phenix6

“A ship in harbour is safe, but that is not what ships are built for.”

Transactions in today’s business world

A different approach to business indirect tax advice Even as the world is shrinking, businesses and their growth strategies are becoming more complicated. A schematic drawing of the functions of a typical multinational today might look like a Rube Goldberg contraption—a complex of moving parts that must connect one to another for tax, regulatory, and reporting purposes.

And unlike the more contained structure for handling income-based taxes, responsibilities and key drivers for indirect taxes may be spread throughout the enterprise, residing not just in the tax department but in any of such diverse departments as finance, information technology, supply chain management and logistics, human resources, and beyond.

Added is the growing trend toward shared service centers (SSCs) that are responsible for operational processes including accounts payable and accounts receivable as well as other outsourced functions for tax, finance, and treasury. Tax determination and reporting for the entire operation may be governed by one or more enterprise resource planning systems, which in turn may be integrated to varying degrees, with or without the benefit of sophisticated technology tools.

All these factors make for a changing and increasingly sophisticated business environment that requires a different approach to business indirect tax advice.

A cash in and a cash out?

VAT is a tax on consumption. It is collected in stages by the businesses (or intermediaries) and is fully borne by the final purchaser. As a consequence, VAT is a transactional tax with the potential to impact all transactions with suppliers and customers.

See chapters: How VAT worksVAT eLearning course - European CommissionVAT and business and HMRC - VAT Guidelines

Unexpected costs are high and ‘above the line’

VAT neutrality has to be earned Measuring risks is often based on the balance between output VAT and input VAT and not on the total amount of VAT/GST throughput (also called VAT ‘under management’).

The findings listed above are not surprising as often the question is asked what risk management even has to do with VAT/GST. The reasoning behind this question is that VAT/GST is typically cost neutral for most businesses: “a cash in and cash out” scenario. However, every indirect tax function knows that deductible input VAT and liable output VAT have to be managed separately to avoid substantial VAT assessments, penalties and interest payments.

It is a risky business to monitor only the balance between output VAT and input VAT. Neutrality can only be achieved – better is the word ‘earned’ – if certain formal and material requirements are met.

VAT under management It starts with the people in the organization becoming aware of the amounts that are at stake and the risks of something going wrong. Big4 surveys show unanimously that we’re easily talking about amounts of 5 billion euros concerning indirect tax.

Benchmark studies repeatedly create the same picture: too little control, too few KPIs and when a mistake is made in the control, it usually concerns large amounts of money.

A mistake of one percent can make the difference between profit and loss for a multinational company. Explain that to your shareholders.’

Audits via data analytics Tax authorities, due to technological innovations, have become increasingly better in executing their tax audit. The probability that the tax authorities will issue additional assessments and penalties in the near future because errors in indirect tax are detected, increases by the day. Tax authorities collect and analyze already indirect tax data (e.g. SAF-T for VAT).

The focus is not only about timely and accurate VAT reporting but as well whether on high risk areas an effective tax control framework is in place. Tax risk management methods are assessed.

A tax trend is that companies due to regulations will have to become transparent about their attitude to tax risk, its appetite and its approach to its relationship with tax authorities. It will cover the governance framework describing the way a business takes decisions on taxation including information on the systems and controls in place to manage tax risk.  

It is therefore essential that a  documentation exist of your (automated) tax control framework and a logbook – risk register – is kept of all identified inconsistencies. The internal tax function should always have insight into the areas for attention through this logbook. This allows tax managers to set the right priorities and take measures timely.

Managing this indicator is the responsibility of senior management

Click to enlarge

VAT throughput

 Click to enlarge

Schermafbeelding 2015 04 19 om 13.33.07

Personal liability

Comply with tax laws 59 percent of respondents (53 percent in 2014) expect the personal liability of compliance officers to increase in 2015, with 15 percent expecting a significant increase. 

