62701 DIREC TIONS IN DE VELOPMENT Finance Risk-Based Tax Audits Approaches and Country Experiences Editors Munawer Sultan Khwaja, Rajul Awasthi, and Jan Loeprick Risk-Based Tax Audits Risk-Based Tax Audits Approaches and Country Experiences Munawer Sultan Khwaja, Rajul Awasthi, and Jan Loeprick Editors © 2011 The International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org All rights reserved 1 2 3 4 14 13 12 11 This volume is a product of the staff of the International Bank for Reconstruction and Development / The World Bank. The findings, interpretations, and conclusions expressed in this volume do not necessarily reflect the views of the Executive Directors of The World Bank or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Rights and Permissions The material in this publication is copyrighted. Copying and/or transmitting portions or all of this work without permission may be a violation of applicable law. The International Bank for Reconstruction and Development / The World Bank encourages dissemination of its work and will normally grant permission to reproduce portions of the work promptly. For permission to photocopy or reprint any part of this work, please send a request with complete information to the Copyright Clearance Center Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; telephone: 978-750-8400; fax: 978-750-4470; Internet: www.copyright.com. All other queries on rights and licenses, including subsidiary rights, should be addressed to the Office of the Publisher, The World Bank, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2422; e-mail: pubrights@worldbank.org. ISBN: 978-0-8213-8754-2 eISBN: 978-0-8213-8755-9 DOI: 10.1596/978-0-8213-8754-2 Library of Congress Cataloging-in-Publication Data Risk-based tax audits : approaches and country experiences / Munawer Sultan Khwaja, Rajul Awasthi, and Jan Loeprick, editors. p. cm. — (Directions in development) Includes bibliographical references. ISBN 978-0-8213-8754-2 (alk. paper) — ISBN 978-0-8213-8755-9 1. Revenue. 2. Tax auditing—Case studies. 3. Auditing—Computer programs. 4. Risk management. I. Khwaja, Munawer Sultan. II. Awasthi, Rajul. III. Loeprick, Jan. HJ2305.R57 2011 352.4’4—dc22 2011009825 Cover design: Quantum Think Contents Foreword ix Acknowledgments xi Contributors xiii Abbreviations xvii Overview 1 Munawer Sultan Khwaja PART I Fundamentals of Risk-Based Audits 11 Chapter 1 Key Principles of Risk-Based Audits 13 Charles Vellutini Chapter 2 Risk-Based Audits: Assessing the Risks 23 Charles Vellutini PART II Approaches to Audits for Different Taxpayer Segments 37 Chapter 3 A Risk-Based Approach to Large Businesses 39 Simon York v vi Contents Chapter 4 Simplified Risk Scoring for SMEs 45 Jan Loeprick and Michael Engelschalk PART III Infrastructure for Risk Analysis 55 Chapter 5 Database and IT Framework for Risk Analysis 57 Charles Vellutini Chapter 6 Building and Integrating Databases for Risk Profiles in the United Kingdom 65 Michael Hainey Chapter 7 Data Warehouse and Data-Mining Tools for Risk Management: The Case of Turkey 71 Ugur Dogan PART IV Country Experiences in Risk-Based Tax Audits 77 Chapter 8 Sweden 79 Lennart Wittberg Chapter 9 The Netherlands 83 Jon Hornstra Chapter 10 Bulgaria 91 Vesela Gencheva Chapter 11 India 97 Rajul Awasthi Chapter 12 Ukraine 101 Inna Lytvyn and Iryna Udachyna Chapter 13 Kazakhstan 107 Aidar Mekebekov and Yerzhan Birzhanov Chapter 14 Which Audit Selection Strategy? A Review 111 Charles Vellutini Chapter 15 Conclusion: Lessons for Reforms 119 Rajul Awasthi Glossary 127 Contents vii Boxes 2.1 Parametric Methods in Risk Assessment 26 2.2 List of Possible Variables in an Audit Selection Strategy 30 2.3 Heckman Procedure for Correcting Selection Bias 32 4.1 Taxation of SMEs in the United Kingdom 48 Figures 0.1 Key Concepts of Modern Revenue Administrations 3 1.1 Separating Audit Case Selection and Audit Implementation 16 1.2 A Model of Tax Compliance 17 2.1 Examples of Data Mining Techniques 28 3.1 Typical Segmentation of Taxpayers and Revenue Collections 40 4.1 Additional Audit Revenue in Germany in 2008 46 4.2 Percentage of Firms Inspected by Tax Officials in the Europe and Central Asia Region, by Size, 2009 47 4.3 Example of a Simplified Risk Classification Table for Small Manufacturers in the Republic of Yemen 53 5.1 Data Flows in Risk-Based Audit Models 59 5.2 Tanzania’s ITAX 62 9.1 Diagram of Risk Management Process 85 14.1 Risk Assessment Cycle 113 Tables 1.1 Factors of Tax Compliance 15 2.1 Confusion Matrix 29 2.2 Audit Selection Strategy for VAT in Delhi, India 31 4.1 Audit Frequency in Relation to Business Size in Germany 46 4.2 Key Risk Sectors Identified in Select OECD Countries 50 4.3 Performance Benchmarks for Bakeries in Australia, by Annual Sales Range 51 4.4 Prevalence of Presumptive Regimes for SMEs 52 14.1 Country Experiences in Risk-Based Tax Audits 115 15.1 Risk Assessment Strategy and IT Sophistication 125 Foreword Revenue administration is a major interface between the state and its citizens. A good revenue administration is, therefore, an important attribute of good government. As a result, in recent years, policy makers have become increasingly aware of the importance of policies that will promote business development while ensuring voluntary tax compliance. In the modern context, it is neither desirable nor feasible to examine or inspect every single taxpayer. The revenue administration, therefore, has to rely on effective management of compliance. Promoting voluntary compliance, achieved through a self-assessment system in which taxpay- ers comply with their tax obligations without intervention from tax offi- cials, requires developing modern approaches to audits based on risk management. The impact of audits critically depends on a properly designed audit selection strategy focused on high-risk taxpayers to pro- vide the most cost-effective outcome. This, in itself, contributes to pro- moting voluntary compliance. Risk-Based Country Audits: Approaches and Country Experiences is an important study of this critical revenue function of compliance manage- ment. The authors, who are both practitioners in their respective coun- tries and international experts in the area of tax administration reform, have explained the key concepts of risk-based audit selection and the ix x Foreword specificities of treatment for different segments of taxpayers. They have provided details on implementation matters such as the requirement for data management tools, software, and hardware, which should prove handy for countries that are in the process of implementing risk manage- ment in revenue administration. The country experiences give examples of different stages of development of risk-based audit selection, including the very sophisticated systems in the Netherlands, the United Kingdom, and Sweden; the recently developed system in Bulgaria; and the nascent systems in Kazakhstan and Ukraine. We hope that Risk-Based Tax Audits: Approaches and Country Experiences will be of interest to policy makers in developing and transition countries and to researchers and development agencies looking for ways to support good governance. It will provide useful insight into understanding the levels of challenges in different situations and provide lessons learned from them. Luca Barbone Sector Director Poverty Reduction and Economic Management The World Bank Acknowledgments This book is the product of a collaborative effort on the part of interna- tional tax experts and senior tax officials who participated in a conference on the best practices of risk-based audit procedures. The conference was held in Istanbul in December 2009 under the auspices of the Tax Administrators Exchange of Good Innovative Practices, a peer-assisted learning forum for tax administrators. Both the conference and the pub- lication of this book were made possible by the generous support of an Innovation Grant from the Europe and Central Asia Department of the World Bank, the International Finance Corporation, the Department for International Development, and International Tax Dialogue. This support is gratefully acknowledged. Munawer Khwaja, senior public sector spe- cialist at the World Bank, supervised this project. The editors would like to acknowledge the contributions made to this book by participants at the Istanbul conference. The book is based on materials presented at the Istanbul conference and papers based on those presentations. Charles Vellutini, Jan Loeprick, Jon Hornstra, Lennart Wittberg, Michael Engelschalk, Michael Hainey, Munawer Khwaja, Rajul Awasthi, Simon York, and Ugur Dogan contributed chapters. Presentations made during the conference by Aidar Mekebekov, Inna Lytvyn, Iryna Udachyna, Vesela Gencheva, and Yerzhan Birzhanov were rendered into text with the valuable support of Justin Kocher. xi xii Acknowledgments The editors would like to thank the reviewers, including Andrew Masters (International Monetary Fund), Graham Harrison (International Monetary Fund), Jean-Paul Bodin (International Monetary Fund), Raul Felix Varela Junquera (World Bank), and Richard Bird (University of Toronto). Additionally, Rich Stern of the Investment Climate Advisory Services of the International Finance Corporation provided invaluable guidance and support. We would also like to acknowledge the significant contribution made to this book by Justin Kocher (World Bank) in pro- viding excellent editorial guidance and support, following up with con- tributors, and scrutinizing the texts, and by Virginia Yates in formatting the book. The views expressed in this volume are entirely those of the contribu- tors and do not necessarily reflect the views of the World Bank Group, the institutions with which the authors are affiliated, or the countries they represent. Contributors Rajul Awasthi is a senior member of the Global Tax Team of the Investment Climate Advisory Services of the World Bank Group. Currently, he is leading business tax reforms in East Africa, Central Asia, and South Asia and is coordinating the postcrisis response program. Prior to joining the World Bank Group, he worked with the finance minister of India and helped to initiate tax administration reforms and policy changes on direct and indirect taxes, which were geared toward maximizing gov- ernment revenues. He holds a master’s degree in public affairs from Princeton University’s Woodrow Wilson School of Public and International Affairs and a master’s degree in business administration from the Indian Institute of Management, Ahmedabad, India. Yerzhan Birzhanov is head of the Modernization Department in the Tax Committee of the Ministry of Finance of Kazakhstan. In this position, he has taken a lead in the tax administration reform efforts in the Tax Committee. Ugur Dogan is department head of Turkey’s data warehouse and the Risk Analysis Unit, where his main areas of responsibility are research on com- pliance and taxpayer behavior, risk analysis, and risk management. He xiii xiv Contributors leads several computerized audit projects, including value added tax refund risk analysis, a central risk analysis project for large taxpayers, and data-mining projects. He has written numerous papers and reports on tax matters, compliance issues, and risk analysis. He graduated from Istanbul University and received a master’s degree in financial economics from Boston University in 2007. Michael Engelschalk is a senior revenue policy and administration expert working with the International Finance Corporation (IFC) Investment Climate Advisory Services. From 1999 to 2004, he managed the World Bank Tax Policy and Administration thematic group. Prior to joining the World Bank, he headed the program for cooperation with nonmember countries in the OECD’s Fiscal Affairs Division. He has organized training and technical assistance programs to build tax policy and admin- istrative capacity in numerous developing and transition countries. He began his career as an assistant professor of public and international tax law and has held various positions within the German government. Vesela Gencheva has worked at the Bulgarian National Revenue Agency since 1998, holding various positions at the regional and central levels. She now works as an expert in risk management and is responsible for risk indicators and identification, audit selection, planning for risk treat- ment measures and their associated costs, and evaluation of the overall risk management process. She was trained as an economist and is based in Sofia. Michael Hainey is head of data analytics for the United Kingdom’s Revenue and Customs (HMRC) Risk and Intelligence Service, where he manages a data analytics team that exploits departmental, third-party, and Internet-based data to identify tax risks and compliance cases. His team provides business insight to inform the development of risk and business rules. Prior to joining the HMRC, he led the Digital Forensic Laboratory for both the Inland Revenue and the Serious Fraud Office. He has represented the United Kingdom as a subject matter expert on the G-8 High Technology Subgroup. Jon Hornstra has worked at the Dutch Tax and Customs Administration since 1985, where he has held local and regional management positions, as well as at the national risk management organization. His current posi- tion is as coordinator of enforcement at the regional tax office in Utrecht. Contributors xv His main focus is to improve enforcement by implementing preventive tools and to develop horizontal monitoring by making agreements with tax service providers to increase the accuracy of tax returns. He is a lawyer and graduated from the University of Utrecht in 1984. Munawer Sultan Khwaja is senior public sector specialist and revenue reforms coordinator at the World Bank, where he leads the tax and cus- toms reform and modernization efforts in Europe and Central Asia. Previously, he held several positions, including as senior manager of KPMG Consulting, senior adviser to the Harvard Institute for International Development, director of Central Fiscal Authority in the United Nations mission in Kosovo, country director of the U.S. Agency for International Development’s Afghanistan Economic Reconstruction Program, and director of tax policy in the Ministry of Finance in India. He has pub- lished extensively on economic and fiscal reform issues and has a master’s degree in public administration from Harvard University, a doctoral degree in applied economics from Université de Paris IX-Dauphine (Sorbonne), and a law degree from Delhi University. Jan Loeprick advises client governments as a member of the World Bank Group’s Investment Climate Department business taxation product team. His work focuses on tax regime diagnostics and the implementa- tion of reforms that will reduce barriers to compliance and investment and promote growth in developing countries. Inna Lytvyn is head of the Audit Planning Unit in the State Tax Administration of Ukraine. Her responsibilities include performing com- plex analyses of tax payments and commodity-money flows in the economy as well as of taxpayers’ activity, cash flows, and tax avoidance schemes with the purpose of improving the risk criteria for selecting business entities for audit. She received her degrees as an economist and mathematician from Kyiv National University. Aidar Mekebekov is head of the Audit Department in the Tax Committee of the Ministry of Finance in Kazakhstan. In this capacity, he has cham- pioned improvements in audit and initiation of Kazakhstan’s risk-based audit system. Iryna Udachyna is director of legal entities at the Tax Control Department in the Ukraine State Tax Administration. Among other responsibilities, xvi Contributors she analyzes audit efficiency and the efficacy of state tax administrations, runs the large enterprise audit program, and analyzes taxpayer accuracy and timeliness. She has degrees in management of technical systems from Kyiv Polytechnic Institute and in accounting from the Zhytomyr Engineering Technological Institute. Charles Vellutini specializes in trade and tax policy analysis and aid effec- tiveness. He has advised governments and leading funding agencies in more than 30 developing countries, transition economies, and new European Union member states. He is managing director of Economic Policy Analysis and associate professor of economics at the University of Toulouse, where he teaches international economics. His recent publica- tions have focused on development economics and aid effectiveness. He graduated from École des Hautes Études Commerciales