5.1 This chapter considers the ATO's processes and procedures regarding the development and refinement of the risk hypothesis. It discusses the issues and concerns raised by stakeholders and makes several recommendations to ensure that the development, refinement and sharing of the risk hypothesis during a risk review and audit accords with the Large Business and Tax Compliance (LBTC) booklet and Large Business and International (LB&I) Compliance Manual.

Development and refinement of the risk hypothesis

5.2 The LBTC booklet states that the ATO develops a risk hypothesis for all cases selected for risk review.1 The LB&I Compliance Manual states that the risk hypothesis is intended to form the basis for the ATO's investigations, and frame its queries and information requests. Throughout the active compliance process, from the commencement of a risk review through to the conclusion of an audit, the Compliance Manual provides that the risk hypothesis must be continually revised and updated as new information is obtained and new decisions are made.2

5.3 The Cooperative Compliance Model (2000) describes a risk hypothesis as:

an assertion proposing an explanation of particular facts, events or issues. It helps make sense of any information gained and provides a focal point for discussion and testing. The testing of the hypothesis provides the foundation for designing and implementing further activity.3

5.4 The Compliance Manual notes that a good risk hypothesis will have the following features:

  • be written as a definite statement not a question;
  • be based on observations and knowledge;
  • capable of being tested with purposeful enquiry; and
  • clearly state the area of potential mischief.4

5.5 The Compliance Manual goes on to state that if the Case Officer and Team Leader are not actively managing their case using a risk hypothesis approach there are a number of problems that could arise which could damage the ATO's relationship with the taxpayer and affect the ATO's reputation including:

  • the case lacks focus;
  • the areas of review or audit may be unclear to the Case Officer, the taxpayer or both;
  • the Case Officer may not be adequately prepared to question the taxpayer and may spend too long on generic review activities or waste time building an in depth knowledge of a risk or issue that is immaterial; and
  • the Case Officer may have already asked the taxpayer for information and interviewed them before properly understanding the material risks in the case resulting in the need to make further information requests.5

5.6 Appendix 3 provides a diagrammatic representation of the progress of the risk hypothesis in the end-to-end compliance process.

Commencement of risk review

5.7 The Compliance Manual states that the reason the case was initially selected becomes the initial risk hypothesis of a risk review and the description forming the initial risk hypothesis is required to be recorded on the Siebel case management system. By way of example, the Compliance Manual suggests that if a case was selected because a taxpayer had significant utilised and carried forward losses (through an analysis of the income tax return), the initial risk hypothesis might be:

The taxpayer group has significant carried forward and utilised losses and there is a potential risk that either:

  • The income tax calculations leading to the loss are incorrect; or
  • The Subdivision 165-A loss provisions (such as the Continuity of Ownership and Same Business tests) have been breached.6

5.8 The Compliance Manual provides that during the course of a risk review the Case Officer will test and refine the risk hypothesis. It should be refined and recorded throughout a case, in particular:

  • after the Case Officer's initial analysis;
  • after the initial workshop; and
  • as the case progresses at points where there is a change or clarification in the risk hypothesis.7

5.9 The ATO confirmed that the Team Leader is responsible for ensuring that the Case Officer has correctly understood, tested and refined the risk hypothesis throughout a risk review or audit, although in most cases, the Case Officer will also be assisted in this regard by one or more officers with specific technical experience.

5.10 The Manual provides that the refinement of the initial risk hypothesis will depend on the type of risk review or audit. For example, for a specific issue review or an audit an officer should research the taxpayer's profile, gain an understanding of their business and thereafter focus on testing a specific risk hypothesis.8

5.11 When conducting a comprehensive risk review or audit the Case Officer may have to undertake more thorough research of the taxpayer and the refinement of the initial hypothesis may include additional risks. The Case Officer must continue to refine the hypothesis for each risk until they have reached a conclusion.9

5.12 At the risk review stage, the ATO will seek to test and refine the risk hypothesis until it has determined that the potential risk is either not present or not material enough to warrant further action or should proceed to audit where the ATO is satisfied that the potential risk is sufficient to warrant more detailed testing.10

Commencement of audit

5.13 If an audit is commenced then the final risk hypothesis of the risk review becomes the initial risk hypothesis of the audit.11

5.14 The Compliance Manual states that the Case Officer is required to further test and refine the risk hypothesis through more detailed information gathering and investigation and, where necessary, refine the scope of the audit.12

5.15 However, by this stage the ATO should have already developed an appropriate understanding of the taxpayer under review, researched the relevant issues, planned the audit, conducted initial audit interviews and formulated a clear risk hypothesis.

