4.1 An overview of the ATO's broad LB&I compliance model or framework (including the Risk Differentiation Framework) is provided in the initial part of this chapter, given its overarching relevance to this IGT review.

4.2 The stakeholder issues and concerns are then considered in this context and a number of IGT recommendations are made, to improve the transparency and delivery of the ATO's compliance approaches for the benefit of both taxpayers and the ATO.

4.3 The ATO's specific risk reviews and audit processes and procedures (arising out of this compliance framework) are examined in Chapter 7 of this report.

4.4 It is also important to appreciate that the IGT has not had the opportunity to review the ATO compliance framework or the risk differentiation framework as such — these are large areas for potential review in their own right.

LB&I compliance approaches

Compliance Model and the ATO's end-to-end risk management framework

4.5 The ATO's broad approach to compliance is captured in its Compliance Model, as set out in Figure 4.1.

Figure 4.1: ATO's Compliance Model1
High Risk

Graphic setting out the ATO's compliance model. The Model provides the framework which the ATO uses to assess taxpayers and develop an appropriate response according to the nature and level of risk identified by the ATO, the cause of the non-compliance and the taxpayer's level of cooperation. It suggests an escalatory or responsive compliance strategy to create an incentive for a taxpayer to move towards a more engaged and compliant behaviour set.

4.6 The Model provides the framework which the ATO uses to assess taxpayers and develop an appropriate response according to the nature and level of risk identified by the ATO, the cause of the non-compliance and the taxpayer's level of cooperation. It suggests an escalatory or responsive compliance strategy to create an incentive for a taxpayer to move towards a more engaged and compliant behaviour set. The Compliance Model was chosen to indicate the relative number of taxpayers that might be found at each level, the hierarchical and escalating nature of the engagement and to highlight the increasing focus towards the apex for the relatively few taxpayers that appear to deliberately not comply.

4.7 Building on the Taxpayers' Charter in the spirit of cooperation with large business, the Large Business and Tax Compliance (LBTC) booklet states that taxpayers can expect tax officers will:

  • act in a professional, courteous and respectful manner and demonstrate integrity, fairness and impartiality in the conduct of their duties;
  • maintain open and frank dialogue, including informing taxpayers regularly of the progress of any compliance activity;
  • aim to make information requests clear and unambiguous;
  • complete a case in the shortest time practicable, with minimum inconvenience and disruption;
  • advise taxpayers of delays or where timelines are extended and the reasons why;
  • notify taxpayers where an error is detected that has resulted in a taxpayer paying more than the correct amount of tax;
  • recognise taxpayers' rights to have advisers present during discussions and meetings and allow taxpayers to confer with them as necessary; and
  • recognise taxpayers' right to claim legal professional privilege, accountants' concessions and confidentiality where appropriate.2

4.8 The ATO sets out compliance options for taxpayers from an administrator's perspective. Some taxpayers may adopt what the ATO considers to be a more aggressive attitude to compliance and choose not to comply while others will either try to follow the ATO view or choose otherwise.

4.9 Figure 4.2 sets out a diagrammatic representation of the ATO's end-to-end risk management framework.

Figure 4.2: ATO's end-to-end risk management framework3

Graphic giving a diagrammatic representation of the ATO's end-to-end risk management framework.

View image enlarged

4.10. The following paragraphs 4.11 to 4.17 set out some of the ATO's thoughts on compliance, as gleaned from publications such as the Large Business and Tax Compliance booklet.

4.11 This ATO framework is based on the premise that encouraging voluntary compliance requires effective engagement and a credible compliance program. It places an emphasis on:

  • deterring non-compliance through a range of different methods such as media strategies, education, engagement and assistance;
  • detecting potential non-compliance through quantitative and qualitative intelligence and ensuring that taxpayers meet their compliance obligations such as lodgement of tax returns; and
  • dealing with potential non-compliance through enforcement (investigation, audit and prosecution), education and engagement. From a risk management framework perspective, the ATO states that an enforcement outcome indicates that the preventative and deterrent controls described above have been ineffective in encouraging voluntary compliance.

