Procedure

When performing this step we suggest that you leverage information potentially disclosed in Part B of the Tax Transparency Code which includes guidance on disclosures relating to tax policy, strategy and governance.

Obtain the entity's formalised tax strategy document and note the following:

• name of document
• date of document version
• date of board (or sub-committee) endorsement.

If a formalised tax strategy document does not exist, is in draft or has not been endorsed by the board (or sub-committee), enquire of the entity and report their response raising an observation there is no document.

If tax has been included in the overarching risk management framework and endorsed by the board, the tax strategy document may be delegated to or owned by management. In this scenario the inclusion of tax in the risk management framework should be checked and a copy of the tax strategy document obtained.

Better practice report inclusions

• Formalised tax strategy or similar documents that addresses how the organisation identifies and manages tax risks
• Extracts from the overarching risk management framework that relate to tax
• Extracts from the organisation's Tax Transparency Report (Part B) Approach to tax strategy and governance

Procedure

When performing this step we suggest that you leverage information potentially disclosed in Part B of the Tax Transparency Code, which includes guidance on disclosures relating to attitude towards tax planning and acceptable level of risk in relation to tax.

Obtain the entity's board (or sub-committee) endorsed policies that describe:

• the organisation's approach to risk management
• reference to BLC-3e for procedures in relation to obtaining advice
• the delegated authority for tax matters (for example, audit committee)
• endorsed risk management policies published internally where tax is included as an element
• the approach risk management (or summary version) included in their annual report, corporate governance statement or tax transparency report, if applicable.

Extract and note the page reference of the above items in the report.

To check the existence and accessibility of above policies published internally, inspect the entity's intranet/central repository or other forms of staff communication. Obtain and attach screen print and note the access date

Also check if the above content is included in the entity's most recent annual report, tax transparency report or corporate governance statement and reference the relevant pages.

If the above items have not been described in a board endorsed document, or not accessible in the locations outlined above, enquire of the entity the reasons for its absence, report their responses and raise an observation.

Better practice report inclusions

• Formalised tax risk management policy or similar documents such as extracts from the overarching risk management framework that addresses the organisation’s risk appetite and governance statements
• Extracts from the organisation's corporate governance statement

Procedure

Obtain the entity's board charter, annual report, corporate governance statement (or similar document) and note the name and date of document.

Extract and page reference the relevant sections of the document that describes the board's role and composition

Extract the sections that relate to the annual review of the risk management framework (of which income tax, excise and indirect tax will be an element) - note that tax might be included as part of compliance risk or regulatory risk components

Extract the sections that indicate the responsibility of management to attest to the controls in the risk management framework and the required frequency (BLC-3a); if absent, raise an observation - note this oversight responsibility can be delegated to the board audit committee as an example.

If the board charter (or similar document) does not exist or is in draft, enquire of the entity's reasons, report their response and raise an observation.

Better practice report inclusions

• Documented board (or sub-committee) level roles and responsibilities

Procedure

Obtain the entity's induction program for new directors and enquire if the induction program for new directors includes briefings relating to key accounting and tax issues. Potential inclusions might be:

• public statements prepared in accordance with the Voluntary Tax Transparency Code
• the presence of arrangements for which the ATO has issued Risk Alerts.

If ongoing training programs are offered in addition to the initial induction programme, obtain details of the training program by:

• in-house, outsourced or attendance at periodic tax update briefings provided by professional services firms, Tax Institute and so on
• list of topics covered by training program and identify if there are any tax-related topics covered.

If new director induction pack does not exist, enquire the reasons for its absence, report their response and raise an observation.

Better practice report inclusions

• New board director's induction pack

Procedure

Obtain extracts of policies, minutes, agendas or board papers from management that evidence how the board provides oversight over the entity’s tax risk management and noting:

• the frequency at which the board (or its delegated board committee) considers tax risk management strategy updates/briefings provided by management and report management’s response
• if the board (or sub-committee) require assistance with details of the tax risk management strategy with details of relevant party to provide assistance.

If documents do not exist for the above items, enquire of the entity reasons for its absence and report their response. If the board has delegated the overseeing function to an independent board sub-committee, proceed with BLC-2d.

ATO officers: refer to Interacting with PS LA 2004/14.

Better practice report inclusions

Better practice can include management updates or briefings to board directors on tax risk management strategies.

Procedure

If the board have not delegated this to an independent board sub-committee, note this and skip the remaining parts of BLC-2d.

Obtain sub-committee charter noting the name of the document and composition of the sub-committee

Extract the section(s) that indicate the responsibility of reviewing tax risks and the required frequency (BLC-3a). If absent, raise an observation. Note the review of tax risk might be done in conjunction with other risks or as part of an annual review of the overarching risk management framework.

If the sub-committee charter does not exist, or is in draft, or the composition of the members does not include board or independent members, enquire of the entity's reasons, report their response and raise an observation.

The local board for some multinational companies might consist of executive management with independent directors existing at parent level. If this is applicable, note this when responding to the procedures above.

Enquire of the entity when, within the last 12 months, tax-related matters were discussed by the sub-committee. Report their response and inspect relevant extracts of the agenda or minutes to check tax-related matters discussed, or presented by tax manager or head of tax.