Compliance officers or its Executives at  firms as diverse as Swinton Insurance, Bank Leumi, Bank of Tokyo-Mitsubishi, Brown Brothers Harriman and Deutsche Bank (DB: VAT fraud) having been fined, banned or jailed (or a combination).

Criminal charges and jail time

More often tax and public prosecutors‘ offices file criminal charges for tax-related scenarios with consequences for nor only the businesses reputation wise but also the executives and employees that could be jailed.

Eight Deutsche Bank staff to be charged in carbon VAT fraud probe Prosecutors said they were investigating 25 bank staff on suspicion of severe tax evasion, money laundering and obstruction of justice, and searched the headquarters and private residences in Berlin, Duesseldorf and Frankfurt.

"Two of Deutsche Bank's Management Board members Juergen Fitschen and Stefan Krause are involved in the investigations as they signed the value-added tax statement for 2009," Deutsche Bank (DBKGn.DE) said in a statement.

Will good compliance officers stay at firms when attitude to compliance is poor?

The potential risk will be the loss of talent pool and historical knowhow.

Let’s dig deeper
An AR and AP example

Incorrectly applied zero VAT rate Failures in VAT-critical systems and processes can result in overpayments of VAT that represent a real cost to the business, or in underdeclarations that entail the threat of penalties and reputational risk.

The correctness of VAT reporting is checked only afterwards by the tax authorities. Non compliance could result in that over many years an assessment can be levied (depends on country’s assessment period: NL is five years) including interest and increased with penalties.

The penalties for incorrect invoicing can be a percentage of the turnover, so amounts can quickly become material—up to 27 percent VAT in Europe on the turnover plus penalties.

Take for example the risk when incorrectly the zero VAT rate is applied. The supplier is responsible for ensuring that all the conditions for applying the zero VAT rate are met. If not, the tax authorities will seek to recover tax due from this supplier via a levy of a tax assessment. 

If the applicable VAT rate is 25%, the tax assessment will be 25/125 of the consideration charged. This assessment has to be increased with interest and penalties to determine the total tax burden.

Something as basic as a billing error leading to invoices issued in the wrong name could not only delay revenue receipt but also result in nonrecoverable VAT. The penalties for incorrect invoicing can be a percentage of the turnover, so amounts can quickly become material—up to 25 percent VAT in Europe (Hungary 27%) on the turnover plus penalties.

As written before, it is risky business to monitor only the balance between output VAT and input VAT. Neutrality can only be achieved - better is the word earned - if certain formal and material requirements are met.

In many countries indirect tax returns are not audited by the tax authorities. Tax certainty about tax positions taken will exist once the statutory time limits are exceeded. That might change when e-audits approaches are standard implemented as audit method or other VAT fraud measures come into force.

  • An oil and gas company had to pay $2 million in VAT instead of getting the refund they expected in the same amount.
  • A mining company was assessed $500 million in taxes and penalties because they lacked the proper documentation.
  • A consumer products company missed out on a $20 million VAT refund.
  • A Fortune 100 company saw its officials put in jail because of personal liability.

Balancing risk and reward A single operational failure in the systems and processes that manage the flow of Indirect Taxes through the supply chain can have significant consequences in terms of additional assessments, penalties, blocked VAT refunds and delayed payments from customers.

But do these taxes and tax planning opportunities get the attention they need, especially in light of increasingly complicated and globalized business models?

There is one common denominator that is too often missing from the strategic or planning elements of a financial transformation — indirect tax. And although these tax considerations may not be among the issues that drive a financial transformation decision, tax can certainly give rise to some significant and costly challenges. That is particularly true of value added tax (VAT), which hits a number of disparate points within the enterprise as diverse as finance, procurement, IT or HR.

"Change is the law of life. And those who look only to the past or present are certain to miss the future."

