The critical conditions for success
The importance of indirect tax has increased over the last couple of years. While the rates for direct tax, corporate income tax, are decreasing, the rates for indirect tax keep rising. At multinational companies, we’re easily talking about amounts of over 5 billion euros of indirect tax flowing through the books.
According to big4 surveys, the related control mechanisms are still inadequate. Not only can an error in the accounts lead to major additional tax assessments and substantial penalties, but with amounts like these, it can also be devastating for the reputation of a listed company. We are talking about massive amounts of money that lack appropriate control, but because KPIs have never been developed for this particular purpose, the risks remain outside the CFO’s field of view.
The Indirect Tax Function knows that it is understaffed and that the budget is too limited to optimally execute its tasks, but they often don’t know how to change this and get it on the agenda of the CFO.
It’s essential that change come from the organization itself. An advisor can repeat this over and over, but if it isn’t carried out within the organization, by the people who actually have to work with it, nothing will change. And that deadlock must be broken. What should be done to actually break it?
Adequate control mechanisms
A VAT Control Framework - when addressing proper risk management - should be in line with the Business Control Framework and a company's overall Tax Control Framework. From a governance perspective, the indirect tax department has to be positioned. It should be given the tools - e.g., budget and resources - to realize its strategic objectives, as highlighted below in a table.
Click picture to enlarge
Who is accountable and what is the added value of a tax policy
Accountability should always be set at the level of a process owner end responsible for a specific business process, and the tax policy published should realize proper awareness regarding tax risks and make clear to that process owner 'who can decide what and when' from a tax perspective. It should, therefore, be the responsibility of the head of each corporate department to ensure all team members read, understand, and effectively implement that tax policy.
An indirect tax department will face challenges when no formal documented tax policy, tax objectives, or tax planning exists, as overall tax instruction will be lacking about the company's 'dos and don'ts'. It is critical that senior management signs off and publishes agreed-upon objectives and risk tolerance levels for tax planning and tax risk management: 'the tax rules of the house'.
In practice, the starting point for realizing tax function effectiveness is often beginning to draft such a tax policy' where those 'tax rules of the house' are set, and decisions are made to introduce new tax rules. Executing these rules is considered a realistic objective, compliance with these rules is regularly assessed, and performance is measured.
Without a tax policy, it depends on the influence of VAT employees within the company to kick-start the change. Often, that results in a fragmented approach, as not all stakeholders within the company will be convinced that an amendment is needed. The outcome is that this will negatively impact the existence of standardized VAT controls or the effective implementation of 'best practice' approaches. More importantly, the company becomes dependent on people, and the risks will increase when that skill set leaves the company or gets internally involved in another function.
That will be avoided and improved when the tax department’s strategy, objectives, and risk tolerance are understood by everybody in the tax function and throughout the organization and mandatory in force as a rule within the company. A tax policy steers the behavior of all employees aimed at achieving the overall tax function objectives. This is shown in the existing Operation below:
- Governance - How do we decide to introduce new rules
- Design - How do we determine the rules we need
- Existence - How do we ensure the rules are embedded
- Operation - How do we establish that our rules are executed
Under these circumstances, employees are responsible and obligated to meet these in-house tax rules. The tax department, internal audit department, or risk management can much easier assess whether tax rules are appropriately executed, and a key periodical business control question has only to be raised: 'Have you worked according to the tax policy?'.
It is not just a paper trail like we usually see in practice during Sox controls regarding tax.
That is because tax policies (overall tax and VAT) are in place, and someone is made responsible. That can make it much easier to remediate VAT risks when they come up via preventive or detective tests of tax controls. The indirect tax department should get an immediate commitment when a process owner has failed in that obligation. It would also be mandatory to support the tax department in closing that gap together as soon as possible.
Why?
It should be much easier to realize, as only a reference has to be made to the company's own in-house tax rules and the expected tax behavior by senior management. When successful, it will be the new and enhanced 'in-house tax culture'.
