«A report to the Assistant Treasurer Inspector-General of Taxation October 2013 Review into aspects of the Australian Taxation Office’s use of ...»
2.70 A risk-based approach to compliance activity is often contrasted with random selection.67 While random selection is useful for gathering compliance information, and presents a ‘fair selection strategy’ — in that a given population of taxpayers have the same chance of being selected — it does have a drawback of presenting a high
opportunity cost.68 The World Bank notes:
Cases selected for audit by methods focused on high-risk taxpayers or even by manual screening are likely to raise higher revenue than cases selected randomly (even with stratification). As a result, random audits have a low impact on direct generation of revenue and, arguably, on deterrence of non-compliance.69
2.71 The risk-based approach, therefore, may be viewed as a way of managing the
opportunity costs associated with limited resources:
2.72 It should also be noted that the adoption of a risk-based approach to resource allocation is well founded in the origins of the administrative law notion of the ‘good-management rule’. This rule acknowledges that, whilst the Commissioner must administer the tax law and ensure the correct amount of tax is collected, it has finite
resources with which to do this:
Having regard to the competing duties and powers that arise under the taxation laws, the courts have acknowledged that the Commissioner must make administrative decisions as to the allocation of scarce resources to achieve an optimal, though not necessarily the maximum, revenue collection. This ensures that the Commissioner is not obliged, for example, to pursue every last cent of revenue where the cost of doing so is prohibitive.71
2.73 Section 44 of the Financial Management and Accountability Act 1997 (FMA Act) also imposes a general obligation on the Commissioner to ‘manage the affairs of the [ATO] in a way that promotes proper use of the Commonwealth resources for which the [Commissioner] is responsible’.72 Section 16 of the Public Governance, Performance and Accountability Act 2013 (which is anticipated to effectively replace the FMA Act from 1 July 2014) imposes a new specific duty for the Commissioner to establish and maintain an appropriate system of risk oversight and management.73
2.74 However, another important reason for the risk-based approach is to seek to reduce the compliance burden on low-risk or compliant taxpayers. The use of random World Bank, Risk-based tax audits: approaches and country experiences (2011) p 18.
Michael D’Ascenzo, ‘Commissioner’s perspective on audit programs’, (Speech delivered at the Taxation Institute of Australia’s Lecture Series on Tax Audits, Sydney, 10 October 1990).
Bruce Quigley, ‘The Commissioner’s power of general administration: How far can he go?’, (Speech delivered at the Taxation Institute of Australia’s Convention, Sydney, 12 March 2009).
Financial Management and Accountability Act 1997 s 44.
Australian Government Solicitor, Bill introduces new governance, performance and accountability framework for Commonwealth bodies (28 June 2013) http://www.ags.gov.au.
selection methods inevitably means that some compliant taxpayers will be audited. In responding to the recommendation by the Joint Committee of Public Accounts and Audit (JCPAA) that the ATO report on a mechanism to estimate the GST gap, the ATO said:74 Not only would [a random audit program] consume large amounts of Tax Office resources that could otherwise be targeted at substantive compliance risks, it would place a significant additional burden on compliant taxpayers who otherwise would not need to incur audit-related costs.
2.75 A risk-based approach, therefore, is also considered to have a twin virtue of excluding likely compliant taxpayers from unnecessary interactions, while focusing ATO attention and resources on higher-risk taxpayers or populations. As an example, the ATO regards its small business benchmarks as a tool to, not only identify 76,000 small businesses likely to attract ATO attention, but also to exclude 800,000 businesses who it regards as ‘likely to be competing on a level playing field with their peers’.75
2.76 The risk management approach not only means the ATO is selective as to which taxpayer it audits. It also means that the ATO takes a variety of approaches
depending on the taxpayer’s situation. The ATO has said:
… if you are in a lower risk category, our help and support services assist you to comply and the lower intensity of our compliance activities reduces compliance costs.76
2.77 In its 2008–09 Compliance Program, the ATO highlighted the relationship between the level of risk, the intensity of verification activity and the numbers of
taxpayers involved. The ATO states that:
When risks are identified, our contact with people depends on the nature and complexity of the risk. But it typically starts with letters and phone calls seeking more information or clarification, and extends to field visits and audits where required. Risk profiling is as much about identifying individuals or businesses that represent little or no risk to the tax and superannuation systems, as it is about identifying non-compliance.77
2.78 This risk management differentiation approach ensures the intensity of the compliance activity is commensurate with the risk. The approach also reduces the taxpayer population it seeks to interact with as risk increases. This is shown
diagrammatically in Figure 5 below:
Australian Taxation Office, Response to Joint Committee of Public Accounts and Audit, Recommendation 5 of Report 398 —Review of Auditor-General’s Reports 2002-2003 Fourth Quarter March 2004(undated) http://www.aph.gov.au.
ATO, above n 33, p 28.
Figure 5: Differentiation in intensity and visibility of ATO verification activities Source: ATO, Compliance Program 2008-09, page 8.
2.80 Therefore, where there is a level of uncertainty as to the correctness of a taxpayer’s tax return, the ATO may not necessarily conduct a full audit to verify it.
Rather, the ATO may use information gathering approaches which are less formal, intense and costly to ensure returns are correctly lodged. These may include telephone enquiry, letters requesting an explanation or substantiation for a particular item in the tax return, or more comprehensive risk review interactions. In some circumstances, where the level of risk is considered low, the ATO may take no further action despite the existence of such uncertainty. Where ATO perceptions of risk persist, the above figure highlights the ATO’s ability to escalate its verification activities.
