The $10,000 Tag Manager Mistake
A mid-market ecommerce company. $40,000/month in Google Ads. ROAS looks healthy at 4.2x. The team is happy. The CMO is happy. The numbers are wrong.
This is a composite scenario drawn from patterns we see repeatedly in GTM audits. The company is representative, not specific. The failure modes are real.
The scenario
The company runs Google Ads, Meta Ads, and a modest email programme. Google Tag Manager handles all tracking — conversion tags, remarketing pixels, analytics. The container was originally set up by an agency three years ago, modified by a second agency, and is now maintained by an in-house marketer who inherited it.
Monthly reporting shows strong ROAS on Google Ads, reasonable cost-per-acquisition on Meta, and steady organic traffic. The budget allocation is based on these numbers. Nobody has audited the container since the second agency left.
The forensic diagnostic ran for four minutes. It found four problems. Together, they represent over $10,000/month in misallocated spend, regulatory exposure, and data leakage.
What the diagnostic found
Duplicate conversion tags
A Google Ads conversion tag and a GA4 goal were both measuring the same purchase event, and both were imported into Google Ads as conversion actions. Every transaction was counted twice. Reported ROAS: 4.2x. Actual ROAS: 2.1x. The team had been optimising campaigns against inflated numbers for seven months.
Signal
Platform-reported conversions significantly exceed CRM-confirmed purchases
Impact
Budget allocated to underperforming channels based on doubled conversion data
Consent not blocking correctly
The cookie consent banner displayed correctly. The user experience was fine. But the Meta pixel was firing before consent was granted — the consent mode integration had been partially implemented during a campaign launch and never completed. Three months of retargeting audiences were built on non-consented tracking data.
Signal
Meta pixel firing on page load before consent interaction
Impact
GDPR exposure plus retargeting audiences that may require purging
Abandoned agency tags
The GTM container held 47 tags. Twelve belonged to two previous agencies. One was sending pageview data to a platform the company no longer subscribed to. Another was firing remarketing pixels for a campaign that ended 18 months ago — to a vendor whose data processing agreement had since expired.
Signal
Tags added by previous agencies that nobody on the current team can explain
Impact
Data leakage to third parties with expired DPAs
Data layer gaps
Enhanced ecommerce was partially implemented. Product IDs were populating correctly, but transaction revenue was not passing through to GA4. Every funnel report, every revenue attribution model, and every ROAS calculation downstream was working from incomplete data. The numbers looked plausible. They were structurally wrong.
Signal
Enhanced ecommerce data absent or incomplete in GA4 reports
Impact
Every revenue-based report and optimisation decision built on missing data
The cost math
At $40,000/month in ad spend, a 2x ROAS overstatement means roughly $20,000/month allocated to channels based on doubled conversion data. The campaigns that looked profitable at 4.2x ROAS are breaking even at 2.1x — or losing money once you account for cost of goods and fulfilment.
Over the six months between the last agency handover and the diagnostic: approximately $120,000 in budget decisions made from structurally wrong numbers. Not fraud. Not incompetence. Just a container that nobody audited.
The consent violation adds a different category of cost. Three months of retargeting audiences built on non-consented data may need to be purged. The Meta Ad Account may require a compliance review. Under GDPR, firing tracking pixels without valid consent is a regulatory event, not a data quality issue.
The abandoned tags add a third: data flowing to platforms with expired data processing agreements. The data is leaving. Nobody knows where it's going. The legal exposure exists regardless of whether anyone at the vendor is looking at it.
Two ways to find these problems
The automated diagnostic tests your infrastructure from the outside. It detects the symptoms — attribution inflation, consent failures, tracking gaps — by analysing what's observable in your page output, platform data, and public-facing configuration. It doesn't open your GTM container. It tells you what the container's output looks like from the business side.
For businesses where the diagnostic surfaces serious tracking issues, the Infrastructure Audit goes inside. You grant read-only access to the relevant systems — GTM, GA4, consent infrastructure, whatever the diagnostic flagged — and we confirm the causes, not just the symptoms. The scope is custom, driven by your diagnostic findings. It's where the container actually gets opened and audited.
The sequence: The diagnostic tells you something is wrong — for free, in five minutes. The Infrastructure Audit tells you exactly what, where, and how to fix it. The first is insurance. The second is the repair estimate.
Find out what's hiding in yours
The free diagnostic checks your tracking infrastructure, consent compliance, and attribution accuracy across 10 pillars. Five minutes. No GTM access required.