«A report to the Assistant Treasurer Inspector-General of Taxation October 2013 Review into aspects of the Australian Taxation Office’s use of ...»
The first three factors (Complexity, Boundary and Change) are ‘inherent’ factors i.e. in themselves they create risks while the second three factors (Governance, Tax Strategy and Delivery) are the behaviours through which these inherent risks might be managed. A customer may have inherent factors that potentially create major tax compliance risk, but they can still be Low Risk if they effectively manage these inherent risks through their behaviours. This is not purely theoretical. There are already a number of highly complex Large Business customers who we have identified as Low Risk.
HM Revenue & Customs, TCRM3310 - The Business Risk Review (BRR): Business Risk Review indicators: General (undated) http://www.hmrc.gov.uk.
The ‘contribution’ factor is a reality check before agreeing the overall risk status. In other words, if all other indicators suggest a customer is Low Risk but the customer’s tax/duty contribution is lower than expected, we would want to know the reason for this before agreeing Low Risk status overall.253
3.242 The ATO’s template considers similar, but not identical, risk factors to those in the HMRC manual. For example, the ATO template considers the taxpayer’s organisational structure which is analogous to the ‘complexity’ factor in the HMRC manual. Similarly, the ATO’s consideration of tax risk management and governance corresponds to some aspects of the ‘governance’ factor in the HMRC manual.
3.243 Unlike the HMRC manual, however, the ATO template does not explicitly make a distinction between risk factors that are ‘inherent’ and those that are ‘behavioural’. This demonstrates that risk-based approaches can differ as between revenue authorities. As highlighted in Chapter 2, risk management continues to be an evolving discipline in this area.
3.244 The IGT believes that consideration of specific ‘tax risks’ and ‘organisational structure’ are largely ‘inherent risk factors’. The IGT notes that not all inherent risk factors in the template have a risk hypothesis associated with them. It is the IGT’s view that all inherent risk factors should indicate the risk hypothesis that it is purported to test. Such hypotheses may assist in guiding further specific ATO inquiries.
3.245 Identifying inherent risk factors and addressing them through risk hypotheses should assist in framing the ATO’s concerns to the taxpayer. For example, where the ATO has concerns regarding inherent risk factors, such as the taxpayer undertaking transactions in a complex area of law, the nature of the dialogue between the ATO and taxpayer can focus on the technical merits of the taxpayer position and the relative ‘interpretation risk’ associated with each parties’ positions.
3.246 ‘Behavioural risk factors’, on the other hand are covered more by the tax risk management and governance section of the template. Where the taxpayer has good tax risk management and governance in place, there may be minimal behavioural risks but there may be inherent risks at play, for example specific transaction(s) of the taxpayer that cause concern for the ATO.
3.247 By specifically addressing the two different types of risk factors noted above, the ATO is better able to present those behavioural risks that taxpayers can address directly such as improving tax risk management and governance and the inherent risk factors which the taxpayer has little ability to change but may be able to monitor or mitigate.
3.248 Accordingly, the ATO should make a clearer distinction between inherent risk factors and behavioural risk factors in the template and other ATO guidance material.
This distinction should flow through to subsequent communication to the taxpayer, thereby enabling the ATO to clearly articulate the prima facie risks and to identify potential risk mitigation strategies or information that may assist in reducing those risks.
3.249 The IGT also notes that a similar distinction is also adopted by other regulators, with the Australian Prudential Regulation Authority separately considering ‘inherent risk’ and ‘management and control’ when calculating ‘net risk’.254 RECOMMENDATION 3.7 The IGT recommends that the ATO update its LB&I RDF categorisation template along with
internal and external communications to be consistent with the following principles:
The ATO agrees with the proposed recommendation for the management of higher consequence taxpayers, where the behavioural and inherent factors noted by the IGT should be known to the ATO due to the nature of the relationship model we have with higher consequence taxpayers. For lower consequence taxpayers the information needed to form an informed professional judgement on many of the behavioural factors will generally not be known at the time of case selection due to the infrequency of interaction.
Risk filters, risk managers and risk owners 3.250 Whilst risk filters are applied to all large business taxpayer returns, higher consequence taxpayers also use qualitative input from the risk categorisation template.
Risk assessment for lower consequence taxpayers are mainly reliant on the risk-filtering system to generate avenues of enquiry or concern which may eventuate into risk reviews for taxpayers.
3.251 In relatively recent ATO documentation considered by the IGT, it appears that the risk filters or the related processes are acknowledged to be less effective at
identifying case work:
Australian Prudential Regulation Authority, Probability and Impact Rating System (June 2012) http://www.apra.gov.au.
