The Business Risk Review (BRR): Business Risk Review Assessment indicators: Delivery: assessing tax accounting arrangements: Stage 2: Evaluating tax delivery
Having understood the customer’s approach to governance, the next stage involves assessing the customer’s ability to deliver the right tax through processes and systems. For any process to work in practice the appropriate skills need to be in place so a review of that process should also include a review of skills. Therefore, in the comments below, any reference to ‘process’ should be taken to include ‘skills’.
We want to encourage good processes and systems to support tax compliance but we recognise it is not feasible or time/cost-effective to review processes and systems for all risk areas. The aim is therefore to focus on identifying significant risk areas or key events.
The existence of robust processes and systems is a further indicator that a customer’s approach to tax governance is good, as it is an indicator of proper direction and control within the tax function and strong relationships between the tax and other functions. Robust tax processes and systems will help to demonstrate that a customer has a sustainable ongoing tax compliance process which requires minimal HMRC intervention.
The comments above are made on the basis that we initiate the discussions. From time to time, however, it may be that a customer wishes to approach us to discuss the ‘Delivery’ implications of particular key business events or transactions or to discuss the work they are doing to meet SAO requirements. If so, the same approach would be used, on a real time basis, to review, discuss and agree the implications.
Initially the CRM should identify and, where possible, agree the key risk areas which will help them evaluate how the customer manages tax risk through its systems and processes. These could be risks within an overall tax return process or risks relating to significant business events which are not tax specific but apply across a range of taxes. When considering these risk areas, thought should be given to both the technical aspects (for example, what are the processes that support making a technical judgement on an item?) and the integrity of underlying data (for example, does the accounting system generate accurate information to which the technical judgement is applied?).
An example of a possible key risk area is the fixed assets numbers within a Corporation Tax return process. These numbers require judgements on the relevant reliefs available. Those judgements require both integrity of data and an understanding of the technical issues to apply to that data so we would want to understand what processes and systems are in place to support those judgements and ensure data integrity. Another example is the review of transfer pricing using a cost-plus arrangement where we would want to understand both the costing methodology and integrity of the data used to determine costs.
Once an appropriate key risk area is identified and agreed, we will generally seek to understand the process, focussing on the areas set out in this Evaluating tax delivery diagram.
It is likely that CRMs will want to work with both Audit and Tax Specialists to understand whether the customer is managing a key risk adequately through their systems and processes.
We will aim to do this work through discussions with the customer, by reviewing any documentation that the customer has already prepared and by understanding ongoing monitoring activities the customer has in place such as the internal audit assurance process. The onus is on the customer to demonstrate the process and underlying systems, without us imposing a rigid structure on how this is done. However we recognise that, occasionally, we and our customers will want to be more prescriptive about the documentation that is needed. This may be required in circumstances where the customer needs to demonstrate that their systems enable them to be compliant with particular tax laws. The nature of this documentation will need to be discussed and agreed between HMRC and the customer.
At the conclusion of the evaluation of the customer’s processes and systems, we will decide if they are sufficiently robust to produce accurate and complete numbers for the tax return. Where this is the case, we will not undertake any further work. If we are applying this approach as part of the BRR and we perceive possible weaknesses it is likely that we will conclude that a customer is not Low Risk and will agree with the customer the further work that is needed to address these perceived weaknesses. If we are applying this approach as part of more specific Risk Assessment or Risk Working activity it is likely that we will want to move onto Stage 3 of the approach - Audit Testing.