5.16 The Compliance Manual provides that at the audit stage, refining the risk hypothesis may include:

  • clarifying issues;
  • identifying and understanding the relevant legislative provisions;
  • identifying key facts and related evidence required to determine the ATO position; and
  • identifying the current ATO view, quantifying the issues and making the final decision as to whether to amend.13

5.17 Refining the scope of an audit may include eliminating certain issues, identifying new issues or refining the income years subject to audit.14

5.18 The Compliance Manual requires that all refinements in the risk hypothesis or the scope of the audit must be reflected in the ATO's Audit Plan. It provides that once the Case Officer has refined the hypothesis and scope of the audit so that the issues and income years under audit are clear then they can proceed to making a decision. Further information on this is contained in Chapters 7 and 8 of the report.15

5.19 During an audit, the ATO will seek to test and refine the risk hypothesis and scope of the audit until it has determined that the potential risk is either not present or not material enough to warrant further action, or the ATO is satisfied that the taxpayer has not complied with the ATO view of the tax law.16

Submissions and consultations

5.20 In submission and consultation, stakeholders raised a number of concerns in relation to the risk hypothesis. Stakeholders also highlighted some good examples of interaction with the ATO around the risk hypothesis.

5.21 Taxpayers and advisers submitted that, in certain situations their experience was that there was little or no discussion or refinement of the risk hypothesis during the course of a risk review or audit. It was submitted that sometimes a risk review or audit would start with a number of issues surrounding a transaction but thereafter the process of evolution or development of the risk hypothesis was not done in a transparent and cooperative manner, so that taxpayers did not share the ATO's understanding of the key issues.

5.22 A number of taxpayers and advisers indicated that it was only at the end of the risk review or audit process that the ATO provided them with the risk hypothesis. Affected taxpayers indicated that had this been shared with them earlier (rather than only issuing requests for further information) they could have provided targeted responses and potentially a lesser rating than the initial 'higher' risk rating may have been achieved.

5.23 More generally, doubts or concerns were raised about the management and communication of a particular issue and the perceptions about mischief or the underlying technical issues that the ATO may be investigating or considering, especially when an issue has been referred to a technical specialist or a Case Leader. Stakeholders see that there are many process elements and many different specialists in the overall management structure that give rise to delay and uncertainty particularly where communication is not effective.

5.24 Taxpayers and advisers indicated that risk reviews and audits are often accompanied by broad information requests or lines of enquiry that make it difficult to discern the ATO's exact concern. It was also submitted that there is often little or no communication of any changes to the ATO's risk hypothesis after a taxpayer has responded to an information request. For more discussion on 'information gathering' reference should be made to Chapter 7 which canvasses stakeholder and ATO issues.

5.25 Taxpayers and advisers with these experiences would like to see the ATO share and discuss the risk hypothesis more effectively so as to better understand the ATO's concerns around an issue or transaction.

5.26 The ATO in discussion with the IGT provided results from the ATO Client Feedback Questionnaire, as outlined in the table below showing relatively strong results. The ATO did express some surprise in relation to the IGT consultations and submissions when comparing these to their survey results:

Year Question Result
(average out of 5)
09-10 Initial views on any risks were explained to you (audit and risk review) 4.2
08-09 Initial views on any risks were explained to you (risk review) 4.2
08-09 Reasons for commencing the audit were adequately explained to you 4.8
07-08 Initial views on any risks were explained to you (risk review) 4.1
07-08 Reasons for commencing the audit were adequately explained to you 4.7
06-07 Explanation of the reason for the audit (audits in progress) 4.0

5.27 As noted previously in the report, the IGT has not had the opportunity to consider the use or effectiveness of Client Feedback Questionnaires or other external market surveys. While the IGT supports the ATO's attempt to gain insight around their service delivery performance, it may be that certain response collection methods may be more effective than others. It may also be that there is potential bias in survey results from respondents even if arranged through third party agents due to factors that may not be completely appreciated, including underlying concerns about anonymity amongst others.

