ato logo
Search Suggestion:

Using these procedures

Last updated 24 August 2022

Best practice framework

This document is not intended to become form over substance, nor should users attempt to comply with every element.

Tax risk controls should be fit for purpose and we encourage you to adopt the better practices that are applicable to your circumstances.

This document provides the opportunity to contrast your tax risk management and governance framework against the ATO better practices. During a governance review, entities are encouraged to describe their compensating controls, to demonstrate how the entity manages their tax risks if the framework does not align exactly with our better practices and to document why they might not be applicable to their circumstances. An 'if not, why not' approach is suggested.

Not replicating the exact better practice element outlined in the guide should not imply a failure but rather prompt discussion about how that risk is managed in the organisation.

We suggest an initial gap analysis be performed and then entities should look to leverage existing processes or identify compensating controls where best practice elements are either not present or only partially present.

For example, an entity might legitimately elect not to adopt a better practice element where the risk is deemed to be low or that the cost of compliance might exceed the benefit.

If the board-level controls defined in this document have been delegated to management, we suggest that this is simply noted and not considered an observation to allow flexibility when performing a review.

Dealing with observations

The matrix below may help management to self-assess potential instances where their risk management frameworks do not align with better practices. It includes the option to state that an element is not applicable for all observations identified as a result of this work plan.

Dealing with observations – self assessment procedures

Rating scale

Initial risk rating

Details of compensating control/reasons

Final risk rating

In the absence of the ATO’s best practice element or suggested controls, we are exposed to high risk




In the absence of the ATO’s best practice element or suggested controls, we are exposed to medium risk

Example 1 & 2: Medium

Example 1:

  • Tax manager does not review tax return prior to head of tax.
  • Compensating control: review by head of tax

Example 2:

  • Indirect tax supervisor does not review the BAS/excise return prior to indirect tax/finance manager
  • Compensating control: review by indirect tax /finance manager


Example: Low

In the absence of the ATO’s best practice element or suggested controls, we are exposed to low risk




Not applicable or reasons why best practice element might not be adopted


Cost of compliance, materiality, low risk rating


Details or discussion of how the organisation manages the risk


Interacting with PS LA 2004/14

ATO officers should be mindful of PS LA 2004/14 and work with the entity to ensure that the procedures are followed.

When our officers ask the entity for board (or sub-committee) information and documentation, they should note the potential interaction with PS LA 2004/14. If any of the requested papers fall within the protection of PS LA 2004/14 (or legal professional privilege and accountants concession), entities should advise our officers about their claims.

When so advised, our officers work with the entity to find alternative ways to evidence the effective operation of controls without the need to view protected source documents. For example, a meeting invitation from the company secretariat to the head of tax might provide sufficient evidence that the head of tax had briefed the board (or sub-committee) at an appropriate interval.

For non-ATO personnel performing these procedures, we recommend you inspect these documents in order to fully address the procedure with a continuous improvement focus. Internal or external auditors or management will not be subject to PS LA 2004/14.

The assertion of legal professional privilege or the administrative concessions provided by the ATO (i.e. the 'accountants’ concession' and the 'corporate board advice concession' in PS LA 2004/14) by a taxpayer should not be considered an exception.

General information for benchmarking (to be captured by ATO officers)

Document the following:

  • number of staff in tax function including indirect tax staff
  • number of identified tax controls (manual and automated) (Refer to BLC-4a) and MLC-2b) for details of entity's identified tax controls).

Next steps