(Conclusion)
Ilana Rinkoff, formerly with group internal audit at AstraZeneca plc, and founder of the Tax Risk Management Network, says establishing and embedding an effective process and controls framework can be a challenge.
“How does the individual FD/CEO or tax team assure themselves that the shadow tax team understand the risks and that the tax risk controls are embedded and operating effectively at all levels ?,” she asks, “especially when a business is spread across various sites or international locations and there are many process stakeholders ?”
“The tax department can’t directly manage the rest of the business, but it is ultimately held responsible for the reported tax figures that emerge from profit centres. If it doesn’t have people on the ground, then it needs to have clarity over who is responsible for what. So, for example, it might rely on the CEO of a particular country for formal, documented assurance that the key tax controls are embedded and operating effectively and tax figures for that country are correct. This is a verification process that can subsequently be checked by auditors.”
Other solutions to this problem have included dispersing tax professionals throughout the organization – an effective but expensive option – or reorganizing the work of the central tax team to release senior people and allow them to work much more closely with their finance and operational colleagues on the ground.
One international food company has used this latter approach to embed tax considerations in the day-to-day business decisions of its sub-groups. This company’s tax function outsources routine work, helping to free up its tax professionals to travel widely and build up the necessary personal relationships to work directly with business managers in the countries in which it is active.
The outcome is that this tax function is measured on the value that it returns to the business in tax savings. It is expected to return 3-5 times the cash cost of running the department in tax initiatives through the course of a year. In practice, it normally returns around 10 times its costs.
Effective monitoring, the second line of defense, can be easier to implement, at least in theory. One head of an international investment group has approached this issue by producing a tax framework and procedural guidelines for her organization, and introducing an annual self-certification process which allows the businesses to check their compliance with the guidelines. She then carries out spot checks, looking at evidence to support the self-certification.
The challenge here has been to get far-flung finance or operational managers to agree to carry out what they see as tax department activities. It can be a major change for them. One effective method is to run a pilot scheme to demonstrate the benefits, for the people on the ground, of this new approach. A focused “hearts and minds” program to persuade them that this is indeed part of their responsibilities can also be useful.
Another route is to introduce tailored tax management software into the finance system. If information can be gathered and verified automatically, it is clearly much easier to monitor and less of an additional burden to non-tax people. This is a route that many organizations are following, as tax management software becomes more flexible and reliable, and they realise that older, spreadsheet-based systems are just not secure enough to meet modern-day standards of scrutiny.
Independent verification, the third line of defense in these disparate tax networks, has to come from the audit function, internal and external. The problem KPMG firms can often come across here is that some internal auditors can see tax as a hugely technical “black box” – one which they do not have the experience to delve into.
We have some sympathy with that view. Tax people have become very specialist and it can be hard to separate the detailed technical material from the process and monitoring work. But it’s clear from the trends described here that today’s senior tax people are not necessarily technicians – they are people with operational experience and the people skills necessary to run a complex function across international boundaries.
To do this effectively, tax-trained auditors can help, as they are able to apply the three lines of defence framework to this complex and challenging area.
Ms. Rinkoff agrees. “For internal audit departments,” she says, “tax risk is a complex but key element of the audit universe and specialist independent tax knowledge input is vital at all stages of the audit process; scoping, planning work programs, fieldwork, benchmarking and reporting.”
“Tax audits can be focused on specific areas of risk like payroll tax, transfer pricing, expatriate tax or a high level assessment of the management of tax risk across the business. Processes and controls to mitigate tax risk need to be embedded in the wider organization, and there should be robust monitoring by management, as suggested in the first and second lines of defense. As the third line of defense, auditors will be able to give assurance over the management of tax risk and help the organization by identifying gaps or weaknesses and working with management to agree remedial actions.”
It can certainly work. Indeed it has to work if companies are to meet ever tougher reporting and compliance requirements everywhere in the world. But it needs auditors and tax people to work much more closely together to develop a tax risk management system that meets today’s needs.
(Ilana Rinkoff’s comments are made in a personal capacity and not as an employee or spokesperson for AstraZeneca)
(Emmanuel P. Bonoan is the Chief Operating Officer and Vice-Chairman for Tax & Corporate Services of Manabat Sanagustin & Co., CPAs, a member firm of KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. This article is for general information only and is not intended to be, nor is it a substitute for, informed professional advice. While due care was exercised to ensure the quality of the information contained in this article, readers should carefully evaluate its accuracy, completeness and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances. The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of KPMG in the Philippines. For comments or inquiries, please email manila@kpmg.com.ph or ebonoan@kpmg.com).