Risk management is a well-known concept in the commercial environment. Many revenue authorities have also adopted risk management approaches in the allocation of resources, particularly in an audit and compliance context.1

The Australian Taxation Office (ATO) has summarised its approach in the following terms:2

We need to use our scarce resources in a way that optimises voluntary compliance. We do so by using a risk management approach, guided very much by our compliance model.

The compliance model is a structured way for the ATO to select the most appropriate activity to optimise taxpayer compliance based on an understanding of the factors that influence taxpayer behaviours and attitudes towards compliance.3

The ATO uses a range of risk assessment tools to identify potential non-compliance as well as selecting which compliance activities should be conducted. A range of quantitative techniques may be used, including specialised software or models using various data sets. They may also incorporate qualitative input based on a given ATO officer's experience, judgement or expertise.

One of the more important ATO risk assessment tools is the Risk Differentiation Framework (RDF). Broadly, the RDF assesses taxpayer's actions or anticipated behaviours and provides a framework for determining the nature of the ATO's engagement with the taxpayer. The ATO's risk assessment concerns may also originate directly from a specific transaction type where significant tax implications are anticipated. Currently, the RDF approach is used in relation to large businesses4, small to medium enterprises and wealthy Australians5 as well as tax practitioners6 and other intermediaries.7

Other important risk assessment tools that the ATO uses include: the small business benchmarks targeting the cash economy, the income tax refund integrity program (which may withhold individual taxpayer refunds pending further inquiry, if certain risk flags are triggered) and data matching activities such as with AUSTRAC on foreign sourced funds transfers.

During the consultation on the Inspector-General of Taxation's (IGT) work program, a range of concerns were raised by taxpayers, tax practitioners and representative bodies with the ATO's approach to compliance risk management. These concerns may be summarised as follows:

  • The ATO's overall approach to risk management — The design and adequacy of the ATO's risk management framework not resulting in effective and accurate predictions of non-compliance or exclusions of compliant taxpayers.
  • The inputs into the ATO's risk assessment processes —The accuracy, relevance, reliability and appropriateness of the inputs used in risk assessment processes.
  • The relationship between the ATO's risk assessment processes and its compliance approaches — The frequency, intensity and formality of compliance activities not being commensurate with the comparative level of taxpayer risk and perceptions of undue influence of risk assessment processes on tax officer conduct during compliance activities — that is, presumptions of taxpayer wrongdoing.
  • Taxpayer opportunities to reduce or mitigate risk — Limited opportunities for taxpayers to reduce their risk due to the lack of transparency of risk assessment processes and barriers to entry into cooperative arrangements, such as Annual Compliance Arrangements (ACAs).

Through this review, the IGT seeks to establish the underlying reasons or causes for these concerns, their systemic impacts and opportunities for improvements.

The IGT has also announced a separate review in which two specific types of risk assessment tools (the income tax refund integrity program and the use of third party data) will be reviewed in relation to the ATO's compliance approaches to individuals. Terms of reference for that review will be released in the near future. The IGT has also recently completed a review of another risk assessment tool, the ATO's small business benchmarks, in his Review into the ATO's use of benchmarking to target the cash economy.

It is expected that the findings in both of those reviews would inform the work in this review.

Terms of reference

In accordance with subsection 8(1) of the Inspector-General of Taxation Act 2003 (IGT Act), the IGT will review aspects of the ATO's compliance risk management with a focus on:

The ATO's approach to risk management

  1. The suitability of the ATO's risk and compliance management approach and methodology for detecting non-compliance, including the accuracy of the risk assessment processes as predictors of non-compliance.
  2. The ATO's approach to refining the accuracy of the risk assessment processes in light of the results produced in compliance activities.

The relationship between the ATO's risk assessment processes and compliance activities

  1. The proportionality of compliance activities with the level of risk determined by the risk assessment processes.
  2. The influence of risk ratings on the conduct of the ATO during compliance activities.
  3. The availability of the ATO's risk mitigation products, such as annual compliance arrangements, to taxpayers.

Inputs into the risk assessment processes

  1. The accuracy, reliability, relevance and appropriateness of the inputs into the ATO's risk assessment processes, including:
    1. validation of inputs before using them for risk assessment purposes or subsequent compliance activity decisions;
    2. the basis for choosing such inputs as a taxpayers' size, industry and turnover; and
    3. those that should or should not be derived from certain taxpayers' conduct.