and received his doctorate in economics from Université Panthéon-Sorbonne. Lennart Wittberg is senior adviser to the Swedish Tax Agency and has worked both as a manager and as a compliance strategist. His main areas of responsibility are research on compliance and taxpayer behav- ior, risk management, and general improvements in effectiveness of the organization. He is chair of the Organisation for Economic Co-operation and Development (OECD) Forum on Tax Administration Compliance Subgroup, which is a forum for member countries to share their experiences and to cooperate on new developments regarding com- pliance. Educated as an economist, he has written papers and reports on compliance and has spoken at various international conferences. Simon York is deputy director of the HMRC Risk and Intelligence Service. He leads the analysis and information function, which brings together information, data, and intelligence to develop a high-level view of com- pliance risks and threats. He also leads teams that develop new risk tools to improve the HMRC’s ability to respond to those risks and threats. He has trained and worked as a tax inspector, carrying out a series of roles managing compliance intervention teams working with businesses and individuals and combating tax fraud and avoidance. Abbreviations ANN artificial neural network CART classification and regression tree CASS Computer Aided Scrutiny Selection, India CBDT Central Board of Direct Taxes, India DTCA Dutch Tax and Customs Administration HMRC Her Majesty’s Revenue and Customs, United Kingdom ICE integrated compliance environment IFC International Finance Corporation IT information technology ITAX Integrated Tax Administration System, Tanzania MIS management information system NRA National Revenue Agency, Bulgaria OECD Organisation for Economic Co-operation and Development RMIS risk management information system RMS risk management system SAS Self-Assessment System, Malaysia SMB small and medium-size business xvii xviii Abbreviations SME small and medium-size enterprise TAXGIP Tax Administrators Exchange for Good Innovative Practices TCF tax control framework TIN taxpayer identification number VAT value added tax VEDOP Tax Office Complete Automation Overview Munawer Sultan Khwaja It may sound paradoxical, but the main focus of a modern system of revenue administration is not to collect taxes. In a modern tax system based on self-assessment and voluntary compliance, tax liabilities are assessed by taxpayers themselves and paid through banks or the state treasury system. The main functions of the revenue administration are (a) to manage tax compliance in order to detect and prevent delinquent behavior and (b) to provide taxpayer service and education in order to help taxpayers to discharge their tax obligations with ease and with the least complexity and compliance burden. The concept of efficient management of compliance is in no way novel. The Arthashastra, a Sanskrit work of the fourth century B.C. by Kautilya, advocated devising a tax structure that ensured compliance by limiting the taxation power of the State, having low rates of taxation, and maintaining a gradual increase in taxation. Kautilya pointed out, “We must collect taxes without upsetting the taxpayer. Just as the flower is not disturbed or hurt by the honeybee when it draws nectar, we should not disturb the taxpayer when we collect taxes.” Kautilya’s ideas on the necessary conditions for increasing efficiency and compliance are still valid today, 24 centuries later. 1 2 Risk-Based Tax Audits What matters, therefore, is not just how much revenue is collected or how much it costs to collect it, but also how it is collected, because revenue administration is one of the major interfaces between the state and its citizens. In other words, good revenue administration is a vital source of good government. It provides the government with a sustain- able supply of revenue and citizens with services that help them to con- tribute voluntarily to nation building. Promoting voluntary compliance requires developing modern approaches based on risk management to provide the most cost-effective outcome. Voluntary compliance is achieved through a self-assessment system, where taxpayers comply with their tax obligations without intervention from tax officials, based on information they receive about these obligations. The taxpayer voluntarily completes a tax declaration to identify all tax liabilities accurately and submits this declaration with payment.1 When this does not occur, the tax office takes the appropriate enforcement action. The segmentation of the tax base into groups of taxpayers sharing common characteristics—typically large, medium-size, and small taxpayers—is a critical first step in developing risk management and designing targeted programs that address the compliance risks and service needs of each group of taxpayers. Taxpayer segmentation applies a basic marketing concept (market segmentation) to identify the unique features of different groups of clients and design a strategy that takes into account these features. Risk Management: A Key Element in a Modern Revenue Administration Strategy Central to the strategy for developing a modern system of revenue admin- istration is the establishment of business-like corporate governance prac- tices that include (a) establishment of self-assessment systems, (b) promotion of voluntary compliance, (c) employment of risk management, (d) organi- zational structure based not on geographic focus but on functional focus, (e) promotion of equity and fairness, (f) focus on specialization, and (g) service and functions based on client segmentation that cater to the needs of different categories of taxpayers (see figure 0.1). Developing holistic approaches to taxpayer services (for example, educating taxpayers on all tax obligations) and responding to taxpayer behaviors (for example, enforcement and audit programs for noncompli- ant taxpayers) in an integrated manner are critical for the success of Overview 3 Figure 0.1 Key Concepts of Modern Revenue Administrations self- assessment voluntary risk compliance management a modern revenue system functional equity and organization fairness client specialization segmentation Source: Author. self-assessment. This requires examining all taxes (for example, value added tax, income tax, excise tax) together and adapting taxpayer services and audit programs to the particular needs of, and risks for, the various segments of taxpayers.2 Risk management is an important element of effective and efficient management of compliance. First, it is impossible for any revenue administration to control and check every single taxpayer. Second, it is unnecessary to waste scarce enforcement resources on routinely exam- ining low-risk, compliant taxpayers. The opportunity costs for such rov- ing examinations are high. Just as a private business allocates its resources to areas that have the most potential for generating revenues and profits, a modern tax administration uses methods that focus on high-risk taxpayers to select cases for audits. This targeted focus is likely to raise higher revenue and, arguably, provide stronger deterrence for noncompliance. 4 Risk-Based Tax Audits Risk management techniques should not be confined to the selection of tax audit cases. They are part of a holistic and cooperative approach to enhancing compliance. This is dramatically changing the way tax administrations and taxpayers interact with each other. Risk manage- ment drives the operational priorities of modern revenue administra- tions. Centralized strategies are developed to identify risks based on analysis of business trends and patterns of tax avoidance. The selection of taxpayers to be audited, as well as other types of controls, is based on the assessment of risk and the development of risk-based selection tech- niques. Taxpayer characteristics are used in risk-scoring systems to iden- tify and assess the risk of noncompliance. This allows appropriate prioritization of audit and taxpayer service workload and enables the allocation of resources to high-risk groups. The effectiveness of risk-based management of compliance has been enabled by, and depends fundamentally on, the use of automated systems to (1) gather third-party information and match it with taxpayer reporting using reliable databases and a unique taxpayer identification number, (2) undertake selective checks based on risk analysis, (3) standardize pay- ment processes (such as payments through banks) and accounting require- ments, (4) provide assurance that the legislation and procedures are being applied uniformly, and (5) provide adequate, timely information to support management decision making and tax policy formulation. In the last 20 years, increased use of third-party information and automation have allowed tax administrations to generate prefilled tax returns (for example, in the Nordic countries, Spain, and Chile), which are followed up with online notice of assessment. These developments should be taken into con- sideration when fine-tuning tax audit strategies and risk-based approaches. The Istanbul Conference on Risk-Based Audits A conference was held in Istanbul, Turkey, from December 7 to 9, 2009, to provide an opportunity for tax administrators in the European and Central Asian region to interact and discuss the technical challenges involved in implementing risk-based audits with their regional counter- parts and international experts. The World Bank supervised this project, in which many countries made presentations. This was an ideal occasion for participants from 20 countries throughout Europe and Asia to share their own experiences, learn from their colleagues, and establish a founda- tion for future cooperation and information sharing on the various sys- tems being implemented in their countries.3 Overview 5 This conference was organized in partnership with the World Bank Group and International Tax Dialogue as part of a regional initiative called the Tax Administrators Exchange of Good Innovative Practices, or TAXGIP, which is a new forum for tax administrators to share their expe- riences and learn from each other through conferences, seminars, toolkits, and shared web-based interaction. Risk-based audits were the first topic covered, since they are a key element of modernizing revenue administra- tion in the region. Shared Experience in Implementing Risk Management Participants shared experiences on how risk-based audit systems improve the efficacy of revenue collection and use principles that can be applied to all segments of taxpayers. These systems help tax administrators to allocate resources and manage performance. Successful risk-based sys- tems also lower the compliance burden on the private sector, which helps to reduce a barrier to growth and development. The decision to implement risk-based administration involves changing the approach used to deal with taxpayers and requires developing mutual trust between taxpayers and tax administrators. It is based on selective audits and allows low-risk taxpayers to have fewer interactions with the tax administration. Risk-based tax assessment has been implemented successfully even in environments with limited technical resources. Data collection and analy- sis are key components of any risk-based system, but many different models can be used to address the specific needs of a particular country in the short and medium term, while, capacity to manage data collection is being developed. Many participants highlighted the importance of having a strong partnership between tax administrators and private sector stakeholders in order to raise awareness and promote a client-oriented culture. Regional experience with risk-based assessment systems has shown that cultural and institutional reform is at the heart of successful implementation. There are numerous technical, political, and institutional challenges to implementing a functional risk-based system. In effect, the use of risk management as a compliance tool is a process that includes risk identifi- cation, risk analysis, risk assessment and prioritization, and finally treat- ment and evaluation. This last step provides feedback for the next round of risk identification. Successful implementation is often a lengthy pro- cess, with gradual improvement in data collection and management over 6 Risk-Based Tax Audits time. Key issues include the determination of risk profiles in data-scarce and low-capacity environments, coordination among regional and national tax agencies to harmonize data, and building understanding of the risk- based system among tax officials and the private sector. About This Volume This volume draws from presentations made during the conference and papers subsequently submitted. These presentations were made by tax administrators and international experts who have participated in the implementation of risk-based audit systems either in their own or in other countries. In compiling these presentations, this volume obtains first-hand information on how these countries undertook reforms to implement risk-based audit systems, assesses their success, and serves as a toolkit on risk-based audits. The audience for Risk-Based Tax Audits: Approaches and Country Experiences consists of tax administrators in the region and beyond who are entrusted with the task of designing and implementing risk management systems. Additionally, this information will be useful for staff of the World Bank and other development agencies who are asked to assist in the development of revenue modernization strategies. This volume has four parts. Part 1 examines the fundamental principles of risk-based audits and deals with the behavioral aspects of tax compli- ance, discusses the institutional challenges they present, and provides ana- lytical techniques used in risk-based audit strategies. Part 2 discusses approaches to risk-based audits for different segments of taxpayers, in par- ticular large businesses and small and medium enterprises (SMEs). Part 3 focuses on implementation challenges in developing databases and data warehouses and in designing information technology (IT) infrastructure, which are critical for the effective use of risk management techniques. Part 4 presents experiences from six countries that have implemented risk management: Bulgaria, India, Kazakhstan, the Netherlands, Sweden, and Ukraine. Recommendations for implementation and the overall lessons learned are presented in the final two chapters. Chapter 1, by Charles Vellutini, provides insights into the psychological and behavioral mechanisms that determine tax compliance, including the balance between the costs of compliance and the net benefits of noncom- pliance. The probability of detection affects compliance behavior, the outcome of which provides a compliance strategy for taxpayers as well as an audit strategy for tax administrators. Audits promote voluntary Overview 7 compliance by increasing the probability of detection. This depends sig- nificantly on a properly designed audit selection strategy that focuses on high-risk taxpayers to maximize the effect. This chapter examines the relative merits and demerits of manual screening, random selection, and risk-based selection. Chapter 2, also by Charles Vellutini, looks at the various analytical techniques for assessing compliance risks and for creating risk profiles and sorting out high-risk and low-risk taxpayers. This includes data-matching techniques for examining the consistency of tax declarations with data from customs, other enforcement agencies, banks, and other taxpayers. Methods for scoring risks, including parametric (linear regression, logistic regression, and discriminant analysis) and nonparametric techniques (data mining), are explained, and techniques for choosing the appropriate audit selection method are discussed. Chapter 3, by Simon York, presents the special characteristics of large businesses and the complexities of their transactions. This chapter dis- cusses the nature of their risks, external drivers, corporate governance structures, and corporate tax planning. It examines audit strategies for low-risk and high-risk businesses. Because of the small number of large businesses and the large revenue implications and compliance issues they have, the strategy requires regular dialogue between the tax authorities and businesses to try to resolve these risks. In chapter 4, Jan Loeprick and Michael Engelschalk trace the experience of several Organisation for Economic Co-operation