Auditing the Invisible State: Can CAG Expose Faceless Tax Power?
Image credit X.com Finance Ministry
Every click leaves a trace—but will India’s top auditor dare to follow it? Why a deep CAG audit of faceless tax could redefine accountability in algorithmic governance
By P. SESH KUMAR
New Delhi, January 27, 2026 — A faceless system is not an unauditable system-if anything, it is the most auditable form of state power ever invented. Every click leaves a trace, every delay a time-stamp, every decision a data shadow. The real question is not whether the Comptroller and Auditor General of India (CAG) can (and would) audit the faceless assessment scheme, but whether it chooses to audit it as a system of power rather than as a compliance ritual.
Below is an actionable, end-to-end blueprint for a full-scale performance audit by CAG of the Income-tax Department’s faceless assessment regime-designed to be forensic in method, and reform-forcing in outcome.
The Audit Frame: From Files to Flows
This audit must begin by discarding the old mental model of “file scrutiny.” Faceless assessment is not a set of orders; it is a digital production line governed by workflows, algorithms, escalation rules, and behavioural incentives. The audit objective, therefore, is not merely to check whether assessments followed Section 144B, but whether the design and operation of the scheme delivers economy, efficiency, effectiveness, fairness, and legal sustainability-the classic performance audit quintet.
The audit should explicitly position itself as an all-India system audit (there are various names CAG uses—performance audit, horizontal review, system audit, compliance audit, I.T audit and so on)—not a cluster of state-wise vignettes. Sampling must be statistically defensible and risk-weighted across regions, case types, income classes, and complexity bands, so that conclusions cannot be dismissed as “isolated instances.”
Core Audit Objectives: What CAG Must Test
At the heart of the audit should lie five blunt questions, phrased not in bureaucratic language but in outcome terms.
First, does faceless assessment actually reduce discretion and rent-seeking, or has discretion merely migrated from human interaction to opaque digital routing and review layers?
Second, does the scheme improve quality and sustainability of assessments, measured not by additions made but by additions that survive appeal?
Third, are principles of natural justice-adequate hearing, reasoned orders, fair timelines-being meaningfully upheld or procedurally simulated?
Fourth, does the multi-unit architecture (AU, VU, TU, RU, NFAC) add value relative to its cost and complexity, or does it diffuse accountability and incentivise defensive behaviour?
Fifth, is the scheme aligned with stated policy goals of trust-based taxation and ease of doing business, or does it systematically externalise administrative risk onto taxpayers?
High-Risk Zones: Where the Audit Must Dig Deep
The first red-flag zone is last-minute justice. Data analytics should identify how many show-cause notices are issued in the final weeks or days of limitation periods, how often response windows are compressed, and whether adjournment requests are disproportionately rejected. A faceless system that listens only at the deadline is not faceless-it is deaf.
The second risk zone is defensive additions. Using appeal and litigation data, the audit should map categories of additions that are routinely made but routinely struck down. Patterns here expose not officer incompetence but institutional incentives driven by review culture and audit fear.
The third zone is accountability dilution. The audit must reconstruct decision chains to see whether assessment orders clearly reflect application of mind by the Assessment Unit (AU) or merely aggregate comments from Technical (TU) and Review Units (RU). Where responsibility is untraceable, legality is weakened.
The fourth risk area is technical expertise theatre. Are Technical Units genuinely specialised, or are they functionally indistinguishable from Assessment Units? Posting profiles, training records, case allocations, and reversal rates by unit type will tell that story far more honestly than organisational charts.
The fifth zone is algorithmic opacity. Case selection, risk scoring, routing between units, and prioritisation rules must be audited as decision systems, not neutral IT tools. If taxpayers cannot understand why their case was picked or escalated, the audit must ask whether the Department itself fully understands it.
Audit Guidelines: How CAG Should Conduct This Audit
This audit cannot be done with printed orders and sample files alone. It must be run as a full-stack digital audit, drawing on the CAG’s existing strengths in IT and data analytics.
The audit should mandate direct access (with whatever reasonable safeguards or technical disclaimers) to anonymised backend datasets from the faceless portal: timestamps, workflow logs, unit-wise actions, response intervals, escalation triggers, and modification histories. These logs are the real evidence; PDFs are only the end product.
