Managing risk is about making decisions at all levels of an organization, to limit the effect and likelihood of threats happening and to increase the effect and likelihood of opportunities. Setting realistic objectives is the starting point for any successful change effort. In order to increase indirect tax function effectiveness it is important to set SMART objectives. 

The ability to define, predict and manage risk and create strategic insight to drive operational excellence by identifying high-return initiatives, allocate resources appropriately, and measure the ultimate ROI.

Effectiveness is the degree to which an organization achieves the objectives. When is effectiveness achieved? For the tax function this is if all risks are managed and opportunities spotted and implemented. Efficiency refers to the extent to which time, effort or cost is well used for achieving the objectives.

Use time in most efficient and effective way As indirect tax resources are normally scarce it is important that the available time is used in the most efficient and effective way. 

Beside the fact that managing all risks is cost inefficient, it will have negative impact on efficiency beyond indirect tax (e.g. time spent by finance department on VAT matters). It is about making the right choices.

In order to allocate resources to risk and cost saving areas that matter, the level of risk appetite of the company has to be determined. This facilitates prioritization in the deployment of resources. 

Having defined acceptable levels of risk leads to resources not having to spend time on further reducing risks that are already at an acceptable level. It is about taking the right amount of the right risk.

The resources and budget is aligned with the outcome of a risk assessment. Most of our time on high risk areas. The efficiency and effectiveness of the indirect tax function is periodically measured and compared with financial and operational KPIs. This is discussed in review meetings and corrective actions are identified.

80-20 rule In practice, sometimes percentages are used to prove the apparent level of control. The most famous is the 80-20 rule. Another example is statements like 95% of our transactions are compliant. These numbers can cause misperception at senior management level when the overall feeling is within the business that the company is therefore in control.

For potential impact of such error rates on 'Earnings before interest, taxes, depreciation and amortization' (EBITDA), see VAT throughput calculation.

What does the following statement say about risk management: tackling master data can contribute to getting over 80% of your invoices VAT compliant.

Measure, do not assume If 80% of these invoices qualify as a low risk and 20% exceed the risk appetite level of the company if it goes wrong, the solution supports efficient deployment of employees, but does not support the achievement of risk management objectives. 

Note that currently I assumed that the 20% is a high risk.  In practice, of course this should be investigated first and measured to become useful from a management perspective.

Written by Richard Cornelisse
 Richard LinkedIn

Richard advises multinational businesses in improving the efficiency and effectiveness of their Indirect Tax Function and Tax Control Framework.

He started his career as a manager at Arthur Andersen and then became an EY partner where he led the indirect tax performance team for Netherlands and Belgium. Currently, he is a managing director of SAP Tax Consultancy Firm.

Richard has over 20 years of experience advising clients on international VAT issues. He is specialized in the tax aspects of financial transformations, shared service center migration, and post-merger integration work.