ATO logo

TPB Risk management

Published 8 August 2025

Our risk management strategy is maturing to better align with our legal responsibilities under the PGPA Act, and the Commonwealth Risk Management Policy.

Recognising our operational independence, we work in collaboration with the ATO’s Risk Framework, to improve cooperation in managing enterprise or higher priority risks that are shared across the tax profession and tax system.

This cooperative risk management approach recognises controls or mitigation strategies can be mutually beneficial, and addresses community expectations and requirements regarding delivery of an efficient, effective, economic and ethical public services.

Enterprise risks

Enterprise risk

Risk description

Management strategy

Tax and superannuation performance influenced by tax advisers

There is a risk that the performance of the tax and superannuation systems declines due to regulatory system failure to uphold legal and professional standards of tax advisers.

We are managing this risk through supervision and compliance that is fair and proportionate to risks. This law and compliance program includes data analytics and intelligence, preventative early warning nudges, enquiries, investigations, sanctions and litigation.

In 2025–26, we will encourage the level playing field, cooperation and transparency and voluntary compliance by providing guidance and publishing our compliance priorities.

Influencing policy and law design

There is a risk regarding the TPB’s capability and influence in shaping policy and law design, with regulatory or integrity gaps undermining community confidence.

We are managing this risk by providing advice to Treasury and government and we work closely with the ATO. TPB views on policy, law, guidance and administration are shaped by consultation and coordination with stakeholders, especially the community, tax profession, professional and educational providers.

End‑to‑end client services

There is a risk that the TPB does not deliver efficient and effective stakeholder services to the community and to tax practitioners, undermining confidence in the TPB and the regulatory and tax systems.

We are managing this risk by understanding tax practitioner needs and their professional 'lifecycle' to maximise TPB support with community awareness, registration standards (education, experience, ethics), practical guidance products, continuing professional education, appropriate supervision and leveraged compliance strategies.

Public support includes our Law & Compliance program to uphold professional standards, Client Support program to advise clients impacted by sanctions that have been applied to tax practitioners, and transparency via the TPB Register supporting informed engagement and decision making.

Enabling technology and systems

There is a risk that the TPB is unable to develop and maintain a contemporary suite of technologies for the community and staff caused by rapid changes in the broader technology environment, demand pressures, funding constraints and competition for skilled resources, resulting in degradation to the security, reliability and usability of the technology services that support the effective management of our services.

We are managing this risk by understanding the technological needs of our staff, tax practitioners and the public and prioritising our investment into technology to service those needs. The TPB will respond to system incidents in an effective and timely manner and make enhancements if required as part of our priority agenda.

Data governance

There is a risk that the TPB does not access, use or manage data lawfully and effectively, failing to detect and treat risks, drive digital innovation, and assess and report on effectiveness, resulting in undermining confidence in the TPB and the regulatory and tax system.

We are managing this risk by prioritising data governance, lawful sharing of data and systems with the ATO and partners, risk, measurement and reporting systems built on data analytics and science.

Cybersecurity

There is a risk that the confidentiality, integrity, or availability of TPB information systems is compromised by an external threat actor or malicious insiders, resulting in direct and indirect financial impacts, the undermining of trust in the TPB and government.

We are managing this risk by working with the ATO and ensuring our cybersecurity capabilities meet whole of government requirements.

Registration integrity

There is a risk that TPB registration processes lack integrity, tax practitioners are registered lacking education, experience or ethical standards, adversely impacting tax or superannuation outcomes for clients and the community, resulting in undermining confidence in the TPB, tax system and profession.

We are managing this risk through improvements to TPB support over the tax practitioner lifecycle, including proof of identity, risk assessments (disqualified entities, significant breach reports, personal tax obligations), annual registration attestation, ATO coordination in fraud detection and TPB compliance improvements.

QC105199