What happens if I get audited and can’t find a resale certificate?

The short answer no one wants to hear: the state assumes sales tax was due on that transaction, and bills you for it, plus interest, plus penalties.

This article walks through what that actually looks like, why the numbers get painful fast, and what you can do now to make sure it never happens to you.

The mechanics of a “missing cert” finding

In a typical US state sales-tax audit:

1. The auditor pulls a sample of your B2B invoices where you charged $0 tax.
2. For each one, they ask for the exemption certificate on file.
3. If you can produce a valid, signed, current certificate → no assessment, they move on.
4. If you cannot produce one → the sale is reclassified as taxable, and you owe the tax at the rate in effect when the sale happened.

The assessment compounds fast because auditors don’t stop at one transaction. They extrapolate from the sample to your entire audit period (usually 3–4 years). If 5 of 20 sampled invoices had missing certs, the state will assume 25% of all your untaxed sales were also lacking certs and bill you for that proportion of your total exempt sales volume.

A worked example

• Merchant does $2M/year in gross sales; $500K of it is B2B flagged tax-exempt.
• Over a 4-year audit window, that’s $2M of exempt sales.
• Auditor samples 20 invoices, finds 5 without certs on file (25%).
• Extrapolation: 25% × $2M = $500K of sales reclassified as taxable.
• At a blended 7% state + local rate: $35,000 in unpaid tax.
• Plus interest (typically 5–12% APR in most states): another $8K–15K.
• Plus penalties (10–25% of tax owed in most states): another $3.5K–8.75K.

Total: $46K–58K on a business that thought it was doing everything right.

What a “valid certificate” actually means in audit

The auditor is going to check that each certificate:

• Has the right form for that state (e.g., California requires CDTFA-230, not the generic MTC — see our MTC/California article).
• Is fully filled in (name, address, permit number, description of goods, signature, date). Partial forms are treated as missing.
• Has the permit number verified as valid for that state at the time of the transaction (many states provide online lookup — see our verification guide).
• Covers the transaction date. A blanket cert dated 2022 doesn’t automatically cover a sale in 2026 — some states consider blankets expired after 1 year, others 3, others never.
• Matches the nature of the goods. A cert claiming resale exemption for “office supplies” doesn’t defend a sale of industrial equipment.

Miss any of those boxes and the certificate is treated as if it didn’t exist.

How to make sure this doesn’t happen to you

1. Collect certs at the point of the sale, not later. Sending “can you email me your resale cert?” 18 months after a sale has a less-than-50% response rate in practice. Use a portal that prompts at checkout or account creation.
2. Store them centrally. Email folders and shared drives go stale. A purpose-built tool (like ResaleProof) keeps every cert linked to the customer record + searchable by state.
3. Verify permit numbers when the cert is submitted. Don’t wait 3 years for an auditor to tell you.
4. Set expiration reminders. Most states expect blanket certs to be refreshed periodically. ResaleProof auto-emails customers at 60/30/7 days before expiration.
5. Run a full audit-ready export once a year so you know it works before you need it. ResaleProof’s audit-export feature (bundled on every plan, including Free) produces the exact PDF bundle a state auditor expects.

What ResaleProof does

• Central storage: every cert is a row in your admin, with the signed PDF + audit metadata (IP, user agent, timestamp, digital signature, JWT signer).
• Auto-expire: certs flip to expired on their expiration date; Shopify tax exemption is removed in lockstep.
• Audit PDF bundle: one click at /app/audit-export produces a cover sheet + state-grouped TOC + every cert concatenated. Hand to auditor, done.
• Activity log: every approval, rejection, expiration, and customer redact request is a row in the audit log. Auditors love a clean paper trail.

Related

• How long should you keep resale certificates?
• How to verify a resale certificate is valid
• Resale certificate vs sales tax exemption certificate

← Back to help center