Google Analytics 4 Audit: 45-Step Checklist for Ecommerce

I’ve audited GA4 accounts across ecommerce, hospitality, and lead-gen businesses for years. The same issues come up every single time: wrong data retention settings, missing conversion events, payment gateways polluting attribution, and teams making decisions based on numbers that simply don’t reflect reality. According to Ahrefs, 90% of pages get zero organic traffic - and bad analytics is often why businesses never find out. If you run Google Ads alongside your organic efforts, reliable GA4 data isn’t optional. A misconfigured property can cost you real budget on the wrong campaigns. This 45-step checklist covers everything, from account structure to privacy compliance.

For a parallel view of how your tracking setup intersects with paid performance, the Google Analytics audit guide pairs well with a review of your website visibility issues.

Key Takeaways

• GA4’s default data retention is 2 months - change it to 14 months immediately to enable year-over-year comparisons (Google Analytics Help, 2024)
• Consent Mode v2 has been mandatory in the EEA since March 2024 for remarketing and personalised ads; without it, Google Ads loses conversion data from non-consenting users (Google, 2024)
• A variation of more than 5% between GA4 purchase data and your database or ERP almost always signals a tracking configuration error worth fixing before running paid campaigns
• Run a full GA4 audit every 6 months, with monthly checks on conversions, filters, and integrations

Why Should You Audit Your Google Analytics 4 Account?

Performing a GA4 audit answers questions your business depends on. Can you trust the data your property shows? Are your key events firing correctly? Where are the configuration gaps? According to Google Analytics Help, properties with misconfigured conversion events report inflated or deflated ROAS by as much as 30% in connected Google Ads accounts. The main goal of the audit is data integrity - fixing what causes problems and improving what can be improved.

Important note: Universal Analytics (UA) was shut down on 1 July 2023. This guide covers exclusively Google Analytics 4 (GA4).

What Is the Correct GA4 Account Structure?

GA4 replaced Universal Analytics with a fundamentally different hierarchy. There are no “Views” anymore. The structure runs Account, then Property, then Data Streams. Each GA4 property can hold multiple Data Streams - one for web, one for iOS, one for Android. Most websites run a single web Data Stream with a Measurement ID in the format G-XXXXXXXXXX. Getting this structure right before anything else prevents wasted time diagnosing downstream problems that are actually structural.

In my experience, the most common structural mistake is having duplicate or abandoned Data Streams from a previous developer’s test setup. I’ve seen accounts sending data to two live streams simultaneously, which doubles event counts and makes conversion data completely unreliable. Always check for orphaned streams first.

Verify Your Data Stream Configuration

Go to Admin > Data Streams and confirm:

• An active Data Stream exists for your domain
• The Measurement ID (G-XXXXXXXXXX) matches the one on your site
• There are no duplicate or abandoned Data Streams
• The creation date and stream name are correct

Time Zone and Currency

In Admin > Property settings, verify the time zone is set correctly for your business. Sessions crossing midnight split into two when the time zone is wrong - this distorts daily reports in ways that are hard to spot unless you know to look. Also confirm the currency matches your ecommerce transactions.

How Do You Manage GA4 User Access Correctly?

The principle here is simple: grant the minimum access level necessary, and review it regularly. According to Google’s security guidance, shared credentials are one of the most common causes of unauthorised data access in Google Analytics accounts. Never share your Google account username and password with vendors or collaborators. Create individual access from within GA4 instead.

Permission Levels to Know

• Administrator: Full control. Only for project owners
• Editor: Can modify settings. For senior analysts
• Analyst: Can create reports and explorations. For the marketing team
• Viewer: Read-only. For stakeholders who consult data

Revoke access immediately from former collaborators or agencies you no longer work with. This is basic data hygiene most teams skip.

What Are the Most Critical Basic Property Settings?

Data Retention

This is one of the most overlooked settings in GA4. By default, GA4 retains event data for just 2 months (Google Analytics Help, 2024). To make year-over-year comparisons or run long-term cohort analyses, change this to 14 months. The path: Admin > Property settings > Data collection and modification > Data retention.

