Proposed PAPER for CRAC 2002

Proposed PAPER for CRAC 2002

The Scope for Continuous Assurance In the Tax Compliance Domain

The Scope for Continuous Assurance In the Tax Compliance Domain

Raymond J Butler, CISA

H M Customs and Excise Computer Audit Service

1st Floor, Custom House, Furness Quay, Salford, M5 2XX Uk

Abstract

This paper describes the potential uses, benefits and pitfalls of the use of continuous assurance / reporting to monitor taxpaying organisations’ compliance with

  • Good practice in tax accounting,
  • Revenue authority rules, and
  • Any individual conditions that are imposed under revenue law.

It is an exploration of the theory and the legal, operational and marketing issues rather than a blueprint for or description of any specific implementation by a revenue authority.

It takes as given that :

  • Commercial continuous assurance services and tools will be available in the national jurisdiction affected by any proposed Tax Continuous Assurance service.
  • Accounting software products in the relevant markets are able to communicate effectively with any continuous assurance service.

1. Background / Scope

1.1. The Goals of a Tax Authority

The Goals of a tax authority i include (but are not limited to)

  • Optimising Compliance (including fostering voluntary compliance by taxpayers)
  • Acting as a provider of Services in accordance with compliance goals
  • Ensuring fairness, equity and equality in the levying and collection of taxes.

This paper will describe how the application of Continuous Assurance techniques can contribute directly to the first two goals and support the last.

1.2. Background

In a self-assessment taxation environment, assurance works at two levels.

  • At the Macro level: - Are tax returns and other declarations :
  • Filed on time, completed correctly, and accompanied by the appropriate settlement?
  • Valid in accordance with the appropriate face vet / edit rules?
  • At the Micro level: - In each Tax return, are all transactions :-
  • Included ?
  • Recorded accurately ?
  • Reported in the correct period ?
  • Appropriate to the business ?
  • In compliance with the rules on allowable expenses, liability of sales, etc ?

Macro errors and issues are relatively easy to detect and handle, as (in general) the tax return transactions are due at fixed points in time, and revenue authorities’ systems chase missing returns and settlements, and follow up edit and / or validation errors detected during processing.

By definition, taxpayers’ internal controls do not detect micro tax errors (if detected they would of course be corrected). These errors and queries can accumulate over time and, given that the span of control by revenue authorities can be very long, can quickly store up large amounts of unexpected liability for businesses.

The application of continuous assurance techniques therefore offers business and tax authorities great potential benefits.

1.3. Scope of Continuous Assurance for Tax

Continuous Audit is a type of auditing which produces audit results simultaneously with, or a short period of time after, the occurrence of relevant events” ii

Continuous assurance at the transaction level would be of most benefit in

  • Assurance at transaction and summary or report level for Value Added and similar Taxes,
  • Capture of net liability for Value Added and similar taxes as it arises.

Similar taxes include GST in Canada and Australia.

Continuous Assurance would also be of benefit in

  • Calculating and checking Customs declarations (from submission of ship or aircraft manifests, bills of lading, commercial documentation in advance of the arrival of the goods),
  • Monitoring transactions concerned with relief from customs duties (for example goods may destined for incorporation into goods for eventual export)
  • Calculating liability to excise duties and monitoring movements of goods whose excise duty liability is suspended (e.g. cases of spirits moving between authorised premises)

In the Direct (Income / Profit) taxes field the nearest analogue to transaction-based taxes is deduction of tax from payroll (“Pay as You Earn” in the UK). Continuous assurance techniques could be applied here to, for example, check that:

  • The correct tax deduction codes had been applied to each employee, or
  • Deductions have been calculated correctly.

At a much higher frequency than is currently possible

1.4. Limitations

Continuous Assurance in whatever form it is implemented will, by its very nature, only give assurance that the transactions recorded on the taxpayer’s system and transmitted to the revenue authority are correct according to its rules, or that all rule violations have been detected. It cannot detect

  • Deliberate failure to report income (although analysis of records may give indications that this has occurred).
  • Incorrect posting or description of transactions (for example the processing of purchases by a department with a low rate of recovery or tax credit for purchases in the cost centre of a department able to make full recovery).
  • Omission of purchases (to conceal the sales resulting from adding value to those purchases). Again, analysis of records may give indications that this has occurred.
  • Falsification of purchase invoice transactions to reduce reported profits / value added .

In common with all Computer Assisted Audit Tools, Continuous assurance is unlikely to provide all the answers, but it will direct revenue auditors towards the right questions.

2. Benefits of Continuous Assurance in Tax Domain

2.1. To Taxpayers

Unless Revenue Authorities are able to legislate to make participation in continuous assurance compulsory, Taxpayer buy-in will only be achieved by providing and publicising strong benefits from and incentives for participation.

Taxpayers would benefit from the application of continuous assurance through:

  • Reduction in the cost of compliance with tax requirements.

Revenue authority’s assurance work would be largely automated and invisible to taxpayers, with a much-reduced impact on taxpayers’ resources and activities. Face to Face visiting / auditing for tax would not be completely eliminated, as some queries arising from Continuous Assurance will have to be resolved by a visit. However, such visits would be reduced in number and often limited in scope to resolving the issues raised by the Continuous Assurance process.

