3.1. This chapter provides a broad overview of the ATO's risk-based case selection process and considers the effectiveness of this process in detecting incorrect or potentially fraudulent refund claims.

3.2. Annually, the ATO receives around 2.4 million BAS lodgments claiming credits and refunds. Approximately, 77 per cent are received electronically, while 23 per cent are paper lodgments.49

3.3. Given the nature of self-assessment, it is neither expected nor possible for the ATO to individually verify each BAS. Indeed, revenue authorities around the globe commit significant resources to information technology systems to minimise the need to manually review returns or BASs lodged. These systems generally comprise of risk assessment tools, and related data analytics, which identify cases that should undergo further examination, including manual checking.

3.4. Overall, the administration of GST refunds is operating efficiently with the vast majority of refunds processed and released promptly. Of the 2.4 million BASs lodged claiming GST refunds annually, the ATO's case selection process stops less than 1 per cent for verification, which represents less than 6 per cent of GST refund amounts claimed (approximately $3 billion of a total of $56.7 billion).50

3.5. The ATO's risk assessment tools drive the GST refund verification process. They distinguish those refunds that should be retained for further checking from those that should progress to payment. In doing so, they consider a number of factors including:

  • the size of the refund being claimed;
  • spikes in the value of the refund;
  • changes in circumstances or behaviour; and
  • attributes that indicate fraudulent activities may be taking place.51

3.6. The ATO has provided the IGT with detailed information on its risk assessment tools which are relevant to this review. However, the precise details and inner workings of these tools, including the thresholds and the data inputs used by the ATO, are not disclosed in this report in order to maintain the integrity of the system.

Stakeholder concerns

3.7. Stakeholders have acknowledged that the ATO bears significant responsibility in receiving and processing millions of BASs and GST refunds each year and that the process generally operates well. Additionally, they have positively reflected on the ATO's commitment to improve its processes and to receive feedback through channels such as its GST Stewardship Committee.

3.8. However, some stakeholders have questioned the effectiveness of the ATO's risk assessment tools. They believe that certain valid refunds are retained whilst others, which warrant a more thorough verification process, progress to payment without being stopped. These concerns are supported by ATO performance reports which suggest that the risk assessment tools achieve a strike rate as low as 1:4 or 1:5,52 that is, only one in four or five refunds that are stopped ultimately result in any adjustment.

3.9. The low strike rate has been attributed to the risk assessment tools being over reliant on the net GST refunds without an appropriate consideration of other factors, which may be deduced from the BAS itself, such as the nature of the relevant activities and transactions as well as the taxpayer's overall compliance history.

3.10. The unnecessary retention of refunds adversely impacts the cash flow of affected taxpayers, particularly small businesses. This is further explored in Chapter 5.

ATO materials

Overview of the ATO's GST refund integrity process

3.11. Broadly, the ATO's risk assessment system uses BASs as input data and automatically selects a number of cases where retention of refund and further checking should be considered. The selection is then further refined by manual intervention.

3.12. Specifically, the risk assessment system consists of two parallel processes as depicted in Figure 3. The two processes commence with distinct automated case selection processes namely the:

  • Risk Rating Engine (RRE); and
  • Suspect Refund (SR) models.

3.13. The output from the RRE undergoes further automated filtering whilst the SR models selection is subjected to manual filtering.53

3.14. In cases that are ultimately classified as high risk by either process, refunds are retained for pre-issue verification. Where cases are classified as high risk by both processes, the ATO officer actioning the outcome of the processes, which commenced with RRE, is notified of the risks identified by the other process and that officer, then, acts on the information obtained from both processes.54

3.15. In the event that a case is classified as low risk by both processes, the refund is issued immediately without further checking. Where the highest risk category attributed to a case by either processes is medium risk, the refund is also issued immediately but the case is flagged for potential post-issue audit action.

