Skip to content

The STACK Audit: the 5-layer pass I run before I touch a single bid (2026 edition)

GOOGLE ADS
The STACK Audit: the 5-layer pass I run before I touch a single bid (2026 edition)
Conner Crowe

Quick Take

A Shopify brand handed me an inherited Google Ads account last quarter. $40K/mo, six months under the prior agency, tracking “fine.” Two hours in I had seven findings, all of them feeding Smart Bidding the wrong number. This is the named audit I run before I touch a single bid: the STACK Audit. Five layers, in order. Source emission, Tag triggers, Attribution spine, Conversion values, Klaviyo identity loop. Each layer maps to a section of The Tracking Stack and each catches one specific class of leak. Run it before you let Smart Bidding optimize against numbers you have not verified.

The receipt

An inherited Shopify home brand, $40K/mo in Google Ads, six months with the prior agency. The reporting deck said 4.2 ROAS. The P&L said the brand was barely breakeven on paid acquisition. Both could not be true.

Two hours into the audit:

  1. The dataLayer.purchase event was emitting total_price (which includes shipping and tax) instead of subtotal minus discounts. Smart Bidding had been chasing inflated revenue for the full six months.
  2. The Bing UET tag was firing with the literal string YOUR_VALUE_HERE on three conversion goals. I have written about that one before.
  3. The Click Text trigger on the contact form had been killed three months earlier when marketing changed the button copy. Form-fill conversions had quietly dropped to zero in Google Ads and nobody had noticed because the monthly report still showed plenty of purchase conversions.
  4. GA4 was importing every conversion type as “primary.” Eleven of them.
  5. Enhanced conversions were “enabled” but the hashed-email field was being dropped server-side, so Google was receiving the wrapper without the payload.
  6. The Meta CAPI server events were not sharing event_id with the browser pixel. Every purchase was getting double-counted.
  7. The Klaviyo customer list had not synced to Google customer match in four months. The audience the prior agency was “retargeting” was stale.

Each finding by itself looks like a small thing. Stacked, they were the difference between an account that read 4.2 ROAS and one that was actually doing 1.6 contribution-margin ROAS. Six months of Smart Bidding had compounded against bad signals.

This is why I do not move a budget dollar until the stack is verified. The audit has a name and a shape so I do not skip steps when the account looks fine on the surface.

The STACK Audit

Five layers. Each one maps to a specific class of leak. Each one takes me 20-45 minutes on a typical Shopify account.

S. Source emission

What it checks: the storefront is emitting clean order data into the dataLayer before any tag fires.

This is the layer almost every audit skips. The agency walks in, opens GTM, starts checking tags. But if the dataLayer is wrong, every downstream tag inherits the wrong number. The fix later in the spine cannot recover what the source never emitted.

Specifically:

  • Shopify Customer Events pixel is sandboxed (no third-party tags piggybacking on it)
  • The purchase event in the dataLayer carries subtotal_price minus total_discounts, not total_price
  • Order data exposed post-purchase includes line items, customer email (SHA-256 hashed), customer phone
  • Refund events fire negative conversions so Smart Bidding sees the real cohort

Most common drift: shipping and tax getting baked into the conversion value. Full diagnostic here.

T. Tag triggers

What it checks: GTM tags fire once, on real server confirmations, gated against the conditions that actually fingerprint the event.

The most common anti-pattern I see is conversions wired to Click Text matched against specific button copy. Every CTA change kills the data, silently. The second most common is purchase events firing on cart pages because somebody used a URL contains match. Both look fine in the monthly report until you check the Tag Assistant Preview.

The trigger pass:

  • One web container, owned by the founder, not the agency
  • Triggers gated on server confirmations (Shopify checkout-completed pixel event) or post-purchase page presence, not URL substring matches
  • Tags versioned, with a working Preview before every publish
  • A trigger conditions exception report (any tag firing more than once per session is on the list)

The audit of my own container walks the trigger-trap class in full.

A. Attribution spine

What it checks: events flow Shopify, web container, server container, ad platforms, with no double-fire and no client-side gaps.

Server-side is not optional in 2026. iOS strips client-side cookies, ad blockers eat client beacons, conversion APIs prefer server signals anyway. If you are not running a server container, you are losing roughly 15% of conversions to attribution-model differences and giving Smart Bidding a partial picture.