5.28 The IGT, as noted, also appreciates that there are some good stakeholder experiences, but an opportunity to further improve outcomes for both the ATO and stakeholder alike still remain given the submission and consultations made.

IGT observations

5.29 The IGT found that the LB&I Compliance Manual places an appropriate level of importance on the development and refinement of the risk hypothesis during a risk review and audit.

5.30 The ATO advises that it may not have sufficient information from the tax return materials or otherwise have an incomplete understanding of the transaction in question at the beginning of a risk review, such that a detailed and well-articulated risk hypothesis is not available without further enquiry.

5.31 The IGT believes that there may be good reasons why the risk hypothesis may be stated in general or broad terms based on this understanding.

5.32 In the course of a risk review, the ATO requests and obtains considerable information and documentation that allows it to begin to develop a more refined risk hypothesis. This is primarily achieved through the use of workshops which seek to bring together the relevant subject experts and special advisers to discuss the issues, and the scope of the risk review and consider further information requests. By the time the ATO finalises a risk review it should have a well-articulated hypothesis that is set for further testing if audit is required and reached a conclusion on the nature and level of risk associated.

5.33 At the audit stage, the IGT also saw some evidence of the refinement of scope, issues or risks primarily through the use of workshops involving Case Leaders (formerly Special Advisers) and technical specialists such as TCN and COE. Workshop discussions would often lead to requests for further information to test a particular issue or better understand aspects of the transaction in greater detail.

5.34 However, the IGT found that while some in the ATO may have a good understanding of the technical issues and the potential direction of the risk review or audit, this does not necessarily lead to an articulation of a risk hypothesis as set out in the Compliance Manual. Specifically, the IGT found:

  • The focus of audits was often set out in very broad terms with the statement of the risks not satisfying the requirements of a good risk hypothesis. For example, a significant proportion of audit plans would identify the broad issue that was under consideration rather than the specific risk hypothesis that was to be tested and refined during an audit. Also, the risk hypothesis was often not written as the definite statement that was to be tested and did not clearly set out the potential non-compliance.
  • Audit plans were not being revised to reflect the development or refinement of the risk hypothesis during an audit.
  • The refined risk hypothesis was not being communicated in writing to taxpayers in the course of an audit.

5.35 The IGT found that it was often assumed that taxpayers and advisers could easily infer the risk hypothesis from discussions or the nature of information requests. On the other hand, it is clear that taxpayers and advisers do not always understand the specific concern or issue under investigation even though they would know the broad area of focus.

5.36 The IGT believes that the lack of consistency, transparency and discussion around the risk hypothesis has contributed to perceptions that the ATO's risk reviews and audits lack focus (moving from one issue to another without explanation). The IGT recognises that there is tension between stakeholder perceptions that the ATO engages in random 'fishing expedition' style information requests, and the ATO's need to understand all of the issues at hand. The IGT believes that ATO transparency, communication and education is the best manner in which to dispel these concerns where broad requests are necessary.

5.37 The IGT believes that the development, refinement and communication of the risk hypothesis, in accordance with what is set out in the Compliance Manual, is an important part of the risk review and audit process. There are significant benefits in the ATO developing and refining a good risk hypothesis and then sharing this with taxpayers as early as possible, such as:

  • allowing the ATO to express, both internally and externally, its areas of focus in the form of a clear written statement which is capable of being tested with purposeful enquiry;
  • providing a platform for discussion between the ATO, taxpayers and advisers on the scope of the audit, the type and availability of documents and information and the progress of the audit; and
  • better establishing the relevance of the information being requested or gathered to the potential risk

5.38 Given the importance of the development, refinement and communication of the risk hypothesis in the ATO's end-to-end compliance process it is critical that the ATO's assurance processes ensure that the expectations and requirements of the LBTC booklet and Compliance Manual are being followed by all officers involved in risk reviews and audits.