4.12 The ATO seeks to assist large businesses to comply voluntarily with their obligations through a number of strategies, including:

  • clarifying the law and communicating ATO views through public and private rulings, products such as checklists, fact sheets and practice statements, taxpayer alerts and strategic litigation;
  • consulting with industry bodies on issues affecting compliance;
  • developing Annual Compliance Arrangements (ACA's) that provide taxpayers with the ability to manage tax risk cooperatively in real-time;
  • forward compliance options including the mitigation of transfer pricing risks through Advance Pricing Agreements (APA's);
  • providing access to ATO subject matter experts and senior leaders; and
  • relationship management via client relationship manager and Lead Relationship Manager (LRM) roles.

4.13 The ATO states that its compliance actions need to provide both fair warning of the ATO's concerns (through rulings, publications and alerts) and firm, targeted and timely treatment of those that appear not to have complied.

4.14 The ATO notes that the success of its risk management framework requires that the large market community perceive it as reasonable, robust and rigorous.

4.15 Importantly, the ATO states that its choice of treatment must always be appropriate to a taxpayer's facts and circumstances otherwise its conduct or actions could undermine voluntary compliance in the longer term.

4.16 The ATO observes that well-advised taxpayers with good tax corporate governance systems are rarely non-compliant and this would generally be inadvertent. While large market taxpayers generally comply with the ATO view of the law if it is known to them or will have a reasonably arguable position, if errors do occur, the consequence can be very large because of the size of the largest taxpayers. This is the reason why the ATO conducts continuous monitoring and review in the higher consequence part of the market.

4.17 The ATO acknowledges that there is uncertainty associated with the application of some aspects of the law to the relevant facts and circumstances. The ATO believes that it is important in such instances that it supports and assists taxpayers by providing public guidance on its view of the law and what constitutes compliance.

Identifying compliance risk

4.18 The LBTC booklet states that the value, volume and complexity of transactions undertaken by large business have inherent risks for tax compliance. The ATO states that it applies a level of risk analysis to all large businesses and that its overall approach is to closely examine significant transactions and business results that show inconsistencies between tax and the economic outcomes. The LBTC booklet and the ATO's Compliance Program provide more information on the specific compliance risks that the ATO is focusing on in the 2010-11 income year.

4.19 The IGT notes that in the course of this review a number of taxpayers raised concerns with the ATO's identification of specific compliance risks (or risk hypotheses). It was suggested that there are a high proportion of 'false' outcomes for ATO hypothesised risks (that is, the ATO risk raised with taxpayers was 'false' as there was in fact no risk realised). Taxpayers raised concerns with unnecessary cost of compliance and the potential for real problems in the ATO's risk identification process. This may well be a review topic in its own right which may be pursued at a later date by the IGT or other relevant government agency.

Risk Differentiation Framework

4.20. The ATO uses the Risk Differentiation Framework (RDF) approach to assess the tax risk of large business taxpayers. The RDF is based on the premise that the ATO's risk management stance will differ based on its perception of the taxpayer's estimated:

  • likelihood of non-compliance (that is, having a tax outcome that the ATO does not agree with); and
  • the consequence (dollars, relativities, reputation, precedent) of that non-compliance.4

4.21 Using the framework, the ATO places taxpayers into one of four broad risk categories (higher risk, key taxpayer, medium risk and lower risk) for each tax type. Figure 4.3 provides a diagrammatic summary of the main features of the ATO's RDF.5

Figure 4.3: Risk Differentiation Framework6

Diagram giving a summary of the main features of the ATO's RDF. Using the framework, the ATO places taxpayers into one of four broad risk categories (higher risk, key taxpayer, medium risk and lower risk) for each tax type.

4.22 The ATO states that this risk rating does not in any way influence the outcome of a possible risk review, but that it does influence the likelihood of a review and the formality and intensity of it.7 The ATO, using a range of risk filters, profiles all large businesses twice a year to place them into one of the four risk categories.8

4.23 The ATO's RDF prescribes a different level of engagement for each quadrant. For those taxpayers with relatively high consequence (often the largest taxpayers) the ATO will invest more time and effort in trying to effectively reduce the likelihood of non-compliance.