3.252 The ATO documents also highlight the significant effort risk managers are expending to filter out potential cases for risk review. The risk filters are producing considerable numbers of ‘false positives’, which require further risk manager intervention to reassess cases either on the basis of materiality, data mismatches, or risk hypotheses which have already been addressed by previous compliance activity for that taxpayer.256
3.253 The ATO documents also noted that the ability to detect some risks was limited due to the nature of the income tax return labels. It envisages improved risk detection with the introduction of the new international dealings schedule (IDS).257
3.254 Furthermore, ATO documents indicate the need for better interaction between the risk managers (who identify the risk and recommend the cases) and the compliance
teams (who conduct risk reviews to confirm the existence of the risk). For example:
• compliance teams need to consult risk managers when closing a case as an early exit (that is, the compliance teams consider no risk exists before the case commences);258 and
• risk managers could better collaborate with compliance teams in the conduct of cases by helping them to ‘ask the right question’ of the taxpayer but are subject to resource constraints.259
3.255 The IGT considers that the false positives generated by the risk filters could be
attributed to a number of factors:
• risk filters themselves do not accurately discriminate between ‘compliant’ and ‘non-compliant’ taxpayers;
• taxpayers in this market segment have increased their general level of compliance, such that any chance of selecting a ‘non-compliant’ taxpayer has diminished significantly; and
• taxpayers are aware of how risk filters work and ensure they correctly report in those areas subject to the risk filters.
3.256 Considering the importance of the risk filters in identifying potential risks for lower consequence taxpayers and the opportunity costs associated with risk managers regularly reassessing the output of risk filters, the ATO should consider improvements to the risk identification and management systems including the role of risk managers and their relationship with compliance teams.
Australian Taxation Office, Case Selection Sub-Committee Workshop Minutes, June 2012, p 4.
Australian Taxation Office, Case Selection Sub-Committee Workshop Documents, 15 June 2012, p 12.
3.257 Furthermore, since risk managers are responsible for developing risk filters, risk hypotheses and risk recommendations, they are an important source of information in better designing compliance activity in the lower consequence market.
The ATO should ensure these risk managers are adequately skilled and supported to carry out their role. There should also be, on an ongoing basis, a mutual obligation of risk officers to engage with the compliance teams to better identify potential risks or required information access improvements.
3.258 During the course of the IGT review, the ATO commenced an ‘LB&I improvement program’, which amongst other things, seeks to address the above
concerns to some extent. For example, efforts are being made to ensure that:
• risk managers are given meaningful feedback from the compliance teams to refine their risk identification process; and
• compliance teams ‘understand the genesis of their work and apply the correct risk lens when undertaking their work’.260
(a) better identifying potential risk hypotheses through closer working relationships between risk managers and operations teams on an ongoing basis;
(b) capture better input data through the income tax return and its associated schedules; and (c) refine or remove inappropriate risk filters.
STAKEHOLDER CONCERN — FORMAL NOTIFICATION OF RISK CATEGORISATIONRDF notification letter
3.259 A significant concern arising from the large business market segment were the RDF notification letters sent by the ATO to the CEOs of higher consequence taxpayers and the due process underpinning them. It is important to note the dynamic in relation to large business taxpayers. These taxpayers often have appointed tax managers, some who work solely on tax, or as part of a broader suite of responsibilities.
3.260 Despite the ATO’s stated intention that the RDF notification letter is not a ‘report card on performance261‘, tax managers representing higher consequence taxpayers have indicated that the letter, including the tone of the letter and the manner Australian Taxation Office, LB&I Business Improvement Program, 19 June 2013, internal document.
in which it is sent, may give the appearance of a de-facto ATO report on their view of the tax manager’s performance to the CEO.
3.261 Of particular concern is the fact that tax managers feel they have little involvement in checking the accuracy of the ATO’s notification letter. The letter has implications for the tax managers personally as well as the taxpayer organisation as it is sent directly to the CEO. However, tax managers feel it was incumbent on the ATO to ensure that they are adequately consulted about the contents of the letter. They believe that errors and inaccuracies served to undermine the credibility of the ATO as well when the letters are poorly considered. Once the letter goes to the board, tax managers have little right of redress, despite their willingness to provide information to address concerns raised in the letters.
3.262 Furthermore, it was observed by stakeholders that although the risk rating process took into account both quantitative and qualitative information, it appears that more weight was given to, and subsequent discussions centred upon, the qualitative aspects. It was perceived that much of this qualitative information was created by the audit teams directly. The implication being that a taxpayer’s attempt to challenge the qualitative information is effectively challenging the audit team. This may create conflict where either the qualitative information is not independently reviewed or is selectively ignored by audit staff.
3.263 Stakeholders also highlighted the need for the ATO to provide more information, in addition to the letter, about the reasons for specific risks or concerns.
The benefits of taking such an approach are that the taxpayer may better understand the nature of the concerns in addressing these.
3.264 Certain stakeholders have also raised delays in issuing these letters, with some taxpayers indicating that they have not received them at all despite ATO senior management’s intentions.
3.265 An ATO internal audit also analysed a sample of RDF notification letters to determine the average duration between the moderation panel process and the issuance of the RDF letters. The sample identified an average of 188 days, indicating that delays in issuing the letters would reduce their impact as a taxpayer engagement tool. The internal audit anticipated that such delays would improve as a result of shifting the letter notification process from a project to a business-as-usual process. It also recommended reviewing the internal letter approval process to remove non-essential steps and aligning it with ‘other natural events during client engagement’.262 IGT observations 3.266 As a consequence of the IGT’s LB&I Review263, there have been some improvements to the structure, content and manner of the delivery of the notification letter. There is, however, further room for improvement given the level of stakeholder concern raised in this current review.
ATO Internal Audit Communications Update 14/05/2013 page 7.
IGT, above n 122, paras [4.35]-[4.36].