Identify and manage the risks and challenges arising from change

Root cause examples

   Root causes examples
 

A process failure (either within or outside of the accounting system) to apply the correct VAT liability to a transaction (either not charging VAT when it should be, or charging VAT when it should not be)

 

A failure to identify a requirement to register for VAT within a jurisdiction (establishment is often unnecessary in creating an obligation – a mere sale of goods can be sufficient to create an obligation to register for VAT);

 

A failure to evidence the non-application of VAT to a transaction, e.g. lack of export documentation, etc;

 

A failure to account for VAT on inter-company transactions;

 

A failure to reconcile VAT turnover to AR;

 

A rejection of a VAT credit through AP because of invalid documentation, e.g. the purchase invoice to support the credit was missing or defective;

 

A failure to claim credit for VAT charged at importation;

 

A failure to self-assess VAT on the receipt of services from a non-resident or on transfers of goods from one EU Member State to another.

Questions to ask

Click to enlarge

Scoping 1

Tax objectives and current needs

The tax function should be able to understanding business activities/objectives including R&D and get aligned with other functions like legal, HR and IT.

The tax objective is to mitigate risk and identifying opportunities to support company's supply chain. Failures in VAT-critical systems and processes can result in overpayments of VAT that represent a real cost to the business, or in underdeclarations that entail the threat of penalties and reputational risk.

"Risk is like fire:  If controlled it will help you; if uncontrolled it will rise up and destroy you"

Financial data reflecting the business model designed Not only finance but also tax needs access to data that shows how transactions are processed and how IT systems are set up. Data integrity is an operational risk factor when transactions are booked in any given country and are not properly evaluated for tax purposes.

It could that the financial data in the system does not reflect the business model design or that change is not properly managed. In the current 'as is' it is often a challenge to get access to the relevant tax data that must be reported to regulators, investors and tax authorities in every business unit and country in which a company operates.

Risk identification and mitigation

Risk register Keep a logbook – risk register – of all identified inconsistencies. The internal tax function should always have insight into the areas for attention through this logbook. 

The risk register should contain the following labels:

  • number
  • name of the risk
  • risk definition
  • cause for the risk to occur
  • risk category and
  • the risk owner

 This all allows tax managers to set the right priorities and take measures timely.

Threats and opportunities: compliance failures, complex legislation and new tax rules

Managing risk is about making decisions at all levels of an organization, to limit the effect and likelihood of threats happening and to increase the effect and likelihood of opportunities. It is about taking the right amount of the right risk.

  • Review the categories of VAT risk the company is facing as well as the likelihood of occurrence, its potential impact and mitigation measures
  • Review the company's risk appetite and risk tolerance and the way in which risks is measured

Risk management - strategic objectives

 

Activities

Strategic objectives per role

 Why

Risk management

Ensure identification, select and manage tax risks as a basis for indirect tax management and reporting, ascertain that unacceptable but existing tax risks are identified and that clear, timely communication on tax status, tax activities and tax risks takes place.

  • To ensure that company complies with indirect tax laws
  • Filing of all required indirect tax reporting, including preparation of proper support files:
    • Reduce unanticipated risks
    • Avoiding penalties for late filing
  • Review indirect tax assessments:
    • Ascertaining that appropriate action is taken before the deadline passes
    • Apply proper cash management
  • Tax audits:
    • Optimize the tax audit process 
    • Limit the duration of tax audits
  • Assist and support local operating companies:
    • Ensure that local operating companies benefit from the skills and expertise of the indirect tax function
  • To set clear, accessible and workable policies, standards, manuals and guidelines endorsing the company's culture
  • To ensure that group companies act consistently globally and benefit from best practices applied by other group companies. To create and raise awareness on indirect tax policies, indirect tax risks and changes in laws & regulations

Risk definitions

 Risk  Definition

Reputational risks

Exposures associated with the wider impact on the company's that arises from a company's actions or errors and have become public knowledge

Strategic risks

Strategic risks can impact the achievement of strategic objectives of the tax department like e.g. governance, tax planning, mergers & acquisitions, financial transformation outsourcing. Is the level tax risk at an acceptable level taken, the tax function been part during the design and implementation, is what is agreed upon properly documented correctly implemented and in time.