4.24 Each quadrant of Figure 4.3 is considered in turn below.

4.25 Higher risk large business taxpayers (approximately 2 per cent of the total large business population), can expect continuous real time risk reviews for the ATO to identify and assess risks as they arise. In speeches, the Commissioner of Taxation has noted that:

Certainty for these taxpayers [higher risk] is not in relation to their tax position but rather a certainty that they will be reviewed by us. Such an experience will be fair and professional but may also be quite formal and intense.9

4.26 Key large business taxpayers (approximately 8 per cent of the large business population and including most of Australia's largest businesses) can expect continuous monitoring. By definition, a key taxpayer represents a taxpayer that has a relatively lower likelihood of non-compliance, but the consequences of any potential non-compliance are higher given the significant value of their transactions.10

4.27 Medium risk taxpayers (approximately 18 per cent of the large business population) are subject to periodic review while lower risk taxpayers (the remaining 72 per cent of large businesses) are subject to periodic monitoring.11

4.28 The ATO position is that it seeks to engage with taxpayers on a prospective, cooperative basis to identify tax risk and agree on mitigation strategies with the aim of improving practical certainty and outcomes. Where taxpayers are transparent and work co-operatively with the ATO, this is more likely to change the ATO view of their relative level of risk (eg, from higher risk to key taxpayer or from medium risk to lower risk).

Sharing of risk rating and engagement

4.29 The LBTC booklet states that an important part of the ATO's compliance relationship with taxpayers is communicating its view of a taxpayer's income tax risk rating (higher risk, key taxpayer, medium risk and lower risk). It notes that the ATO's approach is to be complemented by open discussions about a taxpayer's risk rating.12

4.30. The ATO directly notified taxpayers of their initial income tax risk ratings for the first time under this framework during the course of this review.

4.31 Taxpayers have indicated very mixed experiences with the ATO's communication of their income tax risk rating and the opportunity for discussion and re-evaluation. Some taxpayers have said that while they have received a letter advising them of their risk rating there was considerable uncertainty in this assessment process. Certain factors the ATO cited in drawing conclusions on risk assessments were in their view arbitrary, vague, illogical, disproportionate and inappropriate. Dialogue in relation to the risk assessments with the ATO was also mixed. Some taxpayers felt the dialogue with the ATO was unproductive and curt. Others believed that while the process has shortcomings, the dialogue was reasonable.

4.32 Other taxpayers indicated that the ATO has been pro-active in arranging to meet with them to discuss their risk rating while some have only received a letter and an invitation to meet if the taxpayer wants further clarification.

4.33 Taxpayers would like to see a more well-defined, transparent and consistent process in how the ATO both determines and communicates their income tax risk rating. This process should include a commitment by the ATO to meet with the taxpayer, discuss the findings and conclusions on a preliminary basis and, where appropriate, include a re-evaluation of a taxpayer's income tax rating based on those discussions.

4.34 As part of those discussions, taxpayers would also like to see better explanations of what a taxpayer can expect after receiving the outcome rating (what does a higher risk rating mean compared to a medium risk rating?) and practical examples and guidance on how a taxpayer may transition to a lower risk rating. This is particularly important given the ATO's comments that higher risk taxpayers should expect a more formal and intense ATO interaction. It is also important to appreciate that the ATO's risk classification is also dynamic, with classifications being reconsidered periodically, which in certain cases is expected to be half-yearly.

4.35 In addition, a higher risk rating may have significant implications for a taxpayer's reputation and also the professional standing of tax managers and advisers. In such instances, affected persons should have a right to reply and comment before the ATO adopts a final position on a taxpayer's risk profile. The delivery by the ATO of the risk classification assessment as a fait accompli was thought by some taxpayer's to be unhelpful if not improper.

IGT observations

4.36 The IGT observed that certain taxpayers considered that due process or procedural fairness was effectively cut off from something as important as an administrator drawing a formal opinion on the taxpayer. If the assessment had been canvassed as a preliminary view for comment and a fuller opportunity for open and frank consideration afforded the outcomes may have been different in some cases.

Recommendation 4.1

Given the importance of the relationship between the ATO's risk classification of a taxpayer and its consequence, the ATO should continue to develop a more well-defined, transparent and consistent process in discussing and determining a taxpayer's ATO income tax risk rating at a given point in time under the ATO's Risk Differentiation Framework (RDF). This should include the ATO:

  • making a risk classification for taxpayers in specific risk quadrants (at a minimum key and higher risk quadrant taxpayers but may be expanded depending upon taxpayer experience and needs);
  • communicating the risk classification to the taxpayer disclosing all the relevant facts, metrics, weightings and reasoning underpinning this determination in writing;
  • providing these taxpayers with an opportunity to meet face-to-face to discuss the determination;
  • providing these taxpayers with a direct opportunity to reply in writing to this risk classification;
  • appropriately reviewing and considering this taxpayer response; and
  • allowing the taxpayer to escalate the matter to the Deputy Commissioner LB&I, if they are still dissatisfied with the rating.

