Tax risk management has usually been most focused on the traditional realm of uncertain tax positions. The financial and reputational risks attached to non-standardised, unmonitored and/or undocumented tax operational procedures, although perhaps more mundane, are often of greater concern. This is particularly acute for organisations whose very brand is built on the foundation and perception of robust information systems.
The board relies on executive management to ensure that effective systems are in place and monitored in real time. But for greater risks, the board may rely on the eyes and ears of the internal audit function as an additional line of defence.
Internal auditors understand the integrity of tax information flows from record to report by walking through and testing process design step-by-step. This may include activities undertaken in finance or elsewhere in the business, for which tax may still be held accountable. Good process design is often demonstrated to stakeholders including auditors by way of documented policies and procedures. The operating effectiveness of key controls within these procedures are then tested by reference to real life examples and documentary evidence.
All too often assessed as immaterial or too complex for inclusion on the rolling internal audit program, the trend is now set for tax to become a regular fixture. Undertaking an assessment of your organisation’s tax operating model and identifying a plan to remediate gaps is a solid first step to being prepared for an inevitable visit down the line. KPMG’s Tax Integrated Governance Evaluation & Reporting (TIGER) tool can help.