The ATO has recently published information on its use of “e-Audit” technology, which it has begun to use as part of its tax compliance push. An e-Audit is carried out via technology that tests files stored in a taxpayer’s electronic records, which can verify if the stored data is accurate and complete.
If a business taxpayer is selected for an e-Audit or review, the ATO will use a copy of the associated records — for example, data files held in the taxpayer’s accounting or payroll systems — in order to perform its tests. Although the ATO does have broad access powers to records, it says that generally it will request access to this information.
It may also use an assessment tool it has developed to rate a taxpayer’s system risks in relation to accurate reporting of tax and super obligations. This process can actually have benefits for the taxpayer involved, as the ATO tool can provide an assessment of any particular compliance risks, and can include recommendations to address any ongoing risk issues.
Computer assisted verification: e-Audit and risk assessment
One prerequisite for the ATO’s use of an e-Audit is that the taxpayer maintains electronic financial records. Conducting the e-Audit involves the use of computer assisted verification (CAV) techniques to analyse records, a technique that the ATO admits may not be appropriate in every compliance or client engagement activity. “We may use our information systems risk assessment (ISRA) tool to assess system risks and as part of our assurance and justified trust activities,” the ATO says.
The use of CAV in audits and other compliance activities has certain benefits, according to the ATO, including cost efficiencies and less requests for copies of transactions and reports. It says its specialised software allows it to perform tests on the data without altering the data itself, so that a taxpayer’s records integrity is protected. Also, as it processes a copy of the required data from the taxpayer’s systems, it does not operate the taxpayer’s computer system.
The ISRA tool, mentioned above, includes a series of standard questions that relate to IT governance and regulatory compliance. It is made up of five auditable units:
- System inventory
- Interface inventory
- Customisation inventory
- IT projects and methodologies
- IT governance.
Each of the auditable units has a series of questions weighted according to a predetermined risk rating. Once completed, the ISRA tool will be used to generate a risk rating profile that will be included in an ISRA report. The report incorporates taxpayer feedback, and includes recommendations to address any issues the ATO identifies that may affect the accuracy and completeness of the reporting of the taxpayer’s tax obligations.
Source: Tax & Super Australia