Figure 3: Refund Integrity Case Selection Process

Source: ATO

3.16. The pre-issue verification cases are allocated to ATO case officers and actioned as reviews in most instances but may also be escalated to audit. Standardised case context documents (CCD) are produced as a result of the above risk filtering and are automatically linked to the relevant review or audit activities. The CCD includes reasons why the case was created, the risks that have been identified and the corrective action needed.55

The ATO's automated risk assessment tools

Risk rating engine (RRE)

3.17. The ATO has advised that the RRE was the first risk model implemented following the introduction of GST in 2000 and has since undergone several enhancements. It comprises a set of systems-based rules which process BAS lodgments in real time.56

3.18. The inputs to the RRE include taxpayer and transaction data such as:

  • Registration details;
  • Lodgment history for both income tax returns and business activity statements;
  • Compliance history and indicators;
  • Geographical profile;
  • AUSTRAC, Auskey and bank details;
  • Activity statement benchmarks and ratios; and
  • Linked entities.57

3.19. The RRE uses the above inputs, as well as the amount of the refund being claimed, to identify refund cases that may pose certain risks having regard to the underlying transactional data.

3.20. More fulsome descriptions of the RRE rules are provided to ATO case officers to understand the context of the risks that the ATO is seeking to address and the reasons for the selection of a particular BAS or taxpayer for a review. In addition to the high level summary of risks factors considered by the ATO, examples are provided on the ATO website of when a refund may be selected for review.58 As noted previously, it would be undesirable for the IGT to disclose further details on the inner workings of these models.

Suspect refund models (SR)

3.21. The SR models were created to address high risk refunds cases, in response to the higher volume, low value refunds that circumvented RRE identification.59 They are primarily focused on risks of fraudulent behaviour including potential:

  • identity fraud;
  • links to fraud risk groups; or
  • anomalous reporting patterns.

3.22. The case selection for the SR models are batch processed, the output from which is also subject to additional manual officer 'profiling' to filter out cases that do not present a risk.60 Unlike the RRE, the SR process requires an ATO officer to put a manual stop on the system to prevent the GST refund from being processed and issued.61 If the manual filtering indicates that a high but not immediate risk exists then the case is classified as medium risk. Notes are recorded by ATO officers performing the manual filtering on each of the SR cases requiring further action.

3.23. As with the RRE rules, ATO officers who are responsible for actioning the case are provided with further details on the reasons for selection of a particular BAS or taxpayer for review. In line with the IGT's earlier comments, further disclosure of the underlying inputs and operation of the SR models may compromise the integrity of the system.

Other automated risk assessment tools

3.24. The ATO also uses a number of other automated risk assessment tools, predominantly Expert Business Rules (EBRs) which target specific fraud risks. These rules augment the work done by the SR models and consider precise attributes in order to detect high risk refunds or entity registrations. The EBRs and the SR models are processed independently and a hierarchy of the risk models determines which risks take priority and how the case is to be considered for reporting purposes. As only one reason for case selection is recorded in the system, case officers need to be aware that other risks may also be at play.62

Effectiveness of the GST refund integrity process

3.25. The Outcome Effective Strike Rate (OESR) and the Actual Strike Rate (ASR) are two measures that indicate the effectiveness of the ATO's automated and manual risk assessment processes. They express the percentage of selected cases that ultimately result in adjustments to net GST positions against total cases selected by each process.63 The OESR considers the number of outcomes achieved in all cases whereas the ASR considers only audit outcomes over the number of audit cases.

3.26. A summary of the strike rates for the 2015-16 and 2016-17 financial years are set out in Tables 1a and 1b below.

Table 1a: Pre-issue verification cases completed in the 2015-16 financial year

Model Total cases Total audits Reviews escalated to audit Audit outcomes Total outcomes OESR ASR
RRE 15,856 3,593 3,650 2,136 2,245 18.4% 59.4%
SR 10,825 3,861 3,446 2,451 2,519 34.1% 63.5%
Other 774 501 136 322 326 51.1% 64.3%
TOTAL 27,455 7,955 7,232 4,909 5,090 25.2% 61.7%

Source: IGT constructed from ATO information.
Note 1: Total cases comprises both Review cases (19,500) and Audit cases (7,955).
Note 2: The OESR is calculated by dividing total outcomes by total cases less reviews escalated to audit. This is necessary to avoid double counting cases that may have subject to both a review and an audit.
Note 3: The ASR is calculated by dividing audit outcomes by total audits.
Note 4: Full source data including further notes are included in Appendix 2.

