Print Page
News & Press: TaxTalk

Are we serious about tax risk management?

Wednesday, 15 April 2015   (0 Comments)
Posted by: Author: Johan van der Walt
Share |


Author: Johan van der Walt (KPMG)

Johan van der Walt argues that Tax Risk Management in South Africa should be given space to grow and become part of best practice in its own right, as it has in other tax jurisdictions. 

The final day of the 2014 SAIT Tax Indaba focused on Tax Risk Management (TRM). The session was well-attended. Numerous South African flagship companies’ Group Tax managers were there - and they participated enthusiastically.

Day Five of the 2015 Tax Indaba (during June 2015) will again be dedicated to TRM, including how to make tax governance part of the overall corporate governance process.

On the face of it, it would appear that there is a healthy interest in TRM developments in the South African context.

But, how serious is South Africa really about TRM?

A recent press report entitled "Tax issues take back seat on SA boards"[i]  indicated that 60 per cent of directors say that their boards had not discussed public perceptions regarding their company’s effective tax rate or their use of tax havens. This statistic is mind-boggling when taking into account, the reputational carnage so-called "aggressive tax planning” recently inflicted on Starbucks, Google, Amazon, and others. This is even more perplexing when considering the widely-publicised Base Erosion and Profit Shifting (BEPS) initiatives currently actioned by the OECD.

The Tax Administration Act, No. 28 of 2011 specifically provides that a taxpayer can be selected for audit by SARS on a random basis or on "a risk assessment basis”[ii]. Audit selection on the basis of risk propensity is accepted globally[iii]

What is not clear is exactly how, and to what extent, a company’s TRM (or lack thereof) feeds into SARS’ risk-profiling criteria?[iv];

In a 2014 SARS’ presentation to the Standing Committee on Finance it was stated that 19 568 "in-depth audits” had been carried out[v]. The question is, however, whether a company practising sophisticated TRM would have been treated any differently by SARS during such an audit, in other words, how does TRM, embedded as part of the company’s corporate governance processes, actually benefit a company when SARS, firstly, risk-profiles, and secondly, undertakes an in-depth audit of that company? The real issue is: to what extent is TRM a differentiator for SARS, if any?

In its latest Strategic Plan[vi], SARS does indicate that it intends migrating from a "uniform service offering” to a "differentiated service offering (based on compliance behaviour and segment”). This could mean that, in the future, SARS might be more nuanced in its risk profiling, and auditing, of corporate taxpayers by differentiating (for example, by giving "credit” through a light touch audit approach[vii]) where the company has sophisticated TRM in place as part of its corporate governance regime.

Unfortunately, international trends suggest that South Africa might be lagging in the TRM space.         

Why is TRM important?

The importance of TRM has been explained as follows[viii]:

"The need to address risk management at all in a tax context arises due to the inherent indeterminacy of tax laws, which give rise to uncertainty around their interpretation. Where there is uncertainty, there is a risk to be quantified and managed, which ultimately links risk management with degrees of tax aggressiveness and attitudes to the law.”

What is the purpose of TRM?

It should be pointed out that:

"Tax risk management is not necessarily about minimising tax risk but rather about a determination of the level of risk that is acceptable to the particular corporation and putting in place processes and procedures that ensure tax risks do not exceed acceptable levels.”[ix]

It is for this reason that TRM invariably addresses the particular corporate taxpayer’s so-called "tax risk appetite”.

The global push to embed TRM as part of overall corporate governance[x]

Globally, revenue authorities have signalled their expectation that large corporates "…will strengthen their corporate governance in the area of tax-risk management.”

It is stated that: "It is possible to manage tax risk in a global business environment by using leading practices that address both the needs of business and the expectations of tax administrators. The goal is to achieve a level of certainty about tax positions, tax reporting and tax planning that aligns with the principles of good corporate governance and that will satisfy the concerns of both parties.[xi]

An interesting point is made, namely that TRM should not be undertaken purely to satisfy the expectations of revenue authorities, but also because TRM could bring competitive advantages: "Those that succeed will incorporate tax risk management into the core of their business decisions – from the boardroom and audit committee agendas to the operations on the ground in various tax jurisdictions. Getting global tax risk management wrong can mean material ,financial and reputational damage. Getting it right can yield significant competitive advantages.”[xii]

In light of the above, it is noteworthy that the leading South African Corporate Governance seminar series[xiii] in its advertisements specifically mentions, e.g. "IT governance and how it targets technology risks”. But, it is totally silent on tax governance and how that could mitigate tax risks? 

