An IRAS audit is rarely the first sign of a problem. It is usually the second. The first sign is a year — or several years — of small inconsistencies that, viewed together by an algorithm with access to GST data, corporate tax filings, AIS submissions, banking information, and CbCR exchanges, look enough like a pattern to justify a closer look. The path to fewer audits, and shorter ones when they happen, is not luck. It is consistency.
This article walks through the most common triggers in 2026, the procedural shape of an IRAS review, and the internal work that meaningfully reduces both the probability and the duration of an audit.
The 2026 shift: misaligned filings, not missed dates
For years, the standard advice for staying off IRAS's radar was simple: file on time and pay the assessment. That advice is still good — late filing remains a known trigger — but it captures less of the 2026 risk picture than it used to.
IRAS now operates with a substantially better cross-referenced data position than it had even three years ago. Income reported in the corporate tax return is checked against revenue reported in GST filings. Employment expenses claimed are reconciled to AIS submissions and CPF records. Director remuneration in the financial statements is matched to IR8A. Withholding tax remittances are mapped to claimed deductions for foreign payments. Cross-border transactions are visible through CbCR for in-scope groups, and through banking information sharing for everyone else.
The result is that the 2026 audit risk pattern is dominated by misalignment — submissions that are technically on time and individually plausible, but that don't reconcile when read together. Most companies that get caught here weren't trying to do anything wrong. They have different people preparing different filings, on different timelines, using different source data, and the inconsistencies emerge naturally.
Common audit triggers
From the publicly available IRAS guidance and from observed audit patterns, the recurring triggers fall into a small number of categories.
GST and income tax mismatch
The single most common 2026 trigger. If revenue reported in the GST F5 returns does not reconcile to revenue in the corporate tax return — once standard GST-related adjustments (zero-rated supplies, exempt supplies, out-of-scope) are accounted for — the file gets attention. Companies registering revenue above S$1 million without being GST-registered are also flagged, since GST registration is mandatory at that threshold.
Year-on-year volatility in expenses
Sharp jumps in specific expense categories — entertainment, consulting fees, management charges, repair-and-maintenance — without an obvious operational reason. Sharp drops in revenue with no corresponding drop in cost base. The audit profile loves a curve that doesn't tell a coherent story.
Related-party transactions without supporting documentation
Intercompany management fees, royalties, financing, and shared service charges that are claimed as deductions without proper transfer pricing documentation, intercompany agreements, or evidence of commercial benefit. The deeper IRAS goes here, the more it tends to find.
Capital allowance and entertainment claims
Capital allowance claims that don't match the underlying fixed-asset register. Entertainment claims that exceed the section 14 deductibility limits. Section 14 add-backs that look mechanical rather than analytical. These are individually small items but they add up to a recognisable profile.
Withholding tax (Section 45) gaps
Foreign payments deducted in the books but with no corresponding withholding tax filing. Or withholding tax filed and remitted late, where the deduction is then disallowed. Cross-border services and IP arrangements are particular focus areas.
Industry-specific anomalies
IRAS publishes guidance on sector-specific risk areas — F&B daily takings reconciliation, e-commerce platform sales recognition, construction sub-contractor deductions, financial services regulatory items. Filings that don't follow the sector profile get attention.
What an IRAS audit actually looks like
The first contact is usually a letter or an email asking for information. It will specify the year (or years) under review, the items in focus, and the documents required. The deadline is typically 30 working days, though IRAS will grant reasonable extensions on request.
What follows depends on how the requested information is received and what it shows.
- Desk audit. The most common path. IRAS reviews submitted documents off-site, asks follow-up questions in writing, and issues either a "no further action" letter or a proposed adjustment. Resolution typically takes three to twelve months.
- Field audit. Less common but more intensive. IRAS officers visit the company's premises, interview staff, review books and supporting documentation, and may extend the period under review. Field audits are typically reserved for higher-risk profiles or where desk audit findings warrant deeper review.
