What happens if you can't produce records during a regulatory audit?
When a regulator, tax authority, or oversight body asks for records and an organization cannot produce them, the consequences extend well beyond the inconvenience of a missing file. Auditors generally expect that records required by law or regulation exist, are complete, and can be retrieved within a reasonable time. A failure on any of those points can change the entire posture of an audit.
Immediate consequences
Inability to produce requested records can lead to several outcomes:
- Adverse findings or presumptions. When records are missing, auditors may resolve questions against the organization. In some areas, the law expressly requires records to be kept, so their absence is itself treated as noncompliance.
- Fines, penalties, and disallowed claims. Missing documentation can mean lost deductions, repaid funds, or monetary penalties, depending on the regulatory regime.
- Expanded scope. A gap in one area often prompts auditors to broaden their review, sampling more periods or more record types.
- Reputational and operational harm. Findings may be reported publicly, shared with other agencies, or trigger follow-up examinations.
When records are missing for legitimate reasons
Not every gap is treated the same way. If records were disposed of in good faith under an approved, consistently applied retention schedule, that is generally defensible. The key is being able to show why a record no longer exists.
Problems arise when records were destroyed:
- before the end of a required retention period,
- in an ad hoc or inconsistent way, or
- after a duty to preserve had attached (for example, during litigation or an open investigation), which can be treated as spoliation.
How sound recordkeeping reduces the risk
A defensible program is the best protection. That means a documented retention schedule tied to legal and operational requirements, controlled and logged disposition, reliable indexing and search, and the ability to suspend destruction when a legal hold applies. Together these let an organization either produce the record or credibly explain its lawful absence.
For a deeper look at building schedules and disposition controls, see the retention and disposition topic hub.
The underlying principle is consistent: retention rules exist so that records survive exactly as long as they are needed for legal, fiscal, and accountability purposes. Meeting an audit is far easier when those rules are defined in advance and followed without exception.
Sources & further reading
Authoritative government and non-profit references.
- Records management laws — National Archives (NARA)
- IRS — how long to keep records — IRS
How to cite this page
APA
RM University Editorial. (2026). What happens if you can't produce records during a regulatory audit?. Records Management University. https://www.recordsmgmt.org/questions/what-happens-if-you-cant-produce-records-during-a-regulatory-audit/
MLA
RM University Editorial. "What happens if you can't produce records during a regulatory audit?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/what-happens-if-you-cant-produce-records-during-a-regulatory-audit/.
Related questions
- Can a company be fined for keeping records longer than the law requires?
- Can any manager authorize destroying records, or does it have to be someone specific?
- Can deleting emails too soon be considered illegal spoliation of evidence?
- Can different copies of the same document have different retention periods?
- Can GDPR storage limitation requirements force you to delete records you are legally required to keep elsewhere?