VAT control framework

Details
Parent Category: Content table
Category: Building Blocks of a VAT Control Framework
Hits: 31150

phenix3

“Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.”
Denis Waitley

Transactions in today’s business world

Even as the world is shrinking, businesses and their growth strategies are becoming more complicated. A schematic drawing of the functions of a typical multinational today might look like a Rube Goldberg contraption—a complex of moving parts that must connect one to another for tax, regulatory, and reporting purposes.

And unlike the more contained structure for handling income-based taxes, responsibilities and key drivers for indirect taxes may be spread throughout the enterprise, residing not just in the tax department but in any of such diverse departments as finance, information technology, supply chain management and logistics, human resources, and beyond.

Added is the growing trend toward shared service centers (SSCs) that are responsible for operational processes including accounts payable and accounts receivable as well as other outsourced functions for tax, finance, and treasury. Tax determination and reporting for the entire operation may be governed by one or more enterprise resource planning systems, which in turn may be integrated to varying degrees, with or without the benefit of sophisticated technology tools.

All these factors make for a changing and increasingly sophisticated business environment that requires a different approach to business indirect tax advice.

'As Is' situation to benchmark at
Does it fit or not?

Many organizations continue to manage their global indirect tax throughput without reference to risks that are inherent to all transactional operations and processes. Other organizations have successfully identified indirect tax risks within their global ERP systems design and accounting processes, but have yet to develop a coherent and proactive indirect tax strategy that addresses and effectively manages these risks.

Within most organizations, there is no single person or department responsible for the end-to-end VAT accounting process. The finance department owns overall responsibility for the sales and purchase processes, but the application architecture underpinning those processes is configured and maintained by the IT department.

The control environment surrounding manual intervention in the accounts payable and receivable processes remains the responsibility of the finance department. VAT-critical processes such as PO creation, invoice verification and AP tax code selection are subject to limited or inappropriate controls, while the attention of the internal indirect tax function remains focused on the provision of ad hoc advisory support to local business units.

Failures in VAT-critical systems and processes can result in overpayments of VAT that represent a real cost to the business, or in underdeclarations that entail the threat of penalties and reputational risk.

Through the design and implementation of effective controls, the objective of the internal indirect tax function should be to assume overall strategic responsibility for the operational integrity of VAT-critical systems and processes.

Unless there are measures in place to capture and control the end-to-end VAT accounting process, the result will be an incomplete risk management strategy that is essentially unreliable. By contrast, an improved tax risk management model should involve periodic testing of controls to guarantee the effectiveness of VAT-critical processes.

"Someone is sitting in the shade today because someone planted a tree a long time ago."
Warren Buffett

Benchmark

Benchmarking provides objective evidence. It can show whether you have achieved your objective set such as a 'mature' tax function' or make visible what needs to be done to make that happen. It might provide the extra arguments to realize change and get buy-in.

Big4 surveys and KPIs and controls

While the rates for direct tax are decreasing everywhere across the world, the rates for indirect tax keep rising. With multinational companies, we’re easily talking about amounts of over 5 billion euros of indirect tax flowing through the books.

Yet, according to big4 surveys, the control mechanisms for these numbers are still inadequate. Not only can an error in the accounts lead to major additional tax assessments and substantial penalties, but worse, a mistake of one percent can make the difference between profit and loss for a multinational company. 

The main reason that indirect tax receives less attention is that it is dealt with completely differently than direct tax. There are hardly any KPIs determined for VAT/GST, and the CFO generally solely focuses on direct tax regarding managing tax risks.

Perhaps the most surprising is the fact that the financial auditor also points out the huge risks of insufficient control of indirect tax. On the one hand, it is strange, since it is the benchmark studies from the tax advisors of the same firms who sound the alarm bells.

"Trust, but verify is a form of advice given which recommends that while a source of information might be considered reliable, one should perform additional research to verify that such information is accurate, or trustworthy."
Ronald Reagan

A company’s tax control framework that meets generally accepted control standards provides:

  1. insight into the areas prone to VAT risks (awareness),
  2. management has established the extent to which it is prepared to accept risks, and
  3. internal controls have been implemented that are appropriate given the material risks identified.

Clear responsibilities, effective systems, documented processes and robust controls

A Tax Control Framework (TCF) is an internal control instrument specifically aimed at the tax function within a company and an integral component of a company’s business control framework, which is different for every organization. It is a system (process) to identify, mitigate, control and report tax risks.

The objective of a TCF is to be in compliance with tax laws and reporting requirements and manage the risks that exceed the companies' risk appetite.

Governance, risk identification, controls, communication and monitoring

A TCF should prevent tax errors, identify opportunities in a timely manner, and perform correct filings at the right moment.

A company's VAT control framework system is adequate if it provides insight into where material VAT risks may arise in the company (awareness), while the degree of risk tolerance is established internally and where appropriate control measures are taken regarding these risks.

A review should take place of the categories of VAT risk the company is facing as well as the likelihood of occurrence, its potential impact and mitigation measures. Review the company's risk appetite and risk tolerance and the way in which risks are measured.