Compliance risks

Compliance risks impact compliance of the company with regulatory and legal requirements and the resolution of government inquiries. Compliance risks occur due to incorrect numbers in the system for example because of lack of data, misinterpretation of the law or the miscommunication or misinterpretation leading to wrong conclusions or actions.

Operational risks

Operational risks are both internal and external risks impacting the operations of the tax department e.g. tax activities embedded in business operations, the underlying systems and tools, access to data, and knowledge. Examples of operational risks from not having embedded proper tax procedures in the business processes include hold-up of goods at the border due to failure to properly handle customs duties, VAT registrations are missing or failing to update ERP system setup of processes and controls when VAT law or the supply chain has changed.

Financial risks

Financial risks are any risks which are impacting the financial reporting processes of the tax department e.g. accounting and reporting, SOX 404 and other regulatory regimes. Financial risks are for example not disclosing adequate or timely tax information resulting in regulatory scrutiny, not correctly estimating contingency reserves for uncertain tax positions, and not being able to support the calculation of deferred taxes and related valuation allowances reported in the financial statements. 

For a transactional tax like VAT the financial risks are almost identical to the compliance risk as VAT return are based on financial accounting data. An example of additional financial risk is the scenario where the applied VAT rate is 0% and there is no sufficient evidence for the correctness of applying 0% VAT which could result in VAT assessments for the VAT liability. These VAT assessment amounts are not recorded in the financial statements automatically.

Audit Type

Risk

Risk description

Impact and likelyhood: complexity and change

AR

Outgoing invoices

  • Underpaid VAT on VAT subject sales filings
  • Deferred VAT asset accounting
  • Understated Indirect Tax liabilities reporting

Risk management

  • Ensuring that unacceptable indirect tax risks will be prevented
  • Ensuring that unacceptable indirect tax risks will be identified
  • Ensuring that identified indirect tax risks will be managed and mitigated

Reputational risks

  • VAT deduction of clients disputed and assessed by tax authorities when invoice does not meet legal invoice requirements
  • Failure to drive the optimum relationship with the (indirect) Tax Authorities

Strategic risks

  • Failure to identify relevant changes in VAT legislation and communicate in time/at all to the AR and IT department
  • VAT changes in supply chain are not communicated in time/at all to the AR and IT department
  • Failure to perform VAT impact analysis review's with respect to business strategy changes
  • Master Data with respect to Customer data and not VAT compliant

Operational risks

  • Rework due AR VAT corrections and reinvoicing
  • Too late adjustments of Oracle/SAP VAT settings
  • Lacking of proper VAT registrations

Compliance and Financial risks

  • VAT incorrectly calculated 
  • Incorrect VAT rate
  • Incorrect exempt or OTS
  • Invoice requirements are not met
  • Customer VAT number is incorrect
  • 0% rate not proven with underlying documents
  • Valuation allowances on bad debts are 'overstated'
  • VAT group transactions wrongly booked
  • VAT is not reported in time
  • Incorrect VAT rate settings in master data files and/or customer master data leads to wrong VAT treatment
  • End-use computing tools (Excel), i.e. spreadsheet for consolidation of VAT group return contain errors (formulas, references)
  • VAT liabilities with respect to outgoing VAT subject transactions are not recognised and accounted for.
  • Wrong VAT numbers in VAT reporting
  • VAT risks and issues are not identified nor adequately monitored

In scope given the materiality (sum of taxes paid each period) and inherent risk based on complexity and change is high.