There are, however, South African corporates that are progressive when it comes to TRM. SABMiller plc, in June 2014, published a document[xiv]"Our approach to tax”. The foreword mentions, "In this report we include disclosures about our tax contribution, as well as some further explanation about tax management.”  The document spells out SABMiller’s approach to, in other words, the entity’s tax governance, tax responsibilities, operations in tax havens, meetings with tax authorities (in their words, "… our dealings with revenue authorities should be based on respect and trust”), tax disclosures, etcetera.

Another example is Vodacom. Its parent Vodafone has a very detailed document on "Tax risk management strategy” which is publicly available online. 

The Australian approach to TRM 

It is known that the SARS tax compliance model has been adapted from that of the Australian Tax Office ("ATO”). 

So what can we learn from down-under when it comes to TRM and embedding TRM processes and procedures into the corporate governance regime? And are there any benefits? How does the ATO support TRM by its corporate taxpayers?

  • The ATO expects robust TRM from corporates[xv]

The ATO states: "Managing your tax risk well is core to good corporate governance, particularly if you are operating in international markets. We work with you to build an environment that fosters good corporate governance and supports your tax-risk management.”[xvi]

 The ATO sees TRM as a multi-role function within any large corporate taxpayer’s portfolio. The role of the corporate board, external scrutineers and the ATO’s own responsibility are set out in detail within a conceptual model (the "Tax operating model”).

  • TRM is evaluated as part of the ATO’s risk-profiling of corporate taxpayers

The approach of the ATO is that "… in carrying out their risk review of large corporate taxpayers, the tax risk management practices of the taxpayer will be a consideration in the determination of the level of risk to the revenue and the extent to which that taxpayer will be subject to ATO scrutiny.”[xvii]

In carrying out its compliance interventions, the ATO follows the procedures outlined in a detailed manual which is publicly available. In the run up to an audit, the ATO would first develop a "risk hypothesis” regarding the specific taxpayer. The corporate taxpayer’s TRM practices (or, lack thereof) would feature as part of such risk evaluation.

To the extent that a corporate taxpayer practices sound TRM, it would enable a revenue authority to apply a "light touch” compliance/audit approach to that particular taxpayer. This should enable the revenue authority to redirect limited resources to high risk areas, or alternatively to those corporate taxpayers that do little, or no, TRM. This is what the HMRC is doing in the UK.[xviii]    

  • The ATO makes space for proper TRM 

Because the ATO demands robust TRM from Australian corporate taxpayers, it has also taken a conscious decision to allow those taxpayers room to develop and implement proper TRM practices. 

 The applicable ATO Practice Statement[xix] encourages TRM in the following manner:

  • There is recognition that managing a company’s tax risk compliance requires that stakeholders should be able to robustly interrogate tax risks. Therefore: "The ATO recognises that those responsible for managing a company’s tax compliance risks need to be able to undertake broad ranging and candid communications. Those persons would include the company’s employees, its external advisors and its directors undertaking governance of tax compliance issues.”[xx]
  • To encourage TRM, and create space for same, the ATO has developed the concept of "Corporate board documents on tax compliance risk”. Although the ATO has the statutory power to request access to most documents, it has formulated a safe-habour and has given an undertaking not to access the above-mentioned class of documents (unless there are "exceptional circumstances”);
  • Corporate board documents on tax compliance risk qualifying for the safe-habour protection are those:
    • Created by advisors (being suitably qualified in-house or independent advisors);
    • Created for the sole purpose of providing advice or opinion to the board of directors (including properly constituted sub-committees) on tax compliance risk and their likelihood and impact; and
    • That address tax risks associated with major transactions and arrangements and / or tax risks arising from corporate systems and processes. 
  • The above-mentioned documents are therefore off-limits to the ATO, enabling TRM to take place unhindered, in other words, without the ATO accessing the TRM documentation produced solely for purposes of the company’s tax governance processes;
  • The safe-habour in relation to the above-mentioned document class operates alongside, and in addition to, the protections of legal professional privilege[xxi] and the so-called "Accountants’ concession" (which limits access to auditors’ working papers)[xxii];
  • The exceptional circumstances that allow the ATO to gain access to the Corporate board documents on tax compliance risk, are:
    • The taxpayer’s non-cooperation with the ATO in regard to information-gathering;
    • Important risk review or audit information cannot be sufficiently established from the taxpayer’s source documents and other enquiries;
    • The taxpayer has a history of serious non-compliance (for example, fraud ,evasion and/or persistent avoidance).