- Investigation. The most serious path. Reserved for suspected evasion, falsification, or significant non-compliance. Investigations carry potential criminal penalties and almost always warrant external counsel.
Most reviews are desk audits, and most desk audits resolve with either no adjustment or a small adjustment that the company agrees to and pays. The cases that escalate are usually those where the initial response is incomplete, late, or inconsistent with what IRAS already has on file.
The Voluntary Disclosure Programme
The single most important tool in the 2026 risk toolkit is the Voluntary Disclosure Programme (VDP). Companies that identify an error in a past return and disclose it to IRAS before IRAS finds it typically receive significantly reduced penalties — often nil for innocent errors disclosed promptly, and reduced rates for more material disclosures.
The mechanics:
- The disclosure must be complete (covering all known errors), timely (made before IRAS opens an audit), and supported by computational and documentary evidence.
- For income tax errors, the standard penalty after voluntary disclosure is typically 5% per year of tax undercharged, compared to 100% to 400% under audit-discovered findings.
- For GST errors disclosed within one year of the error's filing deadline, the penalty is typically nil, with the underpaid tax simply paid with interest.
The VDP is the cheapest way to fix a known issue. The most common reason it doesn't get used is psychological: companies hope a small inconsistency will go unnoticed. In a cross-referenced 2026 environment, that hope is increasingly badly placed.
The internal review you can do this quarter
An internal review, done well, is the single highest-leverage piece of audit preparation a company can do. It is best done by someone outside the day-to-day finance team — a partner, an external advisor, or a fresh-eyed manager — and best documented in writing.
A workable scope for a one-to-two-week review:
- GST-to-tax reconciliation. Pull GST F5 returns for the most recent four quarters. Pull the corporate tax return revenue figure. Reconcile the two via a written walk: zero-rated supplies, exempt supplies, out-of-scope, timing differences. Document the reconciliation. Where there's a residual gap, investigate.
- AIS-to-financials reconciliation. Total employment income reported via AIS should reconcile to wages and salaries in the financial statements (allowing for accrued bonuses and timing differences). Reconcile, document, investigate any gap.
- Capital allowance check. Confirm the capital allowance schedule reconciles to the fixed-asset register, and that the assets claimed actually exist and are still in use. Test a sample physically.
- Related-party documentation review. For each material intercompany flow, confirm there's a current intercompany agreement, contemporaneous transfer pricing documentation (where required), and evidence of commercial benefit. Where any element is missing, fix.
- Section 14 add-back review. For the largest disallowed expense categories, confirm the add-back computation is supported by underlying detail rather than estimate.
- Withholding tax review. For each foreign payment in the year, confirm the withholding tax position and the timely remittance. Where withholding was due but missed, consider VDP.
This review is unglamorous and often surfaces nothing. The value is in the cases where it surfaces something — because finding it yourself, while there's still time to use the VDP, is materially cheaper than having IRAS find it.
The cultural shift inside finance
The deeper change required is cultural. Filings that were prepared by different people in the past — bookkeeper does the books, payroll provider does AIS, tax agent does the tax return, company secretary does the AGM — now need to be cross-checked before they go out the door, not just after they come back from the regulator. The connective tissue is a finance lead who sees all of it and reconciles before submission. That role might be a controller, a fractional CFO, or an external partner. What matters is that someone owns the read-across.
Companies that put that ownership in place are the ones whose audit risk profile drops year-on-year. Companies that don't tend to be the ones explaining themselves to IRAS in writing.
2026 audit risk is dominated by misalignment between filings, not missed dates. The common triggers are GST/tax mismatch, year-on-year volatility, undocumented related-party flows, and weak section 45 (withholding) coverage. Most reviews are desk audits and most resolve with small or no adjustments. The Voluntary Disclosure Programme is the cheapest way to fix a known error before IRAS finds it. A two-week internal review covering GST-to-tax, AIS-to-financials, capital allowances, related-party documentation, and withholding is the highest-leverage preparation work a company can do this year.