1. What are the ATO’s expectations of tax risk management?

From the ATO’s perspective, good corporate governance includes managing tax risk, which should be an integral part of the company’s overall corporate governance. Put simply, tax considerations should be embedded in the company’s decision making processes - not merely an afterthought.

This is a key element to the ATO’s ‘justified trust’ concept, where the ATO has confidence that the taxpayer has paid the right amount of tax. A strong robust tax governance framework is a key driver of achieving justified trust. Whilst the ATO’s justified trust program applies to larger public and private groups, the ATO encourages all taxpayers to work towards implementing a strong tax governance framework.

The ATO is on record as saying that boards are too often ignorant about the gap between their company's official tax governance policies and what actually happens. Accordingly, boards need to more frequently ‘check-in’ to ensure that one follows the other.

2. What are three things directors need to know about the ATO Corporate tax governance overview?

The following issues should be high on a Director’s list:

  1. Have in place a tax risk management strategy for the board, management and staff to follow. This should include regular ‘check-ins’ to ensure that the board’s policy has been appropriately implemented and followed by management and staff.
  2. Aim to adopt the ‘justified trust’ concept relative to their organisational size/structure – as this will hold the company in good stead when identifying and mitigating tax risks.
  3. Directors need to familiarise themselves and be aware of the salient tax risks facing the company – they need to have sufficient knowledge to be able to identify the risks and put processes in place to mitigate and alleviate such risks.

3. How do corporate governance frameworks for SMEs differ to those for larger enterprises and listed companies?

Whilst the best practice guidance on the governance framework is quite detailed, the ATO accepts that it is not possible to be applied to all taxpayers and that different entities may legitimately adopt different governance practices based on a range of factors, including their size, complexity, history and corporate culture.

Accordingly, the framework may be less formal, but as long as it still deals with the relevant risks in a reasonable way, this should be able to be supported in the event of an ATO audit. Ultimately, the issue will be about evidencing that the taxpayer is aware of the tax risks and puts in place effective controls to mitigate these risks.

There may be SME specific risks which should also be dealt with (eg, less segregation of duties). Where this is the case, specific controls should be put in place to mitigate such risk.

4. What are the board level responsibilities versus the managerial level responsibilities?

Board level responsibilities centre on the establishment and oversight of the general tax governance framework and ensure that it is appropriately positioned within the company’s overall corporate governance framework. The board is required to ‘set the tone’ for the entire organisation, endorsing a formalised tax control framework, ensuring they are kept informed about salient tax issues arising and reviewing control testing plans and results. Testing processes and procedures is an important part of the tax governance framework – as it ensures that the controls put in place under the framework are appropriate and effective. Ultimately, the board is required to oversee an internal control framework that provides guidance on how all risks, including tax risks, are identified and managed within the business.

Managerial level responsibilities centre on the enforcement and implementation of the board’s tax policies. These responsibilities are much more hands-on and include:

  • Ensuring there is sufficient capability to enable effective management of tax risk (eg, staff, management and board roles and responsibilities are clearly understood; and that management has confidence in the capability of its people responsible for tax).
  • Ensuring IT controls are in place to ensure the integrity of the data.
  • Assuring the flow of information from accounting records.
  • Processes are in place dealing with law and administrative updates, including new legislation, ATO guidance and budget announcements.

5. What are the tax audit implications?

In the event of an audit, the business should be able to demonstrate to the ATO that it has the capacity to identify errors and mitigate tax risks. It is also important to remember that generally if you are the CEO/CFO of a $100 million turnover company, what is expected of you will be more than if you were responsible for a $10 million turnover company - not that you should let this influence your approach! Where audit reviews are undertaken, and the taxpayer does not have a satisfactory control and risk management framework, the ATO has stated that this may signal the need for more resources (such as specific audits) to be applied to fully assess tax risks.

Specific targeted audits can be costly, both from the use of internal resources and that of specialist advisers. Taxpayers will often significantly underestimate the time and cost involved with the review. Whilst implementing and maintaining appropriate tax governance may result in an upfront cost and ongoing internal resources, significant cost savings should be achieved in the long run as, in theory, there should be less ATO activity.

6. What are the director’s personal liabilities?

  • Under the director penalty regime, directors can become personally liable for:
  • Unpaid PAYG withholding amounts, and Unpaid super guarantee charge (SGC) obligations.

The director penalty regime will not affect directors if they ensure their company complies with its PAYG withholding and super guarantee obligations.

Effective from 1 April 2020, directors will also be liable for unpaid GST, Wine Equalisation Tax (WET), and Luxury Car Tax (LCT) obligations of the company.