  1. The transparency of the ATO risk assessment processes including the inputs used to develop risk ratings.
  2. The ATO's communication of the result of its risk assessment processes to affected taxpayers including:
    1. opportunities for taxpayers to comment on risk assessments and test the underlying information on which they are based; and
    2. the ATO's responsiveness to taxpayers' request for reconsideration of their risk rating.


  1. The impacts that risk assessment processes and ratings may have had on taxpayers and their advisors.

Submission guidelines

8.107 The IGT envisages that your submission will be set out in two parts:

  • views on the ATO's current use of compliance risk assessment tools; and
  • suggestions for improvements.

Your views on the ATO's current use of compliance risk assessment tools

8.108 It is important to provide a detailed account of specific ATO practices and behaviours that, in your view, impact upon the appropriateness of the risk assessment and conduct of any subsequent compliance activity.

8.109 We are also seeking examples of ATO practices and behaviours that contributed to a positive taxpayer experience.

8.110 The following questions are designed to assist you in your response.

The ATO's approach to risk management

Q1. What are your views on the ATO's current risk management approach to compliance?

Q2. Which risk assessment process or tool was used by the ATO in relation to you? For example, large businesses may be subject to the LB&I Risk Differentiation Framework. Alternatively, individuals and micro businesses may have been subjected to particular data matching or industry projects.

The relationship between the ATO's risk assessment processes and compliance activities

Q3. With respect to the frequency, formality and intensity of the ATO compliance activity:

  1. for taxpayers: did you believe the compliance activity was appropriate or commensurate with the risk level as communicated to you by the ATO?
  2. for tax practitioners: did clients with similar risk ratings receive similar treatment? Did clients with different risk ratings receive differing treatment from one another? Were higher risk rated clients treated with greater intensity? Do you consider that the taxpayers posing similar levels of risk were rated accordingly?

Q4. Was there a clear distinction between the ATO's risk assessment process and any subsequent compliance activity? If not, please explain why.

Inputs into the risk assessment process

Q5. Are you aware of what inputs the ATO uses in your risk assessment process?

Q6. What are your views on the accuracy, reliability, relevance and appropriateness of the inputs currently used in the ATO's risk assessment processes? What are your views on inputs such as a taxpayer's size, industry, turnover, effective tax rate and frequency with which private rulings are sought?

Q7. Are you aware of any instances where the ATO has used inaccurate information about you in assessing your risk? How was this information corrected?


Q8. How well do you understand the ATO's risk assessment processes? Do you believe these processes are sufficiently transparent that is adequate information available in this area?

Q9. How did the ATO communicate with you on its risk assessment processes? Did this communication include:

  1. the identification of the risk assessment, rating or hypothesis the ATO used;
  2. the information the ATO relied upon to come to that conclusion with a degree of detail that would enable you to check the accuracy of that information;
  3. the process by which the ATO arrived at that conclusion;
  4. what action you could take to reduce your ATO risk rating; and
  5. in the context of proposed or commenced ATO compliance activities, whether the ATO adequately explained the reason why you were selected for the activity?

Q10. Did the ATO:

  1. provide you with an opportunity to query the ATO's risk assessment, rating or hypothesis and provide further information; and
  2. reconsider your rating in light of further information provided? Impacts

Q11. Specify any impacts of the ATO's risk assessment process on you, such as:

  1. compliance costs (including opportunity costs) associated with the process, including those associated with meeting ATO information requests — quantify costs where possible;
  2. effect of the risk rating on the ATO's communication and ATO officer conduct;
  3. influence of the risk rating on the application of any relevant penalties or interest;
  4. reputational damage resulting from the risk rating;
  5. access to refunds during the risk assessment process; and
  6. your review, objection or escalation options.

Q12. Have any of your decisions been influenced by the ATO's use of certain inputs? For example, did you:

  1. not claim deductions, concessions, etc to which you believed you were entitled;
  2. not lodge an objection that you may have otherwise lodged;
  3. not claim legal professional privilege or the accountant's concession that you would have otherwise claimed; or
  4. seek a private ruling when you might not have otherwise done so?