Table 1b: Pre-issue verification cases completed in the 2016-17 financial year

Model Total cases Total audits Reviews escalated to audit Audit outcomes Total outcomes OESR ASR
RRE 13,614 3,084 3,113 1,904 2,016 19.2% 61.7%
SR 9,134 3,113 2,932 2,134 2,216 35.7% 68.6%
Other 565 444 60 366 369 73.1% 82.4%
TOTAL 23,313 6,641 6,105 4,404 4,601 26.7% 66.3%

Source: IGT constructed from ATO information.
Note 1: Total cases comprises both Review cases (16,672) and Audit cases (6,641).
Note 2: The OESR is calculated by dividing total outcomes by total cases less reviews escalated to audit. This is necessary to avoid double counting cases that may have subject to both a review and an audit.
Note 3: The ASR is calculated by dividing audit outcomes by total audits.
Note 4: Full source data including further notes are included in Appendix 2.

3.27. Table 1a indicates that in the 2015-16 financial year, the ATO's automated risk assessment tools selected a total of 27,455 cases for verification. After manual and other risk filtering, which may include contact with taxpayers, the number of cases that proceeded to audit was 7,955 and, of those, only 5,090 required any adjustment to net GST positions. It shows a total OESR of 25.2 per cent meaning that of all the cases selected by the ATO's automated risk assessment tools, 1 in 4 resulted in adjustments.64

3.28. However, the ASR is considerably higher at 61.7 per cent suggesting that performance was significantly improved following manual and other risk filtering.

3.29. Table 1a also shows the performance of each of the automated risk assessment tools, namely the RRE, SR and the other models, for the 2015-16 financial year. For example, the OESR and ASR for those cases selected by the RRE were 18.4 per cent and 59.4 per cent respectively. These figures provide insight on how each element of the automated risk assessment tools performs in isolation. They suggest that the EBRs (shown as 'Other' in above tables) and the SR models generally perform better than the RRE with and without additional manual and other risk filtering.

3.30. In the 2016-17 financial year, the performance of the ATO's automated risk assessment tools improved, both at an overall level and in respect of each of the RRE, SR and other models. As set out in Table 1b, the ATO's risk assessment tools selected fewer potential cases requiring verification and following manual and other risk filtering, only 6,641 were selected for audit. The overall OESR and ASR were 26.7 per cent and 66.3 per cent for that year, respectively. A more detailed breakdown of the performance of these tools is contained in Appendix 2.65

3.31. The ATO measures its strike rate performance against a range of internal benchmarks, having regard to the resources available that year. Table 2 sets out the ATO's benchmark strike rate for each of the financial years from 2013-14 to 2016-17 (inclusive) as well as the numbers of full time equivalent (FTE) employees and review or audit cases planned.

Table 2: High level summary risk plans for GST refunds

Planned targets 2013-14 2014-15 2015-16 2016-17
FTEs 253 231 216 188
Review cases 3,393 21,994 21,340 17,069
Escalation rate 6% 57% 43% 42%
Audits 23,404 14,037 10,549 8,902
Actual Strike Rate 36% 53% 53% 59%

Source: IGT constructed from ATO information.
Note: In the 2013-14 year, the ATO introduced 'review cases' to the GST retention work and as such, it represented a significantly lower proportion of cases when compared with subsequent years. FTE figures have also been rounded.

3.32. Table 2 indicates that the ATO had planned to improve its strike rate but decrease its numbers of FTEs, from 253 in 2013-14 to 188 in 2016-17, and its review and audit cases.

3.33. Table 3 sets out the ATO's actual performance in terms of OESR and ASR for each of the financial years between 2013-14 and 2016-17.66 However, the ATO has not provided the actual number of FTEs for these years.