and Development countries (Germany, Italy, Australia, Belgium, Canada, Sweden, and the United States) in handling compliance issues relating to SMEs, which comprise a very large number of taxpayers but contribute very little to overall revenue. Additionally, Simon York provides a box illustrating the experience of the United Kingdom in dealing with SMEs. The authors discuss the relevance of these experiences to applying risk-based tech- niques in developing and transition countries. Since presumptive taxation regimes are prevalent in many developing and transition countries, chap- ter 4 also discusses the important link between presumptive taxation and audit selection. In chapter 5, Charles Vellutini discusses the importance of computer- ization and information technologies for the success of risk management in revenue administrations. This involves creating and managing large databases of relevant taxpayer information, setting up risk-based audit selection systems, and using these systems to manage compliance. An efficient risk-based audit selection system should be part of a much 8 Risk-Based Tax Audits broader IT infrastructure that manages the entire tax administration operations, either as a stand-alone system or as a module embedded in a full-fledged tax management system. Chapter 6, by Michael Hainey, describes the databases and risk man- agement software tools used in the United Kingdom and gives practical examples of how these tools are used for risk analysis. This chapter shares the lessons learned regarding what does and does not work, how teams should be organized, how efficiencies can be obtained, and the relevant lessons for revenue authorities. In chapter 7, Ugur Dogan shares how data warehouses and data mining have become powerful tools for compliance management and risk analy- sis. He explains how information gathered from internal and external sources can be used to analyze unreported activities of taxpayers, to detect value added tax fraud, and to score and rank risk profiles. Presenting the case of Turkey, Dogan demonstrates how information from banks, company registers, and credit card sales is used to detect tax evasion and underreporting. Part 4, on country experiences, presents case studies of seven coun- tries to demonstrate the extent to which risk-based audit selection is used and to compare their stages of development. In chapters 8 and 9, the examples of advanced risk management systems are presented by Lennart Wittberg for the Skatteverket in Sweden and by Jon Hornstra for the Dutch Tax and Customs Administration, respectively. These coun- tries employ extensive data-matching and data-mining techniques and sophisticated software. Additionally, they supplement risk-based audit selection with random sampling to monitor patterns of taxpayer behav- ior and compliance, which can be used to fine-tune the risk analysis criteria. In chapter 10, Vesela Gencheva presents the intermediate case of Bulgaria’s National Revenue Agency. Risk-based assessment was intro- duced in Bulgaria in 2000, along with comprehensive tax administration reforms over the last 10 years. She explains how the risk management software is used to cover all phases of the risk management process, including the development of risk profiles and efficient assignment of activities. Rajul Awasthi, in chapter 11, gives an overview of Computer- Aided Scrutiny Selection, which is the basis for the risk-based audit of income taxes in India. Chapter 12, by Inna Lytvyn and Iryna Udachyna, describes the recent introduction of risk-based audit selection in Ukraine. The authors explain the risk criteria, the risk-scoring system, and data sources used as well as the benefits that risk management has already Overview 9 produced for better audit results. Aidar Mekebekov and Yerzhan Birzhanov, in chapter 13, give an account of the plan of Kazakhstan’s Tax Committee to introduce risk management in a step-by-step approach starting in 2010. They explain the methodology used to devise the risk indicators and the algorithm used to develop the annual audit plan. Finally, in the penultimate chapter, Charles Vellutini reviews the approach to the implementation of risk-based audit selection in emerging countries and makes recommendations on how to keep it simple and adapt it to country circumstances. In the concluding chapter, Rajul Awasthi draws from the experiences of both developed and emerging countries and highlights the lessons for future reforms in this area. We hope that this volume will contribute to a better understanding of the usefulness of risk-based audit selection in improving the efficiency and effectiveness of revenue administrations. We also hope that it will be a useful tool for policy makers, tax administrators, and tax reform profes- sionals seeking to make informed choices about designing appropriate selection methodology, risk management software, and data-matching and data-mining tools. Notes 1. A more recent trend in Nordic countries, enabled by the availability of a large database of third-party information, is for the tax administration to produce automated prefilled returns, which are then sent to the taxpayers for concurrence. 2. An excellent guide on the development of effective audit plans and audit strategy, and their role in managing compliance, has been published recently by the International Monetary Fund (Biber 2010). 3. Participants represented Armenia, Azerbaijan, Belarus, Bulgaria, Canada, France, Georgia, Germany, India, Kazakhstan, the Kyrgyz Republic, Mongolia, the Netherlands, Sweden, Tajikistan, Turkey, Ukraine, the United Kingdom, the United States, and Uzbekistan. Reference Biber, E. 2010. “Revenue Administration: Taxpayer Audit; Development of Effective Plans.” Technical Note and Manual 10/03, 2010, International Monetary Fund, Washington, DC. PA R T I Fundamentals of Risk-Based Audits CHAPTER 1 Key Principles of Risk-Based Audits Charles Vellutini In theoretical economic literature, the issue of tax compliance is often studied from the taxpayer’s point of view, under the classical assumption of expected utility maximization (Andreoni, Erard, and Feinstein 1998). In this theory, the taxpayer will not pay his or her taxes as long as the costs of compliance (amount of taxes to be paid and time and other resources spent to comply) exceed the net benefits of noncompliance.1 In such a setting, utility maximization by the taxpayer depends, of course, on the probability of being detected by the tax administration—hence the efforts made by the latter to enforce the law. Several papers (Alm, Bahl, and Murray 1993; Alm and McKee 2004) have extended this basic scenario to account for the role of the tax administration as a strategic player. These papers start from a game the- ory basis, using the classical results from the principal-agent theory with asymmetric information. The improvement brought by these models is that they account for the fact that the probability of detection (assuming that taxpayers will “naturally”—without detection effort—understate their income) is not exogenous but rather depends on information given by taxpayers to the administration when filing their tax returns. The tax administration, knowing that the income reported by taxpayers depends 13 14 Risk-Based Tax Audits on their own actions, is assumed to maximize expected tax and penalty revenues net of audit and enforcement costs, subject to a limited budget (Alm, Bahl, and Murray 1993). The outcome of such a game provides a compliance strategy for the taxpayers as well as an audit strategy for the tax administration. The key result of this strand of the literature is that a risk-scoring mechanism using all the information provided by taxpayers as well as their deep characteristics makes it very difficult for taxpayers consistently to underreport income and avoid audits. This audit strategy is not likely to consume more resources than alternative approaches such as random audits (Alm, Blackwell, and McKee 2004). Behavioral Factors of Tax Compliance Various psychological and behavioral mechanisms have been identified as significant determinants of tax compliance (OECD 2004a, 2004b, 2004c): • First, compliance depends on individual factors such as gender, age, and education. In the case of business taxation, the individual attributes of a company’s manager can be significant; factors specific to the firm itself, such as its industry, size, or financial situation, can also be strong factors of (non)compliance. • Second, compliance depends on the perceived fairness of the taxation system. Each taxpayer assesses fairness in terms of (a) the level of taxes to pay, (b) his or her individual treatment by the tax administration compared to other taxpayers, and (c) the use of public funds by the government. This last factor can potentially be a strong one in countries with low levels of governance and a significant degree of corruption among civil servants. • Third, a potentially significant coordination problem can arise in tax compliance and payments. This translates in practice into strong ob- served inertia in tax compliance and payments, when noncompliance is widespread or perceived as such by taxpayers and each individual tax- payer thus has a strong incentive not to comply. In contrast, when compliance is the social norm, individuals tend to comply more easily, because they fear being identified as dishonest by their peers and because the probability of detection is likely to be high. Key Principles of Risk-Based Audits 15 The Role of Audits First, audits are used to detect and redress individual cases of noncompli- ance. This is the direct and most straightforward influence of audits on compliance and revenue collection. Second, audits promote voluntary compliance by increasing the proba- bility of detection and penalties for noncompliant taxpayers. This impact critically depends on a properly designed audit selection strategy focusing on high-risk taxpayers. Similarly, audits provide a good opportunity for the tax administration to educate taxpayers on their legal obligations or book- keeping requirements, thereby improving future compliance. Third, audits are unique opportunities for tax administrations to gather informa- tion on both the health of the tax system (by measuring the share of non- compliant taxpayers and the amount of unpaid taxes, for example) and the evasion techniques used by taxpayers. Table 1.1 provides a more comprehensive list of likely factors of com- pliance, as observed in practice by tax administrations (OECD 2004b). These factors may be useful explanatory variables in a model of compli- ance risk, as developed below. Organizational Considerations As illustrated in figure 1.1, a key point suggested by the successful imple- mentation of risk-based audit strategies is the need to separate the selection Table 1.1 Factors of Tax Compliance Model category General characteristics B: Business profile Structure (sole trader, partnership, company, trust), size and age of the business, type of activities carried out, focus (local ver- sus international), financial data (capital investment), business intermediaries I: Industry factors Definition and size of the industry, major participant in the in- dustry, profit margin, cost structure, industry regulation, work patterns, industry issues (level of competition, seasonal factors, and infrastructure issues) S: Sociological factors Cultural norms, ethnic background, attitude to government, age, gender, educational level E: Economic factors Investment, demographic interest rates, tax system, govern- ment policies, international influence, inflation, markets P: Psychological factors Greed, risk, fears, trust, values, fairness and equity, opportunity to evade Source: OECD 2004b. 16 Risk-Based Tax Audits Figure 1.1 Separating Audit Case Selection and Audit Implementation a. Traditional audits b. Risk-based audits central risk analysis & audit outcomes audit selection au n local tax s pla taxpayer ou udit dit me unit tco a audit local tax taxpayer audit unit Source: Author. of taxpayers for audit from the implementation of audits. This is not the traditional organization of the audit function, where auditors are respon- sible for selecting and auditing taxpayers, especially when selection is based primarily on manual screening. Separating the two functions brings crucial benefits: • It helps to fight conflicts of interest and corruption among inspectors, as it prevents the “strategic” targeting of taxpayers (that is, based on their potential for making side payments or as a means to protect cor- rupt taxpayers from audits). • It brings economies of scale and gains from specialization, as the selec- tion function is typically centralized at the regional or national level and the inspection or audit function itself is in the hands of inspectors, who can be efficiently trained in auditing as opposed to audit selection. A related point is the incentive scheme used by tax administrations. International experience suggests that the compensation of auditors should not be linked directly to the volume of audit adjustments and penalties raised by them, as is often the case in audit approaches not based on risk. Providing bonuses mechanically indexed on audit results has been shown (a) to bias audits strongly against taxpayers, undermining the much-needed perception of fairness in the tax system, and (b) to encourage strategic selection behavior (auditors maximizing their bonuses) in environments where the audit selection function is not adequately separated from audit implementation. Key Principles of Risk-Based Audits 17 Designing the Audit Strategy An effective and efficient audit strategy is based on several critical aspects such as training and incentive programs for tax inspectors, the perfor- mance of information technology (IT), and adequacy of the legal frame- work for audits. The taxpayer attitude toward compliance is also of great importance (see figure 1.2).2 As such, a compliance strategy involves an adapted reaction to each level of risk: • Customized letters, alerting taxpayers to unusual tax or income report- ing given their characteristics Figure 1.2 A Model of Tax Compliance Factors influencing taxpayer behavior business industry taxpayer sociological economic psychological Attitude to compliance Compliance strategy 10 have decided not to comply use the full force of the law 9 8 7 don’t want to comply, deter by detection but will if we pay attention 6 5 try to but don’t assist to comply 4 always succeed 3 strategies to create 2 willing to do downward pressure make it easy 1 the right thing 0 Source: OECD 2004b. 18 Risk-Based Tax Audits • Limited-scope audits, confined to specific issues on the tax return like registered employees or value added taxes; these audits can be achieved through walk-in visits to businesses or sales inspections. • Comprehensive audits, involving in-depth investigations into the tax- payer’s tax liability for a given period (which can be longer than the fiscal year). These audit cases sometimes are selected randomly—to gather information on compliance behavior—but generally are based on risk elements; that is, when high risks of noncompliance have been identified in certain firms or sectors. Some of the most critical aspects of an audit strategy are the methods and tools used to pick the taxpayers to be audited. The following are the main methods used by tax administrations to select taxpayers for audit: • Individual screening • Random selection • Risk-based selection Manual Screening Screening is one of the oldest audit selection methods, dating back to the time when tax administrations made limited use of information technol- ogy. It consists of manual selection of audit cases by auditors based on their own knowledge of the taxpayers’ behavior and environment. This tech- nique, while it has some undeniable benefits such as the use of local and informal knowledge, a strong adhesion by auditors, and, limited need for data processing, is in fact very challenging: • It clearly increases the risk of corruption. • Being manual as opposed to systematic, it means that auditors can miss some aspects of noncompliance; no attempt is made to uncover pat- terns of noncompliance hidden in the history of noncompliance in the same area, sector, or as determined by other taxpayer attributes. • Similarly, if the screening process is strictly manual, auditors often only use internal data (that is, data issued by their own administration), pos- sibly neglecting relevant information from external data (from customs or other tax departments, for example). As a consequence, screening has fallen into disfavor at the central level of tax administration in developed countries, which tend to prefer other Key Principles of Risk-Based Audits 19 selection techniques. However, it is still used in decentralized tax systems, for example, in the United Kingdom and Switzerland (OECD 2004a, 2004b). Random Selection This technique is the opposite of screening: taxpayers to be audited are selected randomly from the overall population of taxpayers. Even though simple random selection (giving all taxpayers an equal chance of being audited) is implemented in some countries, a widespread practice is to use stratified sampling. This defines groups of taxpayers on the basis of criteria such as size, industry, and type of tax to be paid. A random sample is then drawn from each stratum (see OECD 2004c). One ben- efit of stratified sampling is that it ensures a broader “representation” of taxpayers than simple random drawings. For given statistical properties of the overall population, stratified sampling helps to reduce sample sizes (compared to simple random sampling) and lower operating costs. Random selection (either simple or stratified) has several significant benefits: • It provides the tax administration with relevant information about compliance and other aspects of taxpayers’ behavior without bias in audit selection. Random selection is a good way of gathering data and building knowledge among tax administrations. It provides statistically robust results that can be used to assess the effectiveness of the tax system and potential compliance-improvement programs. The results of an audit campaign drawn from a randomly selected sample, like the share of noncompliant taxpayers or the amount of underreported taxes, can also be easily extrapolated to the whole population of taxpayers. As such, it undeniably improves the identification of risk and can be used to develop related audit selection methods—typically those focusing on high risks. • It is perceived as a fair selection strategy, as all taxpayers in the same stratum have the same likelihood of being audited. Similarly, it reduces the risks of corruption and arbitrary selection, especially compared with manual screening. However, random selection suffers from a major drawback: a very high opportunity cost. Cases selected for audit by methods focused on high-risk taxpayers or even by manual screening are likely to raise higher revenue than cases selected randomly (even with stratification). As a result, 20 Risk-Based Tax Audits random audits have a low impact on direct generation of revenue and, arguably, on deterrence of noncompliance. This helps to explain why most countries that use random selection (like the United States) also use audit programs targeted to high-risk taxpayers. Of course, as discussed later in the book, at least a small number of random audits is useful for calibration purposes, and random audits are a common component of even the most sophisticated audit strategies. Risk-Based Audit Selection Most tax administrations have developed audit strategies focusing on taxpayer noncompliance risks (OECD 2006). This experience has shown that an efficient audit selection strategy must identify those taxpayers who are the most likely to be noncompliant, that is, who have the highest likeli- hood of yielding large amounts of audit adjustments and penalties. In this spirit, many tax administrations have developed audit selection strategies based on risk-scoring techniques comparable to those used to select clients in banking or insurance. These techniques work as follows: a score is given to each taxpayer, based on (a) certain attributes (size, industry, compliance history) and (b) knowledge acquired during previous audit campaigns (whatever the selection strategy). These techniques enable the tax administration to build several “profiles” of taxpayers and hence to identify those most likely not to comply with tax rules. This selection strategy combines several of the benefits of random selection (intelligence building for tax administration, statistically robust approach), while addressing its limita- tions in terms of effectiveness. It is the preferred audit selection strategy in many developed countries’ tax administrations and one that has been advocated by international organizations in transition and developing countries. However, this strategy comes at a cost in terms of data and IT systems. As typically implemented in developed countries, it relies on the following: • A significant amount of quality data (internal and external to the tax administration) on both past audit cases and current taxpayer attri- butes (audited and unaudited). • IT systems (hardware, software, and training) to process the data and provide scores and other pointers feeding into audit programming. Key Principles of Risk-Based Audits 21 Because of this, implementation of risk-based audit selection can be challenging in poorly equipped, data-poor developing countries, although this does not imply that it is not desirable or possible, as suggested by the examples in chapter 2. Notes 1. Noncompliance also comes with its own costs, such as nontransparent mon- etary arrangements with tax agents, limited access to credit, limited access to public services, and formal property rights. 2. A positive attitude toward compliance (which the French call civisme fiscal) can be interpreted as the internalization by tax payers, as a social norm, of the positive externalities generated throughout the economy by a well-function- ings tax system. Exercising and displaying civisme fiscal can also bring private reputational benefits to the taxpayer, for example, because it facilitates access to credit or other inputs. References Alm, J., R. Bahl, and M. Murray. 1993. “Audit Selection and Income Tax Underreporting in the Tax Compliance Game.” Journal of Development Economics 42 (1): 1–33. Alm, J., C. Blackwell, and M. McKee. 2004. “Audit Selection and Firm Compliance with a Broad-Based Sales Tax.” National Tax Journal 57 (2): 209–27. Alm, J., and M. McKee. 2004. “Tax Compliance as a Coordination Game.” Journal of Economic Behavior and Organization 54 (3): 297–312. Andreoni, J., B. Erard, and J. Feinstein. 1998. “Tax Compliance.” Journal of Economic Literature 36 (2): 818–60. OECD (Organisation for Economic Co-operation and Development). 2004a. “Compliance Risk Management: Audit Case Selection Systems.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2004b. “Compliance Risk Management: Managing and Improving Tax Compliance.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2004c. “Compliance Risk Management: Use of Random Audit Programs.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2006. “Strengthening Tax Audit Capabilities: General Principles and Approaches.” OECD, Centre for Tax Policy and Administration, Paris. CHAPTER 2 Risk-Based Audits: Assessing the Risks Charles Vellutini This chapter focuses on analytical techniques used in risk-based audit strategies. It also covers key challenges arising from these techniques, especially in transition and developing-country environments. Data Matching The first technique used to identify risky taxpayers is data matching. This entails checking the consistency of tax returns with other data from cus- toms, bank and insurance company records, and other taxpayers’ returns. In contrast to the other techniques reviewed, this approach does not seek to predict tax evasion. Rather, it tracks down events of noncompliance that have already occurred. As the examples presented in this chapter show, tracking discrepancies between tax returns and independent data sources is usually best implemented for specific tax instruments, as opposed to the more global risk analysis predictive techniques presented in the next section. Using Customs Data Customs data are particularly useful for tax administrations because they capture key portions of taxpayer activity—the cross-border physical 23 24 Risk-Based Tax Audits flows of goods. These flows, and their monetary value, are an invaluable source of information for tax administrations. The following are prime examples of data-matching techniques that rely on customs data: • Taxpayer identification. Customs data are typically more comprehen- sive than domestic tax records, as businesses must still clear customs when importing or exporting goods. If an effective taxpayer identifica- tion system is in place, and importers are required to provide their taxpayer identification number (TIN), tax administrations can track down unregistered businesses based on customs records. • Deductible expenses and the corporate income tax. Tax evaders face con- flicting incentives, on the one hand, when declaring the value of im- ported inputs to customs (where minimizing the value implies minimizing customs duties) and, on the other hand, when filing their corporate income tax (where maximizing the value of the same inputs implies minimizing the corporate income tax). Tax administrations and customs clearly have a strong common interest in cross-checking these two sources of data. Other Data-Matching Examples Data matching for analysis of value added tax (VAT) compliance works by checking bank data on credit card receipts against VAT returns filed by vendors. If significant discrepancies are found, the vendor becomes a prime candidate for a VAT audit. More generally, VAT returns by both parties to a transaction can be compared whenever they are available.1 The seller and the buyer face opposing incentives, assuming that they both seek to minimize their tax obligations. The seller has an incentive to underdeclare his VAT credit, while the buyer has an incentive to overde- clare the corresponding VAT debit. Here again the benefits for the tax administration of comparing the two sides of VAT-bearing transactions are clear. Of course, cross-matching of VAT transactions is possible only when the tax administration has sufficiently sophisticated information technology (IT) capabilities. Data matching can be even simpler for other tax instruments. For capital income tax, bank data on paid interest and other income can be matched with tax return information on earned income. Similarly, data from cadastral surveys and insurance companies can be used to verify tax returns on real estate income. Risk-Based Audits: Assessing the Risks 25 Statistical Methods for Assessing Risks The underlying framework for assessing risks is generally as follows: • Typically, one has to model a dependent variable measuring noncom- pliance (to be predicted); this variable can be either categorical (for example, full tax compliance or less than full tax compliance) or con- tinuous (for example, expected outcome from a hypothetical audit in terms of tax adjustments and related penalties). • Several exogenous (or independent or explanatory) variables are likely to affect the dependent variable; for example, tax compliance can be influenced by the type of industry, size of firm, number of employees, and prior compliance history, among others. The methods presented below are aimed at finding the best statistical relationship between the dependent variable and a set of explanatory vari- ables. These methods can be of two types: (a) parametric, that is, methods estimating the parameters that provide the best relationship, or (b) non- parametric. Parametric Methods for Risk Scoring Parametric methods are widely used by tax administrations and are favored by recent research (Alm, Blackwell, and McKee 2004; OECD 2006). Two groups of techniques are widely used: regression analysis (linear or logistic) and discriminant analysis. These techniques are explained in box 2.1. Nonparametric Techniques: Data Mining Data mining has become popular over the last decade due to the ever- increasing use of IT and the growing availability of large data sets. Chapters 6 and 7 show how data mining is used in the United Kingdom and Turkey, respectively. Data mining consists of automatically exploring and analyzing large quantities of data to uncover meaningful patterns and rules. A key point of data-mining techniques is that no prior model specification of explanatory variables is needed. Rather, these procedures typically generate a list of potential explanatory factors to a given pre- dicted variable as an output, keeping prior information on the structure of the phenomenon being modeled to a minimum. However, because 26 Risk-Based Tax Audits Box 2.1 Parametric Methods in Risk Assessment Linear regression analysis The linear regression model is the most common predictive statistical technique when the dependent variable is continuous. This model is standard, and its ap- plication to audit case selection relies on well-known results and techniques. It is written in its simplest form as follows: Y i = β0 + β1X1i + ... + β n X ni + ε i i i where Y i is the expected result of audit in money terms for taxpayer i, ( X1 ,..., X n ) are attributes and behavioral variables of i, ( b0,…, bn ) is a set of parameters to be estimated, and e i is an error term. The continuous or discrete nature of explanatory variables does not influence the choice of estimator; it affects only the value and the interpretation of the estimated model parameters. Logistic regression Logistic regression is widely used to predict the likelihood of binary or more cate- gorical outcomes like good or bad clients and compliant or noncompliant (Hastie, Tibshirani, and Friedman 2001). This model is widely used in banking to estimate credit scores, but less so in tax administration. The dependent variable becomes the a priori probability of a discrete outcome, and the model is specified as follows: e β X +ε P(Y = 1/X ) = 1+ e β X +ε Discriminant analysis The U.S. Internal Revenue Service has used this method for the past 40 years, among others (Erard 2002). Although there are several types of discriminant anal- ysis, depending on the underlying assumptions of the statistical function used, the most common is the linear discriminant function, also called the Fisher func- tion or model (Torrey 2008). The Fisher model is used to predict a categorical outcome (for example, level of noncompliance) and to estimate parameters b. One feature of this approach is that the dependent variable is defined directly as a score and not as a probability. Risk-Based Audits: Assessing the Risks 27 little causal structure is assumed a priori, data-mining procedures are mostly efficient when applied to large or very large data sets—in contrast with traditional econometric models, which typically have a stronger prior structure. No parameter in the sense of traditional econometric models is estimated during data-mining procedures, as no prior exoge- nous variables are assumed. Data mining has been used in many sectors: • Businesses, to identify groups of customers and segment the market • Epidemiology, to identify groups at risk as a result of their behavior • Banking and insurance, to select clients • Tax administrations, to guide audit strategy. Although data mining is often used as an alternative to more tradi- tional predictive parametric methods, the joint use of the two techniques is sometimes advised. In a tax administration context, data mining could be first used to obtain information on several taxpayer profiles and to identify relevant exogenous variables (that is, determinants of compli- ance). Parametric methods of scoring could then be a second step and would use variables identified by data mining in the predictive equations of compliance and audit returns. Decision Trees This technique identifies groups of individuals or businesses that are as homogeneous as possible based on a set of predefined variables; it is based on an algorithm using separation criteria to identify the groups. For exam- ple, the CART (classification and regression tree) technique, one of the most widely used, identifies the groups by minimizing a Gini index meas- uring the intragroup statistical dispersion. Neural Networks This technique is similar to decision trees in the sense that it seeks to identify homogeneous groups based on a set of variables and criteria; however, because it does not require a hierarchy in the variables (like the “branches” of decision trees), it is more powerful. A node in a neural network can be defined by several variables; in a decision tree a node defines just one variable. Clustering Clustering, another data segmentation technique, allows for the simul- taneous analysis of several possible