Google Signals

Google Signals aggregates data from users signed in to Google who have ad personalisation enabled. This improves demographic reports and cross-device tracking. Enable it at Admin > Data collection and modification > Data collection > Enable Google Signals. Note: with Signals active, GA4 may apply Data Thresholds in demographic reports. If you see “(other)” in demographic data, this is expected behaviour.

Reporting Identity

GA4 offers three identity options. Blended uses User-ID, Google Signals, and Device ID - the most comprehensive view. Observed uses only User-ID and Device ID, with no data modelling. Device-based is cookie-only, the least accurate. Use Blended for the fullest picture. This setting also determines whether Consent Mode behaviour modelling works correctly.

How Do You Fix GA4 Data Quality Problems?

Data quality issues are silent. Your reports look normal, but the numbers are wrong. According to a Simo Ahava analysis, referral pollution from payment gateways is present in roughly 40% of ecommerce GA4 implementations that haven’t been audited. These five areas cover the most common data quality failures.

Internal Traffic Filter

GA4 has no View-level filters like UA did. IP filtering happens at Data Stream level. To exclude your team’s traffic:

1. Go to Admin > Data Streams > [your stream] > Configure tag settings
2. Click Define internal traffic
3. Add office, development team, and agency IP addresses
4. Go to Admin > Data filters
5. Create an Internal traffic filter in Active mode

If the filter sits in “Testing” mode, data is flagged but not excluded from reports. Many accounts stay in Testing indefinitely.

Developer Traffic Filter

If you use DebugView to test your implementation, configure a Developer Traffic filter at Admin > Data filters > Create data filter > Developer traffic to keep test events out of production data.

Referral Exclusions for Payment Gateways

If your store redirects to an external payment gateway (PayPal, Redsys, Stripe), that gateway likely appears as a conversion source in your reports. This is incorrect. Configure referral exclusions at Admin > Data Streams > [your stream] > Configure tag settings > List unwanted referrals. Add the domains of all payment gateways involved in your checkout flow.

Cross-Domain Measurement

If your site spans multiple domains - for example, a main site and a separate checkout domain - configure cross-domain tracking at Admin > Data Streams > [your stream] > Configure tag settings > Configure your domains. Without this, GA4 treats the user as a new session when they move between domains, breaking attribution.

Valid Hostname Check

Check your Explorations or Tech reports to confirm data comes only from your legitimate domains. Unknown hostnames mean either site scraping (someone copied your site and kept your GA4 code) or test environments leaking into production.

How Do You Audit GA4 Tracking Implementation?

Most audits stop at checking whether the GA4 tag is present. The more important question is whether the events that fire are the right ones and whether the parameters they carry are complete. I’ve seen well-tagged ecommerce sites where the purchase event fires without a transaction_id, making duplicate transaction detection impossible. The tag being present is the starting line, not the finish.

Enhanced Measurement

GA4’s enhanced measurement records these events automatically, without additional code:

• Page views (page_view)
• Scroll events (90% depth threshold)
• Outbound link clicks
• Site searches
• YouTube video interactions
• File downloads

Check this at Admin > Data Streams > [your stream] > Enhanced measurement. Only enable events relevant to your business. Unnecessary events add noise and burn custom dimension slots.

DebugView

Before signing off on any configuration, use DebugView (Admin > DebugView) to verify events arrive correctly. Activate debug mode via Google Tag Manager’s Preview mode, or add ?gtm_debug=x to the URL. DebugView shows all events in real time with their parameters and conversion status.

UTM Campaign Parameters

UTM parameters work in GA4 the same way as in UA. The standard parameters are: utm_source, utm_medium, utm_campaign, utm_content, utm_term. Use the official Google Campaign URL Builder to create tagged URLs. GA4 is case-sensitive for UTM values - “Email” and “email” appear as two different mediums. Establish a naming convention and enforce it.