Audit Type

Risk

Risk description

Impact and likelyhood: complexity and change

AP

Incoming invoices

  • Lack of proper knowledge or effective processes and controls to determine correctly the VAT treatment AP invoices.
  • Lack of effort and/or commitment to remediate and improve processes

Risk management

  • Ensuring that unacceptable indirect tax risks will be prevented
  • Ensuring that unacceptable indirect tax risks will be identified
  • Ensuring that identified indirect tax risks will be managed and mitigated

Reputational risks

  • Important vendors are not paid in time that might disrupt the business
  • Failure to drive the optimum relationship with the (indirect) Tax Authorities

Strategic risks

  • Failure to identify relevant changes in VAT legislation and communicate in time/at all to the Purchase Order/Accounts Payable departments
  • Failure to perform VAT impact analysis review's with respect to business strategy changes
  • VAT changes of the supply chain are not communicated in time to the Purchase Order/Accounts Payable departments

Operational risks

  • Rework due to AP VAT corrections

Compliance and Financial risks

  • Master data with respect to suppliers data and stock items data not VAT compliant
  • VAT incorrectly calculated 
  • Reverse charge not accounted for (in time)
  • Incorrect VAT rate
  • Incorrect exempt or OTS
  • Invoice requirements are not met
  • Vendor VAT number is incorrect
  • Lack of awareness with respect to non deductible VAT charges
  • VAT group transactions wrongly booked
  • VAT is not deducted in the appropriate VAT return
  • Incorrect VAT rate settings in master data files and/or supplier master data leads to overclaimed input VAT 
  • End-use computing tools (Excel), i.e. spreadsheet for consolidation of VAT group return contain errors (formulas, references)
  • VAT liabilities with respect to incoming VAT subject transactions are not recognised and accounted for.
  • Wrong VAT numbers in VAT reporting
  • VAT risks and issues are not identified nor adequately monitored

In scope given the materiality (sum of taxes deducted each period) and inherent risk based on complexity and change is high when outsourcing of VAT functionality applies with VAT AP processing and procurement.

See chapters: ERP systems and tax enginesSpreadsheets and VAT ComplianceTemplates for VAT strategy plan, Incorrect VAT numbers, VAT determination of incoming invoices and  VAT control framework

Lack of the right resources or technology support due to change

Take for example a Shared Service Center. Historically, the activities around transactions giving rise to indirect taxes have been handled by in- country entities that are more familiar with local regulations and compliance requirements and accustomed to the rules and obligations for invoicing, liability, rates, accounting and reporting specific to each of the myriad jurisdictions.

But what happens when VAT and GST functions are transferred to an offshore SSC in some faraway location? How complex will the operational requirements be when one SSC is dealing with countless transactions that originate in multiple countries and languages and fall under the auspices of a variety of cultures and authorities?

In the new situation often the employee turnover is high and the local staff made redundant.

Can you predict the risk?

A real world example

Historical knowledge lost and not managed A multinational company based in France decided to centralize and transfer functions to Switzerland. Not only did they neglect to document the processes and thoroughly analyze the VAT impact, they also lost staff that was familiar with the functions.

As a result, the company also lost access to the historical data relating to the preparation of VAT returns and had employees that were unfamiliar with the methods for preparing the returns or making manual adjustments.

At the time the VAT audit was announced, major panic ensued and the SSC staff had to work around the clock to obtain more insight into the original processes and collect information for reconstructing the VAT returns.

The company was at risk for the full amount of the VAT and for penalties of up to 100% of the VAT owed. In short, the potential benefits of the SSC migration were largely overshadowed by the additional time and money that had to be spent for this emergency response and the disruption to orderly operations.

As MNCs move more and more to the shared service model to meet their varied objectives, the responsibility for indirect taxes migrates with them, especially in the case of VAT and goods and service tax (GST). Also, complexity in managing these taxes increases exponentially when cross-border activities are involved, especially in today’s VAT environment, where all too often controls are external, processes are manual and procedures are not documented.

One of the most common side effects of an migration that cannot be fully realized surfaces in the realm of invoicing. For example, large numbers of payable invoices are not correctly coded so VAT is not deducted (in time).

Foresee future risks long before they manifest themselves

Getting ahead of possible problems at the planning stage before they arise in practice is one critical way to make sure that the company reaps the benefits. The change of a business model can create not only VAT risks, but as well commercial risks such as logistics problems in getting goods into a country and delays and hold off of shipments resulting in disruption of daily business. 