explanatory variables during the 28 Risk-Based Tax Audits Figure 2.1 Examples of Data Mining Techniques a. Decision tree b. Neural network c. Clustering ξ1 x2 ξ2 7 6x x ξ3 5x ξ4 ωif oi υj 2x 4x 1x 3x final tree ωfk ξ5 ξk x1 Source: Ze 2003. segmentation process (unlike decision trees, which allow for only one segmenting variable by branch). Two segmentation criteria are typically used to define clusters: (a) variance within a given cluster is minimized and (b) variance across clusters is maximized. One limitation of stand- ard clustering algorithms is that the number of clusters is exogenous. Figure 2.1 displays schematic representations of each technique for a simple model with two explanatory variables. Selecting the Best Estimator: The Confusion Matrix How to choose among the techniques above? On top of traditional sta- tistical goodness-of-fit indicators, tax administrations have been using what is referred to as the “confusion matrix,” as illustrated in table 2.1. Based on this matrix, it is possible to compute several selection criteria: • Accuracy rate: (TN + TP) / Total, which measures the percentage of cases predicted correctly by the model • Prediction efficiency: TP / (TP + FN), which measures the percentage of noncompliant cases correctly predicted by the model • Strike rate: TP / (TP + FP), which measures the percentage of noncom- pliant cases likely to be detected if predicted evading cases are audited. As shown in Gupta and Nagadevara (2007), the last two criteria usu- ally involve a trade-off: prediction efficiency must be reduced to improve the strike rate and vice versa. Risk-Based Audits: Assessing the Risks 29 Table 2.1 Confusion Matrix Predicted Actual Tax complying Tax evading Tax complying True negative (TN) False positive (FP) Tax evading False negative (FN) True positive (TP) Source: Gupta and Nagadevara 2007. Example: Choosing the Right Audit Selection Strategy in India In 2005 almost all Indian states replaced the sales tax with a self-assessed VAT. The switch proved to be challenging for tax administrations, in par- ticular the new requirement to run periodic audits. The paper by Gupta and Nagadevara (2007), using a sample of 1,600 audited taxpayers in Delhi, provides a useful example of how to select the right audit strategy in practical terms. First, based on a literature survey and on the authors’ own knowledge of tax administration, Gupta and Nagadevara (2007) identify a set of relevant explanatory variables to be used in the model (see box 2.2). As the authors report, many variables in this list have not been used for practical reasons (data not available or inconsistent, high cost of digitizing paper records). Second, the authors estimate eight models of audit selec- tion, as summarized in table 2.2. The authors apply the criteria of prediction efficiency and strike rate to each model, noting that an audit strategy aims to maximize the audit return, not to catch all tax evaders. Their preferred models are, therefore, models two and eight, which show excellent strike rates and reasonable performance efficiency. Another conclusion of the paper is that when compared to random selection, all of the models developed through risk-based techniques display better performance efficiency and strike rates. Computing the Scores Scaling the results of any of these predictive methods in the form of easy- to-use scores is critical from an operational point of view (Siddiqi 2006). To scale and compute scores, one can simply use an affine transformation of the predicted value of the explained variable. In the case of a simple linear regression model, where the predicted value of audit adjustments 30 Risk-Based Tax Audits Box 2.2 List of Possible Variables in an Audit Selection Strategy A. Dealer profile A1. New registrant (Y/N) A2. Deals in high-tax-rate items (Y/N) A3. Any other business operating from the same address? (Y/N) A4. Any other business having the same telephone number? (Y/N) B. Return compliance B1. Any return default (nonfiling)? (Y/N) B2. Delay in filing returns? (number of days) B3. Returns that are nil returns (number of returns)? C. Returned values and ratios C1. Tax to turnover C2. Gross profit (percent) C3. Exempt sales to turnover C4. Inventory to turnover C5. Purchases to sales C6. Refund claimed > Rs 1,000? (Y/N) C7. Tax credit carryforward > Rs 1,000 (Y/N) C8. Output tax or input tax credit adjustments > Rs 1,000? (Y/N) D. Variations in returns across tax periods D1. Turnover growth (compared to last year) D2. Tax growth (compared to last year) D3. Variance of turnover across tax periods D4. Changes or variation in sales mix (local/interstate/export) D5. Changes or variation in purchase mix (local/interstate/import) D6. Changes or variation in product mix for sales (exempt, taxable at various rates) E. Benchmarking vis-à-vis dealers of similar trade or industry in respect of the following parameters: E1. Tax to turnover E2. Gross profit (percent) E3. Taxable sales to turnover E4. Inventory to turnover E5. Turnover growth E6. Tax growth Source: Gupta and Nagadevara 2007. Risk-Based Audits: Assessing the Risks 31 Table 2.2 Audit Selection Strategy for VAT in Delhi, India Model Method Target variable 1 Classification tree Compliance-noncompliance 2 Same classification tree as model 1 (after Compliance-noncompliance dropping cases with missing data) 3 Classification tree Amount of underreported tax (three categories) 4 Logistic regression Compliance-noncompliance 5 Discriminant function Compliance-noncompliance 6 Discriminant function Amount of underreported tax (three categories) 7 Hybrid model based on model 6 and a Amount of underreported tax classification tree (three categories) 8 Hybrid model based on models 2 and 6 Amount of underreported tax (three categories) Source: Gupta and Nagadevara 2007. ˆ ˆ for taxpayer i is b Xi, with b the estimated vector of parameters and Xi the vector of attributes of i, an affine transformation is as follows: ˆ Si = a + b . b Xi 2.1 where Si is the risk score of i and a and b are parameters of the transformation. A dependent variable expressed as a predicted a priori probability (for example, in the case of a logistic model) is bounded by construction (between 0 and 1). Here the score, as computed through an affine trans- formation, is naturally bounded. In the case of a continuous and unbounded predicted variable (such as the amount of adjustments to be paid after an audit), restricting scores to be upper bounded is a choice.2 The trade-off between bounded and unbounded scores hinges on (a) the operational simplicity of bounded scores (for example, from 0 to 10), which can make matching individual scores with types of audits easier, on the one hand, and (b) full use of information on the statistical distri- bution of the predicted variable in the case of unbounded scores, on the other hand. There is no clearly defined best practice from the reviewed experience in tax administration. Dealing with Selection Bias: The Heckman Procedure Sample selection bias is a well-identified issue in econometrics (Heckman 1979). It arises when a sample used to estimate a function is not drawn 32 Risk-Based Tax Audits randomly from the overall population but rather is selected on the basis of observable or unobservable characteristics. In the case of an audit selec- tion strategy, the problem arises if the sample of previously audited cases used to compute the scoring function and its parameters is not drawn randomly from the overall population of taxpayers, which is likely to be the case in the vast majority of transition countries. In order to tackle sample selection bias, Heckman (1979) proposes a two-step estimator of simultaneous equations.3 The first step consists of estimating a binary selection model, while the second step consists of estimating the target model, based on its explanatory variables and on the parameters estimated in the first step. Taking the nonrandom selection process into account provides an unbiased estimator. The Heckman procedure (described in box 2.3) has been extensively applied by researchers to scoring models (Boyes, Hoffman, and Low 1989) and by tax administrations to audit selection strategies (Alm, Cronshaw, and McKee 1993; Alm, Blackwell, and McKee 2004; Murray 1995). Example: Audit Selection and Firm Compliance in Jamaica In their study of tax compliance in Jamaica, Alm, Cronshaw, and McKee (1993) use a three-stage Heckman procedure: • The first stage models the audit selection process; explanatory variables at this stage are the amount of reported taxes and a set of dummies Box 2.3 Heckman Procedure for Correcting Selection Bias The problem is usually set up as follows. First, an audit selection equation is estimated; the dependent variable is a bi- nary variable taking the value 1 if the taxpayer has been audited and 0 otherwise. This obviously requires a sample encompassing both audited and nonaudited taxpayers. This first-stage equation is usually estimated based on a probit estima- tor (Wooldridge 2002). The predicted likelihood of being audited is then computed based on the esti- mated model and the exogenous attributes of each individual taxpayer. The impor- tant point here is that this will produce predicted (ex ante) likelihoods that will vary significantly, including within the group of taxpayers who have been audited. (continued next page) Risk-Based Audits: Assessing the Risks 33 Box 2.3 (continued) Second, the compliance equation is estimated only on the sample of au- dited taxpayers (since obviously no data on audit outcomes are available from nonaudited firms). This equation can be estimated using either a standard lin- ear estimator (if the dependent variable is continuous, such as the amount of audit returns). The trick here is to include the predicted likelihood of being au- dited (as estimated from the first-stage equation) as an explanatory variable of audit outcomes. Because these likelihoods vary, this inclusion enables the analyst to control for the fact that a truncated sample (only audited taxpayers) is used to estimate the compliance risk of the whole taxpayer population (audited and nonaudited firms). For example, a firm that was not likely to be audited (but has been) and a firm that was very likely to be audited (and has been) will not carry the same weight in the estimation. segmenting the taxpayers by category (according to the type of tax declared). • The second stage is also a binary estimator of the probability of compli- ance (among the audited cases only); explanatory variables are mar- ginal tax rate, post audit (net of tax) income, benefits, and a set of dummies. • The third stage estimates the amount of audit returns; explanatory vari- ables are the same as in the second stage. The study uses two data sets: one of 148 audited self-employed tax- payers, the other of 932 randomly selected nonaudited self-employed taxpayers. The first stage is estimated jointly for the two data sets. Results suggest a systematic use of information by the tax administration to select cases for audit, hence the theoretical principal-agent setting. Economic factors are shown to play a significant role in tax evasion; in particular, the evasion rate is positively related to the marginal tax rate. Should Risk Criteria Be Made Public? A practical implementation issue relates to the secrecy of risk criteria and, more generally, of the risk-based approach. A key concern is to avoid a “strategic” behavior on the part of taxpayers: if known to them, the risk is 34 Risk-Based Tax Audits that tax avoiders will use the criteria to improve their avoidance. This risk is especially high when the number of risk criteria is small, making a strategic behavior all the easier. It is therefore advised to keep individual risk criteria confidential, as is the practice of tax administrations imple- menting these techniques. However, it is useful to distinguish the individual risk criteria (profit ratios, revenue growth rates) from the general risk-based approach, which can be used as a deterrent to noncompliant behaviors. While keeping individual risk criteria confidential is a good practice, informing the public that tax returns will be cross-checked with banking, insur- ance, and other unspecified data sources may lead to better ex ante tax compliance. For example, in Ukraine, the State Tax Administration noticed a significant drop in fraudulent VAT refund claims when it initiated invoice matching of transactions between the buyer and the seller. Notes 1. Detailed information on the volume of transactions by customers and suppli- ers is not usually included in standard VAT returns but it can be requested from large traders and is typically included in a VAT audit. 2. If the dependent variable is the monetary outcome from audits, it is still bounded from below at 0, and so is the corresponding score. 3. This selection bias correction procedure won James Heckman the 2000 Nobel Prize in economics. References Alm, J., C. Blackwell, and M. McKee. 2004. “Audit Selection and Firm Compliance with a Broad-Based Sales Tax.” National Tax Journal 57 (2): 209–27. Alm, J., M. Cronshaw, and M. McKee. 1993. “Tax Compliance with Endogenous Audit Selection Rules.” Kyklos 46 (1): 27–45. Boyes, W., D. Hoffman, and S. Low. 1989. “An Econometric Analysis of the Bank Credit Scoring Problem.” Journal of Econometrics 40 (1): 3–14. Erard, B. 2002.“Compliance Measurement and Workload Selection with Operational Audit Data.” Paper prepared for the Internal Revenue Service research confer- ence, George Washington University, Washington, DC, June 11–12. Gupta, M., and V. Nagadevara. 2007. “Audit Selection Strategy for Improving Tax Compliance: Application of Data Mining Techniques.” In Foundations of Risk-Based Audits: Assessing the Risks 35 E-government, eds. A. Agarwal and V. Ramana. Proceedings of the eleventh International Conference on e-Governance, Hyderabad, India, December 28–30. Hastie, T., R. Tibshirani, and J. Friedman. 2001. The Elements of Statistical Learning: Data Mining, Inference, and Prediction. New York: Springer. Heckman, J. 1979. “Sample Selection Bias as a Specification Error.” Econometrica 47 (1): 153–61. Murray, M. 1995. “Sales Tax Compliance and Audit Selection.” National Tax Journal 48 (4): 515–30. OECD (Organisation for Economic Co-operation and Development). 