tax administration diagnostic assessment tool …€¦ · identification, assessment,...
TRANSCRIPT
Tax Administration Diagnostic Assessment Tool
MODULE 4: EFFECTIVE RISK MANAGEMENT
Desired Outcome of POA 2The risk to revenue and tax administration operations are identified and managed effectively.
BackgroundTax administrations face numerous risks that could adversely affect revenue and tax operations.
Risk management is thus essential for effective tax administration. It plays a key part in shaping how resources are used by the tax administration to maximize its goals effectively.
Risks must be managed effectively in a structured approach to identifying, assessing, prioritizingand mitigating risks.
These risks include:
• Compliance risks, where revenue may be lost if businesses and individuals fail to meet their obligations as taxpayers (registering, filing, making payments and reporting accurately).
• Institutional risks, where the tax administration functions may be interrupted or jeopardized due to internal or external factors.
International good practices
in COMPLIANCE
RISK MANAGEMENT
Structured and multi-
year approach to compliance
risks
Identification, assessment,
quantification and
prioritization of risks
Compliance risks structured around
taxpayer segments, taxpayer
obligations and core taxes
Intelligence gathering and
research to identify
compliance levels and risks- Analysis of tax
audits and declarations- Analysis of
environmental scanning
Third party information
from a variety of sources
- Tax gap analysis - Studies into
hidden activities- Studies of
taxpayer attitude towards taxes
Compliance improvement programs and risk mitigation
strategies
Evaluation of effectiveness of major mitigation
activities as feedback for
future planning
International good practices in INSTITUTIONAL
RISK MANAGEMENT
A risk register with a framework of
problems threatening
business continuity A plan for
continuity of tax operations in the event of disaster
Assessment of likelihood and
consequences of natural disasters
or man-made calamities
Outline of steps in the event of disaster to
maintain business continuity
Staff training in disaster recovery
procedures
Preventive measures and
internal controls to protect tax
administration systems from fraud
and error (POA9)
Effective internal and external
oversight to detect and deter
undesirable events (POA 9)
Performance Indicators for Effective Risk Management
P2-3: Identification, assessment,
ranking, and quantification of compliance risks
M1
The extent of intelligence
gathering and research to
identify compliance risks
The process used to assess, rank,
and quantify compliance risks.
P2-4: Mitigation of risks through compliance
improvement program
M1
The degree to which risks are
mitigated through a
compliance improvement
program.
P2-5: Monitoring
and evaluation of compliance risk mitigation
activities.M1
The process to monitor and evaluate the
impact of compliance risk
mitigation activities.
P2-6: Identification, assessment,
and mitigation of institutional
risks.M1
The process used to identify, assess, and
mitigate institutional risks.
High Level Indicators
Dimensions
Scoring P2-3-1: Identification of risks through intelligence gathering and research
A
Intelligence gathering and research for
understanding compliance level
and current/emerging
risks
Analysis of environmental
scanning as part of multi-year strategic
planning
Analysis of third party
informationfrom a range of external
sources
External studies into
taxpayer behavior and
attitude to compliance
Internal research into
hidden activities of businesses
Tax compliance gap studies
Research on topical
compliance issues; e.g.,
transfer pricing, HWIs
Analysis of audit results
and tax declarations
Scoring P2-3-1: Identification of risks through intelligence gathering and research
B
Intelligence gathering and research for
understanding compliance level
and current/emerging
risks
Analysis of environmental
scanning as part of multi-year strategic
planning
Analysis of third party
informationfrom a range of external
sources
External studies into
taxpayer behavior and
attitude to compliance
Research into hidden
activities of businesses
Tax compliance gap studies
Research on topical
compliance issues; e.g.,
transfer pricing, HWIs
Analysis of audit results
and tax declarations
Scoring P2-3-1: Identification of risks through intelligence gathering and research
C
Limited use of intelligence
gathering and research for
understanding compliance level
and risks
Analysis of environmental
scanning as part of multi-year strategic
planning
Less comprehensive analysis of third
party informationfrom a range of
external sources
Limited or no external studies
into taxpayer behavior and
attitude to compliance
Internal research into
hidden activities of businesses
Less comprehensive
use of compliance gap studies
Limited or no research on
topical compliance issues; e.g.,
transfer pricing, HWIs
Analysis of audit results
and tax declarations
Scoring P2-3-2: Assessing, Ranking and Quantification of Risks
A• A structured risk
assessment process based on good practice in place.
