For over a decade, the Australian Taxation Office (ATO) has been focused on ensuring that taxpayers have processes and controls in place so that tax risk is appropriately managed within a company.
In recent times, the ATO has increasingly sought to test the quality of tax risk management and governance frameworks within companies to inform its risk profiling across the public and private companies market. As a consequence, taxpayers should expect that questions focused on the management of tax risk will appear during ATO pre-lodgment compliance risk reviews, risk reviews and audits as a means of risk profiling and determining the intensity of the ATO interaction. However, until now, despite this risk profiling focus the ATO has not published detailed guidance material to allow taxpayers to assess whether their frameworks meet ATO expectations.
On 20 July 2015, the ATO released its ‘Tax Risk Management and Governance Review Guide’, (the Guide) formalising its views on tax governance and tax internal controls. The Guide prescribes standards regarding the design, endorsement, implementation and ongoing testing of tax internal controls and covers all taxes administered by the Commissioner. The ATO expects the results of tax internal controls reviews to be reported to a company’s Board as evidence of their effectiveness and to be able to demonstrate good corporate governance to the ATO, who will expect to see such evidence in return for increased certainty regarding an organisation's overall tax position.
Historically, PwC recommended that the ATO publish further guidance on this topic for the benefit of its review and audit teams but also the wider taxpaying community. As a consequence, PwC has been a key member of the consultative group which assisted the ATO in formulating the principles set out in the Guide and has a good understanding of the ATO’s plans with regard to applying the Guide in practice.
The release of the Guide signals the importance the ATO places on the ownership of tax governance at the Board level, through endorsement not only of the tax governance framework but now also of specific tax internal controls in place to effectively manage tax risk. The Guide highlights that tax risk is not limited to technical or financial statement risk, but is a reference to systemic tax risk. It focuses on the risks people, roles and responsibility clarity, as well as information technology, data and document retention. The Guide also makes it clear that the ATO expect evidence of continuous monitoring and testing of controls and processes at an operational level, with assurance provided, ideally by independent bodies.
The Guide represents an opportunity for taxpayers to take active steps to lower their risk profile in the eyes of the ATO. As such it presents an opportunity for taxpayers to review their existing frameworks against the Guide, particularly in an environment where the ATO will increasingly seek to test tax risk governance controls.
In terms of applying the Guide to day-to-day operations, there are a number of actions which can be taken now to ensure you are in the best possible position if the ATO requests evidence of the robustness of your tax governance framework and the operating effectiveness of your underlying tax internal controls.
We recommend that a company take a proactive approach to alerting the Board to the requirements set out in the Guide, particularly regarding sign-off of tax controls and the form of assurance required by the Board. We also recommend that a company review and document its current tax internal controls and develop a program for testing and improvement. Finally, it is suggested that you consider engaging with your internal audit team or an independent party to discuss how tax could be incorporated into their ongoing internal controls review programs.