Effectiveness and efficiency of operations, the reliability of tax reporting, and compliance with applicable laws and regulations

Click to enlarge

definitions 1

Sufficient internal communication

A TCF requires a clear understanding of the companies' material risk areas, the company's tax policy derived from business objectives, the VAT processes and risk-based control measures (hard and soft controls) and the roles and responsibilities of the indirect tax department and its shadow tax function.

  • Internal control is a process. It’s a means to an end, not an end in itself. Internal control is affected by people. It’s not merely policy manuals and forms, but people at every level of an organization.
  • Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
  • Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

From: The Institute of Internal Auditors, Does Your Control System Pass the COSO Test, March 1998, Issue 2

A tax control framework consists of

  • Strong tax governance with an agreed tax strategy that is in line with wider business objectives an in-depth understanding of where the key risks lie within the business, including indirect and wage tax
  • Effective and efficient controls in place to mitigate identified risks
  • A clearly defined communications strategy for managing tax internally and externally
  • Ongoing monitoring activities and improvement efforts
  • Ensure strong governance including the implementation of strict guidelines.

Threats and opportunities

Managing risk is about making decisions at all levels of an organization, to limit the effect and likelihood of threats happening and to increase the effect and likelihood of opportunities.

In many countries, indirect tax returns are not audited by the tax authorities. Tax certainty about tax positions taken will exist once the statutory time limits are exceeded. That might change when e-audits approaches are standard implemented as audit method or other VAT fraud measures come into force. What is often missed in a business case, planning and execution is a full understanding of the processes and controls needed to effectively and efficiently manage indirect tax.

Below, gaps might give rise to some important considerations from a benchmark perspective

Inability to comply with local VAT rules — Although the root cause will vary from one company and country to another, the risk is likely to arise because of the fundamental lack of resources with local knowledge, clear VAT policies and procedures, technology enablement and controls and metrics to facilitate and monitor compliance. In most cases, there is some combination of these causes.

newtechben

System incompatibility — It isn’t uncommon to find that the ERP system or other available technologies do not support, for example, SSC staff as fully or effectively as required in making sound decisions related to VAT.

phenix9

Processes not clearly defined  — Staff sometimes find themselves operating without clear descriptions or instructions as to how certain processes should function internally. That typically includes specific division of duties and defined responsibilities for every task and the person assigned to perform it, as well as the protocols for communicating with the tax office to receive updated information, escalate issues and solicit valuable feedback. The more pieces missing, the greater the risk.

Non-existent or inadequate processes and documentation — Since indirect tax guidance is not typically part of the brief, staff may not have access to VAT training, manuals or web-based technology to support their decisions and activities relative to VAT.

Insufficient communications — Staff may also be hampered by inadequate or unorganized communications between the indirect tax function and other operational business units (e.g., IT, logistics, group tax department) within the organization, making it very difficult to identify and address any crossover issues relating to VAT.

phenixtax

Non-existent or inadequate compliance controls — An indirect tax control framework and key performance metrics that focus on relevant indirect tax risk must be in place to provide the stability and transparency required to both enable and sustain compliance.  None of these “risk drivers” are insurmountable or prohibitively complex to overcome. That said, there are some equally significant VAT-specific rewards in a well-run and well-founded indirect tax function.

Performance improvement — Companies have seen a reduction in both manual effort and error rates in VAT processes from automating VAT decisions in an ERP environment and (or) using technologies available on the market, such as tax engines and certain web-based applications.

Better time management — More time is available to tax staff to set up and implement VAT strategy and planning. Since problems can be anticipated at an earlier stage and action taken to pre-empt or solve them.

phenix5

Process improvement — With, for example, a SSC doing a good portion of the “heavy lifting,” the organization has more time and resources to review, adjust, structure and optimize existing VAT processes. It may also lead to the development of a VAT team to operate as part of the overall international tax team.

Consistency and flexibility — An efficient and effective tax function can provide the company with a consistent operating model as well as flexible organizational design to support growth, profitability and compliance.  Once the company has evaluated the risks and rewards and conducted any other due diligence, the processes begin for identifying the VAT-critical functions, diagnosing the current state and designing the structure that will enable any effective migration.

VAT risk-based controls

There are a couple of elements that need to be considered to determine the materiality of VAT risks. Using absolute amounts is the way a business controls framework sets up a risk-based approach.  However, this is not sufficient as a VAT control framework is not only about paying the right amount of tax but also nowadays about avoiding risks that impact the reputation of the company.

Creating a consistent and robust controls environment for VAT-critical processes

  • We are talking about massive amounts of money that lack appropriate control, but because KPIs have never been developed for this particular purpose, the risks remain outside the CFO’s field of view.
  • Many organizations still lack an effective ‘indirect tax control framework' for defining a strategy, systems and control mechanisms to manage risks linked to reporting VAT.

Roadmap to conduct proper tax management

To get buy-in from senior management it is often about setting the right priorities, understanding the root cause of underperforming and selecting a method for measurement that best fits. The deck explains what a tax function could do to get indirect tax higher on the priority list of senior management.

phenixtax