Clearly the ATO acknowledges that its expectation (that corporate taxpayers should practise robust TRM) is only achievable when the revenue authority itself respects, and actually creates, the space for TRM to be fostered and embedded as part of the total corporate governance regime.

What is the state of TRM in South Africa and what is the SARS approach?

Reference has already been made to the fact that certain South African corporate taxpayers practise sophisticated TRM. They are on par with international best practice in this regard.

It would appear, therefore, that corporate taxpayers in South Africa are willing to commit the necessary resources towards TRM.

But, are local corporate taxpayers being "rewarded” or "encouraged” by SARS to initiate and invest in TRM (for example, through risk-profiling differentiation and / or a "light touch” audit approach like in the UK?) 

It is difficult to answer the question above. There is scant information available on how SARS sees the trade-off / linkages between TRM and its own risk-profiling / audit approach in respect of corporate taxpayers.[xxiii]

Unfortunately South Africa seems to be heading in the wrong direction - of late SARS has been requesting[xxiv] detailed information and documentation in relation to "…executive meeting board packs, minutes, related correspondence and presentations”, including full access to Audit Committee and Tax Committee packs.

SARS’ push for the above-mentioned information and documentation has persisted despite claims of legal professional privilege in respect of large portions of the so-called Tax Committee packs. As can be expected, said packs contain, inter alia, opinions from internal and / or external advisers – the very purpose of which was to assist Tax Committee members to properly evaluate, and manage, potential tax risks.

Unfortunately, there is some disconnect between the expectation that South Africa corporate taxpayers should follow international best practice when it comes to TRM, and the manner in which SARS is exercising its information-gathering powers under the Tax Administration Act.

The reality is that the very documents which are crucial for robust tax governance (and which are required by directors and Tax Committee members to discharge their statutory governance obligations) have now become sought-after by the revenue authority. TRM documentation is perceived as some short-cut mechanism to unearth and detect so-called hidden "tax risks”.

There is little doubt that, under the Australian dispensation and the safe-habour that applies in relation to Corporate board documents on tax compliance risk, the above-mentioned documentation would be inaccessible to the ATO (bar the carve-out relating to "exceptional circumstances”).


For now, TRM appears to be reasonably "well and alive and living in South Africa”.

The attention TRM is attracting at the upcoming Tax Indaba with a full-day stream bears testimony that TRM is no longer a "nice to have” – it has become an imperative. And this is acknowledged by South African corporate taxpayers. 

But, for TRM to flourish and come into its own in South Africa, space must be created for it to grow. That means that options like the Australian safe-harbour for tax governance documentation should be considered (and hopefully adopted) locally. It will mean that SARS should desist from information requests that undermine TRM, especially in relation to tax risk information found in Board, Audit Committee and Tax Committee packs.

An over-broad push by any revenue authority for tax corporate governance documentation invariably runs the risk that Tax Committee packs will become "leaner”, written submissions / opinions to the Tax Committee substituted with oral feedback and tax risks discussions happening in hushed tones in dark corners.

That will benefit nobody. It will merely drive TRM underground and ultimately, into oblivion. 

In future SARS will have to do more, with less. SARS’ 2014/ 15 to 2016/17 Resource Plan[xxv] shows that both money and human resources will be tight (this is indicated for example by the fact that the total SARS head count actually shows a loss of a 1 000 staff leading into 2016/17).

To the extent that SARS, when risk-profiling and auditing corporate taxpayers, could rely on the TRM and tax governance (embedded as part of a corporate taxpayer’s overall corporate governance processes), should allow SARS to refocus limited resources towards areas in the South African economy where evasion and non-compliance is really rife – as opposed to indiscriminately throwing resources at corporate taxpayers with good TRM and tax governance. In this way SARS gets "more bang for its buck” and corporate taxpayers are incentivised to up their TRM game.     