Your suggestions for improvements

8.111 We are seeking your views on improvements that may be made to the ATO's risk management and related compliance processes in your submission.

8.112 The following questions are designed to assist you in your response.

The ATO's approach to risk management

Q13. Are there other approaches that the ATO should use to manage compliance in the tax system? Please explain your view.

Q14. Should the ATO modify its current approach? If so, how?

Q15. How should the ATO measure the effectiveness or accuracy of its risk assessment processes?

Q16. Should the ATO conduct random audits of a sample population as a means to establish an evaluation benchmark and assist in refining its risk assessment tools? This would involve some compliant taxpayers being audited. The ATO does not currently conduct random audits but other countries such as USA, Canada and the UK do.

The relationship between the ATO's risk assessment processes and compliance activities

Q17. What relationship should there be between the ATO's risk assessment processes and its compliance activities?

Q18. Should there be a clear distinction between the ATO's risk assessment processes and its compliance activities? Please explain your views.

Q19. What influence, if any, should the risk assessment process have on the application of any penalties or interest?

Inputs into the risk assessment processes

Q20. Are there particular inputs you believe the ATO should consider which may be a useful predictor of non-compliance? Are there particular inputs you believe the ATO should not use? Please explain your views.

Q21. In what circumstances should the ATO only use objectively verifiable evidence?

Q22. What role should ATO officer qualitative or judgement based inputs play in these assessments? Please explain your views.

Q23. How should the different types of information be applied? Should the ATO use only objectively verifiable information first, filtering out certain taxpayers before applying qualitative or judgment based inputs? Should the ATO place different weight on different types of information?


Q24. How can the transparency of the ATO's risk assessment processes be improved without reducing their effectiveness as a means of capturing non-compliance?

Q25. In what circumstances and how should the ATO communicate the result of the risk assessment to the affected taxpayer? In which cases should it not? Please explain your view.

Q26. Where the ATO communicates the result of the risk assessment process, how frequently should it do so?

Q27. What opportunities should be afforded to taxpayers to comment on, or review, ATO risk assessments?

Q28. In what circumstances should the ATO advise the taxpayer of any changes in behaviour that may lead to a changed risk rating?


Q29. With a view to minimising any adverse impacts, how should the ATO approach information gathering and risk assessment? Should it seek to make:

  1. the most accurate risk assessment at first instance, with a commensurate requirement imposed on taxpayers to provide a greater amount of information at an earlier point in time; or
  2. the best risk assessment with the information it currently has available, and only request further information in a staged manner?

Q30. When obtaining information pertaining to risk assessment processes:

  1. how often should the ATO request information to ensure information is up to date;
  2. when should the ATO seek the information from taxpayers directly or from third parties; and
  3. how can the ATO balance the need for information with the compliance costs incurred by taxpayers or third parties in satisfying ATO information requests?


8.113 The closing date for submissions is 30 November 2012. Submissions can be sent by:

Post to:

Inspector-General of Taxation
GPO Box 551

Email to:


8.114 Submissions provided to the IGT are in strict confidence (unless you specify otherwise). This means that the identity of the taxpayer, the identity of the advisor and any information contained in such submissions will not be made available to any other person, including the ATO. Sections 23, 26 and 37 of the IGT Act 2003 safeguard the confidentiality and secrecy of such information provided to the IGT — for example, the IGT cannot disclose the information as a result of an FOI request, or as a result of a court order generally. Furthermore, if such information is the subject of client legal privilege (or legal professional privilege), disclosing that information to the IGT will not result in a waiver of that privilege.

1 Forum on Tax Administration, Compliance Sub-group, Organisation for Economic Co-operation and Development, Information Note: Managing and Improving Compliance: Recent Developments in Compliance Risk Treatments (2009) para 14.

2 Michael D'Ascenzo, 'Good Governance and Tax Risk Management' (Speech delivered at the Australian Risk Policy Institute, University of Canberra, 10 July 2008).

3 Ibid.

4 Australian Taxation Office, Large business and tax compliance publication (2012), p 23.

5 Australian Taxation Office, Tax compliance for small-to-medium enterprises and wealthy individuals (26 October 2012).

6 Australian Taxation Office, Compliance Program 2012-13 (2012), pp 12-13.

7 ATO, Guide for Tax Intermediaries - Good Governance and Tax Promoter Laws (2011).