Strengthen Finance processes and minimise errors in indirect taxes

Indirect taxes in the form of VAT and duties involve potentially complex legal assessments. However, as they are largely transaction-based, they are highly dependent on correct accounting and accurate master data. Therefore, this is a tax area where Finance processes potentially have significant impact.

Processing the company's indirect taxes in the form of VAT, duties and customs, if relevant, is a core task in Finance for most companies. Partly because non-compliance with tax legislation can lead to management responsibility, and partly because the handling, depending on the company's activities, can have a relatively significant impact on the bottom line.

Certain areas within indirect taxes are technically complex from a legal perspective and therefore involve a substantial assessment risk. However, the largest aggregated economic risk will often be that the registration basis is inaccurate and therefore takes on the character of a systematic risk. This may be due to transactions being posted to incorrect departmental dimensions, with incorrect revenue or cost types, incorrect unit specifications in product master data, or outdated tax rates.

Fortunately, the design of business procedures, work descriptions, internal controls, etc., which ensure accurate financial and non-financial registrations, is a core competence in Finance, where 'classic' profiles such as financial controllers play a key role.

The establishment of business procedures and internal controls targeted at the correct handling of indirect taxes follows the same methodology as when addressing other risks in the accounting process as part of the company's risk management.

Fundamentally, it is about defining the objective – without an objective, you cannot identify and assess, and subsequently address, the risk. And here, the objective in its 'simplicity' is to comply with tax legislation.

In this context, the greatest practical challenge is often that the understanding of complex legislation may be insufficient, just as Finance may lack full insight into the company's activities – understandably so, particularly in large companies with numerous activities. Consequently, the objective becomes unknown, which means that risks cannot be identified and assessed.

The first step is therefore to understand the company's activities – both commercial and internal ones – because these activities in certain areas define which legislation the company is subject to. The next step is then to understand the legislation, so you can design an effective control environment.

It is important to understand the activities at entity level, because legal requirements will depend on each entity's domicile, and risks are thus entity-specific. If risks are not precisely identified, you potentially risk both lacking the necessary controls, whereby risks are not adequately covered, and implementing unnecessary controls, which in that case merely results in waste of resources.

Once all the company's activities are mapped out, you can identify the relevant legal requirements. The challenge here often is that you need to know the rules to ask the right questions in the 'business', and conversely, you need to know enough about the activities to know which rules are relevant to consider.

Therefore, the work process often becomes iterative. First, you map the activities at a general level and then examine the relevant legislation with particular focus on the peripheral areas. With new insight into the rules, you resume the scrutiny of activities to understand the details.

Depending on whether you are moving in grey areas, for example because your conclusion must be supported by case law or other legal interpretations, you need to repeat the process. The legal assessment may be an area where Finance needs to involve tax specialists who, depending on the size of the company, may need to be found externally.

Once you have gained an overview of the company's activities and compliance landscape, the next step is to identify risks for the company's transactions that drive the accounting – and thus the basis for reporting indirect taxes to the authorities. In principle, there is no materiality threshold for the settlement of taxes, but in practice, a materiality threshold is typically applied to prioritise resources where the risk of non-compliance and its impacts are greatest.

The relevant legal requirements are then translated into the design of your chart of accounts. The structure of the chart of accounts should not only support compliance with accounting rules but also the correct handling and reporting of indirect taxes.

If, for example, your company imports goods subject to duties where the tax base relies on non-financial data, there will be yet another source of risk that you need to address. These risks may arise, for instance, if incorrect commodity codes are used, or if data is not updated. Here, the tax base should be ensured accurate and valid via product master data protected by controls – both controls preventing unauthorised access and preventive controls reducing the risk of errors.

Other risks may arise if your company's activities are only partially covered by the VAT act. In that case, a division between VAT-liable and VAT-exempt activities is required. This may involve estimates in allocation keys and risk of incorrect posting of expenses. A solution may include the use of profit and cost centre structures for VAT-liable and VAT-exempt activities, respectively. But these also involve risks – especially if the data foundation is uncertain.

Based on the understanding of the relevant legislation, you can now map your risks in well-described process flows that register data all the way from the origin in, for example, production systems to the accounting and later in the reporting and settlement to the authorities.

When the risk landscape has been mapped, you can identify and quantify the unique risks according to characteristics, making it possible to design an effective control landscape.

Consider here whether you should design the landscape around preventive or detective controls – which roughly speaking avoid and detect errors, respectively – and whether the controls should be automatic or manual. This may depend on the nature of the risks, the transaction volume and the balance between resource consumption and risk tolerance.

The control design must reflect the legal requirements and specifically address the identified risks. Certain risks may, for example, concern missing documentation and not just whether a transaction is recorded accurately, which is why the control may consist of reconciliation to underlying shipping documentation, or that for example lookups have been performed in tax databases to check the counterparty's registration status.

Subsequently, ongoing monitoring is the last important component in your control environment. This way, you ensure that control activities are performed correctly, just as you can continuously assess whether the controls effectively cover your current risks, allowing you to intervene if corrective actions are needed.