ATO Response

Agree in principle.

We agree that it is important to communicate with taxpayers about their risk category, including explaining our reasoning and what being placed in that category means for their business. In 2010, we completed an initial roll out of discussions with and letters to higher risk and key taxpayers to convey and explain their risk category. Only a small number of taxpayers, mostly from higher risk groups, expressed concerns. We met with each of these taxpayers and also wrote to them about their concerns.

Building on our experiences in that initial roll out, we are continuing to develop and improve our approach to communicating risk categories in consultation with the large market. The process for higher risk and key taxpayers reflects the approach outlined in your recommendation. However, the second dot point in your recommendation assumes weightings and a scorecard approach, which is not consistent with approaches taken in the RDF.

We see the RDF as a tool to help us build more open and transparent relationships with taxpayers — it is a starting point for a discussion. The ATO provides taxpayers in the higher risk and key taxpayer categories with the opportunity to discuss their RDF risk category. We also listen to any feedback that taxpayers may wish to provide at this time. Ultimately we may agree to disagree as it is a matter of informed judgment. We think this agrees in principle with the thrust of your recommendation.

We are pleased to note that, in some cases, the risk category discussion has encouraged a greater level of interest in tax risk governance at the Board level. Some of those taxpayer groups are now working more actively with us towards a change of risk category.

We also note that the actions described in the recommendation are about communicating risk categories and do not relate to how the category is determined.

Your observations at paragraph 4.36 suggest that some taxpayers have a perception that the risk category in some way pre-determines the outcome of our compliance activities. That is not the case. Our view of a taxpayer's RDF risk category determines the likelihood that compliance activities will need to occur. It also suggests possible modes of interaction and a relative level of intensity.

Alignment of Risk Differentiation Framework and compliance products

4.37 The IGT considers that the understanding of behavioural effects and incentives in the design of a risk differentiation framework is vital. The ATO's application of its risk review and audit processes needs to be properly aligned so there are tangible benefits for taxpayers being rated as key or lower risk taxpayers. If taxpayers do not perceive a benefit in moving to a lower risk rating (for example, from higher risk to key taxpayer or medium risk to lower risk) or at maintaining a low tax risk profile then it may not necessarily improve corporate tax compliance behaviour.

4.38 Likewise, key taxpayers (which by definition will have a lower likelihood of non-compliance but a higher consequence) must have a different experience and level of engagement from a higher risk or medium risk taxpayer. If not, then the ATO's application of its risk review and audit processes and procedures will not support its corporate aspiration to develop an enhanced relationship with high levels of mutual transparency and trust with key taxpayers.

4.39 The IGT believes that one important tangible benefit for key taxpayers must be a demonstrated higher level of engagement and interaction with the ATO so as to minimise the taxpayer's compliance costs associated with continuous monitoring and review.

4.40. Equally important, the ATO needs to ensure that taxpayers that are rated as 'high risk' are not pre-judged as to a risk review or audit outcome and that they are always afforded due process. For example, risk reviews and audits should not be seen as focused on simply proving or confirming a risk hypothesis as opposed to objectively testing the risk hypothesis.

4.41 Naturally, where a taxpayer is uncooperative or resisting the informal provision of information, then the ATO may use formal information-gathering powers. The IGT understands that this is not a common concern in the large business context.

4.42 The IGT believes that it is appropriate in a self-assessment environment that taxpayers are provided the opportunity to discharge their taxation obligations in accordance with the law. Provided taxpayers are made aware of the ATO's views (as the tax systems administrator) they are entitled to select the relationship option that best meets their needs in discharging their obligations.

4.43 In supporting this sentiment the IGT notes that as 'higher risk' taxpayers will receive a higher level of ongoing active compliance activity, it places a greater importance on the ATO to ensure that the principles and processes set out in the LBTC booklet and LB&I Compliance Manual are fairly, consistently and professionally followed. For example, irrespective of a taxpayer's risk rating, the ATO should always ensure that it shares with taxpayers the ATO's risk hypothesis, provides regular updates on the progress of a risk review and audit, promotes engagement and discussion of the ATO's view of the transaction, risks and technical view and provides a reasonable opportunity for taxpayers to comment and respond.