Table 3: Pre-issue strike rates for GST reviews and audits

Actuals 2013-14 2014-15 2015-16 2016-17
Reviews 3,210 24,101 19,500 16,672
Audits 21,811 9,249 7,955 6,641
Escalations 284 8,485 7,232 6,105
Review adjustments 43 328 181 197
Audit adjustments 5,723 4,951 4,909 4,404
Outcome Effective Strike Rate 23.3% 21.2% 25.2% 26.7%
Actual Strike Rate 26.2% 53.5% 61.7% 66.3%

Source: ATO

3.34. Comparing Tables 2 and 3 suggests that the ATO met or exceeded its planned strike rate in every year with the exception of the 2013-14 financial year. The ATO believes that the higher strike rates are attributable to the enhancements of the RRE and improvement of staff capabilities resulting in reduced audit escalations, complemented with the introduction of a less intensive review of lower risk cases which did not warrant full audits. The ATO has also noted that as a result of improvements from a project initiated by the Client Engagement Risk Investment Committee (CERIC Project), it had seen an increase in its OESR performance. For example, it has noted that the OESR for the 2016-17 financial year had increased from 23.8 per cent in the first quarter to 26.7 per cent by the end of the year.67

3.35. At a broader level, the ATO also reports its performance for GST compliance activities based upon the levels of liabilities adjusted or 'revenue protected'. In the 2015-16 financial year, the ATO reported that as a result of its pre-issue verification activities, it disallowed $490 million in refund claims, which represents approximately 10 per cent of the total refund amount retained for verification ($5 billion).68

3.36. It should be noted that the ATO applies a de minimis policy to finalise cases without adjustment where any proposed adjustment falls under a particular monetary threshold.69 These cases are treated as having a 'nil outcome' allowing the refund amount to issue as the administrative costs of amending the assessment outweighs the benefits. In these cases, the ATO provides education to the taxpayer by explaining the error and the potential consequences if similar errors are made in future.70

Improvement to the risk assessment tools

3.37. The ATO seeks to improve the effectiveness of its automated risk assessment tools through feedback received after the completion of the verification process.

3.38. Following the verification process, ATO officers are required to record any emerging patterns or attributes on a form called the Case Data Capture (CDC) form.71 Data from the CDC is used as feedback and incorporated into the SR models, EBRs and risk filtering tools to better detect potential risks such as criminal links, sham arrangements and unreported sales.

3.39. In addition to the CDC form, the ATO encourages its officers to record less critical intelligence, which may have been gathered from their cases, on its corporate database, ATOintelligence Discover (ATOi). Information recorded on ATOi is considered by the ATO's Smarter Data business line to identify industry specific risks, increases in unusual behaviours, complex transactions between associated taxpayers and new schemes.72 The intelligence gathered by the Smarter Data business line is used by the ITX business line as part of its broader risk and audit strategies.

3.40. The ATO has also advised that its Refund Integrity Strategy team, within the ITX business line, conducts face-to-face discussions with its case officers twice a year to discuss GST refund risks.73 The purpose of these discussions is to provide training to ATO officers regarding systems and processes, raise awareness of the particular risks that the risk assessment tools are seeking to address and to reinforce the importance of feedback loops.74

3.41. One of the challenges that the ATO has identified with its feedback loops is the inconsistency with which officers provide feedback through discussions or documentation such as the CDC form. For example, in certain ATO teams, fewer than half of finalised cases result in a CDC form being completed.75

3.42. In addition to the feedback loops, the ATO undertakes internal reviews of its systems and processes. In 2015, the ATO conducted a small random audit program focusing on 497 taxpayers across five industries that had claimed over $1,000 in GST refunds. The program found that 'strike rates recorded by the random sample are almost equivalent to that achieved through risk based selection strategies.'76 However, the ATO found that the amount of the amendments was on average much greater under risk based selection.77 The CERIC Project, mentioned above, made similar findings in relation to the strike rates of automated risk assessment tools:

Within the total suite of candidate selection models, certain 'Expert Business Rules' recorded rates of escalation comparable to what could be achieved by random selection. Candidate selection models had been developed without supporting documentation, making it all but impossible to properly assess output populations. And the logic underpinning the candidate selection models was largely event driven, reflecting an out-dated understanding of fraud.78


That analysis identified that the entire suite of candidate selection models and the logic underpinning those models were performing very poorly. In addition to identifying a very poor rate of effectiveness, measured by calculating the rate of escalation from initial candidate identification
(Pre-Issue Review) to audit (and audit result), the review also demonstrated a very poor 'revenue raised' outcome.

3.43. Following the above finding, the ATO discontinued 22 EBRs and redesigned 10 new SR models.80 The ATO has advised that whilst 22 EBRs were discontinued, new rules have been developed and are currently being tested prior to deployment.81

3.44. The CERIC Project also revealed that the manual risk filtering within the SR case selection process required improvement:

Most notably, manual profiling was undertaken on 100% of the model outputs irrespective of total volumes and during peak lodgment periods, very large volumes of candidates are generated. Excessive workloads contribute to poorly considered profiling decisions.

The absence of a feedback loop has meant that case outcomes (and by extension profiling decision) were not relayed back to the profiling team. Profiler's decision making logic is drawn entirely from audit experience and lacks fundamental intelligence principles.

Additionally, the profiling function was rotated between audit teams, each spending a six month period performing the profiling function before returning to their audit role. The overall effect was that a profiler's decision making lacked transparency and consistency. With little or no post selection analysis, no feedback and a floating workforce it was impossible to ensure consistent decision making.82

3.45. More broadly, the CERIC Project characterised the GST refund verification process as 'resource intensive'.83 The ATO deployed 312 FTEs to manage GST refund risks across multiple business lines,84 including 9 FTEs allocated to the manual filtering process. The number of FTEs allocated to GST refund verification work has decreased in subsequent years which the ATO attributes to improvements in the risk assessment tools. According to the ATO's annual performance report, compliance costs as a proportion of total GST administration costs have remained relatively steady at 51 per cent.85

3.46. In addition to the CERIC Project, in 2016, the ATO undertook a Business Improvement Review (BIR) to assess 'the effectiveness of the ATO's existing processes for the management of refund fraud'.86 It noted that:

[Internal ATO] stakeholders consistently describe the quality of fraud data—especially refund fraud data—as poor. Data collection systems do not currently support enterprise-level capture of meaningful, coherent metrics on refund fraud.87

3.47. A key issue raised in the BIR, regarding the identification of GST refund fraud, was:

Data on [GST] refund fraud currently sits across a myriad of automated models, systems and manual databases that are managed within business lines and branches. These data sources operate independently of each other and are not readily accessible to users outside of the business area that 'owns' the data. The dataset provided by one system is generally not compatible with the dataset provided by another (that is, apples and oranges).

Where accurate and relevant refund fraud data is not available, the practice has been to extract whatever data is available and massage that data into a form that may go close to meeting the requirement.

The review team found that the disparate nature of the mechanisms that capture refund fraud data severely limits the ATO's ability to compile accurate, defensible whole-of-agency reporting that meets internal and external requirements. This is compounded by the reality that existing refund integrity reporting systems do not distinguish between refund fraud and refund integrity issues.

Refund fraud data is therefore included in broader refund integrity performance data and, at present, cannot be separated. This situation is likely to have resulted in unintentional misreporting.88

3.48. During this review the ATO has also advised the IGT that, at the time taxpayers lodge their BASs, the quality of the data inputs available to the ATO, is one of the main barriers to improving the accuracy of its risk assessment tools.89 The ATO has noted that with the introduction of Simpler BAS for small businesses commencing on 1 July 2017, the need for better data has become increasingly important. The availability of high quality data for use in the ATO's risk assessment tools has been broadly considered in previous IGT reviews.90

3.49. Simpler BAS seeks to reduce compliance costs for small businesses by requiring fewer BAS labels to be completed, making less information available to the ATO's risk assessment tools.91 The ATO has explored alternative means of estimating the same information by using the information contained in the remaining labels.92

3.50. In addition to drawing information from the remaining BAS labels, the ATO undertakes data mining to extract trends and other key attributes that may signify non-compliance.

