Ten GST audit red flags that push your GSTIN up the CBIC risk score — mismatches, suspicious suppliers, sectoral risk, and how to fix them before an audit hits.
GST audit selection in 2026 is no longer a random lottery. The CBIC's risk-management system layers GSTR data, e-way bill flows, e-invoicing trails, and income-tax 26AS into a scoring engine that quietly profiles every GSTIN. Land in the top quartile and an ADT-01 audit notice or DRC-01A reconciliation query lands in your inbox. Knowing the red flags lets you fix the signal before the system flags it.
1. GSTR-1 vs GSTR-3B Mismatch
Outward supplies reported in GSTR-1 must reconcile with the tax paid in GSTR-3B. A persistent gap — even if explained by amendments — pushes you up the risk score and is almost always the first paragraph of the audit notice.
2. GSTR-2B vs GSTR-3B ITC Mismatch
ITC claimed in GSTR-3B exceeding GSTR-2B by more than the prescribed tolerance is now a hard flag under Rule 36(4). Repeated overclaims trigger DRC-01 demands and audit selection.
3. Inverted Duty Structure With Persistent Refunds
Frequent inverted duty refund claims are scrutinised more aggressively, especially in textiles, footwear, and fertilisers. Documentation of inputs, output classification, and refund-formula correctness is essential.
4. Mismatch Between E-way Bills and GSTR-1
Goods moved on e-way bills but not declared in GSTR-1 — or vice versa — is one of the cleanest red flags. The system reconciles e-way bill data with returns and triggers automated discrepancy notices.
5. Sharp Drop in Tax Liability Year on Year
If your output tax falls materially while turnover stays steady, expect a query. Genuine reasons — product-mix shift, export growth, classification correction — must be documented and ready.
6. Sectoral Risk Profile
- Real estate and works contracts — frequent classification and valuation disputes.
- IT and intermediary services — place of supply and export status under scrutiny.
- Trading and high-volume B2C — tax-on-MRP and discount issues.
- Iron, steel, and scrap — fake invoice ecosystems target this sector.
7. Repeated Late Filing and Late Fee Payments
Habitually late returns signal weak compliance controls and elevate audit probability. Even one late filing per quarter materially affects your departmental risk score.
8. Mismatch With Income Tax Returns and Form 26AS
Turnover declared in GSTR-9 must broadly reconcile with the turnover in your income-tax return. Material variance — especially where GST turnover exceeds IT turnover — is now a cross-departmental flag.
9. Suspicious Supplier Network
If your suppliers appear on the department's risky-supplier list (cancelled GSTINs, mismatched returns, fake-ITC chains), your ITC claims are automatically suspect. Periodic supplier KYC and GSTR-2B-based vendor scoring is the only defence.
10. Round-Sum or Pattern Adjustments
Round-figure ITC reversals, identical credit notes month after month, or large March adjustments draw analyst attention. Clean entries with proper supporting documentation reduce this risk substantially.
Conclusion
Audit selection is now driven by data, not gut feel. The cleanest defence is preventive — monthly reconciliation, supplier vetting, sector benchmarking, and IT-GST cross-tie checks. Sort these basics and the risk score moves down — not the audit itself, but the chance of being singled out for one.
