Tax Administration Diagnostic Assessment Tool

POA 2: EFFECTIVE RISK MANAGEMENT

 Desired Outcome of POA 2
The risk to revenue and tax administration operations are identified and managed
effectively.

Tax administrations face numerous risks that could adversely affect revenue and tax operations.

Risk management is thus essential for effective tax administration. It plays a key part in shaping
how resources are used by the tax administration to maximize its goals effectively.

Risks must be managed effectively in a structured approach to identifying, assessing, prioritizing

and mitigating risks.

These risks include:

• Compliance risks, where revenue may be lost if businesses and individuals fail to meet their
obligations as taxpayers (registering, filing, making payments and reporting accurately).
• Institutional risks, where the tax administration functions may be interrupted or jeopardized due to
internal or external factors.
 International
good practices in
COMPLIANCE RISK
MANAGEMENT
 International
good practices in
INSTITUTIONAL
RISK
MANAGEMENT
Performance Indicators for Effective Risk Management
High Level Indicators

P2-3:
P2-4:
Identification, P2-5: Monitoring P2-6: Identification,
Mitigation of risks
assessment, and evaluation of assessment, and
through compliance
ranking, and compliance risk mitigation of
improvement
quantification of mitigation activities. institutional risks.
program
compliance risks M1 M1
M1
M1

The extent of The process

intelligence used to
The degree to which The process to monitor The process used to
gathering and risks are mitigated and evaluate the impact identify, assess, and
assess, rank,
research to
identify and quantify through a compliance of compliance risk mitigate institutional
compliance compliance
risks risks. improvement program. mitigation activities. risks.

Dimensions
Scoring P2-3-1: Identification of risks through intelligence gathering and research

Analysis of audit A
results and tax
declarations

Research on topical Intelligence gathering

and research for
compliance issues;
understanding
e.g., transfer compliance level and
pricing, HWIs current/emerging risks

Analysis of
Tax environmental
compliance scanning as part of
multi-year strategic
gap studies planning

Analysis of third
Research into
party information
hidden activities
from a range of
of businesses External studies into external sources
taxpayer behavior
and attitude to
compliance
Scoring P2-3-1: Identification of risks through intelligence gathering and research

Intelligence
gathering and
research for
understanding Analysis of
compliance level environmental
and
scanning as
Tax current/emerging
risks part of multi-
compliance
gap studies year strategic
planning

Analysis of
third party
Analysis of
audit results
and tax
B information
from a range
of external
declarations sources

External
studies into
Research into taxpayer
hidden Research on
topical behavior and
activities of attitude to
businesses compliance
issues; e.g., compliance
transfer
pricing, HWIs
Scoring P2-3-1: Identification of risks through intelligence gathering and research

Intelligence
gathering and
research for
understanding Analysis of
compliance level environmental
and scanning as
Tax current/emerging part of multi-
compliance risks
year strategic
gap studies
planning

Less
comprehensive
Analysis of analysis of third
audit results
and tax
C party information
from a range of
external sources
declarations

Limited or no
external studies
Limited or no into taxpayer
Research into research on behavior and
hidden topical attitude to
activities of compliance compliance
businesses issues; e.g.,
transfer pricing,
HWIs
Scoring P2-3-2: Assessing, Ranking and Quantification of Risks

A B C D
• A structured risk • A structured risk • A LESS structured • The requirements
assessment process assessment process risk assessment for a ‘C’ rating or
based on good based on good process is in place. higher are not met.
practice in place. practice is in place. • Assesses and
• Assesses and • Assesses and prioritizes risks for
prioritizes risks for prioritizes risks for all core taxes and
all core taxes, main all core taxes, four main taxpayer
taxpayer segments taxpayer segments obligations.
and taxpayer and taxpayer
obligations. obligations
• The process is part • The process is
of a multi-year linked to the annual
strategic process business planning
BUT NOT part of a
multi-year strategic
plan
Scoring P2-4: Mitigation of risks through compliance
improvement programs

Documented
Compliance compliance
improvement improvement
program is fully program covers
resourced and all identified high
progress risks
monitored
monthly

A Compliance
program covers
Compliance all core taxes
program covers
the
key taxpayer Compliance
segments program covers
the
four main
taxpayer
obligations
Scoring P2-4: Mitigation of risks through compliance
improvement programs

Documented
Compliance compliance
improvement improvement
program is fully program covers
resourced and all identified high
progress risks
monitored
monthly

Compliance
B Compliance
program covers
all core taxes
program covers
at least the

large taxpayer Compliance

segment program covers
the
four main
taxpayer
obligations
Scoring P2-4: Mitigation of risks through compliance
improvement programs

Documented
Compliance compliance
improvement improvement
program is NOT fully program covers
resourced and all identified high
progress monitored risks
every three months

C Compliance
program DOES
NOT covers all
Compliance core taxes
program DOES
NOT covers all
taxpayer Compliance
segments program DOES
NOT covers the

all four main

taxpayer
obligations
Scoring P2-5: Monitoring and evaluating impact of risk mitigation
activities

Risk Management
Committee at the senior
management level plays
an active role in
approving risk
mitigation strategies

Risk Management
Committee monitors
Senior progress with
management
reviews the
evaluation
A implementation of
mitigation activities

Evaluation of the
effectiveness of ALL
approved compliance
risk mitigation
activities are
documented
Scoring P2-5: Monitoring and evaluating impact of risk mitigation
activities

Risk Management
Committee at the senior
management level plays
an active role in
approving risk
mitigation strategies

Risk Management
Committee monitors
Senior progress with
management
reviews the
evaluation
B implementation of
mitigation activities

Evaluation of the
effectiveness of AT
LEAST HALF of
approved compliance
risk mitigation activities
are documented
Scoring P2-5: Monitoring and evaluating impact of risk mitigation
activities

Risk Management
Committee at the senior
management level
approves risk
management strategies
on AD HOC BASIS

Risk Management
Committee monitors
Senior progress with
management implementation of
reviews the
evaluation ON
AN AD HOC BASIS
C mitigation activities
ON AD HOC BASIS

Evaluation of the
effectiveness of
approved compliance
risk mitigation activities
are documented ON AN
AD HOC BASIS
Scoring P2-6: Identification, assessment and mitigation
of institutional risks

Structured process is applied

annually to identify, assess and
mitigate institutional risks
across the whole organization

A documented
Staff are trained in
disaster recovery
A institutional risk
register is in place
procedures

A business continuity
plan exists to mitigate
risks and this is reviewed
annually
Scoring P2-6: Identification, assessment and mitigation
of institutional risks

Structured process is applied

every two years to identify,
assess and mitigate
institutional risks across the
whole organization

A documented
Staff are trained in
disaster recovery
B institutional risk
register is in place
procedures

A business continuity
plan exists to mitigate
risks and this is
reviewed every two
years
Scoring P2-6: Identification, assessment and mitigation
of institutional risks

Structured process is in place

to identify, assess and
mitigate risks associated
with the IT system

A documented
Staff are trained in
disaster recovery
C institutional risk
register is in place
procedures

A business continuity
plan exists to mitigate
risks and this is
reviewed every two
years
Checklist of Questions and Evidence for POA 2

Table 8
of the Field
Guide