4.44 The consistent application of these principles in a professional, fair and effective manner by the ATO actually provides a greater opportunity to develop enhanced relationships between taxpayers and the ATO as revenue administrator, particularly in the case of higher consequence taxpayers.

Recommendation 4.2

To promote greater consistency and proportionate ATO delivery of a risk review and audit in accordance with the principles set out in the latest LBTC booklet, the LB&I Compliance Manual and supporting LB&I work practices should be revised to reflect more clearly the different risk profiles of taxpayers and support the more differentiated approach. This should include details on the expected process, level and type of engagement and mutual transparency as it relates to higher, key, medium and lower risk taxpayers.

The ATO should enhance its quality assurance processes (including monthly reviews) to include specific criteria or questions that test whether the principles and processes set out in the LBTC booklet (as revised) and LB&I Compliance Manual are fairly, consistently and professionally followed in a manner that is proportionate to the taxpayer's risk profile.

ATO Response


Following the launch of the revised LBTC booklet in 2010, work is underway to revise and update our training, instructional materials (including the LB&I Compliance Manual) and assurance processes to ensure they consistently reflect the principles in the booklet. There will also be follow-up training associated with this.

The updated guidance materials will provide improved support to our teams by suggesting approaches for each risk category. It is important to be aware that guidance material suggests (rather than mandates) particular approaches. Our compliance teams are required to exercise judgment, reflecting the widely differentiated nature of the large market.

We are currently updating the instructions and guidance to our staff for monthly reviews and Integrated Quality Framework (IQF) assessments to incorporate more specific questions and tests that will help us to ensure our approach is suitable to the case circumstances.

Scope, purpose and outcomes of the active compliance processes

4.45 The ATO advises that there may be a number of reasons why taxpayers and the ATO may take different positions on an issue ranging from taxpayers applying the law incorrectly or taking a different view of the law from the ATO through to deliberate evasion or aggressive tax planning.

4.46 Where the ATO has detected potential non-compliance and the compliance risk warrants further action (due to the likelihood and consequence of that potential non-compliance), the ATO has two post-lodgement active compliance processes, namely risk reviews and audits.

4.47 The LBTC booklet states that risk reviews form a major part of the ATO's compliance work and are used to assess whether there may be tax risks arising from a taxpayer's self-assessment. Risk reviews assist the ATO to determine whether there are any compliance issues requiring a more in-depth investigation and response. It does so by seeking to test and refine an initial hypothesis using risk indicators developed as part of the ATO's initial internal risk profiling.13 Appendix 3 contains more detailed information regarding the risk review process.

4.48 The LBTC booklet states that the risk review process provides both taxpayers and the ATO with an opportunity to resolve concerns about compliance issues and prevent the need for an audit. The LBTC booklet provides that the type of risk review (client risk review or a specific review) will depend on the initial risk identified and a taxpayer's risk rating.14

4.49 A client risk review is intended to be a comprehensive review product, with the aim to:

  • develop a better understanding of a taxpayer's business by integrating business and tax analyses;
  • assess identified potential tax risks (current and emerging);
  • build a year-by-year picture of a taxpayer's business; and
  • build and maintain an ongoing dialogue.15

4.50. A specific review is intended to examine one or more specific risks that the ATO has identified and aims to:

  • minimise the impact on taxpayers by concentrating only on risks that have already been identified;
  • assess identified potential tax risks (current and emerging);
  • gain a better understanding of a taxpayer's business through the integration of business and tax analysis; and
  • build and maintain an ongoing dialogue with taxpayers.16

4.51 Both risk review products involve the ATO collecting and analysing information to help it understand a taxpayer's business, and reviewing identified risks by asking a taxpayer to explain the circumstances and provide information about any mitigation strategies implemented and assessing and evaluating identified risks.17

4.52 At the end of a risk review the ATO will discuss the outcomes with the taxpayer including whether it is satisfied with the taxpayer's compliance or considers that further action is warranted including making recommendations for future compliance activity.18

4.53 The LB&I Compliance Manual contains significant detail and guidance to staff on the risk review process including the planning of a risk review, the developing and refining of the risk hypothesis, communicating with the taxpayer, gathering and analysing information and rating the risks.