A couple of root cause examples: the company forgot to register for VAT or procurement forgot to agree with supplier who was importing the goods.

Examples where indirect tax input is always needed upfront

  • Share issues or sales
  • Reorganisations
  • Acquisition or disposal of any business or part of a business
  • Acquisition or disposal of real estate
  • Financial transformation
  • Other financial transactions
  • Part of the business is outsourced (e.g. a Shared Service Centre or accounts payable/receivable to a third party service provider)

Likewise, the VAT work stream should be integrated with contingent technology and finance projects.

This may prove challenging as a number of initiatives, particularly those that deal with systems development and technology enablers, are often not visible to the tax function — another point that underscores the need for transparency and upfront communications.

Failure to align with initiatives that can intersect with VAT can result in a VAT design that is inefficient from a process perspective and not a “best fit” for the business.

See chapters: Non routine transactions and  Templates for VAT strategy plan

Managing reputational risk

Reputational risk is a key element in tax risk management as it is it not only considers individual tax risk but also sees how tax risk may influence the positions in other areas, negatively or positively. 

If a company is associated with unacceptable behaviour, the suppliers or vendors may choose to change contractual relationships and it could impact shareholders value. For management purposes the objective is to predict the mindset of the public opinion.

See chapters: Tax Transparency and Enhanced Relationships

Some key question to ask

  • How do you communicate risks?
  • How do you want tax to be viewed by management?
  • How do you think it is viewed?

Optimizing VAT recovery, working capital efficiency: cost and cash flow benefits

Overall business strategies focus nowadays on:

  • Release cash
  • Reduce costs such as reduce complexity, lower cycle time, minimize defects and errors, etc
  • Efficient refinancing and restructuring

To meet the objective, increasing cash will involve reducing or deferring output tax and increasing or accelerating input tax.

See chapters: State aid or not - what about 'reputational tax risks and Developing a common framework for disclosing tax information

Fraud and increased audit and reputational risk

A recent European Union study (2013) says the bloc's 28 member nations may be losing almost 200 billion euros ($267 billion) annually in value-added tax revenues due to tax evasion and a lack of enforcement.

EU Tax Commissioner Algirdas Semeta said  the amount of revenues slipping through the governments' nets is "unacceptable, particularly given the impact such sums could have in bolstering public finances."

The study for the European Commission, the bloc's executive arm, found member states lost an estimated 193 billion euros ($258 billion) in VAT revenues in 2011, or 1.5 percent of the EU's economic output. 

Actively combating VAT fraud is a priority for the European commission and local governments. New measures are being taken such as the introduction of individual liability for not remitting VAT if the buyer knew or should have known that he was buying from a fraud.

To prevent such a condition of liability, the ability to demonstrate that sufficient control measures have been taken is essential.

 In the next paragraph an overview is given of the estimated VAT Gap per Member State

Is it not realistic to state that the risk of a tax audit increases in countries that have lost substantial tax revenue because of VAT fraud. Something to consider from an audit defense strategy perspective and could be a reason to challenge the company's current indirect tax priorities set.

One of the tasks of the indirect tax function is to timely identify changes in legislation and regulations potentially affecting the group and/or its business. There could be many other arguments why for example review of control measures to avoid such liability should be a top priority.

Top on my list is managing reputational risk - Richard H. Cornelisse

Estimates of the VAT gap per member state

Click to enlarge

EU study VAT Gap due to Fraud

See chapters: State aid or not - what about 'reputational tax risks and Developing a common framework for disclosing tax information

Written by Richard Cornelisse
 Richard LinkedIn

Richard advises multinational businesses in improving the efficiency and effectiveness of their Indirect Tax Function and Tax Control Framework.

He started his career as a manager at Arthur Andersen and then became an EY partner where he led the indirect tax performance team for Netherlands and Belgium. Currently, he is a managing director of SAP Tax Consultancy Firm.

Richard has over 20 years of experience advising clients on international VAT issues. He is specialized in the tax aspects of financial transformations, shared service center migration, and post-merger integration work.