Design and roll-out of a tax policy
Such a tax policy should define the company's overall tax strategy and objectives and establish a framework to promote best practices and governance procedures. The policy should outline the roles and responsibilities of the tax function, other corporate departments, and corporate entities.
The tax policy should be rolled out to the entire tax and the wider business to ensure a shared understanding of the company's VAT risk appetite and acceptable VAT planning. The roll-out may include workshops and conference calls with tax, finance, legal, the business, etc. Unlike the more contained structure for handling income-based taxes, responsibilities, and key drivers for indirect taxes may be spread throughout the enterprise, residing not just in the tax department but in any of such diverse departments as finance, information technology, supply chain management and logistics, human resources, and beyond.
The tax policy is the highest in the tax hierarchy - signed off by senior management - and sets the internal tax rules and tax behavior: the dos-and-don'ts of employees regarding tax.
Building blocks of a tax policy
The following taxes fall generally under the scope of such a tax policy - all taxes the Head of Tax is ending responsible for:
- Corporate income tax
- Wage taxes, payroll, and social security
- Withholding taxes
- Capital taxes (including stamp duties and transfer taxes);
- Local taxes (e.g., local business tax, packaging tax, sur tax, gift tax)
- Indirect tax and customs duties
- Etc.
Some key building blocks of a tax policy:
- Tax function objectives
- Risk profile and VAT risk tolerance parameters
- Approach to tax risk
- Relationship with tax authorities
- Scope of taxes covered
- Entities in scope
- Roles and responsibilities
- Tax resources (internal/external)
- The tax strategy detailed per role and/or applicable tax
- Situations when mandatory upfront involvement should take place
It should include detailed guidelines around the type of VAT planning and whether this is allowed according to the company’s tax policy. These guidelines should be approved by senior management. They may include issues such as the likelihood of tax administration to challenge and litigate the potential change to the group’s VAT risk profile and key reputational risk issues. This may also cover documented planning evaluation and acceptance criteria, planning implementation review processes, and ongoing planning review and monitoring processes.
Mandatory involvement upfront
From a Tax Control Framework perspective, for setting up risk-based controls, the more unusual the transactions, the greater the tax risks.
The tax policy should also describe situations when it will be mandatory to involve indirect tax departments upfront (e.g., stakeholders such as Legal, IT, HR, Internal Audit, Procurement, Business, Finance).
The following transactions will always exceed a company's VAT risk appetite:
- Significant business transactions
- Non-routine transactions:
- Share issues or sales
- Reorganizations
- Acquisition or disposal of any business or part of a business
- Acquisition or disposal of real estate
- Financial transformation
- Part of the business is outsourced (e.g., a Shared Service Centre or accounts payable/receivable to a third party service provider)
- Other financial transactions
Recommended is to describe in detail the requirements for other process owners/stakeholders to seek VAT input early in the process. It should cover non-routine or significant business transactions and the requirement for review & approval by the indirect tax department before the execution of the transactions. The indirect tax department should always be a mandatory workstream, for example, for technology and finance projects.
Operational changes have tax consequences due to the change in transactional flows and a company’s assets, functions, and risk profile. It important is to ensure that the new operating model is not only implemented correctly from a direct tax perspective but also ensures that business processes are overall tax aligned, realizing support of the business in the areas of compliance, finance & accounting, legal, IT systems, VAT, and regulatory matters.
To move the tax policy from paper into practice, the roll-out may also include organizational changes, and improvements to processes and systems.
Efficient and effective use of VAT resources
VAT resources are usually scarce within a company, so their available time must be used most efficiently and effectively. It is about making the right choices and ensuring that the resources and budget needed align with the tax risk assessment outcome. Due to limited VAT resources, time should be spent first on high-risk areas.
Click picture to enlarge
To allocate resources to risk- and cost-saving areas, the company's level of risk appetite has to be determined.