On-line BAS Check Tool

3.51. The ATO has advised the IGT that a large proportion of BASs stopped for verification are due to avoidable errors such as incomplete labels or incorrect bank account details on BASs. The ATO has identified that these types of errors account for approximately 57 per cent of adjustments in refund verification cases.93

3.52. The ATO has proposed implementing an On-line BAS Check tool (OBC tool) as a preventative measure to reduce these types of errors in real time. The OBC tool supports the ATO's anticipated decline in FTEs available to undertake refund verification work. It operates in a similar manner to those in existing online systems, such as myTax, where the system alerts taxpayers to errors identified in their lodgment.94 The benefits of this tool have been reported as:

BAS Validation through the Online BAS Check will provide assurance to businesses as part of their pre-lodgment that their BAS is correct and within reasonable parameters. Identifying potential errors at this point is expected to reduce approximately 57% of audit cases where simple errors have been made. This will save significant resource and better align the completion of a client's taxation obligations to their natural business systems.95

3.53. While the OBC tool prompts the user or taxpayer to correct the error (for example, revising their bank account details or relevant fields), it does not prevent lodgement if the error is not rectified.

3.54. The OBC tool has already been developed and incorporated into myGov for individuals and sole traders. The ATO is also seeking to expand the basic tests that comprise the OBC tool and is expecting it to be implemented on other on-line platforms such as the ATO Portals to prevent mistakes prior to lodgment. However, further deployment of the OBC tool is dependent upon appropriate testing being conducted which, in turn, is dependent upon resourcing being available in other areas of the ATO, such as the Enterprise Solutions and Technology business line. The ATO has tentatively planned for its deployment in either 2017-18 or 2018-19.96

IGT observations

3.55. The IGT, as well as all stakeholders acknowledge the ATO needs to strike a balance between maintaining the integrity of the GST system and the prompt issuing of refunds to taxpayers. The IGT also appreciates that in modern tax administration, a risk based approach, with appropriate use of technology, has to be adopted and complemented by manual processing where necessary.

3.56. As discussed above, the analysis of the raw performance statistics that the ATO has provided to the IGT during this review, indicates that there has been general improvement in the ASR during the four financial years from 2013-14 to 2016-17 from 26.2 per cent to 66.3 per cent. During the same period, with the exception of the 2014-15 financial year, the OESRs have also improved increasing from 23.3 per cent to 26.7 per cent.97 Notwithstanding the improvements, the OESRs suggest that approximately 75 per cent of cases selected for pre-issue verification are ultimately released without any adjustment.

3.57. Whilst any risk assessment tool cannot be 100 per cent accurate, particularly if they are automated processes, there are opportunities for improvements if they only achieve an accuracy rate of 26.7 per cent — the ATO's own review found that at least part of the risk assessment systems yielded results no better than random selection,98 albeit that average amount of the amendments were found to be higher under
risk-based selection. Notwithstanding higher average amendments amounts, such low levels of accuracy place a greater strain on the ATO resources, that is, greater need for manual processing, at a time when the ATO is decreasing its staffing in this area. It may also cause unnecessary delay in issuing refunds to compliant taxpayers, adversely impacting their cash flows and increasing their compliance burden.

3.58. The high level of BASs selected by the ATO's automated risk assessment tools that are subsequently released without adjustment may also raise concerns that they are not adequately detecting fraudulent, overstated or mistaken claims for refund. However, it could also be argued that, given approximately 75 per cent of cases selected do not result in any adjustments, the automated tools are sufficiently, if not overly, sensitive to such refund claims.

