What is a GA4 audit?
A GA4 audit is a structured review of a Google Analytics 4 property's configuration, tag implementation, consent compliance, and data integrity to verify the data being collected can support business decisions. A complete audit covers five domains: property configuration, tag and consent validation, UTM and campaign integrity, data quality, and e-commerce tracking — typically expressed as 200+ individual checks.
The deliverable is a severity-ranked findings report with a prioritised remediation roadmap, not a printout of GA4 admin screens.
The shortest possible definition: an audit is the work of proving (or disproving) that the numbers in your GA4 dashboard reflect reality.
What an audit is — and what it isn't
A GA4 audit is not:
- A screenshot tour of your GA4 admin
- A list of "best practice" recommendations untested against your specific implementation
- A rebrand of someone else's checklist
- An automated tool's PDF dropped on a stakeholder's desk with no interpretation
A GA4 audit is:
- An evidence-based diagnosis of what's broken, with severity rankings
- A test of every claim GA4 makes against an independent source of truth (server logs, Shopify, Stripe, your CRM)
- A prioritised list of fixes, scoped with effort estimates, that maps to business impact
- Defensible — every finding has reproducible evidence
The distinction matters because the word "audit" gets used loosely. A 30-minute walkthrough of GA4 admin isn't an audit, it's a setup review. A checklist run against your property without interpretation isn't an audit, it's data collection. A real audit takes 4–8 hours of an experienced analyst's time per property and produces specific, evidence-backed recommendations.
The five domains a complete audit covers
A defensible GA4 audit covers all five of these. Skipping any one creates blind spots that surface at the worst possible time — usually when stakeholders are reviewing quarterly numbers.
1. Property configuration (PC checks)
The settings that govern how the property collects and reports data. Examples: data retention set to 14 months (not the 2-month default), reporting identity selection, internal traffic filters, currency settings, time zone, conversion event configuration, audience definitions, key event marking. Common findings: data retention left at default (silently breaking Explorations beyond 60 days), wrong time zone causing day-boundary misattribution, conversion events not marked as key events.
2. Tag and consent validation (TC checks)
Whether the GA4 tag fires correctly, when, and with what data. Includes Consent Mode V1 vs V2 detection, dataLayer integrity, tag firing order, consent default ordering, race conditions between CMP and tags, server-side GTM signal preservation. Common findings: V1-only consent implementation (TC-019), GA4 cookies firing before consent (TC-044), uninitialised dataLayer (TC-005), PII in event parameters (TC-061).
3. UTM and campaign integrity (UC checks)
Whether traffic is attributed to its true source. Covers UTM convention enforcement, gclid/msclkid/fbclid preservation, payment-gateway self-referrals, AI assistant misclassification, channel group definitions, cross-domain tracking. Common findings: gclid lost on SPA navigation (UC-027), payment gateways stripping UTMs (UC-035), ChatGPT/Perplexity misclassified as Direct (UC-049), inconsistent campaign tagging across teams (UC-058).
4. Data quality (DQ checks)
Whether the data is statistically credible. Includes bot detection, cardinality limits, anomaly detection, sessions-per-user reasonableness, hostname validation, mobile vs desktop balance. Common findings: bot traffic spike (DQ-041), abnormally high sessions per user (DQ-029), zero mobile traffic (DQ-052), unexpected hostnames sending data (DQ-056), weekly trend anomalies (DQ-063).
5. E-commerce tracking (EC checks)
Whether revenue numbers match the source of truth. Covers purchase event firing, items array integrity, value/currency consistency, refund tracking, duplicate transaction detection, item_id consistency with Merchant Center. Common findings: duplicate transactions from client+server double-firing (EC-018), missing items array (EC-009), refunds not tracked (EC-022), zero-value transactions (EC-031).
Need a faster way to turn GA4 problems into a client-ready audit workflow?
What's in a deliverable
A useful audit report has six sections in this order:
1. Executive summary (1 page). Severity-ranked findings with business impact in £/$. Five bullet points maximum. The CMO reads this and nothing else.
2. Property configuration findings. Each finding has: severity (Critical/High/Medium/Low), description, evidence (screenshot or query), business impact, recommended fix, effort estimate.
3. Tag and consent findings. Same format. Includes the DevTools-verified evidence — gcs/gcd parameter screenshots, network request inspection.