4.54 Where the ATO identifies significant risks, it is highly likely an audit will follow. Where the risks are not deemed to be significant, the ATO will usually not proceed further unless there were other concerns raised. Where the issue is likely to proceed to audit, the ATO commits to keep taxpayers informed about its plans and timeframes.19

4.55 In contrast, audits are more comprehensive than risk reviews and involve a deeper level of information and case examination. Audits provide a means for the ATO to:

  • verify whether in the ATO's view appropriate tax has been paid in cases where risks have been identified, including gathering evidence or proof as required;
  • understand the causes of any non-compliance and address them for the past and the future; and
  • identify areas where the law may need clarification or where audit processes can be improved.20

4.56 For income tax purposes, an audit typically arises following a risk review and seeks to test the risk hypothesis that is established at the end of a risk review. The ATO may also broaden the scope of an audit if it identifies additional risks during an audit.21

4.57 Appendix 4 contains more detailed information regarding the audit process. An audit involves agreeing on a case plan, collecting detailed information and undertaking analysis with the view to refining the risk hypothesis and developing an ATO position. This is communicated to the taxpayer by way of an ATO position paper, with the taxpayer being provided an opportunity to respond (ATO position papers are the subject of separate discussion in Chapter 8).

Submissions and consultation

4.58 In submissions to the IGT, the view was expressed that traditionally a risk review was not seen as an audit but rather as a high-level review designed to assess whether there were tax risks arising from a taxpayer's self-assessment that warranted a more in-depth audit investigation. Uncertainty was also expressed about what constitutes a risk review and how it differs from an audit, with a number of reasons having been suggested for this confusion:

  • Release of Miscellaneous Ruling MT 2008/3 and the broad definition of tax audit although this has been partly clarified in the LBTC booklet which asserts that the risk review and audit processes are separate;
  • Time delay and manner in which a risk review moves to an audit; and
  • The existence of too many products such as client risk reviews, specific risk reviews and comprehensive risk reviews and now compliance assurance reviews.

4.59 Many taxpayers and advisers expressed a lack of understanding about what differentiates each of these risk reviews, the type of risk review being undertaken, and the reasons for the type of review being selected.

4.60. The uncertainty around the scope and purpose of a risk review was further evidenced by comments of a number of stakeholders that the ATO seems to proceed from a risk review to an audit without taking into consideration all the available information. Other taxpayers believe that if the ATO identifies an issue then it should seek to resolve it at the risk review stage and not proceed to an audit. On the other hand, concerns were expressed that the ATO was requesting far too much detailed information at the risk review stage and that if the ATO had identified issues or concerns then these should be addressed during the audit.

4.61 A number of taxpayers and advisers have suggested that in relation to post-lodgement active compliance work there is scope for the ATO to streamline its various risk review and audit products into three main stages:

  • Preliminary risk review — involves internal risk profiling and ratio analysis, media profiling, tax compliance history and information requests going to ownership structures.
  • Client risk review product — preferable for the ATO to have only one type of risk review product so as to minimise confusion.
  • Specific issues audit product — involves the testing of a risk hypothesis arising from a risk review. Where there is a change in the scope of the audit then this could be reflected in a revised Audit Plan with a refined risk hypothesis. To ensure continuity and an understanding of the issues, it is important that the same team that conducts the risk review should also undertake the audit.

4.62 Each of these stages should be accompanied by a clearer articulation of the inputs (such as the nature and detail of documentation to be requested at each stage), process (the types and scope of activities), timeframes and outcomes.

IGT observations

4.63 The IGT considers that achieving a cooperative relationship between the ATO and taxpayers requires taxpayers and advisers to have a good understanding of the ATO's risk review and audit processes and the ATO's approaches and reasoning behind these processes. A more streamlined, transparent and well-defined risk review and audit framework would allow for more efficient and effective interaction between the ATO and taxpayers.