2006. “Strengthening Tax Audit Capabilities: General Principles and Approaches.” OECD, Centre for Tax Policy and Administration, Paris. Siddiqi, N. 2006. Credit Risk Scorecard. Hoboken, NJ: Wiley. Torrey, A. 2008. “The Discriminant Analysis Used by the IRS to Predict Profitable Individual Tax Return Audits.” Bryant University, Smithfield, NH. Wooldridge, J. 2002. Econometric Analysis of Cross-section and Panel Data. Cambridge, MA: MIT Press. Ze, N. 2003. The Handbook of Data Mining. Athens, Greece: LEA Publishers. PA R T I I Approaches to Audits for Different Taxpayer Segments CHAPTER 3 A Risk-Based Approach to Large Businesses Simon York Developing segments of the taxpayer population is a critical first step in analyzing the overall risk environment and introducing risk management. Indeed, a better understanding of taxpayer segmentation allows the rev- enue authorities to develop more effective, targeted compliance strategies that provide the most appropriate treatment of the revenue risks and the best responses to taxpayers’ service needs. International experience shows that a small number of large enterprises (typically less than 1 percent) are responsible for 60–70 percent of domestic tax collections, while a very large number of small enterprises account for less than 5–10 percent of domestic tax collections. Between these two segments, the medium-size enterprises generally account for 20–30 percent of domestic tax collec- tions (see figure 3.1). This distribution of business taxpayers is similar in most countries (Bodin, in World Bank 2010, ch. 3). Nature of Risks to Revenue Presented by Large Businesses Typically, large taxpayers also have complex tax situations, which may give rise to high risks if not managed appropriately. These may be the result of several factors: (a) global operations involving complex cross-border trading and foreign exchange transactions; (b) use of complex financing arrangements; (c) multifaceted transactions that often give rise 39 40 Risk-Based Tax Audits Figure 3.1 Typical Segmentation of Taxpayers and Revenue Collections number of firms share of tax revenue large enterprises 1% 60–70% medium-size enterprises 10–20% 20–30% small and micro enterprises 80–90% 5% Source: World Bank. to complex issues of legal interpretation; (d) a huge volume of transac- tions and involvement in diverse business activities; and (e) transactions with related parties, which give rise to transfer pricing issues. These com- plexities mean that large businesses must hire professional tax consultants who undertake tax planning to minimize the firms’ tax liabilities, mostly legally (tax avoidance) but sometimes illegally (tax evasion). This further intensifies the complex equation between the tax authorities and large businesses. With respect to large taxpayers, the nature of risks calls for a specific treatment. Typically, this is a low-risk segment in terms of tax evasion and a high-risk segment in terms of tax avoidance. Frequently, the transactions of large taxpayers are in a gray area between tax evasion and tax avoid- ance as a result of their use of tax planning schemes. Consequently, mod- ern tax administrations interact regularly with these taxpayers as part of their risk reduction strategies.1 Many countries have established special arrangements to administer and manage compliance of their largest taxpayers. While various organi- zational models are employed, a common approach is to establish an operational level, multifunctional large-taxpayer unit responsible for car- rying out most tax administrative functions, from registration, account management, and taxpayer services to information processing, audits, and debt collection and enforcement. In some countries, a large-taxpayer management and coordination division at the central headquarters pro- vides strategic and operational support. A mechanism that has gained ground in recent years is the establishment of arrangements such as A Risk-Based Approach to Large Businesses 41 advance rulings and advance price agreements in transferring prices. The primary objective of these arrangements is to enhance the coordination and monitoring of those taxpayers responsible for the bulk of tax pay- ments (OECD 2004a, 2004b). Nature of Tax Risks for Large Businesses Businesses also have to balance a wide range of risks, of which tax is just one. For many businesses, the tax bill can be one of their single largest outlays. The tax authority and businesses may have divergent agendas and priorities, and it is important for both sides to recognize when this occurs. Internal or external forces may also drive tax risks, such as the following: • External drivers such as globalization and the complexity of the inter- national economy, commercial and regulatory change, and the tax pol- icies of other states • Corporate tax strategies, including the extent and nature of tax plan- ning and the level of disclosure or cooperation with tax authorities • Complexity in corporate structures, pressures on business systems and processes, and weaknesses in implementation and development • Gaps in the tax authorities’ ability to understand their clients and to make consistent, sound decisions. All of these change the commercial context for large business custom- ers and create a constantly shifting environment for taxes. This can cause inconsistency and uncertainty, potentially shifting valuable resources away from commercial innovation and planning. There is no direct cor- relation between the level of risk and the amount of tax at stake. Other factors, such as compliance history, industry segments, and the taxpayer’s attitude also factor into the risk level. Some risks are generic and could potentially affect a large number of clients. In this case, prudent legislation may be needed to address cross- cutting tax risks. Managing tax risks to ensure compliance is usually com- plex and requires considerable investment in governance and process management. Whenever possible, the tax authority should rely on the client’s understanding of how the tax law applies to its business and sys- tem of governance. It is important for businesses to have defined respon- sibilities and accountabilities. 42 Risk-Based Tax Audits Risk Review Process With all the complexities that large businesses present, one important factor is that large firms are typically managed by professional executives and not by amorphous groups of owners. As a result, large businesses are under a great deal of scrutiny, with strict reporting, statutory, corporate, audit, and regulatory responsibilities. These are put in place by public regulatory authorities to enforce proper corporate governance and share- holder protection as well as by management and shareholders to ensure that there is no leakage or pilfering within the large network of employ- ees and operations. This provides the tax authority with a much larger array of information on the operations and transactions of these firms. Less complex large businesses can be assessed using data from previous returns, customer information, and commercial sector information. When possible, the use of risk models comparing a client’s tax performance with industry trends is recommended. Although many large businesses may be low risk, due to the level of external and internal scrutiny in place, it is important to gain a deeper understanding of complex or high-risk large businesses through direct intervention or data analysis, because of the large amounts of information involved. It is critical to engage the customer in order to understand the drivers behind commercial decision making. Discussions with large taxpayers in seminars or public collegiums, or individually in the large-taxpayer unit are useful. Similarly mechanisms such as advance pricing arrangements convey a better sense of the main tax-related issues. This enables the tax authority and client to be on the same page with regard to tax strategy, the impacts of taxes on operations, and risks. Following this, a risk assess- ment and rating based on the client’s system of corporate governance, internal processes for effective delivery, and risk management procedures should be taken into consideration. It is also necessary to account for external risks, such as changes in the industry, mergers and acquisitions, restructuring, complex legal and financial structures, and the extent of the business’s exposure to global and cross-border transactions. The tax authority should share the risk rating and subsequent action plan with the clients.2 Although it is not necessary for the client and tax authority to be in agreement on the score that was assessed, establishing a dialogue about the actions needed to address the identified risks and issues is necessary. Sharing the identified risks and engaging in a dialogue about possible interventions can better enable as many businesses as pos- sible to achieve tax compliance. For higher-risk clients, it is important to A Risk-Based Approach to Large Businesses 43 review the risk rating regularly. The amount of effort expended should correspond to the size and nature of the risk identified. Low-Risk Businesses The aim of the tax authority should be to provide answers in real time about the tax treatment of commercial transactions in order to avoid unintended consequences. For low-risk businesses, it may not be neces- sary to perform a full risk review process for several years, as their dec- larations will not likely be challenged. However, it may be necessary for businesses to contact the tax authority to answer questions and main- tain a dialogue about their tax affairs—for example, if a restructuring or merger, new legislation, or another major transaction has taken place. High-Risk Businesses The objective of reducing the focus on low-risk businesses is to enable more resources to be focused on businesses deemed to be high risk. These businesses will generally require a regular dialogue with annual risk reviews. Regular risk-based intervention will likely be necessary. Should significant risks be found, the tax authority should be able to work inten- sively with its clients to resolve those risks. Large businesses should expect particular transactions that deviate from established norms to be subjected to more extensive investigations. Typically, these types of trans- actions have the following characteristics: • Little or no economic basis or a disproportionate amount of tax conse- quences relative to the economic position of a business • Little or no pretax profit based primarily on anticipated tax savings • A mismatch between the legal form or accounting treatment and the economic substance • No apparent business reason, artificial, or commercially unnecessary • Income or expenditures disproportionate to the economic activity. Notes 1. Peer review comments from Raul Junquera-Varela (World Bank). 2. Discussing the taxpayer’s risk score is different from sharing the risk criteria on which the score was based. As discussed in chapter 2, specific risk criteria should be confidential. However, risk scores can be discussed with taxpayers to help them to improve compliance. 44 Risk-Based Tax Audits References OECD (Organisation for Economic Co-operation and Development). 2004a. “Compliance Risk Management: Audit Case Selection Systems.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2004b. “Compliance Risk Management: Managing and Improving Tax Compliance.” OECD, Centre for Tax Policy and Administration, Paris. World Bank. 2010. Georgia: Diagnostics and Needs Assessment of the Revenue Administration. Washington, DC: World Bank, January. CHAPTER 4 Simplified Risk Scoring for SMEs Jan Loeprick and Michael Engelschalk In the developing and developed world, small and medium-size enter- prises (SMEs) usually make up 80–90 percent of taxpayers, but their contribution to overall revenue hardly ever goes beyond 10 percent of total collections. While random checks are necessary to ensure compli- ance, audits for small firms are seldom cost-effective and can impose a heavy compliance burden. From an efficiency standpoint alone, it is clear that scarce resources within tax administrations call for an audit strategy that accounts for the limited revenue potential of the small business segment. In addition, audits are often a source of rent seeking, and small firms, in particular, have little recourse against tax officials. As a result, audit coverage and frequency should be significantly lower for small firms. Correspondingly, in a modern tax administration actual audits of small businesses are usually limited to a very small share of businesses. SME Experience in Germany There are obvious economies of scale in focusing auditing activities on large firms, as audit strategies and the extra revenue expected from each audit should primarily guide work plans. In Germany, for instance, only about 4 percent of small and 1 percent of micro businesses are audited 45 46 Risk-Based Tax Audits annually, mainly to uphold the perceived risk of an audit. The additional revenue assessed from the 44,114 small businesses audited in 2008 was only 4 percent of total collections (see table 4.1 and figure 4.1). SMEs in Europe and Central Asia In the Europe and Central Asia region in particular, where full audit cov- erage used to be common practice, audit coverage of small businesses is still relatively broad (Engelschalk 2005). Data from enterprise surveys conducted by the World Bank (see figure 4.2) indicate that taxpayer Table 4.1 Audit Frequency in Relation to Business Size in Germany Number of Number of busi- Frequency of Segment businesses nesses audited % of audits audits (years) Large 170,060 39,885 23.5 4.26 Medium 758,051 56,999 7.5 13.3 Small 1,141,146 44,114 3.9 25.87 Micro 6,321,465 69,638 1.1 90.78 Source: Germany, Ministry of Finance 2008. Figure 4.1 Additional Audit Revenue in Germany in 2008 micro others 6% 5% small 4% medium 7% large businesses 78% Source: Germany, Ministry of Finance 2008. Simplified Risk Scoring for SMEs 47 Figure 4.2 Percentage of Firms Inspected by Tax Officials in the Europe and Central Asia Region, by Size, 2009 80 69 70 58 60 54 49 50 % of firms 40 30 20 10 0 small medium large total Source: World Bank 2009. inspections in the region are still disproportionately focused on small businesses, as they report roughly similar frequency in tax inspections in small (49 percent), medium (58 percent), and large (69 percent) busi- nesses.1 This pattern contradicts modern audit strategies and indicates significant scope to improve compliance management strategies in the region.2 Experience from the OECD and Potential Applications for Developing-Country Environments Experience in Organisation for Economic Co-operation and Development (OECD) countries indicates that risk-based audit selection is essential to using scarce audit resources wisely and targeting the small business audit program to high-risk taxpayers. Box 4.1, which was contributed by Simon York, describes the characteristics of SME taxpayers in the United Kingdom, which are typical of those in many countries. To reduce administrative costs, unnecessary interactions, and the related compliance burden for small businesses, small business owners should ideally base their administration on the self-assessment of tax liabilities. This requires a method of calculation commensurate with capacity, which sometimes requires the introduction of presumptive calculation schemes. At the same time, audits are critical in any system where taxes are self-assessed in order to ensure that the system is work- ing properly and to address the risk of underdeclaration. As such, 48 Risk-Based Tax Audits specialized compliance monitoring and tax audit programs are required for small businesses. Compliance management programs for SMEs necessarily differ from those for medium and large taxpayers given (a) the relatively large num- ber of small businesses with limited revenue potential, (b) the relatively small amount of information available on small taxpayers, and (c) the need to combine the verification of compliance with advisory tasks, providing Box 4.1 Taxation of SMEs in the United Kingdom Given their size and diversity, SMEs pose a significant challenge to tax authorities. This group has widely divergent needs, behaviors, and attitudes, which can make interventions more difficult. This challenges the U.K. tax authority to have a better understanding of business value chains, customer segmentation, and available risk tools and to provide more effective upstream education and support. SMEs are an important taxpayer group, accounting for more than 99 percent of all businesses in the United Kingdom (approximately 4.7 million). These busi- nesses range from individual businesses to more established enterprises with an- nual turnover of up to £30 million. SMEs have the following characteristics: • A high rate of churn, with approximately 700,000 firms opening and 600,000 closing each year • A high rate of business turnover, constituting more than 50 percent (£1.5 trillion) of total U.K. business turnover • A labor-intensive workforce, employing approximately 60 percent of the total private sector workforce • 43 percent of all tax receipts (over £87 billion) • High cost to serve, absorbing £1.2 billion, mostly for processing and compliance • Large share of the business administration tax burden, at 88 percent • Low rate of profit, with 75 percent returning a profit of less than £20,000 and 96 percent returning a profit of less than £100,000 • A diverse willingness and ability to pay taxes, as shown in figure B4.1. (continued next page) Simplified Risk Scoring for SMEs 49 Box 4.1 (continued) Figure B4.1 Compliance Behavior of SMEs in the United Kingdom rule breakers 7% potential rule breakers 28% willing and able to pay taxes 38% willing, but potential payment need help deferrers 8% 6% unaware of tax payment deferrers obligations 6% 7% Source: Simon York. guidance on best practices of tax compliance obligations and simplified bookkeeping. Risk criteria that typically feed into basic models for small firms include, among others, the sector(s) of activity and business structure, quality of record keeping, past compliance behavior, cost ratios and deductions from gross revenue, comparisons with industry and sector averages, and the debit-credit ratio of SMEs registered for the value added tax. The degree of sophistication of the risk-profiling system depends on the information that is readily available to the tax administration. Developing models to cover the entire spectrum of SME activities is a resource-intensive and lengthy process, which has prompted various countries to focus on priority sectors or a designated number of core indicators. Table 4.2 high- lights some of the high-risk industry