Sampling should be algorithm-assisted, using stratified random selection combined with risk filters such as high additions, repeat issues, frequent remands, and abnormal processing times. This prevents cherry-picking and makes findings system-wide by design.
Natural justice compliance must be audited quantitatively. The percentage of hearing requests granted, average response time allowed, length and depth of order reasoning, and correlation between compressed timelines and appellate reversals should be measured, not merely narrated.
The audit should explicitly benchmark India’s faceless assessment design against international best practices in digital tax administration-not to import foreign models blindly, but to test whether India’s design choices are outliers without justification.
Use of Data Analytics and IT Audit Tools: Turning the System Against Itself
This is where the audit can become transformative. CAG has a dedicated Data Analytics Centre and even a strategy framework for use of AI in audits, in place. It is time to move from pilots and conference papers to actual demonstration of its audit capabilities. Using process-mining tools, CAG can map the actual flow of cases, not the notional flow prescribed in manuals. Bottlenecks, loops, and late-stage escalations will surface instantly.
Text analytics can be deployed on assessment orders to detect boilerplate language, copy-paste reasoning, and absence of engagement with taxpayer submissions. If thousands of orders read the same, the audit need not speculate about “mechanical assessments”-it can prove them.
Predictive analytics can correlate officer, unit, or workflow patterns with appellate outcomes. If certain pathways consistently lead to reversals, the problem is systemic, not individual.
Importantly, the audit should test feedback blindness: whether the system learns from its own failures. Are appellate outcomes fed back into risk rules, review protocols, or training modules? Or does the machine keep making the same mistakes at scale?
Audit Output: What the Report Must Deliver
The final report must resist the temptation of safe, descriptive prose. It should present issue-wise systemic findings, not scattered anecdotes. Each finding should explicitly link design choice, behavioural incentive, observed outcome, and measurable impact-on revenue credibility, taxpayer cost, and litigation load.
The report should avoid naming individual officers but should name design failures without hesitation. It should recommend not more layers, but clearer ownership, earlier quality control, and metrics that reward sustainability over aggression.
Most importantly, the audit should include a readiness warning: if the same flawed architecture is carried into the new Income-tax Act framework, Parliament will be codifying dysfunction for the next decade.
Why This Audit Matters
A faceless tax system without a fearless audit becomes an unanswerable machine. By auditing faceless assessment as a living digital ecosystem-using data, IT tools, and behavioural analysis-the CAG can do what no internal review ever will: restore visibility, accountability, and proportionality to one of the state’s most intrusive powers.
This is not just an audit of income tax. It is an audit of how India governs through algorithms. And that makes it not only timely but unavoidable.
When Auditing Algorithms Could Meet Institutional Resistance
But this is where the story stops being technical and could start becoming institutional game of oneupmanship-and political. It would be naïve to assume that the CBDT would warmly welcome a deep, systems-level performance audit of faceless assessment that pries open algorithms, workflows, review cultures, and accountability gaps; intrusive audits are rarely embraced by the very systems they seek to examine.
The experience of the CAG with GSTN-where access to databases and backend logs became a contested battleground-looms large as a cautionary tale, reminding us that “digital opacity” is often defended more fiercely than paper secrecy.
The existence of a November 2025 CAG–CBDT MoU on capacity building and knowledge sharing is useful, but it should not be mistaken for an access passport; cooperation in training does not automatically translate into surrender of data or system visibility.
The real test, therefore, is not whether CAG has the mandate—it does (section 16 of the CAG’s Duties, Powers & Conditions of Service Act is very clear)—but whether it will assert the confidence and technical competence to demand full access, and whether CBDT will accept that faceless power, precisely because it is invisible, demands a higher, not lower, threshold of independent audit scrutiny.
Let us hope better sense prevails in CBDT and the audit team of CAG brings and displays the expertise and confidence of doing a professional audit of the Faceless Assessment scheme of CBDT, beginning with convincing CAG of the need and significance of the audit.
(This is an opinion piece. Views expressed are author’s own.)
Follow The Raisina Hills on WhatsApp, Instagram, YouTube, Facebook, and LinkedIn
About The Author