Tax Risk Management should be encouraged and given adequate space – South Africa needs more of it, not less. 

i BDlive 19 January 2015, Amanda Visser, Tax issues take back seat on SA boards;

ii Section 40;

iii IBFD, "Tax Risk Management From Risk to Opportunity”, at p. 117: "The approach to compliance outlined above is often used in conjunction with risk assessment, involving the risk profiling of taxpayers, using risk indicators (risk rating) in order to decide where to focus resources to achieve maximum compliance with what is available.”

iv A search for "Tax Risk Management” on the SARS website search facility did not produce any results;

v Presentation by SARS to the Standing Committee of Finance, 1 July 2014, "2014/15 – 2018/19 Strategic Plan & 2014/15 Annual Performance Plan”;

vi SARS, 2014/15 – 2018/19 Strategic Plan, at p. 20;

vii The "light touch” approach is practiced by the UK’s HMRC, where appropriate. Judith Freedman, Geoffrey Loomer and John Vella, "Corporate Tax Risk and Tax Avoidance; New Approaches”, state: "LBS is awarded a risk rating, which determines the volume of HMRC’s interventions in the company’s affairs and the nature of the working relationship between the two. In essence, a light touch is adopted for low risk companies, thus releasing resources that can be directed towards higher risk companies”;

viii Emer Mulligan and Lynne Oates, "Tax Risk Management: Evidence from the US”. 

ix Catriona Lavermicocca, "Managing tax risk and compliance”, the tax specialist, Volume 13, No 2, October 2009, at p. 69;

x The OECD has been active in pushing the TRM agenda. Refer e.g. the publication by its Centre for Tax Policy and Administration, "Information Note General Administrative Principles: Corporate governance and tax risk management”, published in July 2009;

xi Fred O’Riordan, "Governance and risk in a global economy”,, June-July 2011 edition;

xii "Governance and risk in a global economy”;

xiii See, for example, "The FINAL 2014 Corporate Governance Update Seminar”, 17th October 2014, Johannesburg presented by Professor Mervyn King (in BusinessDay Investors Monthly, August 2014 edition);

xiv SABMiller plc, "Tax and Development 2014”, published June 2014. Other examples of similar documents are Diageo, "TAX Global Policy”, Unilever, "Our approach to tax” which are all publicly available;

xv Australian Tax Office, "Large business and tax compliance publication”, 14 October 2014 version, available on the ATO website;

xvi "Large business and tax compliance publication” at par. 3 under "Good tax governance – Sound tax-risk management processes”;

xvii Catriona Lavermicocca, "Tax Risk Management Practices and their Impact on Tax Compliance Behaviour – The Views of Tax Executives from Large Australian Companies”, eJournal of Tax Research, Volume 9, Number 1, July 2011, p. 89 – 115, at p. 90;  

xviii Refer footnote vii above.

xix ATO Practice Statement Law Administration, "PS LA 2004/14", available on the ATO  website as well as the ATO's publication, "Our approach to information gathering", November 2013 version (available on the ATO website), at p42;

xx "PS LA 2004/14", at par. 11;

xxi "Our approach to information gathering", at p. 36

xxii "Our approach to information gathering", at p. 40

xxiii See for example, a recent MComm (Tax) dissertation dealing with TRM in the South African context. There is no reference to SARS's view on TRM and whether TRM plays any role / influences its risk-profiling of SA corporate taxpayers.  L. Jansen van Rensburg, "Tax Risk Management: a framework for implementation", MComm dissertation, University of Pretoria, submitted on 31 August 2012;

xxiv In terms of section 46 of the Tax Administration Act, 2012.

xxv SARS, "2014/15 - 2018/19 Strategic Plan", at p42;

This article first appeared on the March/April 2015 edition on Tax Talk. 

Please click here to complete the quiz.



Section 240A of the Tax Administration Act, 2011 (as amended) requires that all tax practitioners register with a recognized controlling body before 1 July 2013. It is a criminal offense to not register with both a recognized controlling body and SARS.

  • Tax Practitioner Registration Requirements & FAQ's
  • Rate Our Service

    Membership Management Software Powered by YourMembership  ::  Legal