Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
How To Prepare And Respond (Step-By-Step)
- 1) Read the ATO letter carefully and map the scope
- 2) Gather and verify your records
- 3) Clarify your position with your adviser
- 4) Respond on time and keep a paper trail
- 5) Cooperate professionally-but don’t speculate
- 6) Manage interviews and site visits
- 7) Review draft findings and object where appropriate
- If You Disagree With The Outcome: Objections And Next Steps
- Set Your Business Up To Avoid Future Issues
- Key Takeaways
An Australian Taxation Office (ATO) investigation can feel intimidating, even if you’ve done your best to meet your obligations. For small businesses, the stakes can feel high: time away from operations, the cost of advice, and the risk of penalties if something’s not quite right.
The good news? With clear processes, good records and the right support, you can manage an ATO investigation with confidence. In this guide, we’ll explain what an ATO investigation involves, what triggers one, how to prepare and respond, and practical steps to protect your business now and in the future.
What Is An ATO Investigation And What Triggers One?
When the ATO takes a closer look at your tax affairs, it generally happens in phases. You might see terms like “data-matching review,” “risk review,” or “audit.” These steps range from preliminary queries to a full audit of specific taxes or periods.
Common triggers for ATO scrutiny
- Data mismatches: Differences between your Business Activity Statements (BAS), Single Touch Payroll data, third-party reporting (e.g. banks, payment platforms), and your lodged returns.
- Industry benchmarks: Figures that fall outside typical margins for your industry (for example, unusually low gross profit or wages-to-turnover ratios).
- Late or non-lodgement: Habitually late lodgements or overdue payments can elevate risk ratings.
- Large or unusual claims: Significant GST refunds, research and development offsets, motor vehicle or home office claims, or spikes in deductions.
- Cash economy indicators: Sectors with high cash turnover may see closer attention if sales don’t track expected patterns.
- Tip-offs and analytics: The ATO uses advanced analytics and may also investigate based on credible tip-offs.
Not every review ends in an audit. Often, the ATO will ask for clarification or supporting documents, and if the explanation stacks up, that may be the end of it. The key is responding accurately and on time.
What Happens When You’re Notified?
You’ll usually receive a letter or phone call outlining what the ATO wants to review, the period in scope, and a deadline to respond. Some interactions are simple (“please provide evidence of X”); others will be a detailed schedule of requested documents.
Typical requests and scope
- Tax returns, BAS, payroll and superannuation records for specified years or quarters.
- Bank statements, sales and expense ledgers, invoices and receipts (including electronic records).
- Contracts and agreements (e.g. customer, supplier, or contractor arrangements), and working papers supporting positions you’ve taken.
- Payroll evidence including STP reports, PAYG withholding summaries and superannuation payment confirmations.
Deadlines matter. If you need more time, ask early and provide a reasonable explanation. Staying professional and responsive helps build trust and can shorten the process.
If you’re unsure who should be the liaison, consider appointing a representative to deal with the ATO for you. Many businesses authorise their accountant or lawyer using a simple Authority to Act, which allows them to correspond on your behalf. If you don’t already have one, a clear letter of authority can help streamline communications and prevent misunderstandings.
How To Prepare And Respond (Step-By-Step)
1) Read the ATO letter carefully and map the scope
Identify which tax types (income tax, GST, PAYG, superannuation) and which periods are in scope. Create a checklist of requested items and allocate responsibility across your team and advisers.
2) Gather and verify your records
Pull the documents exactly as requested. Where possible, tie figures to lodgements (for example, reconcile your BAS to your sales records). If you spot an error, note it and discuss with your adviser-voluntary disclosure can reduce penalties in many cases.
Good record-keeping isn’t just a nice-to-have; it’s essential. If you’re reviewing your systems, it’s a good time to check you’re meeting core obligations around how long you keep business records and where you store them, in line with data retention laws in Australia.
3) Clarify your position with your adviser
Before sending anything, brief your tax agent or lawyer. They can help ensure your responses are accurate, complete and consistent, and advise on whether a voluntary disclosure is appropriate.
4) Respond on time and keep a paper trail
Submit documents by the deadline and keep copies of everything you send. If you’re negotiating an extension or a narrower scope, confirm any agreement in writing. Where the ATO sets dates by which you must respond, understanding what counts as a business day can be important for deadlines.
5) Cooperate professionally-but don’t speculate
Answer the questions asked and provide the documents requested. If you don’t know, say so and offer to follow up. Avoid guessing or offering opinions that aren’t supported by records; stick to facts and documents.
6) Manage interviews and site visits
For more complex audits, the ATO may request interviews or visit your premises. You can have your adviser present. Prepare your team so they know who should respond to questions, and brief them not to volunteer information outside their area of responsibility.
7) Review draft findings and object where appropriate
At the end of an audit, you may receive a position paper or proposed adjustments. You generally have an opportunity to respond or object. This is a critical stage to engage expert support to correct misunderstandings or provide additional evidence.
Your Rights And Obligations During An ATO Investigation
You must keep proper records, provide documents when lawfully requested and tell the truth. In return, you’re entitled to be treated fairly, to have your information kept confidential, and to be given a reasonable opportunity to respond to proposed adjustments.
Key obligations
- Maintain accurate records for the required retention periods.
- Provide information the ATO lawfully requests within the timeframe (or request an extension where reasonable).
- Ensure statements are accurate and not misleading-intentional misstatements carry serious penalties.