This facilitates prioritization in the deployment of resources. Having defined acceptable levels of risk leads to resources not having to spend time on further reducing risks that are already at a satisfactory level. The efficiency and effectiveness of the indirect tax department should be periodically measured and compared with financial and operational KPIs. This should be discussed in review meetings, and corrective actions must be identified and executed.
Benchmarking risks and controls
When a tax policy is not yet written, a first action item could be for designing such a tax policy to agree with senior management the company’s overall VAT risk tolerance parameters and benchmarked that against a normative VAT Industry Risk and Control Matrix and determine the 'impact and likelihood'. To manage mutual expectations, the opening question could be:
What do you consider still an acceptable outcome in numbers from a worse-case perspective when the tax authorities have performed a VAT audit and raised an assessment?
Risks: 'impact' and 'likelihood'
Click picture to enlarge
Normative 'VAT Risks", "Controls" and "Test of Controls" are provided in the next chapters:
- Tax Governance
- Strategy
- Risk Management and Cash flow optimization
- People
- Change management
The above critical building blocks are, most of the time, not yet included in a Tax Control Framework. Benchmarking results, therefore, in better visibility and awareness of the current state and can quickly assess where (further) improvements can be made. This normative scan is used not only for such a GAP analysis but as well from a design as a first starting point to set clear tax objectives.
Click picture to enlarge
Tax Governance
The key element is to agree on who can decide what and when, establish the right level of control, inform responsible employees, and conclude and report the level of ‘in control’:
- Analyze and evaluate weaknesses
- Review the status of remediation
- Consider changes in the control environment
- Conclude the level of ‘in control.’
'Who can decide what and when' relates to the tax function objectives, the processes in scope, and the required levels of control and informs those responsible for achieving these objectives, the process owners, about the tax policies signed off by senior management:
- assign tasks and responsibilities
- set procedures for implementing (new) rules
- set risk appetite, risk tolerances, and cost-benefit guidance
- prioritize and escalate
- desired versus required level of formalization
- determine and report on the actual level of ‘in control.’
Click picture to enlarge
Strategy
A relevant VAT strategy—correctly implemented—will allow the business to function effectively from any go-live, from both a tax and commercial perspective, so that it can generate sales and invoices, face fewer disputes with non-paying customers, remain tax compliant, and integrate the business on time and budget.
Normative Risks, Controls, and Tests of Controls have been defined to benchmark against.
Click picture to enlarge
Risk Management and Cashflow Optimization
Tax risk management strategy should differentiate in strategic, reputational, operational, and financial and compliance risks and contains detailed action plans for managing these risks.
Sox and similar business control framework initiatives focus primarily on financial and compliance risks. Those risks relate directly to the reliability of the annual report, resulting in a much higher 'acceptable' materiality threshold being used. The consequence is that many VAT risks that matter from a VAT Control Framework perspective will most likely not be scoped in.
Besides risks and cash savings, the reward could also improve operational efficiency. The hidden factory is defined as the amount of rework and cover-ups, the hours and days of wasted time in a company of people who constantly correct mistakes. Savings and more effectiveness from a tax control framework can be realized when that rework is avoided.
The objective is to make the hidden factory visible (measure/calculate ROI) and, as a result, return precious time and money to the business.
Example: how much rework is required before numbers received from finance systems can be used?
VAT risk categories
Click picture to enlarge
Normative VAT Risk Management
Click picture to enlarge
Cash impact
Click picture to enlarge
Normative Cash Flow Optimization
Click picture to enlarge
People
The tax department needs the correct number of tax personnel, skills, and capabilities to execute all its tax objectives. The indirect tax function knows it is understaffed and the budget is too limited to manage its current tasks. It also follows Big4 benchmark studies, as referred to below. The weak spot is that knowledge is lacking on how to change this and get it on the agenda of the CFO. The deployment of expensive fiscal knowledge nowadays usually remains limited to control of direct tax.
