Article Index

SAP's YouTube about the need to link risk and strategy

Scoping of inherent risks

Keep a logbook – risk register – of all identified inconsistencies. The internal tax function should always have insight into the areas for attention through this logbook. This allows tax managers to set the right priorities and take measures timely.

Risk assessment

"Every entity faces a variety of risks from external and internal sources that must be assessed.

  • A precondition to risk assessment is establishment of objectives, linked at different levels and internally consistent.
  • Risk assessment is the identification and analysis of relevant risks to achievement of the objectives, forming a basis for determining how the risks should be managed.

Because economic, industry, regulatory and operating conditions will continue to change, mechanisms are needed to identify and deal with the special risks associated with change."

It is about clear responsibilities, effective systems, documented processes and risk based controls


Some initial risk scoping questions to raise

Click to enlarge

Scoping 1

 See chapter: Indirect tax risks and rewards

Foresee future risks long before they manifest themselves

Below is a benchmark example of a normative VAT process that relates to changes in the business (strategic) and shows the controls that can be implemented to manage the risks that come up with business changes.

The control activity, the test of control and the frequency are important for an effective and efficient implementation and shows how an organization is in control.

Click to enlarge Schermafbeelding 2015 04 19 om 23.31.19

Getting VAT out of the black box

One of the objectives of Internal Audit is via a risk based methodology to provide comprehensive assurance to the Board and senior management that companies’ material risks areas are managed efficiently and effectively.

VAT errors - as it is a transactional tax – impact profit margins negatively and could beside tax risks result in commercial and reputational risks as well and based on Big4 surveys often no adequate controls are in place.

  • Is adequate management of material indirect tax risks actually tested in daily practice?
  • Should this be part of Internal Audit annual audit plan to investigate?

In the governance structure of an organization internal audit plays an important role. Internal Audit can actually audit the control activities defined of the company’s TCF and realize that stakeholders take it seriously.

Internal Audit role will not review any VAT technical content, but audit whether subject matter experts have been involved as documented in the TCF.

 Click to enlarge

Internal Audit 1