  • Facilitating Compliance Self-Assessment

Assuming that revenue authorities are willing to publicise control issues and recommended checks, tax issues could be included in Compliance / Control Self-Assessment Schemes in larger concerns, informed by feedback from the Continuous Assurance process

  • Peace of mind

The compliant majority of taxpayers will welcome the knowledge that their tax affairs are covered by strong error detection and prevention mechanisms, and that they have opportunities to rectify errors before they become serious

  • Assurance on mainstream business activities

Revenue authorities could provide participating taxpayers with assurance on their mainstream business activities as an incentive to participate in any Continuous Assurance programme.

  • Cash Flow Control

Tax, etc. liability could be calculated “on the fly” and settled daily, weekly, monthly or at some other period (perhaps by a direct debit from a nominated bank account) – This would avoid the overhead of return preparation and manual payment.

  • Other Incentives

Other incentives or legislation may have to be introduced to encourage take-up. This could include extension of payment deadlines, or selective direct tax credits for the purchase of accounting software that supports continuous assurance.

2.2. Benefits To Revenue Authorities

  • Reduction in cost of assurance services

While the capital costs of setting up a continuous assurance function and the associated secure communications can be high iii The marginal cost of providing continuous assurance, after set-up, is very low on a case-by-case basis given a large enough base of asurees.

  • Improvement in level of assurance

The ability to apply 100% checks to transaction data will give 100% confidence that all material mechanical errors or potential errors in that population have been detected and are being managed.

  • Reduction in Errors – Improvement in Tax yield

Because continuous assurance would give early warning of errors, early action by taxpayers to correct the errors will ensure that the correct tax is paid at the time, and that the taxpayer is educated to avoid repeating the error. This would increase the overall tax yield by avoiding the large number of errors that control sample tests suggest go undetected at present.

  • Improved / quicker trend analysis

Continuous assurance would, given a sufficiently large population of participating taxpayers, give revenue authorities access to data on business activities and trends in errors by taxpayers at the earliest possible stage. This would inform

  • Business education priorities;
  • Assurance activity; and
  • Refinement of checks through the automated continuous assurance process.
  • Cross-Matching transactions

Subject to applicable privacy legislation, tax authorities would have the ability to use the Continuous Assurance process to cross-match transaction data received from trading partners, to ensure that purchases reported by one partner matched the sales reported by another. If the vendor were not in the population covered by the Continuous Assurance process, the process could still match purchases from them by participants to the sales they reported by traditional means, to inform the credibility of the vendor’s declarations.

  • Improved monitoring of case-specific conditions

Where a taxpayer encounters difficulty paying their taxes, Instalment payment arrangements are sometimes entered into. Where a taxpayer has a history of poor compliance in other ways (e.g. persistent misreporting of transactions, extreme carelessness) revenue authorities have powers to impose conditions, which the business must meet in order to continue trading.

Continuous Assurance could be used to monitor compliance with such conditions, and to monitor liquidity and other indicators where a business was being allowed to pay arrears of tax by instalments.

  • Running Liability Calculation

The use of Continuous Assurance could give revenue authorities the ability to calculate liability for some taxes “on the fly” from the data submitted, thus avoiding return processing

  • Business Intelligence

The Continuous Assurance process could give revenue authorities an enhanced ability to segment taxpayers by approach / attitude to compliance and (possibly) by their behaviour in the Continuous Assurance scheme

3. Risks involved

3.1. Risks To Participating Businesses

  • Privacy

The more sensitive and potentially sensitive information that is transmitted by business, the greater the concern about and difficulty of maintaining its privacy and security. Any continuous auditing service has to address these concerns and risks, and Continuous Assurance for revenue purposes is no exception.

  • Over-Audit

The provision of detailed transaction data by taxpayers potentially gives tax authorities the ability to audit to a much finer level of detail compared to audit by “traditional” means.

Validation rules must be set to give no greater burden on business than “traditional” audit”. Tests must be designed, and tolerances within those tests set to reflect the appropriate level of materiality for the taxpayer involved, either individually or by reference to the appropriate business sector or customer segment.

This must be made clear to taxpayers at the outset of the continuous audit development process, and demonstrated by their practical experience.

  • Trading partner resistance

The provision of transaction data to revenue authorities, and the authorities’ perceived ability to match data across many businesses ability may lead trading partners of businesses known to be participating in revenue continuous assurance to pressure them not to participate, or to stop doing business with them, on the grounds that they do not wish their affairs (or the relevant parts of them) to be known by the revenue authorities in such detail.

3.2. Risks To Revenue Authorities

  • Over-reliance on recorded transactions

The ability to review, test and gain 100% assurance by the automated testing of recorded transactions may distract revenue authorities and their staff from deterring / detecting “off-record” trading activities. In trade sectors and business models which present taxpayers with widespread opportunities to under-report income, continuous assurance may well fail to provide any benefits. It must therefore be carefully targeted on the right sort of business.

If data matching is to be performed, great care must be taken to maintain the integrity and accuracy of the taxpayer data held, to avoid making expensive errors on the basis of faulty information.