The spine pass:

  • GTM server container on a custom subdomain (e.g. metrics.yourbrand.com)
  • Web container forwards purchase events to the server container, server fans out to Google Ads, Meta CAPI, GA4
  • The server is the primary source for Google Ads conversion imports (not GA4 imports, which lag and lose ~15%)
  • A dedup contract is documented somewhere a human can read it: which platform owns the canonical event_id, which signals are server-only, which are browser-only

If you do not have the dedup contract written down, you do not have it. Build it before you audit anything else.

C. Conversion values

What it checks: Google Ads sees the right number, the right cohort, and the right primary-vs-secondary mapping.

The conversion-value layer is where most agencies fail without knowing. Every conversion type imported as “primary.” Conversion value set to total_price including shipping. Enhanced conversions “enabled” but the hashed-email field empty. Each one looks fine in the Google Ads UI and each one corrupts Smart Bidding.

The value pass:

  • One primary purchase conversion. Everything else (newsletter signups, add-to-cart, search) set to secondary.
  • Conversion value = gross revenue minus discounts and shipping. Not order total. Not GA4 revenue.
  • Enhanced conversions on every action, with hashed email and phone actually transmitting (not just enabled).
  • Refunds flow through as negative conversions on the same conversion action.

If Smart Bidding has been running for more than 60 days on the wrong value model, expect a 4-6 week recovery period after the fix. The bidder has to relearn the new cohort.

K. Klaviyo identity loop

What it checks: first-party identity (email, phone) from Klaviyo or Postscript is flowing back into Google customer match, Meta CAPI, and Microsoft customer match on a weekly cadence.

This is the layer I see least often and that has the biggest compounding effect. Klaviyo and Postscript are the cleanest first-party identity graph most Shopify brands have. The identity sitting in there should be feeding hashed PII back to the ad platforms continuously so customer-match audiences, lookalike seeds, and enhanced conversions all run on fresh data.

Most accounts: synced once, six months ago, never refreshed.

The identity pass:

  • Klaviyo connected to Shopify (you have this)
  • Klaviyo segments synced to Meta Custom Audiences and Google Customer Match (you probably do not)
  • Sync frequency weekly minimum, not “as needed”
  • Hashed identity from Klaviyo feeding enhanced conversions and CAPI on every purchase, not just every email send

This is the lift that turns a clean stack into a compounding one. Without it, you are running a fresh-only attribution model and ignoring the lifetime cohort entirely.

What this audit is not

It is not a media-buying audit. It does not look at campaign structure, ad creative, bid strategy, or budget allocation. Those audits are downstream of this one and pointless without it. If the tracking is leaking, every conclusion the media-buying audit reaches is built on the wrong number.

It is not a one-pass-and-done audit. The stack drifts. New plugins get installed, the dev team ships a checkout extensibility update, the agency adds a tag for a new platform without telling anyone. I re-run the STACK Audit at the start of every quarter and any time something material changes (theme update, replatform, new ad channel).

It is not the Lead Quality Stack audit. That one is the parallel framework for service businesses where the conversion event is a lead, not a purchase. Different layers, same shape.

The receipts

The inherited account above: stack fixed in two weeks. Smart Bidding rebid for 28 days. Reported ROAS dropped from 4.2 to 2.6 because the inflated number went away. Contribution-margin ROAS went from 1.6 to 2.4. The brand kept the same media spend and netted roughly $50K more in monthly contribution margin within 60 days of the fix landing.

The STACK Audit checklist itself is part of the 25-page Setup Audit PDF. It walks the five layers with the actual GTM Preview, GA4 DebugView, and Google Ads Conversion Diagnostics views I check. No email gate. Page 23 has the only ask.

Keep going

If this hit, the next two pieces in the same universe:

Free PDF: The 25-page Google Ads Setup Audit. The STACK Audit checklist, expanded with screenshots and the Microsoft Ads equivalent.

If the dashboard ROAS does not match what the P&L says, the STACK Audit is the diagnostic. Talk to me.

Want a review like this on your account?

Want this kind of review
on your account?

Thirty minutes on the phone. Same person on the call as on the work. Walk out with a clear set of next steps.

Book a Call