3.59. The IGT acknowledges that the overall ATO strike rate improved in 2016-17 following internal reviews and subsequent implementation of the outcome of those reviews. However, as mentioned above, further improvements are necessary. Moreover, as fraudulent behaviour adapts and modifies over time, the ATO's risk assessment tools need to keep pace. Reviews need to be undertaken periodically as part of a broader framework of continuous improvement.

3.60. Periodic reviews should be conducted with fulsome evidence and intelligence provided by officers operating at the coalface. Based on the information provided by the ATO, there is an opportunity to improve the collection of such data from these officers, whether through existing channels such as the CDC forms and ATOi or on other platforms that the ATO may seek to develop in future. Intelligence capture should also be improved through greater engagement between risk managers and operational teams across different business lines such as ITX and Smarter Data.

3.61. Enhancements and improvements of the risk assessment tools should also be informed by robust performance reporting. Whilst large amounts of raw data were made available to the IGT during this review, there appeared to be limited analysis of this data for the individual models resulting in minimal reporting both within the ITX business line and to the ATO Executive Committees. Consistent and robust performance reporting are particularly important in ensuring that decision makers are fully informed of areas that are performing well and those that need refinement or overhaul.

3.62. The framework of continuous improvement proposed above aligns with recommendations in a previous IGT review, namely: the Review into aspects of the ATO's use of compliance risk assessment tools.99 Recommendations 3.8 and 4.1 of that review are particularly relevant. Although these recommendations were directed at large business risk identification processes, they nonetheless encouraged more engagement between risk managers and operational teams, improving data capture, refining or removing inappropriate risk filters and incorporating ATO officer experience and case outcomes as part of the review process. Furthermore, the ATO should also consider recommendation 8.1 and the checklist contained in Appendix 12 of that review in the development or improvement of its risk assessment tools.

3.63. As an ancillary issue, the IGT is of the view that the large proportion of adjustments, which the ATO believes are due to avoidable errors made in completing BASs, should also be addressed. To the extent that the OBC tool addresses this issue adequately, its deployment should be prioritised.

Recommendation 3.1

The IGT recommends that the ATO:

  1. develop a formal framework of continuous improvement for its risk assessment tools which includes:
    1. periodic reviews with clear milestones;
    2. ensuring that case officers are consistent and accurate in reporting case related data and other pertinent matters in all relevant cases;
    3. improving intelligence capture through greater engagement between risk managers and operational teams across different business lines such as Indirect Tax and Smarter Data;
    4. developing a suite of performance reports for use within the Indirect Tax business line and ATO Executive Committees; and
  2. prioritise the deployment of the On-Line BAS Check tool.


(a) Agree

The ATO agrees that a robust, well documented framework to continually review and assess our risk assessment tools is important for continuous improvement.

In relation to subparagraph (i) of this recommendation, the ATO already undertakes regular reviews of its risk assessment models and as acknowledged in the report, there has been continuous improvement in the ATO's ability to detect incorrect refund Business Activity Statements (BAS) while reducing the number of taxpayers impacted.

In relation to subparagraph (ii) of this recommendation, the ATO has recently updated its Case Data Capture (CDC) form in consultation with the Risk Manager and Smarter Data to ensure relevant information from compliance cases is more accurately captured. The CDC form has been structured so that the information submitted by case officers is consistent and accurate, focusing on reasons for the decision and taxpayer behaviours via relevant drop down options.

In relation to subparagraph (iii) of this recommendation, the ATO will look at ways to further improve intelligence gathering and greater engagement between risk managers, Smarter Data and operational staff.

(b) Agree

The Online BAS Check (OBC) has been endorsed by the Strategy and Integration Committee. The project is in Delivery Planning and is due for release in the 2018/19 year.

49 - ATO, 'Refund Integrity Case Selection Process', internal ATO document, 26 July 2017.

50 - ATO, 'Overall Pre-Issue Refund Integrity Case Outcomes by Age', internal ATO document.

51 - ATO, Where is my BAS refund?, above n 39.

52 - ATO, GST administration annual performance report 2015–16, (20 April 2017) p 35.