Custom Events and Parameters

If enhanced measurement doesn’t cover your needs, create custom events. Review existing custom events and verify:

• Event names follow consistent snake_case convention
• Event parameters are registered as Custom Dimensions or Metrics if you want them in standard reports
• No duplicate or contradictory event names exist

Custom Dimensions and Metrics

In Admin > Custom definitions, register all event parameters you want in standard reports. GA4 allows 50 custom dimensions and 50 custom metrics per property. Review existing definitions: are they all in use? Is the scope (event or user) correct? Are the names still meaningful?

How Do You Audit Conversions and Key Events in GA4?

In GA4, Universal Analytics Goals no longer exist. Conversions are managed by marking events as Key Events - the terminology Google standardised in 2024. According to Google Analytics Help, misconfigured key events are the most common reason Google Ads campaigns optimise for the wrong outcomes. Check this section carefully before running any paid traffic.

Macro Conversions

These are your most important business indicators. Verify you have configured as Key Events:

• purchase event for ecommerce
• Form submissions for lead generation
• Phone calls if you work with call leads
• Account registrations if user growth is a goal

Micro Conversions

These track relevant intent signals before the final action:

• Newsletter subscriptions
• PDF or resource downloads
• Video completions
• Add to cart events for ecommerce

Key Event Review Checklist

Go to Admin > Events, then check Conversions. Verify:

• Are all current key events still relevant to the business?
• Are there key events with zero count that no longer fire?
• Are there duplicate conversions inflating numbers?
• Does the purchase event carry a value parameter with the correct amount?

What Does a GA4 Ecommerce Audit Cover?

GA4’s ecommerce model uses standard events. The purchase event must include: transaction_id (unique identifier), value (total amount), currency (ISO code like EUR or USD), and items (array with product details including item_id, item_name, price, and quantity). According to Google’s ecommerce documentation, implementations missing any of these parameters produce unreliable revenue data in GA4 and connected Google Ads accounts.

Key Ecommerce Questions

1. Does GA4 revenue match your database or ERP? A 2-5% variance is normal. More than that signals a problem.
2. Is transaction_id unique per order? Non-unique IDs cause duplicate transaction counting.
3. Are item_id values consistent with your product catalogue?
4. Is the currency parameter using the correct ISO code?
5. Does the purchase event fire only once per transaction? A confirmation page reload can trigger it multiple times.
6. Are funnel events configured - view_item, add_to_cart, begin_checkout? These enable funnel analysis in Explorations.

How Should GA4 Integrations Be Configured?

Google Ads

Link your GA4 property with Google Ads at Admin > Product links > Google Ads linking. This integration allows you to import GA4 conversions into Google Ads, use GA4 audiences for remarketing, and view GA4 data in Google Ads reports. Without this link, Google Ads bidding strategies can’t use your best conversion data.

Google Search Console

Link Search Console at Admin > Product links > Search Console linking. This adds the Organic search queries report directly in GA4, with impressions, clicks, and average position data. It’s one of the most useful cross-channel views available for free.

BigQuery

For large data volumes or advanced SQL analysis, link GA4 with BigQuery at Admin > Product links > BigQuery linking. The daily export sends all raw events to BigQuery, where you can query without sampling limitations or thresholds. The export itself is free.

What Should You Review in GA4 Explorations and Reports?

Explorations are GA4’s equivalent of UA’s custom reports, built on a more flexible foundation. You can create free-form explorations (custom tables), funnel explorations (step-by-step conversion flow), user journey explorations (path analysis), and cohort explorations (groups by acquisition date). Review saved Explorations for outdated configurations and unused reports.

In the Reports section, verify that the reports your team consults regularly are configured correctly and surface the most relevant data. In Admin > Channel groups, check whether custom channel groups exist. This feature lets you reclassify traffic according to your own business rules - for example, separating brand paid search from generic paid search into distinct channels.

Is Your GA4 Property Compliant with Privacy Requirements?