Risks associated with taxpayer compliance costs
2.81 The ATO’s Wheel of Risk in Figure 2 above shows that there are several risk categories that are related to taxpayer compliance with tax laws. In addition to taxpayer compliance risks, the ATO also recognises risks in relation to ‘Client
Experience’, such as compliance costs. These risks include:
• failure to manage and reduce the cost of compliance to taxpayers within agreed tolerances (excluding large business); and IGT, above n 50, para [2.5].
• failure to manage the cost of compliance for large business at appropriate levels.79
2.82 The importance of minimising the level of costs incurred by taxpayers in complying with the law is vital. These costs include those imposed on intermediaries such as advisors. The cost of compliance can take various forms. For example, it may
include time and expense in relation to:
• completing forms such as income tax returns or business activity statements;
• establishing and maintaining record keeping systems;
2.83 At the time of this report, the ATO was undertaking a review of the ‘Cost of Compliance’ enterprise risk.81
2.84 The risks associated with increasing compliance costs are of particular interest to the IGT as a number of recommendations in previous IGT reviews were directed at minimising taxpayer compliance costs. These recommendations are in Appendix 5.
2.85 Figure 5 above highlights the ATO’s attempt to minimise taxpayer compliance costs by escalating compliance activities according to their risk.
2.86 In summary, the ATO risk management approach to taxpayer compliance:
• consists of a range of strategies to deter, detect and deal with taxpayer non-compliance;
• seeks to foster voluntary compliance where possible;
• includes the ATO understanding and influencing of taxpayer behaviour, including choosing appropriate sanctions to deal with non-compliance depending on the taxpayer’s circumstances;
• with respect to detection, requires the ATO to make choices as to which taxpayers will be the subject of inquiry;
• seeks to minimise taxpayer compliance costs by taking a graduated and differentiated approach to its inquiries and escalating them where risks persist; and
• means undertaking audits for the areas of highest risk.
The ATO was reviewing this enterprise risk during the IGT review.
Philip Lignier and Chris Evans, ‘The rise and rise of tax compliance costs for the small business sector in Australia’ (2012) 27(3) Australian Tax Forum 615-672, p 634.
Australian Taxation Office, Strategic Intelligence Product Tasking Plan - Cost of compliance, 10 October 2012.
HOW THE ATO ASSESSES RISK2.88 The ATO uses a range of methods to apply differentiated compliance risk and verification strategies. This report refers to these strategies as ‘compliance risk assessment tools’. To address the diverse nature of the taxpayer population, the ATO uses specific tools for each taxpayer segment to ensure the most appropriate approach is taken. Appendix 6 illustrates the variety of the tools the ATO uses for various market segments.
2.89 The ATO’s Corporate Management Practice Statement PS CM 2003/02 Risk and issues management outlines various roles and responsibilities with respect to risk management. One of them is the requirement to apply the risk management process in accordance with CMPI 2003/02/02 ATO risk matrices. This instruction specifically mandates the use of matrices which assess the combination of a risk event’s likelihood and the consequences of the risk event happening. It should be noted that the likelihood/consequence table is a method derived from the International Standard ISO 31010 — Risk assessment techniques.82 One example of an ATO risk matrix is shown below.83
2.90 In making a risk assessment the ATO seeks to establish the two key criteria of likelihood and consequence. Each criterion is addressed in more detail in the next sections.
2.91 The likelihood of a given risk is estimated by the ATO using various techniques. The ATO’s Risk Matrices (CMPI 2003/02/02) offers some guidance on estimating likelihood in a rating-based framework. The table in this document is
reproduced in Table 3 below:
Known as a consequence/probability matrix. See International Organization for Standardization, ISO 31010 Risk management – risk assessment techniques (2009) p 82 and para [B.29].
It should be noted that this is a simple example for illustrative purposes. Risks registered in the ERM must be assessed using the more sophisticated ‘enterprise level risk matrix’ reproduced in Appendix 7.
2.92 The consequence from a given risk arising is also estimated through various techniques depending on the nature of the risk. For tax compliance, this is often through financial analysis. In the case of a tax deduction under review, this would include the amount actually being claimed by the taxpayer and the reduction in tax payable as a result. If the amount claimed is significant, then the consequence is prima facie higher.
2.93 There may be other circumstances where an amount at risk is relatively low, but the consequence may still be considered higher if the taxpayer is considered influential in the market place.84 Additionally, a particular taxpayer in a select population may represent a low risk to the revenue (due to the amount of the revenue at risk), but the risk may have high cumulative effects, in that the entire select population represents, in aggregate, a large amount of revenue at risk.85 It should be noted, however, that the ATO considers this type of cumulative effect in the likelihood part of the risk assessment, as seen in the ‘issue frequency guide’ column in Table 3 above.
2.94 This approach, with respect to the cash economy, is supported by the OECD
Forum on Tax Administration:
For many participants the amounts of tax involved are relatively small; however, given the large numbers involved, the aggregate tax revenue at stake is sizeable.86 Michael D’Ascenzo, ‘Do you see what I see?’, (Speech delivered at the 22nd Australasian Tax Teachers Association Conference, Sydney, 22 January 2010) International Organization for Standardization, ISO 31010 Risk management – risk assessment techniques (2009), p 82 and para [5.3.3].
Forum on Tax Administration Compliance Sub-group, Organisation for Economic Co-operation and Development, Information Note - Reducing opportunities for tax non-compliance in the underground economy (2012) p 2.
2.95 It is one reason why the ATO directs significant compliance resources toward addressing the cash economy. Community confidence is also another reason why addressing the cash economy is so important. The risk posed by the cash economy is
described in the Enterprise Risk Framework as:
Failure to identify and respond to major threats posed by the cash economy which have the potential to undermine community confidence in the integrity of the system.87