Tax risk and governance ATO publishes new guidance for directors and self-assessment procedures
22 February 2017
Following the release of the first iteration in 2015, the Australian Taxation Office (ATO) has published a substantial update to its Tax Risk Management and Governance Review Guide, containing new guidance for directors of companies and recommended self-assessment procedures. The purpose of this latest update is to assist organisations to understand the ATO's shift beyond checking whether policies exist to testing whether tax risk management processes and procedures are operating effectively. Tax risk management procedures form one of the four key considerations in determining the risk profile of an entity under the ATO's `justified trust' concept.
It is clear that the ATO intends a significantly more evidence and enterprise-based risk management focus on tax governance and is seeking, through the new guidance it has provided for directors, to leverage Boards to increase their attention in this area. Where a formal, documented tax governance framework document is in place and periodic assessments of Board-level and management-level tax controls are carried out, this will provide the ATO with evidence that supports "justified trust" and will influence the risk rating assigned to taxpayers.
What I should do be doing?
Now is the right time to perform a gap analysis of current tax governance policies, procedures and controls against the ATO's requirements. Any gaps must be addressed immediately in order to:
1. Provide senior management and the Board with a level of comfort over the design of the tax governance framework and the effectiveness of underlying controls.
2. Help protect your current ATO risk rating by reviewing and gathering evidence to be prepared for an ATO pre-compliance review or risk review.
3. Meet the requirements of the voluntary tax transparency code, which is administered by the ATO. Specifically, Part B of the reporting requirements includes a reference to the organisation's approach to tax governance.
The ATO's Tax Risk Management and Governance Review Guide (the Guide) prescribes standards regarding the design, endorsement, implementation and ongoing testing of tax internal controls, across all taxes administered by the ATO. The latest update to the Guide is a continuation of the ATO's decade-long focus on tax risk management and governance for corporate taxpayers, and is the culmination of a substantial consultation process over the past 12 months. The release of the Guide in 2015 signalled the importance of having a formal tax governance framework and effective tax operational controls in place to manage tax risk. And it does not stop there - the ATO also expects to see evidence of periodic testing of actual performance against the framework. This represents a significant departure from how tax risk has historically been managed in most organisations, albeit the views are largely aligned with the approaches adopted for managing other enterprise risks. The Guide is targeted at large and complex corporations in Australia, however the principles contained therein can be appropriately tailored to companies of any size. The ATO has modified expectations of privately-owned groups which is contained in separate ATO guidance (see Tax governance for privately owned groups). The 2017 update to the Guide contains two main new features - summary guidance for directors on their responsibilities for tax risk management and governance (the Director's summary), and self-assessment procedures for conducting tax governance reviews (the Self-assessment procedures for reviewers). These are discussed in further detail below. The updated Guide clearly defines what the ATO considers to be "better practice". It is therefore not expected that all taxpayers will satisfy all aspects of the Guide. However, taxpayers should be mindful that the ATO's assessment of an organisation's tax governance framework directly impacts on whether the ATO has "justified trust" which is about the ATO obtaining objective evidence that would lead a reasonable person to conclude a particular taxpayer paid the right amount of tax. Those taxpayers who comply with the Guide are more likely to be able to provide a level of "justified trust" to the ATO and therefore maintain/lower their risk rating which in turn will determine the extent of audits/reviews. Recap of the Guide The Guide outlines key principles for tax risk management and governance, separated into board-level controls (BLCs) and management-level controls ((MLCs). These are summarised in the table below.