Currently, the Indirect Tax Department employs X amount FTE; X amount Indirect Tax advice and X amount FTE VAT Compliance.
Click picture to enlarge
The overall VAT ‘community’ is larger. For example, employees who work part-time on VAT matters but are formally not in the tax function but have a role in managing certain tax affairs (e.g., make VAT decisions (AP/AR), provide critical information, support VAT reporting, etc.). They are the 'shadow tax function'.
Assigning new responsibilities or extra tasks to the indirect tax department or 'shadow tax function' due to the new 'tax policy' in place will impact the current VAT workload. That means new priorities have to be set - focus only on key issues - and when an overload of work still exists, work should be delegated to extra resources either internal or external. Providing resources, budget, and/or innovative tooling is essential when a company wants to realize change without senior management buy-in, which will often be a mission impossible.
Click picture to enlarge
Change Management
A VAT Control Framework often focuses on managing inherent risks and less on avoiding future risks. The root cause is that the primary focus is usually still on - due to the company's business control framework - whether correct and in time VAT reporting has been filed. That is a look-back exercise; only financial and compliance risks are often considered.
Avoiding future risks is important from a VAT Control Framework perspective as it reduces future firefighting (e.g. rework) and any unforeseen exposures.
The following items will be discussed from a change management perspective:
- VAT Policy
- Change in VAT legislation
- Changes in the business
- Advice to the business and other reporting requirements
- Changes in the business and maintaining relationships with tax authority
- Configuration of accounting systems
- Changes to VAT rates and VAT condition tables or logic
- The VAT element of material master data and IT controls
VAT Policy
Click picture to enlarge
Change in regulation
Click picture to enlarge
Change in the business
Click picture to enlarge
Maintaining relationship with tax authority
Click picture to enlarge
Advice to the business
Click picture to enlarge
Other reporting requirements
Click picture to enlarge
Configuration of accounting systems
Click picture to enlarge
Changes to VAT rates
Click picture to enlarge
Changes to VAT condition tables or logic
Click picture to enlarge
VAT element of material master data
Click picture to enlarge
This email address is being protected from spambots. You need JavaScript enabled to view it.
Written by Richard Cornelisse
Richard advises multinational businesses in improving the efficiency and effectiveness of their Indirect Tax Function and Tax Control Framework.
He started his career as a manager at Arthur Andersen and then became an EY partner where he led the indirect tax performance team for Netherlands and Belgium. Currently, he is a managing director of SAP Tax Consultancy Firm.
Richard has over 20 years of experience advising clients on international VAT issues. He is specialized in the tax aspects of financial transformations, shared service center migration, and post-merger integration work.
Richard has over 20 years’ experience advising clients on international VAT issues. He is specialized in the tax aspects of financial transformations, shared service centre migration, and post merger integration work. Richard is also somewhat of a mentor, giving back to the profession. If you are interested in conversation and discussion, please feel free to contact him.
Relevant chapters for further detail
- VAT Control Framework
- OECD - Co-operative Tax Compliance - Building Better Tax Control Frameworks
- Elements of GST Control Framework - Singapore
- 'Governance', 'operation' and 'infrastructure'
- Tax position exceeds external auditor's materiality
- Spreadsheets and VAT Compliance
- Tax Authorities peeking at your data
- VAT throughput calculation
- Statistical sampling: quantification of tax risks
- Statistical sampling: ‘single audit’
- Data analysis
- Check EU and local invoicing rules
- SAP review
- Gain awareness and acceptance of senior management
- An indirect tax strategic plan: approach and scope
- Company's 'governance', 'operation' and 'infrastructure'
- Strategies, approaches and models
- Setting the objectives of the tax function
- Structure the tax function
- Audit defense strategy
- Migration to new jurisdictions
- Change of business models
- The Intersection of VAT and shared service centers
- M&A integration: managing the moving parts before, during, and after a transaction