sectors in five OECD countries. The introduction of full-fledged risk profiling for SME tax administra- tion is a relatively recent phenomenon, even among some OECD countries. Austria, for instance, introduced its cluster approach to 50 Risk-Based Tax Audits Table 4.2 Key Risk Sectors Identified in Select OECD Countries Australia Belgium Canada Sweden United States Construction Construction Construction Construction Car sales Transport Gambling Hospitality Restaurants Construction Restaurants Transport Agriculture Hairdressers Health care Hairdressing, Car sales Real estate Taxi firms Medical beauty salons agents professions Cleaning services Diamond industry Taxi firms Scrap metals Restaurants Clothing and Dentists Hair stylists E-commerce Real estate textiles agents Motor vehicle E-commerce Labor agents retailers Art and antique Heating oil dealers Source: Authors. cross-check small taxpayer information in 100 clusters in 2004. This has allowed auditors to move from selecting individual cases for the majority of small businesses to selecting businesses for audit based largely (87.5 percent) on automated risk profiling.3 More common, and more transferable to low-data-quality environ- ments, is the determination of industry benchmarks for different segments of small business activities. In Australia, such benchmarks were developed for 58 segments based on internal information (standard tax return data and business activity statements) and external information (input bench- marks derived from industry association data). These performance bench- marks capture several fundamental business ratios, such as the cost of goods sold to turnover, labor costs to turnover, and rent to turnover, and allow for the identification of outliers from industry norms (see table 4.3). The Italian Studi di Settore as a Role Model In 1998 Italy introduced a more comprehensive approach to approxi- mating reference revenue levels for small businesses. As part of a rela- tively sophisticated statistical process, a business sector analysis (studi di settore) is conducted for different sectors. The analysis serves to estimate reasonable reference levels of turnover for self-employed workers and small businesses up to an annual turnover threshold of €5 million. Based on these reference levels, outliers with uncommonly low reported levels of turnover can be identified. Special software, called GERICO, is used to determine reference levels and, when reported turnover is below the Simplified Risk Scoring for SMEs 51 Table 4.3 Performance Benchmarks for Bakeries in Australia, by Annual Sales Range percent Low sales Medium sales High sales Ratio ($A75,000–$A400,000) ($A400,000–$A750,000) (more than $A750,000) Cost of goods sold to sales 38–46 32–40 28–36 Labor to sales 0 –11 21–31 27–33 Rent to sales 9–17 5–11 3–9 Source: Authors. estimated level, businesses can readjust their assessments or face a high likelihood of being audited. Despite its relative sophistication and data requirements, the studi di settore approach is one possible model for developing countries. It may allow for a gradual transition from a system used to facilitate presumptive estimation of liabilities based on turnover to a pure audit selection tool in an income-based system. Moreover, the approach can be a strong techni- cal tool for limiting the auditor’s discretion and related rent-seeking opportunities (Arachi and Santoro 2007). However, evidence is emerging that the system provides small busi- nesses with incentives to inflate reported costs, which implies that the approach becomes less accurate over time and that exogenous, possibly survey-based, information is necessary to complement data on taxpayer returns (Arachi and Santoro 2007, 15). The Link between Presumptive Taxation and Audit Selection Some European countries have begun to move from a pure turnover-based system to a presumptive determination of business expenses. In Austria, for example, a list of presumptive business expense ratios has been developed for 54 small business activities. Expense ratios, for instance, are 12 percent of turnover for sales agents, 20–70 percent for agriculturists, and 16 percent for blacksmiths. In addition to being used as a presumptive method, such ratios can also serve as a risk indicator for businesses opting to pay taxes on a net income basis, with businesses reporting much higher expenses than the presumptive ratio being allocated to a higher-risk category. Most developing countries face significant challenges in taxing small businesses. Evasion is widespread, resources are constrained, and special regimes are often reliant on presumptive tax estimation methods that are required to account for limited numeracy and literacy among small 52 Risk-Based Tax Audits business owners. These estimations are commonly based on turnover, risk indicators, or a combination of the two (IFC 2007). Yet turnover is usu- ally the most appropriate and common criterion for determining tax lia- bility in cases of presumptive taxation (see table 4.4). Oftentimes, the tax administration has limited capacity to detect the underdeclaration of turnover. One of the primary objectives of a tax admin- istration is to reduce negotiations between taxpayers and tax inspectors. As business turnover is the key factor in determining small business tax liability, the focus of risk profiling is reduced to a simple verification of whether the taxpayer’s reported income reasonably reflects the level of business activity. The goal cannot be to ensure perfectly accurate identification of turnover. The objective for risk assessment of a small business has to remain basic and focused on (a) identifying medium-size businesses hiding in the presump- tive regime and (b) identifying cases involving substantial tax evasion. The determination of risk parameters is heavily constrained by the limited availability of data and is usually based on previous compliance behavior. A simple comparison of sector averages and other available indicators captured in simplified tax returns, such as the number of full- time employees, floor space, and registered capital, is beneficial. Even based on such limited information, a simple risk-based audit program for small businesses could be developed. In the Republic of Yemen, for instance, the Tax Authority currently operates a simplified system that is based on a discretionary assessment without any detailed records on the business structure of small taxpayers (see figure 4.3). To prepare the introduction of a new turnover-based regime for small businesses, the Yemeni tax administration decided to conduct a survey on key sectors of small business activities (trade, manufacturing, services). The goal was to develop a basic score sheet based on simple correlation analyses, which could be used by local tax inspectors to guide the audit selection process. Table 4.4 Prevalence of Presumptive Regimes for SMEs Number of countries Number of countries opera- Region analyzed ting presumptive regimes European Union 21 8 Transition countries 19 16 The Americas 19 16 Africa 25 23 Source: Authors. Figure 4.3 Example of a Simplified Risk Classification Table for Small Manufacturers in the Republic of Yemen Sector: MANUFACTURING; Extract Product: Business name: Reported turnover (RT) Business address: Surface area in square Turnover of less than 3 millions Turnover 3–5 million Turnover more than 5 million meters Surface more Surface 56 m2 Surface more Surface 127 m2 Surface more Surface 33 m2 2 2 2 or less - green than 33 m or less - green than 56 m or less - green than 127 m m2 flag red flag flag red flag flag red flag Value of fixed assets in Turnover of less than 3 million Turnover 3–5 million Turnover more than 5 million 000 rials Assets 1.3K or Assets more Assets 1.5K or Assets more Assets 4K or Assets more less - green than 1.3K - less - green than 1.5K - less - green than 4K - 000 Rials flag red flag flag red flag flag red flag Grid cost in 000 rials Turnover of less than 3 million Turnover 3–5 million Turnover more than 5 million Grid 120K or Grid more Grid 168K or Grid more Grid 240K or Grid more less - green than 120K - less - green than 168K - less - green than 240K - 000 Rials flag red flag flag red flag flag red flag Monthly rent in Turnover of less than 3 million Turnover 3–5 million Turnover more than 5 million 000 rials Rent 40K or Rent more Rent 50K or Rent more Rent 100K or Rent more less - green than 40K - less - green than 50K - less - green than 100K - 000 Rials flag red flag flag red flag flag red flag Here we can put instructions on what to do in which case. Total Total number of number of circled circled green flags red flags 53 Source: Authors. 54 Risk-Based Tax Audits The Yemeni approach is a work in progress, and risk scores are being refined based on additional survey data and informational audits. Four indicators were initially selected: the physical size of the business prem- ises in square meters, the value of fixed assets, grid costs, and monthly rent. While the value of assets and rent paid are less reliable and more prone to negotiations than the other two indicators, they do capture regional and sectoral differences among businesses and thereby help to ensure a higher degree of fairness in the system. The indicator system prepared in the Republic of Yemen will be based on the statistical analysis of survey data and the experience of the tax authority. At an initial stage, fact-finding informational audits by the tax authority are planned to gather additional information and validate the approach. The approach should be dynamic, with constant adjust- ments as new data are collected. Notes 1. The Enterprise Survey data are produced by the Enterprise Analysis Unit of the World Bank, a team of economists and firm-level survey experts drawing on a large repository of firm-level data from developing countries to produce research on the microeconomic foundations of growth. 2. Taxpayer perceptions captured by the surveys do not differentiate between different kinds of tax inspections, so these may include education visits, issue- oriented inspections, as well as comprehensive field audits. 3. This change was supported by the introduction of special software for tax audit and the introduction of e-filing requirements for businesses to facilitate computerized data matching. References Arachi, G., and A. Santoro. 2007. “Tax Enforcement for SMEs: Lessons from the Italian Experience.” Journal of Tax Research 5 (2): 225–43. Engelschalk, M. 2005. “Small Business Taxation in Transition Countries.” Tax Notes International 40 (6). Germany, Ministry of Finance. 2008. Annual Report 2008. Munich: Ministry of Finance. IFC (International Finance Corporation). 2007. Designing a Tax System for Micro and Small Businesses: Guide for Practitioners. Washington, DC: IFC. World Bank. 2009. Enterprise Survey Data 2009. World Bank, Washington, DC. www.enterprisesurveys.org. PA R T I I I Infrastructure for Risk Analysis CHAPTER 5 Database and IT Framework for Risk Analysis Charles Vellutini As discussed in chapter 2, the effectiveness of risk-based audit selection depends largely on the level of computerization and information technol- ogy (IT) in order to (a) build and manage large databases containing rel- evant information on taxpayers, (b) set up the risk-based audit selection system, and (c) use this system on a daily basis. International practices sug- gest three pillars to a well-designed audit selection system (CATA 2007): • Gathering and centralizing relevant data • Developing a computerized network at the central and the local levels • Implementing software applications, for both tax procedures and data management. These three pillars are not specific to the selection of audit cases; in fact, an efficient system of risk-based audit case selection has to be part of a much broader IT infrastructure that manages the entire operations of tax administration. Many computerized tax administration systems, as in Malaysia or Tanzania, have introduced audit management as a module embedded in a full-fledged tax management system. 57 58 Risk-Based Tax Audits Data Requirements Quality data are obviously critical for estimating a risk assessment model. During the estimation phase, data on both audited and nonaudited taxpay- ers are necessary. Although there is no universal list of the variables neces- sary during this stage, any additional data can only improve the audit selection strategy. As illustrated in figure 5.1, two main data sets are used during estimation: data common to both groups and data from prior audits. The data set common to both groups typically covers the following: • Internal data, that is, data originating from the tax administration itself, covering both fixed and stable attributes of the taxpayer (location, in- dustry, legal status, size) and information on the taxpayer’s financial, employment, and tax situation and, of course, compliance behavior (failure to file returns, late payments) • External data, that is, data obtained by the tax administration from third-party sources such as other administrations (central bank, customs) and other tax administrations where taxation is organized by type of tax (value added tax, direct taxation, for example) rather than by type of taxpayer. Data on audited firms are usually more comprehensive, as an audit is an opportunity for the tax administration to gather information on the detailed tax situation of the taxpayer. This, of course, includes the amount of adjusted taxes and penalties. Figure 5.1 illustrates data flows in the scoring models used by tax administrations. Data requirements differ according to the quantitative technique being used. As noted in chapters 2, 5, 6, and 7, data-mining techniques require large amounts of data to produce meaningful results. In practice, several thousand observations are likely to be a minimum. In contrast, econometric techniques such as regression models are robust to smaller data sets. As a rule of thumb, a sample of 30–40 observations, if drawn randomly from the overall population, is sufficient to produce statistically robust inferences.1 IT Infrastructure The use of IT in revenue administration is a hard-to-avoid prerequisite for designing a risk-based audit system. In fact, in the absence of an IT sys- tem, the only audit method available to the administration is manual screening, with all the shortcomings reviewed earlier. A computerized management system is needed at both ends of the audit strategy: Database and IT Framework for Risk Analysis 59 Figure 5.1 Data Flows in Risk-Based Audit Models score historical audit outcomes model sales other employment audit business tax filings tax filings records history information model inputs Source: Micci-Barreca and Ramachandran 2004. • First, as an input, to build a database of taxpayer information, required to determine the audit selection scores and criteria • Second, as an output, to identify and select the high-risk taxpayers, dis- seminate the risk score throughout the tax administration, and feed into the audit case selection decision-making process. Fortunately, modern IT systems are being used in several emerging countries (such as Malaysia and Tanzania). These examples, as well as the cases of developed countries, show a strong correlation between the implementation of an IT-managed tax administration and the existence of a functional risk-based audit system. Data Management Software The use of adequate software is the third pillar in implementing a risk- based audit system. Tax administrations have followed two approaches, depending on how far the second pillar (the network) is developed: • If a centralized IT system for tax administration has been implemented (as in Malaysia and Tanzania), the audit strategy can be integrated as a module into a broader tax management system. In this case, software is 60 Risk-Based Tax Audits developed not only for audit selection but also for other revenue func- tions such as tax assessment and tax collection. • If there is no centralized IT system for tax administration, specific sta- tistical and data-mining software can be used both to estimate the audit selection model and to identify the taxpayers to be audited. Finally, the existence of a single taxpayer identification number is a key precondition for the efficient sharing of taxpayer information between the tax administration and other authorities, such as customs, police, property registry, vehicle registry, stock exchange, and banks. The Special Case of Data Matching Not all of the approaches to