  • Privacy / security vulnerability

A Revenue Authority offering continuous assurance facilities will have a very high public profile and a very visible electronic portal leading to a large volume of sensitive and potentially sensitive information. It will communicate with critical systems in a large number of businesses.

  • Any breach of security on the revenue authority’s Continuous Assurance system or of data in transit,
  • The inadvertent attachment or apparent attachment of a virus or similar malicious software to feedback to a taxpayer

Would be disastrous for customer confidence and the continuing viability of any continuous assurance scheme. The Information Systems security surrounding any revenue Continuous Assurance facility must be of the highest quality.

  • Legal Powers

Revenue Authorities commonly operate under legal powers of access to business’ records and computer systems and data. The use of Continuous Assurance techniques and access to the data elements and formats required to use Continuous Assurance could exceed an authority’s powers to demand information. It may not be politically acceptable to extend these powers, and therefore the service may have to be sold to rather than imposed on businesses.

  • Privacy legislation

Revenue authorities must take great care to demonstrate that any Continuous Assurance service they operate conforms to the letter and spirit of relevant data protection / privacy legislation in their jurisdiction, and that they are using any exemptions to such legislation on which their services depend wisely and within the spirit and purpose for which they were enacted.

  • Non-Repudiation / Authentication

If data transmitted to a revenue authority reveals that substantial arrears of tax are due, the taxpayer concerned may attempt to argue that the data was not theirs, and was sent without the authority of the responsible person unless strong measures are in place to authenticate the origin of transmissions and confirm that the actual data which left the taxpayer was received and processed by the revenue authority.

4. How can Continuous Assurance be Delivered ?

Functionality to support Continuous Assurance (for whatever purpose) must be built into the accounting software used by business. This support could be limited to enabling periodic downloads of data for manual or automatic transmission, or could extend to writing a secure “shadow database” to the user’s system or to a third party site.

Support could be specified as a condition of certification under such schemes as SysTrust iv (AICPA) or that administered by the Institute of Chartered Accountants for England and Wales v. If a revenue authority accredited tax-compliant accounting software, support could be specified as part of that scheme.

The following section outlines options for delivery of Continuous Assurance for taxation and similar purposes.

4.1. Built Into Applications

Options for this include building strong validation and error / query reporting and resolution functions into business software, with the possibility of electronic review by tax authorities. This does not fit in with the strict academic definition of Continuous Auditing, but has to be considered as an option by tax authorities and businesses.

4.1.1. Advantages :

  • Simplicity - No need for transmission / processing of large volumes of data on a third party site, thereby removing many security and privacy issues.
  • Complete control by taxpayer (a tax administration might see this as a disadvantage)
  • Delivered as a by-product of a mainstream business process
  • Lends itself to control self-assessment by taxpayers. This puts the responsibility for compliance where it belongs.

4.1.2. Disadvantages

  • Rules for validation / testing would have to be implemented and maintained up-to-date on each instance of each software package.
  • Taxpayer control may lead to deliberate or inadvertent subversion of the tests (Cases are on record of tolerances for UK VAT Validation checks being set at such high levels that they failed to detect the errors they were designed to trap)
  • Will not give measurable assurance, as tax authorities will not be able to check the quality of business’ use of the facilities.
  • Does not give tax authorities the data matching / validation capacity provided by full access to transaction data, and would not give rules violation information to revenue authorities.

4.2. By Commercial Continuous Auditing Providers

Tax checks could be specified by the revenue authorities and built into Continuous Audit providers’ services. Feedback on the tax aspects of the Continuous Assurance service could be given direct to the revenue authorities by the service provider, perhaps by copying them into the feedback provided to the client. Tax authorities could then monitor corrective action by the relevant business and provide the relevant education if incidents /error trends indicated that it were necessary.

4.2.1. Advantages :

  • Taxpayers (or rather their agents) would send only exceptions to tax authorities rather than large volumes of data, thus mitigating their privacy concerns
  • Rules would be maintained in fewer applications / locations than with the built-in to software option
  • Gives tax authorities access to error data, facilitating education / assurance activity design / validation rules improvement
  • Delivered as a by-product of a mainstream business process

4.2.2. Disadvantages

  • Depends on take-up of Continuous Auditing / Assurance services by business. These are, at the time of writing, not widely available.
  • Revenue Authorities may have to legislate to implement this; involuntary addition of tax auditing to commercial Continuous Assurance services may deter take-up, and may cause problems between customers and providers
  • Revenue Authorities might have to “audit the auditors “ to confirm the quality of the Tax assurance being offered.
  • Does not give tax authorities the data matching / validation capacity provided by full access to transaction data.
  • Requires secure transmission of bulk data from taxpayer to Continuous Assurance provider, and of report data from Continuous Assurance provider to tax authority

4.3. By Application Service Providers as part of their services

Application Service Providers (ASPs) allow businesses to maintain their services on rented software / facilities, typically via an Internet connection, on a “per user, per month” charging basis. Their offerings typically include a SME or departmental accounting function, and it would be possible to build similar strong transaction checks into their offerings to those posited above for software products.