Board level BLC 1: Formalise tax control framework BLC 2: Roles and procedures are clearly understood BLC 3: The Board is appropriately informed BLC 4: Periodic internal controls testing
Management level MLC 1: Roles and responsibilities are clearly understood MLC 2: Senior management confident of capacity and capability MLC 3: Significant transactions are identified MLC 4: Controls in place for data MLC 5: Record-keeping policies MLC 6: Documented control frameworks MLC 7: Procedures to explain significant differences MLC 8: Complete and accurate tax disclosures MLC 9: Legal and administrative changes
Against each of these key principles, the ATO has developed suggested `better practice' examples of evidence or procedures to demonstrate the presence of controls and their operational effectiveness. The Guide highlights that the ATO intends to apply an evidence-based approach to assessing tax governance. This is a purposeful shift by the ATO away from years of merely encouraging companies from having formalised policies and procedures to a genuine expectation that companies can demonstrate they are operating in practice. New Director's summary The Director's summary within the Guide provides an overview of company directors' responsibilities for tax risk management and governance. It was added to the Guide as a result of feedback requesting a shorter, concise version of the Guide for company directors. It was also developed in response to feedback that advisors were seeing instances where company Directors were sometimes unaware that certain taxation obligations could have personal implications if they were not satisfied. It signals a shift from the ATO in merely seeking copies of board strategy documents and accompanying operating manuals to a more rigorous focus upon corporate taxpayers having a tax control framework based on risk management principles, i.e. which evidences `three lines of defence':
1st line of defence risk owners or management 2nd line of defence risk management or compliance function which `reviews and challenges'
activities and decisions; and 3rd line of defence Board committees and independent assurance functions. The Guide is designed to assist each line of defence by providing information on the ATO's assessment of better practices for tax risk management and governance. The Director's summary notes that the Board of directors should oversee an internal control framework which provides guidance on how all risks, including tax risks, are identified and managed within the business. For businesses headquartered overseas, the ATO expects the Australian-based Board to perform the oversight role in respect of Australian tax risks.
Increased public transparency around a company's tax affairs continues to remain important. In this respect, the ATO indicate that a public statement prepared in accordance with the Board of Taxation's Voluntary Tax Transparency Code will cover many of the ATO's intended focus areas and can be used to demonstrate the operational effectiveness of the tax governance framework. Any public statement, must, however, be supported by evidence, which is where the self-assessment procedures come into play. New self-assessment procedures The ATO has updated the Guide to include new self-assessment procedures for use by:
ATO Client Engagement teams when they undertake tax governance reviews (for example, as part of a pre-compliance review or risk review);
Large corporates (management or internal audit or external advisers) when self-assessing their tax risk management and governance compared against the `best practices' outlined in the Guide; and
Professional firms engaged by entities to perform an agreed-upon procedures review of a tax risk management and governance framework as part of an external audit.
This new section of the Guide seeks to provide stakeholders with a clear expectation of the ATO's approach to governance and highlights the types of questions the ATO may ask in a review of tax risk management and governance. At the Board level, these may include:
Evidence of the existence of a formal tax strategy document, the date it was endorsed by the board and the frequency of review.
Evidence of board oversight of tax risk management, including the frequency at which the board considers tax risk management strategy updates and briefings provided by management and who provides the Board with assistance on tax risk management issues.
Existence of an induction program for new directors, including briefings relating to key accounting and tax issues.
Evidence of briefings by management to the Board on the effective tax rate of the business. The use of tax-risk registers tabled by management to the Board, and documented processes for
escalating issues to the Board and seeking external advice on relevant risks and/or rulings from the ATO. Testing plans prepared by management to determine the effectiveness of their internal control framework, and evidence that the board has reviewed the results of such testing. At the management level, focus areas include, among others, documented roles and responsibilities for tax compliance and risk management, clearly identified key controls (including for IT), assurance reviews of the tax control framework, staff training on tax-related topics, policies for significant tax transactions and risk identification processes, documented record-keeping policy and process for dealing with legislative and administrative changes.
Our recommended approach
PwC has been heavily involved in the consultation process regarding both the original formulation of the Guide and in designing and testing tax governance frameworks, including tax operational controls. By applying our three-step approach you can provide senior management and the Board with a clear way forward in addressing ATO expectations.
For a deeper discussion of how these issues might affect your business, please contact:
Ronen Vexler, Sydney +61 (2) 8266 0320 firstname.lastname@example.org
Robert Gallo, Melbourne +61 (3) 8603 1494 email@example.com
Paul McCartin, Melbourne +61 (3) 8603 5609 firstname.lastname@example.org
Sasha Gradnig, Melbourne +61 (3) 8603 0761 email@example.com
James May, Sydney +61 (2) 8266 2326 firstname.lastname@example.org
2017 PricewaterhouseCoopers. All rights reserved. In this document, "PwC" refers to PricewaterhouseCoopers a partnership formed in Australia, which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity. This publication is a general summary. It is not legal or tax advice. Readers should not act on the basis of this publication before obtaining professional advice. PricewaterhouseCoopers is not licensed to provide financial product advice under the Corporations Act 2001 (Cth). Taxation is only one of the matters that you need to consider when making a decision on a financial product. You should consider taking advice from the holder of an Australian Financial Services License before making a decision on a financial product.
Liability limited by a scheme approved under Professional Standards Legislation. PwC