In Mexico, tax audits conducted by the Tax Administration Service (SAT) often focus on the materiality of transactions, bank traceability, consistency among CFDI, accounting records and tax returns, as well as the business reason behind relevant transactions. Properly handling an audit is not merely a matter of “submitting documents”; it requires building an organized, verifiable and timely defense from the first request for information or the initial audit report.
Proper management of a desk review or an on-site audit is essential to avoid evidentiary omissions, penalties, presumptive assessments, operational restrictions, contingencies arising from nonexistent or simulated transactions, and an eventual tax deficiency assessment.
Current legal framework and audit approach. The Federal Tax Code (Código Fiscal de la Federación or CFF), in force as most recently amended by decree published in the Official Gazette of the Federation on April 9, 2026, maintains Article 42 as the core provision governing the tax authority’s audit powers. Such provision allows the authority to review accounting records, data, documents, reports, goods and merchandise, as well as to conduct on-site audits. In addition, Article 5-A allows the authority to challenge transactions lacking a business reason when they generate tax benefits; therefore, contemporaneous evidence and economic substance are now central elements of defense.
First step: activate an internal protocol. Upon receipt of an audit order, request for information, official letter or notification through the tax mailbox, the company should immediately activate a responsible team composed of legal, tax, accounting, treasury and operations personnel. A single communication channel with the authority should be appointed, the period and taxes under review should be identified, evidence should be preserved, and a mirror file should be opened with acknowledgments of receipt, audit reports, exhibits, submissions, written responses, emails, logs and version controls.
Initial response checklist
- Verify the jurisdiction, powers and identification details of the issuing authority and the appointed auditors.
- Confirm the method of notification and the exact date on which it becomes effective, especially if received through the tax mailbox.
- Identify the taxes, fiscal years, acts or transactions under review; do not submit information outside the scope without a strategy.
- Prepare a document matrix linking each request to accounting, tax, contractual, banking and operational evidence.
- Preserve books, accounting entries, XML files, CFDI, bank statements, contracts, deliverables, emails, reports and evidence of receipt of goods or services.
- Avoid generic responses; each submission should explain what is being provided, what it proves and how it relates to the transaction under review.
Desk review: what is it and how should it be handled? A desk review is conducted outside the taxpayer’s premises. The authority requests reports, data, documents or accounting records and may later issue an observations letter setting forth facts or omissions. The response must be technical, organized and evidence-based: attaching documents is not enough; it is necessary to build a narrative that connects accounting records, CFDI, payments, contracts, business reason and materiality.
| Desk review | Practical recommendation |
| Request for information | Prepare a document index, respond within the applicable deadline and request clarification or an extension only when necessary and justifiable. |
| Observations letter | Disprove each point individually. Do not respond in bulk; use a matrix of observations, evidence and conclusion for each finding. |
| Third-party cross-checks | Align evidence with suppliers, customers and related parties; anticipate inconsistencies among CFDI, payments and deliverables. |
| Closing of the review | Verify that the assessment is issued within the statutory deadlines and that it states available remedies and challenge periods. |
On-site audit: critical points. An on-site audit is conducted at the taxpayer’s tax domicile or establishments. At the outset, the auditors must identify themselves, present the audit order and request the appointment of witnesses. Every action must be recorded in detailed audit reports; therefore, the company should carefully review what is recorded, request the inclusion of statements, exhibits and clarifications, and avoid signing without reservations when relevant inaccuracies exist.
| On-site audit | Practical recommendation |
| Beginning of the inspection | Receive the authority with authorized personnel; verify the order, purpose, period, address, taxes and names of auditors. |
| Partial audit reports | Review the facts recorded, request that statements be added and keep a complete copy with exhibits. |
| Electronic accounting | Submit files in a controlled manner, with acknowledgment of receipt, description of content, period and format; do not provide equipment without legal control. |
| Last partial report / final report | Prepare an integral rebuttal before closing; identify disputed facts and pending evidence. |
| Operational environment | Do not obstruct the visit, but do not improvise responses either. Every explanation must be consistent with the documentary evidence. |
Evidence that is usually determinative
- Executed contracts with date, clear purpose, consideration, deliverables, responsible parties and evidence of performance.
- CFDI and XML files consistent with accounting entries, accounting records, tax returns, payment complements and bank statements.
- Complete bank traceability: source, destination, account identification, beneficiary, payment concept and reconciliation.
- Operational evidence: reports, photographs, warehouse entries, logs, minutes, deliverables, emails and internal approvals.
- Business reason: expected economic benefit, business need, internal comparables, authorizations and contemporaneous analysis.
- Supplier and customer files: RFC, tax status certificates, tax compliance opinions, powers of attorney, address, operational capacity and commercial documentation.
Taxpayer rights during the audit. The taxpayer has the right to be informed and assisted, to know the status of the proceeding, to identify the responsible authority, to refrain from submitting documents already in the authority’s possession, to be treated with respect, to be informed at the beginning of the audit powers of its rights and obligations, to correct its tax situation during the review, and to have access to legal remedies. These rights should be exercised strategically and with documentary support, not merely invoked at the end of the procedure.
Tax correction and conclusive agreements. If real risks are identified during the audit, a tax correction may be evaluated before the deficiency assessment is notified. Likewise, when facts or omissions have been characterized by the authority and the taxpayer disagrees, the viability of a conclusive agreement before PRODECON may be analyzed, especially when differences can be resolved through technical evidence and documented negotiation.
Frequent mistakes that increase risk
- Responding late, incompletely or without explaining the relationship between the documents and the transaction under review.
- Submitting excessive, contradictory or out-of-scope information in relation to the audit order or request.
- Failing to control on-site audit reports or to request the inclusion of timely statements.
- Relying solely on CFDI without supporting materiality, actual receipt of goods or services and business reason.
- Failing to coordinate related third parties, suppliers or related parties that could be subject to cross-checks.
- Waiting until the assessment to build the defense, when key evidentiary opportunities arise during the audit.
Recommended action plan. Before the audit, it is advisable to conduct a preventive diagnosis of materiality and tax consistency. During the audit, the priority is to control deadlines, evidence, narrative and audit reports. After the audit, the taxpayer should assess whether it is advisable to correct its tax situation, pursue a conclusive agreement, file an administrative revocation appeal, initiate tax litigation before the Federal Court of Administrative Justice or, if applicable, prepare a constitutional defense.
Conclusion
Handling a SAT audit requires documentary discipline, legal strategy and operational coordination. The best defense is not improvised upon receipt of the observations letter or the last partial audit report; it is built from the first contact with the authority, through a robust file proving compliance, materiality, business reason and traceability of the reviewed transactions.
Should you have any questions or comments, please do not hesitate to contact us.
Contact
Héctor Avilés
haviles@cuestacampos.com
THE ABOVE IS PROVIDED AS GENERAL INFORMATION PREPARED BY PROFESSIONALS WITH REGARD TO THE SUBJECT MATTER. THIS DOCUMENT ONLY REFERS TO THE APPLICABLE LAW IN MEXICO. WHILE EVERY EFFORT HAS BEEN MADE TO ENSURE ACCURACY, NO RESPONSIBILITY CAN BE ACCEPTED FOR ERRORS OR OMISSIONS. THE INFORMATION CONTAINED HEREIN SHOULD NOT BE RELIED ON AS LEGAL, ACCOUNTING OR PROFESSIONAL ADVICE BEING RENDERED.