Guidance available to ATO staff, taxpayers and advisers

4.64 The IGT found that the ATO has available significant material and guidance to staff on the risk review and audit processes, in particular the LB&I Compliance Manual and its Siebel work practices. The IGT considers that the Compliance Manual is a positive addition to the ATO's suite of active compliance support materials and systems. For example, the Compliance Manual sets out how a risk review should be conducted and provides guidance on critical steps in that process such as:

  • planning a risk review;
  • understanding a taxpayer's business and collecting information;
  • identifying and reviewing tax risks including holding the initial internal workshop;
  • notifying the taxpayer of the commencement of a risk review;
  • assessing and rating the risks (refining the risk hypothesis) and developing recommendations; and
  • communicating the risk review outcomes to taxpayers.

4.65 In contrast, for taxpayers and advisers the only publicly available source of ATO guidance on the purpose, scope, conduct and outcomes of these processes is the LBTC booklet. It provides a high level explanation of the risk review and audit processes but taxpayers and advisers do not necessarily have a good understanding of the thinking, reasoning or judgements behind a number of important risk review and audit processes. This includes the development and refinement of the risk hypothesis, the level of expected engagement and communication and the role and responsibilities of the tax officers that may be involved in a risk review and audit.

4.66 It is also evident from submissions and consultations that there is some uncertainty around the scope and purpose of the various risk review and audit products. It was clear from discussions that taxpayers and advisers often have different expectations (from both the ATO and each other) of the inputs, process and outputs for the various ATO products. The uncertainty or mismatch of expectations around the inputs, process and outcomes of risk reviews and audits can contribute to strained relationships.

4.67 The IGT believes that there is scope for the ATO to provide more detailed information to taxpayers and advisers on the risk review and audit processes, along the lines of that already contained in the LB&I Compliance Manual. Greater transparency in the risk review and audit processes will better support both the ATO and taxpayers to meet their mutual expectations during compliance activities.22

Recommendation 4.3

To improve transparency and promote greater understanding, the ATO should publicly release the LB&I Compliance Manual so as to provide better guidance and detail to taxpayers and advisers on the risk review and audit processes. This would include more detailed ATO guidance on the:

  • scope and purpose of risk reviews and audits;
  • thinking, reasoning and judgements behind important aspects of the risk review and audit processes;
  • inputs to the risk review and audit processes such as the nature and detail of documentation to be requested at each stage;
  • details on the roles, responsibilities and expectations of the various tax officers that may be involved in a risk review or audit;
  • ATO and taxpayer expectations regarding the conduct of a risk review and audit; and
  • type and level of expected engagement.

ATO Response


As noted in our response to Recommendation 4.2, work is underway to review and update our training and instructional materials, including the LB&I Compliance Manual. The manual is a large document, meaning that the process of review and update is a significant undertaking and is expected to take several months to complete. For efficiency and to avoid duplication of effort, the exact timing of publication will be co-ordinated appropriately with our work for publication of other documents to be released under the Information Publication Scheme in Part II of the (amended) Freedom of Information Act 1982.

Nature and scope of active compliance processes

4.68 The IGT accepts that there is a need to have progressively more intensive investigations as a compliance activity moves from a risk review through to audit. The IGT is of the view that the transition from risk review to audit needs to be clear and direct. The IGT does not believe that the ATO should conduct various forms of risk review that prolong a process or are in fact an audit. If the ATO has reason to move the review to an audit footing (where the investigation requires more intensive and detailed information gathering) then it should do so and make the taxpayers aware of that decision contemporaneously. Where the ATO wishes to seek detailed information and documentation around a transaction (including section 264 interviews and third party requests) it is better that this is done under an audit. This establishes a clear understanding for the taxpayer of the nature of the investigation and the mutual expectations.

4.69 Currently, the ATO has a number of applicable products for post-lodgement review including specific review, client risk review, specific audit and comprehensive audit. The IGT considers that there is merit in rationalising the various ATO risk review and audit products for post-lodgement compliance activities along the lines proposed by a number of stakeholders. This would simplify the risk review and audit framework and allow for a clearer articulation and understanding of the inputs, process, outcomes and mutual expectations at each stage.

4.70. The IGT sees no benefit in continuing to have both specific reviews and client risk reviews given the uncertainty expressed by taxpayers and advisers regarding the scope and purpose of the different risk review products. Both products involve the collection and analysis of information to help the ATO understand a taxpayer's business and an assessment of the identified potential tax risks. The only observable difference between a specific review and a client risk review is the level of specificity of the identified risk with the ATO's ability to express a better articulated risk hypothesis at the outset of a specific issues review. The IGT notes that under the current risk review processes even a client risk review, which is designed to look at the whole business, now requires the establishment of the key issue for review.