Consent Mode v2

Since March 2024, Consent Mode v2 is mandatory to run remarketing and personalised advertising in the EEA (Google, 2024). Without it, Google Ads and Display cannot use conversion data from users who haven’t consented. Verify you have implemented all four parameters: ad_storage, analytics_storage, ad_user_data, and ad_personalization. If your Consent Management Platform doesn’t support ad_user_data and ad_personalization, update it now.

No PII Collection

Verify you’re not sending Personally Identifiable Information to GA4 - no email addresses, names, or phone numbers. This violates Google’s Terms of Service and creates GDPR exposure. Review especially: URLs with email addresses in query parameters, custom event parameters, and User-ID data.

What General Best Practices Complete a GA4 Audit?

Audiences for Remarketing

Review audiences at Admin > Audiences: are they still relevant for current campaigns? Is the membership period (days a user stays in the audience) set correctly? Are they properly linked to Google Ads?

Annotations

GA4 added Annotations in 2024, accessible at Admin > Property > Annotations. Use them to record important events: campaign launches, site redesigns, tracking changes, algorithm updates. Without annotations, you won’t remember in six months why traffic spiked on a specific date.

PPC Landing Page Checks

Verify all landing pages used for paid campaigns load correctly, carry the GA4 tag, and fire conversion events on the confirmation page. Sending paid traffic to a 404 page is expensive and surprisingly common after site migrations.

Email Campaign UTM Tagging

Email traffic has no referrer by nature. Without UTM tags, it appears as direct traffic in GA4. All email links should carry utm_medium=email, a utm_source identifying your tool or list, and a utm_campaign identifying the specific send.

---

A well-executed GA4 audit is the foundation of any solid data strategy. Run a full audit every 6 months and monthly checks on the most critical points: conversions, filters, and integrations. If you want to understand how your tracking gaps affect paid performance, a review of your Google Ads Quality Score often reveals the connection directly.

Frequently Asked Questions

How often should I run a GA4 audit?

Run a full audit every 6 months. Monthly checks on conversions, data filters, and integrations are enough between full reviews. According to Google Analytics Help, the most common data quality issues - like misconfigured referral exclusions or lapsed filters - develop gradually and are easiest to catch with regular short reviews.

What is the biggest mistake in GA4 ecommerce tracking?

The most common and costly mistake is a purchase event missing the transaction_id parameter, which makes duplicate transaction detection impossible. A Google developer documentation review shows that revenue discrepancies above 5% between GA4 and a database almost always trace back to either duplicate transactions or missing value parameters on the purchase event.

Does Consent Mode v2 affect my GA4 data?

Yes. When users decline consent, GA4 uses modelled data to estimate behaviour rather than recording actual events. According to Google, properly implemented Consent Mode v2 recovers approximately 65% of otherwise lost conversion data through modelling. Without it, you lose that signal entirely for EEA users.

What is the difference between data thresholds and sampling in GA4?

GA4 doesn’t use sampling like Universal Analytics did. Instead, it applies data thresholds in some reports to protect user privacy, particularly when Google Signals is active. You’ll see a shield icon when thresholds apply. To minimise them, expand your date range, use Explorations instead of standard reports, or temporarily disable Google Signals for specific analyses.

How do I check if my GA4 property is correctly linked to Google Ads?

Go to Admin > Product links > Google Ads linking. Verify the link is active and that conversion events from GA4 are imported into Google Ads (visible under Tools > Conversions in the Google Ads interface). If the link shows as connected but conversions aren’t importing, check that the events are marked as Key Events in GA4, not just tracked events.

Sources

1. Google Analytics Help - Data Retention Settings
2. Google - Consent Mode v2 Requirements for EEA
3. Google Analytics Help - Key Events and Conversions
4. Google - GA4 Ecommerce Implementation
5. Google Analytics Help - User Permissions
6. Google Campaign URL Builder
7. Simo Ahava - GA4 Implementation Audit
8. Ahrefs - SEO Statistics