• Assesses and prioritizes risks for all core taxes, main taxpayer segments and taxpayer obligations.
• The process is part of a multi-year strategic process
B• A structured risk
assessment process based on good practice is in place.
• Assesses and prioritizes risks for all core taxes, main taxpayer segments and taxpayer obligations
• The process is linked to the annualbusiness planning BUT NOT part of a multi-year strategic plan
C• A LESS structured
risk assessment process is in place.
• Assesses and prioritizes risks for all core taxes and four main taxpayer obligations.
D• The requirements
for a ‘C’ rating or higher are not met.
A
Compliance improvement
program is fully resourced and
progress monitored
monthly
Documented compliance
improvement program covers
all identified high risks
Compliance program covers
all core taxes
Compliance program covers
the four main taxpayer
obligations
Compliance program covers
the key taxpayer
segments
Scoring P2-4: Mitigation of risks through compliance improvement programs
B
Compliance improvement
program is fully resourced and
progress monitored
monthly
Documented compliance
improvement program covers
all identified high risks
Compliance program covers
all core taxes
Compliance program covers
the four main taxpayer
obligations
Compliance program covers the risks in the large taxpayer
segment
Scoring P2-4: Mitigation of risks through compliance improvement programs
C
Compliance improvement
program MAY NOT be fully resourced
and progress monitored every
three months
Documented compliance
improvement program covers identified high
risks
Compliance program MAY NOT covers all
core taxes
Compliance program MAY NOT
covers the all four main
taxpayer obligations
Compliance program MAY NOT covers all
taxpayer segments
Scoring P2-4: Mitigation of risks through compliance improvement programs
A
Risk Management Committee at the senior management level plays
an active role in approving risk
mitigation strategies
Risk Management Committee monitors
progress with implementation of
mitigation activities
Evaluation of the effectiveness of ALL
approved compliance risk mitigation activities are documented
Senior management reviews the evaluation
Scoring P2-5: Monitoring and evaluating impact of risk mitigation activities
B
Risk Management Committee at the senior management level plays
an active role in approving risk
mitigation strategies
Risk Management Committee monitors
progress with implementation of
mitigation activities
Evaluation of the effectiveness of AT
LEAST HALF of approved compliance
risk mitigation activities are documented
Senior management reviews the evaluation
Scoring P2-5: Monitoring and evaluating impact of risk mitigation activities
C
Risk Management Committee at the senior
management level approves risk
management strategies on AD HOC BASIS
Risk Management Committee monitors
progress with implementation of
mitigation activitiesON AD HOC BASIS
Evaluation of the effectiveness of
approved compliance risk mitigation activities are documented ON AN
AD HOC BASIS
Senior management reviews the
evaluation ON AN AD HOC BASIS
Scoring P2-5: Monitoring and evaluating impact of risk mitigation activities
Scoring P2-6: Identification, assessment and mitigation of institutional risks
A
Structured process is applied annually to identify, assess and
mitigate institutional risks across the whole organization
A documented institutional risk
register is in place
A business continuity plan exists to mitigate
risks and this is reviewed annually
Staff are trained in disaster recovery
procedures
Scoring P2-6: Identification, assessment and mitigation of institutional risks
B
Structured process is applied every two years to identify,
assess and mitigate institutional risks across the
whole organization
A documented institutional risk
register is in place
A business continuity plan exists to mitigate
risks and this is reviewed every two
years
Staff are trained in disaster recovery
procedures
Scoring P2-6: Identification, assessment and mitigation of institutional risks
C
Structured process is in place to identify, assess and
mitigate risks associated with the IT system
A documented institutional risk
register is in place
A business continuity plan exists to mitigate
risks and this is reviewed every two
years
Staff are trained in disaster recovery
procedures
Table 8 of the Field
Guide
Checklist of Questions and Evidence for POA 2