ato logo
Search Suggestion:

Board-level responsibilities

The board's responsibilities to establish a risk framework and regularly assess policies and controls.

Last updated 24 August 2022

Establish a framework to identify and manage tax risk

The board of directors (or authorised board level sub-committee) oversees an internal control framework that provides guidance on how all risks, including tax risks, are identified and managed within the business.

For a business headquartered overseas, we would expect the Australian-based board to perform the oversight role in respect of Australian tax risks including excise, GST and other applicable indirect taxes.

A public statement prepared in accordance with Voluntary Tax Transparency Code (PDF 997KB)This link will download a file developed by the Board of Tax will cover many of these areas. It can be used to demonstrate the design effectiveness of an entity’s tax risk management framework, as will reviewing the results of periodic internal control testing performed by management to demonstrate the operational effectiveness of your tax risk management controls. Note that whilst the Voluntary Tax Transparency Code specifically applies to income tax, the broad principles on tax risk management can extend to other taxes such as GST and excise.

The Board of Tax in its final report to the Treasurer regarding the Voluntary Tax Transparency Code in February 2016 stated:

The involvement of the board/senior management will foster a culture within companies to meaningfully and accurately address the public desire for increased corporate tax transparency. As with companies who are currently voluntarily disclosing, the Board of Tax expects disclosures will evolve over time as corporate governance cultures develop and as global transparency initiatives evolve.

Board-level control 1: Formalised tax control framework

The board endorses a formalised tax control framework prepared by management that is understood across the organisation.

Better practice can be demonstrated by a tax strategy document prepared by management, such as a board tax policy that provides details of how the organisation identifies and manages tax risk across all taxes.

This would include policies prepared by management and endorsed by your board of directors that:

  • outline the organisation's tax risk appetite
  • detail an acceptable level of tax risk for day-to-day operations and what requires escalation
  • are published internally and in your annual report.
End of example

See also

Board-level control 2: Roles and responsibilities are clearly understood

The board understands and formalises company director roles and responsibilities for tax risk management.

Better practice can be demonstrated by:

  • documented role and responsibility descriptions for company directors
  • programs for inducting new directors include briefings on key accounting and tax issues so they can perform their oversight of tax risk management strategies
  • ongoing support and briefings by management for directors regarding tax risk management strategies
  • allocating tax risk to an appropriate and independent board sub-committee – for example, an audit committee
  • clear communication of expectations for managing tax risks from the board or sub-committee to management.

A board of directors 'skills matrix' as suggested in the ASX corporate governance principlesThis link will download a file to help identify gaps in the collective skills of the board. Consideration should be given to whether it would be beneficial to include tax in the skills matrix. The ATO notes the board ‘skills matrix’ is generally tailored to each organisation's unique circumstances.

End of example

See also

Board-level control 3: The board is appropriately informed

The board (or sub-committee) has been briefed by management on tax risk matters and the effectiveness of their tax control framework. Consideration should also be given to the tax risk matters and effectiveness of the control framework relating to excise, GST and other indirect taxes applicable to the organisation.

Better practice can be demonstrated by:

  • board or sub-committee charters include oversight of tax risks
  • regular summarised progress updates to the board or sub-committee by management on how tax issues and risks are trending (i.e. high, medium or low risk) at board meetings
  • board (or sub-committee) minutes or documentation that demonstrate members have been briefed by management on the effective tax rate of the business, including whether the amount of tax paid aligns with business results and, where relevant, reasons for significant misalignment
  • board (or sub-committee) endorsement for positions taken by management that fall outside published ATO safe harbours or arrangements subject to tax-payer alerts issued by the ATO
  • tax-risk registers tabled by management and escalation of issues by management where appropriate – note if you have sought external advice on the relevant risk or issue
  • an annual report that includes a statement from the board attesting that they have effective policies and processes in place to manage tax risk – for example, a statement prepared in accordance with the principals in the Tax Transparency Code.
End of example

See also

Policies and controls are regularly assessed

The board provides oversight to ensure that management have adequate tax risk management policies in place and adhered to, as well as overseeing management’s systematic assessment of internal controls and procedures on a periodic basis.

Board-level control 4: Periodic internal control testing

Periodic internal control testing is conducted to assure the board that the internal control framework is robust enough to effectively manage income, excise and indirect tax compliance risk.

Better practice example: Periodic internal control testing

Better practice can be demonstrated by:

  • a testing plan prepared by management to determine the effectiveness of the control framework. (this may include a gap analysis to identify which key controls are not tested via existing assurance processes – for example internal or external audits)
  • reports from independent assurance providers (internal or external) that present findings on the effectiveness of the tax control framework, whether conducted primarily for tax controls or other interdependent controls
  • evidence that the board (or sub-committee) has reviewed the results presented by management of control framework testing and any proposed remediation plans to be implemented by management for tax control failures
  • documented assurance (such as an attestation) from senior management concerning the capability and capacity of the tax control framework.
End of example

See also