53 - ATO, 'RI Auditor Guide', internal ATO document, p 60.

54 - ATO, 'RI Auditor Guide', above n 53, p 60.

55 - ATO, 'ITX Case Context Document: Review – Pre/Post Issue Refund Integrity Risk', internal ATO document (June 2015), p 2.

56 - ATO, 'RI Auditor Guide', above n 53, p 60.

57 - ATO, 'Analytical filter model for NRRE', internal ATO document (June 2015), pp 1-2.

58 - ATO, Where is my BAS refund?, above n 39.

59 - ATO, 'The GST Refund Risk – presentation to Indonesian Delegation', internal ATO document (October 2016), slide 8.

60 - ATO, Communication to the IGT, 27 June 2017.

61 - ATO, 'RI Auditor Guide', above n 53, p 60.

62 - ATO, 'ITX Case Context Document', above n 55, p 4.

63 - ATO, ITX RIS Model Performance 2015-16, internal ATO document.

64 - Other statistics provided to the IGT as part of broader project work suggest that the 2015-16 'outcome effective strike rate' was 24.8 per cent due to an uplift in performance as a result of model enhancement: Client Engagement Risk Investment (undated). See also: ATO, ITX RIS Model Performance 2015-16, internal ATO document (Appendix 2).

65 - ATO, ITX RIS Model Performance 2015-16, internal ATO document.

66 - ATO, above n 50.

67 - ATO, above n 50; ATO, Client Engagement Risk Investment – GST Refund Integrity Risk, internal ATO document.

68 - ATO, above n 50.

69 - ATO, Small errors policy, internal ATO document (6 September 2016).

70 - Ibid.

71 - ATO, 'RI Auditor Guide', above n 53, p 128 and 150.

72 - Ibid, pp 211–212.

73 - ATO, Communication to the IGT, 27 June 2017.

74 - ATO, 'Indirect Tax Executive Submission Paper - 2017 RIS/ BASE Risk Presentation' (24 March 2017) internal ATO document.

75 - ATO internal email, 20 June 2016.

76 -Refund Integrity Random Audit Program Results' (2015), internal ATO document, p 3.

77 - Ibid.

78 - ATO, 'CERIC Report' (2016), internal ATO document p 1.

79 - Ibid.

80 - Ibid, p 2.

81 - ATO, 'The New nRRE Filter Model' (1 August 2017) internal ATO document; ATO, 'Performance comparison of the new and old hybrid models – updated with the most recent data since the new model was deployed (20170802)', internal ATO document (1 December 2017).

82 - ATO, 'CERIC Report', above n 78, p 3.

83 - ATO, 'Client Engagement Risk Investment – GST Refund Integrity Risk', internal ATO document.

84 - Ibid.

85 - ATO, GST administration annual performance report, above n 52, p 6.

86 - ATO, 'Business Improvement Review - Management of Refund Fraud in the ATO' (2017), internal ATO document.

87 - Ibid, p 25.

88 - ATO, 'Business Improvement Review', above n 86, p 16.

89 - ATO, Communications to the IGT, 10 October 2017 & 16 October 2017.

90 - IGT, Review into the Australian Taxation Office's compliance approach to individual taxpayers – use of data matching (2013); IGT, Review into Aspects of the Australian Taxation Office's Use of Compliance Risk Assessment Tools (2013).

91 - ATO, Changes to ATO processes to support Simpler BAS transition (30 June 2017) <https://www.ato.gov.au/>.

92 - ATO, 'Simpler BAS Proxies – Analysis of possible substitutes for GST labels in risk models impacted by Simpler BAS' (2017), internal ATO document.

93 - ATO, 'Client Engagement Risk Investment', above n 83.

94 - Ibid.

95 - Ibid.

96 - ATO, 'On-Line BAS Check Project' (7 August 2017), internal ATO document.

97 - ATO, above n 50.

98 - ATO, 'CERIC Report', above n 78, p 1.

99 - IGT, 'Compliance Risk Assessment Tools', above 90.