SAP's YouTube about the need to link risk and strategy
Scoping of inherent risks
Keep a logbook – risk register – of all identified inconsistencies. The internal tax function should always have insight into the areas for attention through this logbook. This allows tax managers to set the right priorities and take measures timely.
Risk assessment
"Every entity faces a variety of risks from external and internal sources that must be assessed.
- A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent.
- Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed.
Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change."
It is about clear responsibilities, effective systems, documented processes and risk based controls
Some initial risk scoping questions to raise
Click to enlarge
See chapter: Indirect tax risks and rewards
Foresee future risks long before they manifest themselves
Below is a benchmark example of a normative VAT process that relates to changes in the business (strategic) and shows the controls that can be implemented to manage the risks that come up with business changes.
The control activity, the test of control and the frequency are important for an effective and efficient implementation and shows how an organization is in control.
Click to enlarge 
Getting VAT out of the black box
One of the objectives of Internal Audit is via a risk based methodology to provide comprehensive assurance to the Board and senior management that companies’ material risks areas are managed efficiently and effectively.
VAT errors - as it is a transactional tax – impact profit margins negatively and could beside tax risks result in commercial and reputational risks as well and based on Big4 surveys often no adequate controls are in place.
- Is adequate management of material indirect tax risks actually tested in daily practice?
- Should this be part of Internal Audit annual audit plan to investigate?
In the governance structure of an organization internal audit plays an important role. Internal Audit can actually audit the control activities defined of the company’s TCF and realize that stakeholders take it seriously.
Internal Audit role will not review any VAT technical content, but audit whether subject matter experts have been involved as documented in the TCF.
Click to enlarge