Better practice report inclusions

• Independent board sub-committee charter.

Procedure

Enquire of the entity if the board or sub-committee communicates expectations to management regarding the management of tax risks. Document their response.

Procedure

There are multiple skills that might be considered when developing a board skills matrix dependent on the strategy and business circumstances of the organisation.

Industry taxation is an element of subject matter expertise that an organisation might consider when developing its criteria for a board skills matrix However the skills matrix is unique to each organisation according to its needs.

The absence of tax from the board skills matrix should not be considered an exception.

Enquire of the tax manager/public officer/company secretary if any circumstances have arisen where it would have been beneficial to have tax expertise at the board level and report their response.

Better practice report inclusions

• Board of director's ‘skills matrix’

Procedure

Refer to BLC-2a for board or BLC-2d for sub-committee charter.

If annual reviews of the risk management framework (which includes tax risk) are absent from the charter, enquire of the entity when was the last time that the risk management framework was reviewed by the board or the delegated sub-committee. Report their response and obtain extracts of an agenda and/or minutes to evidence the review.

Better practice report inclusions

• Independent board sub-committee charter
• Agenda or minutes of board or sub-committee meeting

Procedure

Obtain from the entity the most recent board (or sub-committee) agenda, minutes or papers which summarises:

• progress updates provided by management on tax issues
• risk trends assessed by management (i.e. high, medium or low risk)
• managements proposed changes to the risk register, including new tax risks, removal of tax risks and risks that have changed in ratings compared to the previous period
• for each tax risk listed, report if tax advice was sought by management.

If documents for the above items do not exist, enquire of the entity's reasons, raise an observation and report their response.

Better practice report inclusions

• Agenda or minutes of board or sub-committee meeting

ATO officers: refer to Interacting with PS LA 2004/14

Procedure

When performing this step we suggest that you leverage information potentially disclosed in Part A of the Tax Transparency Code which includes guidance on the disclosure of effective tax rates.

Obtain from the entity documented evidence that the board or sub-committee has been informed of:

• the effective tax rate
• the timing and permanent differences
• the alignment of tax paid with business results and justification for any significant misalignment.

If there is no documented evidence that the effective tax rate has been tabled by management to the board/sub-committee, enquire of the entity's reasons, raise an observation and report their response.

Documentation could include board minutes, board pack, annual financial statements or Tax Transparency Report or any other document where information on tax effective rate is briefed to the board should be obtained. Clearly reference the name of the document in the report.

Better practice report inclusions

• Board (or sub-committee) minutes or documentation that demonstrates members have been briefed on effective tax rate
• Documented processes to examine the alignment of tax paid with business results and justification for any significant misalignment

ATO officers: refer to Interacting with PS LA 2004/14.

Procedure

Obtain from the entity documented evidence that the board or sub-committee has been informed of:

• significant, new and unusual transactions
• changes in the business model affecting excise and the indirect tax outcome of transactions
• excise and indirect tax position taken
• changes to excise and indirect tax methodologies, for example apportionment of input tax credits on acquisitions for GST
• alignment of tax paid with business results and justification for any significant misalignment or variations.

If there is no documented evidence that excise and significant indirect tax issues has been tabled by management to the board/sub-committee, enquire of the entity's reasons, raise an observation and report their response.

Documentation could include board minutes, board pack, internal or external review findings or any other document where information on significant excise and indirect tax issues is briefed to the board should be obtained. Clearly reference the name of the document in the report.

Better practice report inclusions

• Board (or sub-committee) minutes or documentation that demonstrates members have been briefed on significant excise and indirect tax matters
• Documented processes to examine the alignment of excise and indirect tax paid with the business model of the organisation and justification for any significant (as defined by the entity) misalignment or deviations

Procedure

Enquire of the entity the following and document their response:

• What is management's process for determining if safe harbour has been breached?
• If safe harbour is breached or the organisation is party to an arrangement for which the ATO has issued a taxpayer alert, is there a process to communicate this to the board (or delegated board committee)?

If the above processes are documented, obtain a copy, note the document name and page reference the relevant section(s) of the document that corresponds to the above items.

Safe harbour

ATO or legislative 'safe harbours' apply to rules such as thin capitalisation, CFC attribution, transfer pricing and fuel tax credits. ATO releases early warnings to the community of concerns about new or emerging transactions, structures or arrangements we consider may represent a compliance risk through taxpayer alerts (TA).

We acknowledge that administrative safe harbours are designed to be compliance saving measures (for example, Public Rulings and PSLA’s) and that taxpayers may elect not to apply them. We recommend that you document your process for making such elections including appropriate escalation points.

Better practice report inclusions

• Documented board (or sub-committee) endorsement for positions taken outside the ATO published safe harbour

Procedure

Refer to MLC-3c for procedures relating to the tax-risk register.

Enquire of the entity if they have the following and document their response:

• Are tax-risk registers (or registers including tax risks) tabled by management to the board (or sub-committee) at appropriate intervals? If so, how often?
• Documented process (1) for escalation of issues by management where appropriate - for example, a material change in tax risk or uncertain tax treatment.
• Documented process (2) when management seek external advice on the relevant risks, issues and/or rulings from the ATO.

