar response deadlines.
The ROI Question
CDTFA sales tax audit assessments can exceed $1 million. Professional representation in sales tax audits typically saves multiples of the representation fee through sampling challenges and documentation.
When to Engage an Attorney for CDTFA Audit
- Any CDTFA audit notice.
- Cash-intensive business.
- Out-of-state seller with CA nexus question.
- Resale certificate audit.
- Prior CDTFA assessment.
- Criminal referral risk.
Audit notice received?
A 15-minute consultation is free. We scope the audit strategy.
Frequently Asked Questions
What triggers a California sales tax audit?
Four mechanisms. Industry targeting by CDTFA compliance priorities. Data analytics comparing returns against industry norms. Third-party referrals from IRS, EDD, FTB, or complainants. Random statistical selection. Most audits are triggered by data analytics or industry targeting.
Which industries have the highest sales tax audit risk?
Cash-intensive retail, construction contractors, auto dealers, restaurants, bars, e-commerce sellers with CA nexus, and cannabis businesses are typical high-risk industries. CDTFA publishes priority industries annually; specific focus shifts based on enforcement trends.
How does CDTFA use data analytics?
CDTFA compares sales tax returns against industry benchmarks, third-party credit card processor data, federal IRS filings, and prior-year patterns. Anomalies — low reported sales, high resale certificates, mismatch with federal returns — trigger audit selection.
Can a CDTFA audit start from IRS referral?
Yes. IRS audits of business income often generate referrals to state tax agencies including CDTFA. The state tax picks up where the federal audit found discrepancies. Similar referrals flow from EDD (employment tax) and FTB (state income tax).
How often does CDTFA randomly audit?
A small percentage of audits are random. Most audits are triggered by analytics, industry targeting, or referrals. Random audits do exist but the specific rate is not publicly disclosed.
What is a CDTFA resale certificate audit?
An audit focused on resale certificates — Form CDTFA-230 documentation claiming resale exemption. CDTFA reviews whether the issuer actually resold the property (rather than consuming it) and whether the receiving retailer had good reason to accept the certificate. Misuse of resale certificates is a frequent CDTFA audit finding.
Can I prevent a CDTFA audit?
Not completely, but compliance reduces risk. Accurate returns, clean recordkeeping, proper resale certificate handling, current filings, and industry-standard practices all reduce audit probability. Perfect compliance does not eliminate random audits or industry-targeted audits but minimizes specific-trigger audits.
How long does a CDTFA audit take?
Desk audits: 3 to 6 months. Field audits: 6 to 18 months. Complex cases can extend further. Post-assessment redetermination or appeals add additional time.
Can CDTFA audit multiple years?
Yes. CDTFA typically audits 3 years (the standard statute). Substantial understatement extends to 8 years. Non-filing or fraud has no limit. Multi-year audits are common for businesses with consistent patterns.
What happens if CDTFA finds a deficiency?
CDTFA issues a Notice of Determination (CDTFA-345-SP) with the proposed assessment. The taxpayer has 30 days to file a Petition for Redetermination. Missing the 30-day window makes the assessment final and subject to collection.
Can I appeal a CDTFA audit?
Yes. Petition for Redetermination within 30 days of the Notice of Determination. CDTFA Appeals reviews first. Further appeal to Office of Tax Appeals (OTA). Ultimately reviewable by Superior Court.
Does CDTFA share information with IRS?
Yes. California and federal tax agencies have information sharing agreements. Audit findings at one level can flow to the other. Sales tax assessments sometimes generate IRS income tax inquiries, and vice versa.
What is a CDTFA whistleblower complaint?
Third-party reports of suspected tax non-compliance. Former employees, disgruntled customers, competitors, and others can file complaints. CDTFA evaluates complaints for audit-worthy leads. Whistleblower-triggered audits are often highly specific in scope.
If you have read this far, you have a notice and you are trying to understand it before doing anything that makes it worse. That instinct is correct.
The next right move is a 15-minute call. We will identify the audit type, confirm your deadline, and tell you honestly whether you need representation. There is no cost and no obligation.
Get a Candid Assessment — FreeOr call us directly at (619) 378-3138
Next Steps in This Guide
If you received a CDTFA audit notice, a 15-minute consultation is free.