5.39 It should be the responsibility of the Team Leader allocated to the risk review or audit (being an Executive Level officer under the ATO management structure) to ensure that such an important part of the ATO's end-to-end compliance process is being followed. This could be achieved through regular dialogue with the taxpayer including their participation in key discussions with technical leaders (or specialists) and Case Officers.

Recommendation 5.1

The ATO should supplement its commitment to open dialogue in the LBTC booklet by providing additional guidance to LB&I staff and taxpayers on how it will develop, refine and communicate the risk hypothesis during a risk review and audit.

This should include a commitment to share the risk hypothesis with taxpayers in writing and discuss the risk hypothesis at certain stages in the course of a risk review and audit.

The implementation of this recommendation should consider whether the taxpayer should be notified and or consulted:

  • where a risk hypothesis has been materially refined or changed (or a new risk hypothesis is identified) at appropriate management action points (for example after an ATO internal workshop);
  • where a taxpayer provides additional or new information that results in a change in the ATO's risk hypothesis (either due to the risk hypothesis being refined or a new risk being identified);
  • at the preliminary audit interview; and
  • prior to issuing draft finalisation letters.

ATO Response

Agree.

Our commitment to open dialogue, including sharing the risk hypothesis, is well established in the LBTC booklet and supporting materials for ATO staff. Our teams are expected to develop a considered communication strategy that is appropriate to the circumstances of the case, and the timing of communications will be determined as part of that strategy.

The natural points where communication should be considered (as reflected in your recommendation) will be included in the updated guidance to be provided in the LB&I Compliance Manual (our response to Recommendation 4.3).

The updates to the manual will also reflect that correspondence with taxpayers will include, where appropriate, an explanation of the risk hypothesis and how it relates to any information requested. It is important that expectations are clear about the level of detail that is necessary in written communication, noting that the discussion is the primary mode of communication. This will also be a matter of judgment.

Recommendation 5.2

The ATO should enhance its assurance processes (including the Integrated Quality Framework) to ensure audit teams develop, refine and communicate a risk hypothesis in accordance with the expectations and requirements of the LBTC booklet and Compliance Manual.

This should include Team Leaders (and where appropriate Technical and Case Leaders):

  • ensuring that the risk hypothesis has been correctly understood, tested and refined throughout the risk review or audit;
  • examining and refining the risk hypothesis as part of the LB&I monthly review process;
  • attending initial workshops to ensure that the risk hypothesis is expressed as a clear statement to be tested, and that it is understood by the audit team; and
  • signing off that the risk hypothesis meets the requirements of the LBTC booklet and Compliance Manual, at key stages of the risk review or audit.

ATO Response

Agree.

Work is already underway to enhance our monthly review and IQF processes for LB&I active compliance cases. This will include specific questions or guidance to assist Team Leaders (in the case of monthly reviews) or assessors (in the case of IQF assessments) to determine whether the risk hypothesis has been properly understood, tested and refined during a case.


1 Large Business and Tax Compliance, p 40.

2 LB&I Compliance Manual, Chapter 1, p 5.

3 ATO Co-operative Compliance Model.

4 LB&I Compliance Manual, Chapter 1, p 16.

5 LB&I Compliance Manual, Chapter 1, pp 5-6.

6 LB&I Compliance Manual, Chapter 1, p 6.

7 LB&I Compliance Manual, Chapter 1, p 6.

8 LB&I Compliance Manual, Chapter 1, p 10.

9 LB&I Compliance Manual, Chapter 1, p 10.

10 LB&I Compliance Manual, Chapter 1, p 7.

11 LB&I Compliance Manual, Chapter 1, p 10.

12 LB&I Compliance Manual, Chapter 1.

13 LB&I Compliance Manual, Chapter 1.

14 LB&I Compliance Manual, Chapter 12, p 9.

15 LB&I Compliance Manual.

16 LB&I Compliance Manual.