Everyone knows that tax risk management is an important part of any risk management framework. However, times are rapidly changing; tax risks are increasing, and so are consequences for getting it wrong. It is an important time to ensure that your tax risk management practices are up to date and are being effectively implemented across your organisation. Our checklist below will help test your fitness.
The heightened tax risk environment
So why has the tax risk environment changed? The combined effects of the Global Financial Crisis (GFC), globalisation and technology have had a significant impact in recent years. The GFC has left many countries with large budget deficits that must be funded. This has in turn driven Governments, and the public, to put aside accepted practice and to simply ask “who isn’t paying their fair share?”
The OECD has leapt into unprecedented action with its Base Erosion and Profit Shifting (BEPS) initiative which seeks to rally all member nations to unite to stamp out corporate tax avoidance. Governments have launched enquires, such as the US Senate’s Hearing into Apple’s tax affairs (May 2013), and the UK’s House of Commons Committee of Public Accounts grilling (November 2012) of Amazon, Google and Starbucks executives in relation to whether those corporations are “paying their fair share”. Many of these corporations had endorsement (through Binding Rulings or Advanced Pricing Agreements) from the very Governments that now question their tax positions.
The New Zealand Government faced its own budget deficits, and is looking to increased tax revenue to solve the problem. In budget 2010, and again in budget 2012, the Government allocated an additional $119.3 million and $78.4 million, respectively, to fund IRD audits. The success of IRD’s audit activities is apparent from the Revenue Minister’s announcement in May 2013 that the Government had received $6.60 for every $1 dollar invested in funding IRD audits.
Risk of IRD audit
Consistent with our these developments, we are seeing increased risk review and audit activity from IRD across a wide range of clients.
IRD’s approach to risk identification is evolving. They now collect large data sets from third parties (such as TradeMe and Land Information New Zealand), from overseas tax authorities and from corporations themselves, through Business Compliance Package (BCP) requests, questionnaires and other risk review activity. Sophisticated analytics software, and complex algorithms are beginning to be used to identify and target risk more accurately.
When IRD gets to the stage of an audit they now probe deeper; they routinely request internal documentation that many would consider confidential, such as Board papers, internal emails, file notes and other internal communications. IRD expect to be able to view contemporaneous documents that support the commercial rationale for major transactions, or restructures, and if the commercial rationale is not clear, questions of tax avoidance are likely to arise.
Brand and reputation risk
The level of tax paid by corporations is now a topic for the masses. We see frequent news headlines and consumer lobby group campaigns targeting corporations due to perceptions (or misperceptions) about their tax profile. Who would have ever thought we would see the day our teenagers would care about corporate taxes; but boy-band One Direction recently urged their fans to lobby against corporate tax avoidance.
This public concern has spawned a new age of brand and reputation vulnerability. Corporations should be considering how they manage the public perception of their tax profile through appropriate governance practices.
Corporate Governance expectations
IRD now expect tax to be a key component of any corporations risk framework and corporate governance practices. The Commissioner of IRD declares this clearly in her “Compliance Focus 2013-14” which sets out IRD’s compliance objectives for the year ahead.
We have seen IRD review and test tax corporate governance practices as part of its risk review processes. Where the governance practices are robust we have seen IRD lower the corporations tax risk rating which directly affects the level enquiry undertaken by IRD in respect of that corporation.
Where governance practices don’t exist, or are poor, you can expect a deeper level of enquiry.
IRD now publishes its ten ‘red flags’ for multi-national enterprises in its 2013-14 Compliance Focus document. The red flags indicate the factors IRD will consider when establishing the tax risk profile of a corporation (and will influence IRD audit selection). Therefore, the red flags should form a key component of a corporation’s tax risk identification processes.
How well is tax risk managed in your organisation?
To gauge whether your organisation is adequately managing its tax risks, consider the following questions:
- Is there a clear, Board mandated, tax corporate governance, or tax risk, policy?
- What is the organisations appetite for risk? Is this appetite for risk known through-out the organisation, and are you policies consistent with it?
- Is there a process for identifying, reporting (to the CFO and the Board), and treating tax risks?
- Are there document management policies to capture contemporaneous documents that support the rationale for major transactions?
- Are there policies for managing documents subject to legal professional privilege or non-disclosure right?
- Who is responsible for signing-off tax positions, and what are the thresholds for routine versus significant transactions?
- Do personnel know what to do, who to contact, what to provide (or not) when the IRD auditors come knocking?
- Are the non-tax/finance teams aware of the key tax risks they influence, or do teams operate in silos?
Partner, EY Law
+64 9 300 7073
Senior Manager, EY Law
+64 21 664 497