Key rights
- Fair and professional treatment, with a clear explanation of the issues and process.
- Representation by a tax agent or lawyer, authorised via an appropriate letter or form.
- The opportunity to respond to proposed adjustments and to lodge an objection if you disagree with the final decision.
If you’re concerned about how your confidential information is handled internally, consider implementing an Information Security Policy and ensuring your website or app has a clear, compliant Privacy Policy-particularly if any records involve personal information about customers or staff.
Common Issues The ATO Focuses On (And How To Get Ahead)
GST reporting and documentation
Incorrect GST coding or relying on invalid tax invoices is a frequent problem. Make sure your accounting system is set up correctly, reconcile GST each quarter, and retain valid tax invoices for input tax credits.
PAYG withholding and superannuation
Under-withholding or late superannuation payments attract attention. Keep payroll aligned with awards and agreements, ensure timely super payments, and double-check that contractor vs employee classifications are correct.
Cash economy indicators
Where sales are partly cash, robust daily takings records and bank reconciliations are key. The ATO will compare your reported income to expected benchmarks in your industry-be ready to explain legitimate variations.
Work-related and business deductions
Large or unusual deductions should be supported by clear evidence. For mixed-use assets (e.g. vehicles, home office), keep contemporaneous logbooks or apportionment calculations.
Director responsibilities and solvency
Directors have obligations to ensure compliance and to keep the company solvent. If you’re facing financial pressure, proactively reviewing cash flow, talking to your accountant and keeping on top of formal requirements like the annual solvency resolution can help you identify issues early and plan a path forward.
Penalties, Interest, Voluntary Disclosures And Payment Plans
If the ATO identifies shortfalls, it may impose penalties and interest. The level of penalty often depends on your level of care (reasonable care vs reckless or intentional disregard) and whether you made a voluntary disclosure.
Voluntary disclosure
If you discover an error before or during a review, making a voluntary disclosure can substantially reduce penalties. The timing and completeness of the disclosure matter, so discuss this option with your adviser as soon as possible.
Shortfall penalties and interest
Penalties vary depending on behaviour and circumstances, and interest generally applies to underpaid amounts. You can sometimes have penalties remitted (reduced) if there are good reasons-again, it’s best to put your case forward clearly and early.
Payment arrangements
Where a liability is assessed and you need time to pay, the ATO may agree to a payment plan. You might be asked to set up direct debit as part of that arrangement. If you use direct debit broadly in your business, it helps to be mindful of direct debit laws so your own systems and customer arrangements remain compliant.
Practical Risk-Reduction Tips For Small Businesses
Invest in record-keeping systems
Use reliable accounting software, reconcile regularly and keep digital copies of invoices and receipts. A clear file structure and naming conventions will save hours if you’re asked to produce records.
Document your positions
For complex or judgement-based claims (e.g. apportionment, R&D, or business vs private use), keep a short memo or working paper explaining the basis. This can be invaluable during a review.
Strengthen internal policies
Written policies support consistent practice and help demonstrate reasonable care. In addition to financial controls, consider policies for data handling and security, supported by an Information Security Policy and updated Privacy Policy if you collect personal information.
Clarify roles and authority
Nominate a business representative and, if relevant, put a formal authorisation in place for your accountant or lawyer using an appropriate Authority to Act. This avoids delays and ensures the right person is corresponding with the ATO.
Seek targeted legal help
An experienced adviser can help you narrow the scope, frame responses and reduce the risk of misunderstandings. If you need tailored guidance, our team can assist through a fixed-fee Legal Advice Package.
If You Disagree With The Outcome: Objections And Next Steps
After an audit, the ATO issues a final decision. If you disagree, you can lodge an objection. This usually involves:
- Carefully reading the reasons for decision and identifying errors of fact or law.
- Preparing a structured objection with supporting evidence and authorities.
- Lodging within the relevant objection period (watch the dates and what counts as a business day).
If the objection is disallowed, you may have review options through the Administrative Appeals Tribunal or the Federal Court, depending on the issue. At each stage, consider settlement options if appropriate-resolving a dispute early can save time and cost.
Set Your Business Up To Avoid Future Issues
While you can’t always prevent an ATO review, you can reduce the risk and the impact:
- Keep lodgements and payments up to date; communicate early if you anticipate delays.
- Reconcile BAS figures to your accounting system each period and fix errors promptly.
- Train your team on documentation standards and who is authorised to speak with regulators.
- Schedule periodic reviews with your accountant to sanity-check treatment of complex items.
- Refresh internal policies annually to reflect changes in law and your business model.
Above all, build a culture where compliance is part of how you operate. That mindset reduces risk, reassures stakeholders, and makes any future ATO interaction far less stressful.
Key Takeaways
- An ATO investigation typically starts with a review and may escalate to an audit-clear records and timely, accurate responses are your best defence.
- Common triggers include data mismatches, unusual claims, late lodgements and benchmark anomalies; get ahead with strong reconciliations and documentation.
- Appoint a representative early and formalise authority with a simple Authority to Act so your adviser can correspond with the ATO on your behalf.
- Voluntary disclosure can reduce penalties if you identify errors; discuss timing and strategy with your adviser.
- Good governance and documented policies (records, privacy and information security) help you demonstrate reasonable care and reduce risk.
- If you disagree with an outcome, use the objection process within timeframes and support your position with clear evidence.
If you’d like tailored support navigating an ATO investigation for your small business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