4. Attribution findings. Channel group integrity, UTM consistency, click-ID preservation. Includes a Source/Medium audit table showing where attribution is leaking.
5. Data quality findings. Statistical anomalies, bot detection results, cardinality issues, cross-source reconciliation gaps (GA4 vs Shopify vs Stripe vs CRM).
6. Prioritised remediation roadmap. Findings grouped by quick-win (under 4 hours engineering), medium (1–3 days), and structural (1+ weeks). Each item linked to its finding number above.
Length: 12–20 pages for SMB audits, 30–50 pages for enterprise. Anything longer is usually padded; anything shorter is missing context.
How long should an audit take?
A manual GA4 audit takes 4–8 hours per property for an experienced analyst, broken down roughly as:
- 30 minutes OAuth/access setup, account permissions, data stream verification
- 90 minutes property configuration review (Admin → all settings reviewed)
- 2 hours tag and consent validation in DevTools (per-page inspection across 5–10 representative pages)
- 2 hours data quality and anomaly checks (Explorations + BigQuery if available)
- 1 hour report writing and prioritisation
An automated audit using a 229-check tool runs in 8–12 minutes for the data-collection layer, but still needs 1–2 hours of analyst interpretation to produce a usable report. The "5-minute audit" promised by some tools is data collection only — not an audit in the diagnostic sense.
For multi-property engagements (agencies auditing 10+ client accounts), automation pays back rapidly. For single-property deep dives, manual time dominates regardless.
Who should run a GA4 audit
The honest answer depends on what's being audited:
- Configuration-only audits — automated tools handle this well. Free tier on most platforms, no analyst required.
- Full multi-domain audits with stakeholder strategy — needs a senior analyst (5+ years GA experience) or a specialist agency. £400–£1,500 freelance, £1,500–£5,000 agency, £4,000–£8,000 for enterprise comprehensive audits per industry pricing data (2026).
- Compliance-focused audits (GDPR, CCPA) — needs someone with both technical GA4 skill and consent law literacy. Premium pricing — typically £150–£250/hour.
- Migration audits (UA→GA4 or platform changes) — specialist work. Budget 80–200 hours for an Adobe Analytics → GA4 migration audit.
The cost-effectiveness rule: the more properties you have, the more automation makes sense. The more strategic the engagement, the more analyst time you need.
How to evaluate an audit proposal
Before paying for an audit, ask the provider these five questions. The answers tell you whether it's a real audit or a checklist exercise:
- What evidence do you collect for each finding? Real audits collect network requests, server log samples, BigQuery queries — not just screenshots of the GA4 admin.
- How do you reconcile against external sources? A real audit cross-checks GA4 against Shopify/Stripe/CRM data. A checklist exercise doesn't.
- What's your severity scoring methodology? Real audits use a scoring framework (e.g., 5-dimension weighted average); checklist exercises just call everything "important".
- Will the report identify business impact in £/$? Real audits quantify what each finding costs the business; checklist exercises produce findings without impact.
- What happens after the audit? Real audits include a remediation roadmap and a follow-up validation check; checklist exercises end at the report.
If three or more answers are vague, it's a checklist exercise priced as an audit.
FAQ: What Is a GA4 Audit? Definition, Scope and Deliverables
What should a team validate first when what is a ga4 audit? definition, scope and deliverables appears?
How do I know whether the fix actually worked?
When should this become a full GA4 audit instead of a quick fix?
Related guides for What Is a GA4 Audit? Definition, Scope and Deliverables
How Long Does a GA4 Audit Take? Manual vs Automated Timelines (2026)
A manual GA4 audit takes 4–8 hours per property for an experienced analyst. The breakdown: 30 minutes OAuth and access setup, 90 minutes property configuration review, 2 hours tag and consent validation in DevTools, 2 hours data quality and anomaly checks, and 1 hour report writing…
GA4 Audit Cost: What Agencies, Consultants and Tools Actually Charge in 2026
GA4 audit pricing in 2026 ranges from £0 to £8,000+ depending on scope and provider. Typical bands: automated tools £0–£99/mo (free single-property tier through agency-grade unlimited audits at $749/mo or $999/year), freelance consultants £400–£1,500 per audit (1–2 days of work)…
Run a GA4 audit before what is a ga4 audit? definition, scope and deliverables spreads into reporting decisions
Use GA4 Audits to surface implementation gaps, broken signals, and the next fixes to prioritize before the issue becomes harder to trust or explain.