If documented processes 1 and 2 exist, obtain a copy, note the document name and page reference the relevant section(s) of the document that corresponds to the above items.

Better practice report inclusions

• Risk registers that may include tax risks or a separate tax risk register if that exists
• Documented process for escalating tax issues
• Documented process for seeking external advice on tax issues

ATO officers: refer to Interacting with PS LA 2004/14.

Procedure

When performing this step, we suggest that you leverage information potentially disclosed in Part B of the Tax Transparency Code which includes a description of the approach to risk management and governance.

Obtain the entity's annual report/corporate governance statement and check if a statement from the board has been included to attest that they have effective policies and processes in place to manage risk (tax might be included as a compliance or regulatory risk).

Enquire if tax is included as an element of the overarching risk management framework.

Enquire of the entity if they have a Tax Transparency Report. If so, obtain a copy and attach to report.

If attestation document/corporate governance statement or Tax Transparency Report is absent, enquire of the entity's reasons, report their response and raise an observation.

Better practice report inclusions

• Statement from the board attesting effective policies and processes for managing risks (page extract from annual report)
• Tax being classified as a compliance or regulatory risk
• Voluntary Tax Transparency Report

Procedure

Obtain management's testing plan to determine the effectiveness of their internal control/risk management framework.

Entities often have three-year or five-year strategic audit plans that describe rotational audits of key processes and controls and tax-related controls might be tested in conjunction with other processes such as testing of controls in the financial reporting framework.

Inspect the testing plan, page reference and note:

• the methodology to test the design effectiveness of controls
• the methodology to test the operational effectiveness of controls

Identify and list of tax key controls covering both income tax, excise and indirect taxes, including:

• tax key controls that are tested under existing assurance processes
• tax key controls that are not tested under existing assurance process and alternate plan on how these controls would be tested

Enquire if tax key controls are in scope for SOX (only if the US Sarbanes Oxley legislation applies).

If the listed items above are absent or have not been documented, enquire the reasons for their absence, report their response and raise an observation.

Obtain evidence that the testing plan or results thereof have been tabled to the board (or sub-committee) (BLC-4c) by management. If absent, enquire of the entity's reasons, report their response and raise an observation.

If a testing plan does not exist, enquire of the entity's reasons for its absence, report their response and raise an observation.

Better practice report inclusions

• Extracts from internal / external audit plan relating to tax elements covered as part of engagement.
• Listing of tax-related key controls as part of the organisation's internal control framework.
• Gap analysis that identifies which tax key controls are not tested via existing assurance processes
• Documented testing plans for tax key controls that are not tested via existing assurance processes

Procedure

When performing this step, we suggest that you leverage information potentially disclosed in Part B of the Tax Transparency Code which includes a description of assurance regimes the organisation is subject to, for example internal audit, external audit and ATO compliance products.

If some or all the entity's tax key controls are tested under their existing or planned internal audit cycle or are considered as part of the external audit program, obtain audit reports and note:

• the name of audit report or audit plan
• the date of report
• the provider
• the scope of audit/review including the testing of design effectiveness and operational effectiveness?
• the sample sizes.

If the audit is complete, list the findings/qualifications regarding tax controls and proposed remediation plans then page reference the sections that state the findings on effectiveness of tax controls.

Audits might not be conducted primarily to review tax controls but tax controls may be included with other interdependent controls.

For all the audit reports obtained, obtain board (or sub-committee) agenda and/or minutes to evidence that these reports (or a summary) have been tabled to the board (or sub-committee) by management.

If absent, enquire of the entity's reasons, report their response and raise an observation (BLC-4c).

Better practice report inclusions

• Extracts from internal or external audit report where tax-related controls might be included in the scope of review
• Internal and external auditor report – IT controls review (with a sub-section related to the tax function if applicable)
• Report on compliance by independent assurance provider
• Information disclosed in the organisation's Tax Transparency Report.

Procedure

Refer to BLC-4a (testing plan tabled to the board or sub-committee) and BLC-4b (audit reports tabled to the board or sub-committee)

Enquire of the entity how the board (or sub-committee) provides oversight on management’s progress to implement proposed remediation plans. For example, entities may have periodic follow up reviews to report the progress of audit recommendations.

Report the entity's response and obtain copies of follow up reports (if any) and page reference the section(s) that are related to tax controls recommendations.

Better practice report inclusions

• Board (or sub-committee) agenda/minutes
• Follow up report presented by management to relevant board or board sub-committee

Procedure

Obtain management's documented assurance (such as an attestation) from senior management concerning the design and operational effectiveness of the tax control framework and note:

• the findings and deficiencies
• the remediation plans
• the implementation dates
• the follow up testing.

If senior management’s attestation or assurance document regarding the design and operational effectiveness of the internal control framework (of which tax should be an element) does not exist, enquire of the entity's reasons, report their response and raise an observation.

Better practice report inclusions

• Senior management attestation on the capability and capacity of the control framework (of which tax is an element)