Guide

How to audit Google Analytics

A Google Analytics audit checks that the numbers you rely on are accurate: tags fire with consent, events mean what their names say, conversions count once, and nothing in your GTM container is polluting the data. This guide walks through the full audit step by step. Prefer not to do it by hand? The same checks run automatically in about two minutes.

Tracking Auditor runs this entire audit against your live GA4 and GTM, scored A–F with a prioritised fix plan. Your first audit is free.

Run a free audit →

Why audit Google Analytics at all?

Because analytics fails without warning. A broken conversion tag doesn’t throw an error anyone sees. It just stops counting, and three months later a budget decision is made on numbers that were wrong the whole time. Duplicate tags don’t crash the site either; they double-count it, and everything looks better than reality.

The audit below covers the five areas where tracking setups go wrong, in the order of the damage they do: consent, the GTM container, GA4 event quality, cookies, and conversion integrity. Each section lists concrete checks. Work through them with your GA4 property, GTM container and your website open side by side.

1. Consent & privacy

30% of your score

The highest-stakes area. Tags that fire before consent (GDPR) or ignore an opt-out (US state laws) create legal exposure, and a misconfigured Consent Mode degrades the data Google's own tags collect.

  1. Open your site in a private window and watch what loads

    Before you touch the cookie banner, open DevTools → Network and filter for google-analytics.com and googletagmanager.com. If collect requests fire before you consent, analytics is running unconsented.

  2. Check Consent Mode v2 is set before tags fire

    In the browser console, inspect the dataLayer for a consent default entry near the top. It must appear before any config or event calls. A consent state set after the tags load protects nothing.

  3. Match each tag's consent settings to your market

    In GTM, review every tag's consent settings (Tag → Advanced → Consent). GDPR markets need analytics blocked until opt-in; US opt-out markets need a working opt-out that tags actually honour.

  4. Confirm the CMP tag is live

    A paused or broken consent-platform tag means no consent signals reach anything. The banner may still render from cache while every tag behind it runs blind.

Full consent mode audit guide

2. GTM governance

20% of your score

The container is where audits find the mess: paused consent tags, duplicate configs, leftover test pixels, and Universal Analytics tags still firing years after sunset.

  1. Inventory every tag and what fires it

    Export or review the container tag by tag. For each: what does it do, what triggers it, and is it still needed? Most mature containers carry dead weight that slows the site and complicates debugging.

  2. Hunt for duplicate Google tags

    Two GA4 configuration tags with the same measurement ID double-count everything. Search the container for repeated IDs across tags.

  3. Remove legacy and test artefacts

    Universal Analytics (UA-) tags, test pixels pointing at dev accounts, and hard-coded dev domains in Conversion Linker all pollute production data.

  4. Check version history and access

    Frequent unexplained publishes, or a list of users who left the company years ago, are governance findings in their own right.

Full GTM audit guide

3. GA4 event quality

20% of your score

GA4 reports are only as good as the events feeding them. Misnamed events, missing parameters and unfiltered noise turn every downstream report into guesswork.

  1. Review the events list against reality

    In GA4 → Reports → Events, compare what's being collected to what the business actually needs to measure. Gaps here mean decisions are being made on partial data.

  2. Check key events are real conversions

    Marking auto-collected noise like page_view or session_start as a key event floods reports with fake 'conversions' and corrupts Google Ads bidding if imported.

  3. Filter internal and bot traffic

    Admin → Data Streams → Configure tag settings → Define internal traffic. Your own team's sessions inflate engagement and skew every ratio.

  4. Verify data retention and currency

    GA4 defaults to short retention; set it to what year-on-year analysis needs. A wrong reporting currency corrupts every revenue number.

Full GA4 event audit guide

4. Cookie classification

15% of your score

The cookies your site actually sets either match what the banner declares or they don't. Misclassified cookies undermine the consent story a regulator or client would check first.

  1. List what's actually set

    DevTools → Application → Cookies, on a fresh session. Note what appears before consent, after acceptance, and after rejection.

  2. Compare against your CMP's declared list

    Cookies your banner doesn't declare, or declares in the wrong category (an ad cookie labelled 'necessary'), are compliance findings.

  3. Check third-party tags' cookies

    Every marketing tag brings its own cookies. New tags added since the banner was configured are usually undeclared.

Full cookie compliance audit guide

5. Conversion integrity

15% of your score

Conversion data drives budget decisions. Duplicates, gaps and mismatched values misdirect spend every day they go unnoticed.

  1. Trace each conversion end to end

    Pick each key event and walk the chain: user action → dataLayer push → GTM trigger → tag → GA4 event → key event. A break anywhere means under-counting with no error shown.

  2. De-duplicate purchases

    Compare purchase counts to your order system for the same period. Refresh-on-thank-you-page duplicates and missing transaction IDs inflate revenue.

  3. Reconcile GA4 against the source of truth

    GA4 revenue within ~5–10% of your backend is normal; larger gaps mean tracking problems, not 'attribution differences'.

  4. Check what feeds Google Ads

    If conversions import into Ads, every upstream error becomes a bidding error with a real cost attached.

Full conversion tracking audit guide

Manual audit vs automated audit

Everything above can be done by hand with GA4, GTM and browser DevTools. Budget 4–8 hours for a typical site and more for a large container. The manual route is worth it if you want to learn the setup deeply. Its weaknesses are coverage (it’s easy to miss a tag among two hundred) and repeatability (the audit is out of date the week after the next GTM publish).

An automated audit trades that time for coverage: Tracking Auditor connects to your GA4 property and GTM container read-only, runs the checks in this guide plus the ones that are impractical by hand, and scores the result A–F across the same five dimensions, with a prioritised fix plan and a client-ready export. If you’re auditing for a client, start with the sample report to see the deliverable; if you just want a quick read on a setup, the free checker is the fastest start. Agencies running audits regularly should see how agencies use Tracking Auditor.

For a condensed version of this guide you can work through as a to-do list, use the GA4 audit checklist. New to the topic and want the broader picture first? Start with what an analytics audit covers.

Google Analytics audit FAQs

What is a Google Analytics audit?

A Google Analytics audit is a structured review of your analytics setup: GA4 property configuration, the Google Tag Manager container that feeds it, consent handling, cookies, and conversion tracking. The goal is to find where data is missing, wrong, duplicated or non-compliant, and what to fix first.

How long does a GA4 audit take?

A thorough manual audit takes 4–8 hours for a typical site, and more for large containers. An automated audit like Tracking Auditor runs the same checks against your live GA4 property and GTM container in a few minutes.

How often should you audit Google Analytics?

At minimum once a year, and after any major change: a site rebuild, a new cookie banner or CMP, GTM restructuring, or a new agency taking over. Most tracking problems are only noticed months after they start.

What are the most common Google Analytics audit findings?

Tags firing before consent, duplicate GA4 configuration tags double-counting data, key events mapped to trivial auto-collected events, internal traffic left unfiltered, duplicate purchase events inflating revenue, and leftover Universal Analytics or test tags still firing in production.

Do I need an audit if my reports look normal?

Looking normal is not the same as being right. Double-counting, unconsented collection and misattributed conversions all produce normal-looking charts. The point of an audit is to verify the numbers against how they're actually collected.

Run this audit in two minutes

Connect your GA4 and GTM read-only and Tracking Auditor runs every check in this guide against your live setup, scored A–F, with every finding explained and a prioritised fix plan. Your first audit is free, no card required.

Run your free audit