4.71 The ATO advised the IGT that they support a high degree of clarity as to the scope and nature of these active compliance products. In this regard, and building on the information provided in the LBTC booklet to assist taxpayers' understanding of the process, the ATO noted that clear dialogue with taxpayers to explain the scope and purpose of a product at its outset will assist in this regard.

4.72 The IGT believes that the compliance process could be simplified and made more certain by consolidating specific reviews into a single client risk review product. The specificity of a specific review could be maintained through a more detailed identification of the specific risks under examination as compared to a more comprehensive review of a taxpayer's business.

4.73 Likewise, the IGT believes in the large business market context that there is no real benefit in continuing to have two different audit products (comprehensive and specific audits). All ATO audits (whether comprehensive or specific issue) should be framed around a number of specified risk hypotheses given that most large business audits arise from a risk review.

4.74 The IGT accepts that the provision and examination of more detailed information during an audit may lead to the identification of new specific issues or risks and a broadening of the scope of an audit. In that instance, the new risks or issues would be openly communicated to taxpayers along with the revised risk hypothesis.

Recommendation 4.4

The ATO should streamline its various post-lodgement risk review and audit products into three specific processes:

  • Preliminary risk review — this stage would involve no contact with the taxpayer and be primarily focused on the identification of potential compliance risks through internal ATO risk profiling and ratio analysis, media profiling, tax profiling history and examination of ownership structures.
  • Risk review — involves a specific or a broad investigation of various risk areas identified in the preliminary risk review. As more information is obtained and should new risks be identified, the scope of a client risk review may be broadened, although this would be accompanied by updating and communicating of the ATO's revised risk hypothesis to the taxpayer.
  • Audit — involves the detailed testing and refining of each specific risk hypothesis arising from the risk review or in the course of the audit.

ATO Response


While we agree in principle that there is merit in streamlining our post-lodgment processes, we see a risk in limiting the flexibility to differentiate according to the circumstances.

Regardless of product type, we believe the key is to ensure that we communicate clearly the scope and purpose of any compliance activity from the outset and also any changes to scope that emerge as work progresses. This is in line with our commitments in the LBTC booklet and we believe it is consistent with your underlying intent in making this recommendation.

We have not agreed to the suggested product set at this time because we believe it is important to explore in more detail how this would work at a practical level. This analysis needs to consider how product names affect our interactions with taxpayers and any potential adverse impacts on our ability to produce meaningful performance reporting to support our case level governance.

As we move to the next stage of implementing the Risk Differentiation Framework, we are also working to redevelop our Large Business Engagement Model and the services we offer in consultation with the large market, including through our Large Business Advisory Group. As part of this work, we propose to consult with the large market to obtain a better understanding of how the naming of products affects their experience, and take your recommendation into account during this review.

In any event, we are encouraging more collaborative upfront approaches with large business, particularly those that want to pursue an enhanced relationship model. Fixed product type approaches may not be the best way to nurture and progress that relationship.

1 Large Business and Tax Compliance, p 6.

2 Large Business and Tax Compliance, p 6.

3 Large Business and Tax Compliance, p 23.

4 Large Business and Tax Compliance, p 23.

5 Large Business and Tax Compliance, p 23.

6 Large Business and Tax Compliance, p 23.

7 Large Business and Tax Compliance, p 23.

8 Large Business and Tax Compliance, p 24.

9 Large Business and Tax Compliance, p 24.

10 Large Business and Tax Compliance, p 25.

11 Large Business and Tax Compliance, p 25.

12 Large Business and Tax Compliance, p 25.

13 Large Business and Tax Compliance, p 27.

14 Large Business and Tax Compliance, p 27.

15 Large Business and Tax Compliance, p 42.

16 Large Business and Tax Compliance, p 42.

17 Large Business and Tax Compliance, p 42.

18 Large Business and Tax Compliance, p 42.

19 Large Business and Tax Compliance, p 27.

20 Large Business and Tax Compliance, p 28.

21 Large Business and Tax Compliance, p 28.

22 Large Business and Tax Compliance, p 28.