risk-based audits have the same data and IT requirements. Implementing effective data-matching procedures is a daunting IT challenge for even the most sophisticated tax administration. Because of this, data-matching techniques, while widely used in most Organisation for Economic Co-operation and Development (OECD) countries, remain elusive in most emerging countries. A significant data- matching effort involves the following: • Constructing large and costly data warehouses tapping various hetero- geneous databases across administrations (customs, tax authorities) and financial entities (banks, insurance companies) • Implementing complex automatic matching algorithms able to cope with massive amounts of data • Implementing an efficient taxpayer identification scheme. Example in an Emerging Country: Malaysia In 2001 Malaysia switched to a self-assessment system for direct and indirect taxes, after using an official assessment system during the previ- ous 50 years. The country set up a completely new system to assess, col- lect, and enforce taxes; it took advantage of the reform to abandon its manually managed tax administration and implemented a full-fledged computerized system. The Self-Assessment System (SAS) project lasted 11 months, for a total cost (including investment in servers and comput- ers) of US$3.5 million. SAS is organized in modules corresponding to various tasks and procedures performed by the tax administration: tax collection, form Database and IT Framework for Risk Analysis 61 processing, e-services, and so forth. The main modules of SAS are as follows: • Collection. Issuance of tax-estimated forms and processing of corre- sponding receipts, processing of tax estimates and revised tax estimates, issuance of installment payment notices and payment slips, compliance of tax estimate forms, processing of payment data from payment coun- ters and banks, repayments and refunds, and credit transfers • Form processing. Income tax return forms, processing of assessments, taxpayer registration at the data center (the central repository of gen- eral taxpayer information) and update of taxpayer information (identi- fied through a unique number), imposition of penalties for late filings or failure to submit a return, and prosecution of cases • Audit management. Audit users and information, annual audit plan, in- put formula, criteria for audit, audit selection criteria and event-trig- gered cases, periodic or ad hoc cases, assignment and transfer of audit cases, audit of working paper management, audit of norm and point system, audit notice board to notify audit cases received, computation of additional and reduced assessments, audit monitoring and progress for auditors at branches, statistical reports, appeal cases, correspon- dence, audit reports, document location number submodule, and final- ized audit cases for reference. With its new audit module at the heart of the IT-based tax admin- istration system, Malaysia is now able to phase out manual screening and to implement a risk-based audit selection system. The collection of tax revenues and penalties has increased since the new system was implemented. Example in an Emerging Country: Tanzania Tanzania started implementing its IT system for tax administration— ITAX (Integrated Tax Administration System)—in 1998. ITAX was designed as an integrated modular system for taxation that delivers registration, assessment, collection and debt management, accounting, reporting, and audit functions for the Tanzania Revenue Authority. Before ITAX, most processes (tax assessment and collection, audit) were manual or handled by specific and decentralized IT systems (for value added tax, for example). 62 Risk-Based Tax Audits ITAX is based on an Oracle relational database infrastructure, with Sybase Power Designer for application modeling, business process pro- cessing, and database modeling. The following are the main components of ITAX, which are also illustrated in figure 5.2: • The taxpayer identification number (TIN) provides a tool for registering taxpayers and for administration. It enables the generation and integra- tion of information across the Tanzania Revenue Authority; all tax- payer general data (name, address, bank account, type of tax, and so forth) are stored within a single database. It is difficult to overempha- size the importance of a unique identification number and the related centralization of general taxpayer information. • The accounting module maintains a single account for each registered taxpayer and keeps the accounts in a uniform database. ITAX supports transactions like assessment, payment, and reconciliation. The taxpayer’s account is the source of reports and enforcement. • The assessment module provides a set of tools for processing provisional and final returns for corporate income taxes, private in- come taxes, employment taxes, withholding taxes, and value added taxes. Amendments of assessments are supported. The module traces Figure 5.2 Tanzania’s ITAX assessment management accounting information system tax identification number collection audit /debt management document work flow Source: Author. Database and IT Framework for Risk Analysis 63 all nonfilers and allows an estimated assessment for those cases. Data records are generated and transferred to the accounting module. • The collection and debt management module (a) processes regular and debit payments and (b) supports the receipt of bank statements using the bank statement submodule. • The management information system offers all kinds of ad hoc reports and lists for management and audit purposes on a daily, monthly, or yearly basis. Key indicator reports are, for example, tax revenue and arrears. • The document work flow module, yet to be developed (as of 2007), will be used to control the work flow of paper documents within the tax administration. • The audit module is used to run a risk management system for the selection of audit cases, compilation of audit plans, and editing of stan- dardized reports. Integrating the audit module at the heart of ITAX makes it possible to use the data generated by the system (on compli- ance and returns, for example) to draw efficient, risk-based audit plans. The ITAX project was implemented in three phases with the support of the German Agency for Technical Cooperation: (a) planning and design (1998–2001), (b) development of an integrated system (2001–04), and (c) further developments, including the audit support module (2004–07). As in Malaysia, ITAX enables Tanzania to implement a data and IT-based risk-based audit strategy. Human Resources and Training Needs The impact of any audit selection system will be conditional on the qual- ity of the human resources available for tax audit (OECD 2006). A key consideration for the implementation of risk-based scoring methods for audit selection is the availability of related skills in the tax administration and the corresponding training needs. This is especially important in tran- sition and developing countries, where skills are often suboptimal. However, the skills needed to design and operate a quantitative system of audit case selection can be centralized within the typical audit unit of a tax administration. In most cases, it suffices to train the following: • A small, motivated team in statistics or econometrics, normally at the audit unit who, under the supervision of the audit unit management, will develop and operate the risk-scoring system • Auditors on how to interpret the risk score. 64 Risk-Based Tax Audits Legal and Regulatory Environment The usefulness of quantitative methods for audit case selection is, how- ever, conditional on the existence of adequate audit procedures. In par- ticular, this implies the following: • Procedures for matching taxpayers’ perceived risks with specific types of audits, including full audits, limited-scope audits, and single-issue audits • Procedures for selecting audit cases, including the existence of an audit planning unit entrusted with managing the audit planning cycle. More generally, audits need to be carried out in a well-defined legal and regulatory framework. In particular, the legal framework has to pro- vide for the following (OECD 2006): • Adequate balance among auditors between the need to enforce tax compliance and the need to respect taxpayer rights • Bookkeeping obligations of taxpayers, including type of records to be kept, forms of record keeping (paper, electronic), and length of these obligations • Access of tax officials to information from taxpayers’ records, third- party information, and other countries’ information • Powers of tax administrations to amend returns and sanction noncompliance. Note 1. Under certain assumptions, such as in the case of the classical linear regression, the normality and independence of error terms can be tested statistically. References CATA (Commonwealth Association of Tax Administrators). 2007. Implementing Computerisation and Information Technology for Tax Administration. London: CATA. Micci-Barreca, D., and S. Ramachandran. 2004. Improving Tax Administration with Data Mining. SPSS Executive Report. Chicago: SPSS. OECD (Organisation for Economic Co-operation and Development). 2006. “Strengthening Tax Audit Capabilities: General Principles and Approaches.” OECD, Centre for Tax Policy and Administration, Paris. CHAPTER 6 Building and Integrating Databases for Risk Profiles in the United Kingdom Michael Hainey Her Majesty’s Revenue and Customs (HMRC) has not always used risk-based audits; these were introduced for direct taxes on a local level in the 1980s. In the mid-1990s self-assessment of taxes began, and risk assessment was separated from the investigation unit in 2000. In 2005 a national approach was instituted, and risk rules and segmentation are now handled at the national level. The taxes administered in the United Kingdom include income tax; corporate income tax; value added tax (VAT); national insurance contributions; excise duties on alcohol, tobacco, fuels, and gambling; cus- toms duties; environmental taxes; climate change levy; aggregates levy; landfill tax; air passenger duty; insurance premium tax; capital gains tax; petroleum revenue tax; inheritance tax; and stamp duty on property shares. The HMRC employs more than 80,000 staff members in more than 800 locations. The HMRC handled more than 403 million returns and collected £457 billion in revenue in 2008. With one of the largest information technology (IT) networks in the United Kingdom, the HMRC carried out approximately 800,000 interventions and yielded £12 billion from compliance activity. 65 66 Risk-Based Tax Audits The current approach to tax audits includes profiling returns and predicting the likely risk. This is done through data matching and intelligence gathering. Individual risk reviews are performed for large businesses and wealthy taxpayers, with the objective of predicting likely behavior. A national ranking has been created in order to provide a more strategic approach to risk. Strategic intelligence assessments and future assessments are used to spot trends and anomalies. In order to link operational activity and compare taxpayer data with industry standards, consultations are held with trade sector advisers. An Overview of the Role of the Risk Intelligence Service Information is collected from bulk third-party information notices; inter- national sources; covert;1 commercial; and open sources; and voluntary or management information sources. The Risk Intelligence Service acquires and develops data, information, and intelligence from these sources and provides analysis. It then extrapolates trends and behaviors based on these indicators, with an eye toward current and future risks, including threats and specific industry segments. With this information, it compiles a national ranking of risks, and this information drives its response. Software for Risk Management The Risk Intelligence Service uses a sophisticated software program (Connect) to identify and present risks. The software functions as a search engine and research tool, which enables analysts to trace any case and to review complex cases. The program enables analysts to do risk profiling and prioritization, using statistics to identify and sort the riskiest cases. The Connect software provides the ability to allocate types of cases to the appropriate teams. The software system uses 23 source systems and 81 document types for more than 800 million records. Some of the common entities include family, individual, address (residential, business, land), business office location (registered, trading, and corresponding addresses), employer, VAT group (businesses using the same VAT number), partnerships, tele- phone, bank accounts, or trusts. The use of the Connect software allows for better case identification by improving both the strike rate and yield per case. As a result, less time is required per case, and productivity is improved. Data collection and analysis uncover national trends, removing Building and Integrating Databases for Risk Profiles in the United Kingdom 67 the effects of local inconsistencies. Case segmentation allows for more efficient allocation of resources and types of interventions. Network data—the shared component of computer networking—is received from source systems and fed into the analyst platform (SAS Business Intelligence Suite) and the network investigation platform (the integrated compliance environment, or ICE). The software gives risk ana- lysts the ability to (a) deploy risk scores, (b) set new risk rules, or (c) gen- erate bulk campaigns. This information can be folded into case packs, which allows for optimal work flow management of case lists (and their associated case packs), prioritized for the appropriate users. The network investigation screen enables users to search, visualize, explore, save, and print networked data concerning a taxpayer or linked taxpayers. Enabling a Targeted Response Use of the Connect risk management software accelerates assessment and decision making across the full range of noncompliance from the negli- gent to the fraudulent. Captured data are linked together to build social networks. Risk modules are then applied to segment and rate the risk level of those networks. Queries can then be run to produce lists of net- works that fulfill the query criteria. By rating the risk levels and segment- ing the groups, it is possible to tailor the most suitable compliance approach. The software allows the risk groups to be segmented according to different risk levels. For example, the high-risk or complex group can be viewed via network visualization (effectively the ICE), in which the user sees all related information graphically to determine multiple risks or root causes. Risks designated as “simple” are assigned to case packs, which summarize risk and include the relevant supporting evidence. For high- volume risks, bulk interventions are the best method to improve compli- ance. This is done via bulk mailings, calls, or other publicity measures to promote compliance. Network Visualization The NetReveal Visualizer, a web-based application, allows the user to see a visual representation of the different networks to which a subject is connected. It allows the user to search for documents via a search engine and to open the surrounding network of data. The user can then expand a network or “drill down” for further information. This ICE can be used 68 Risk-Based Tax Audits for high-risk or complex networks and enables the user to see a vast array of connections on one screen. Transaction Centers The transaction centers receive millions of pieces of information about tax- payer transactions. Certain transactions may raise a flag, and the transaction center may decide if these transactions are worthy of an intervention, which may then require interception. They also flag new issues that may require monitoring and gathering business intelligence, measuring effec- tiveness, and alerting for new behavior. Some of these transactions may require seeking a response from the taxpayer concerned. Another impor- tant function of the centers is to identify and understand the modus operandi and then to prescribe appropriate solutions or treatment. Examples of ICE Profiles The following are examples of ICE profiles: • Rental properties. For example, a taxpayer has several rental properties (not the main residence) that are not indicated on the tax return. Drill down could include finding who is responsible for the rental properties, what are the possible implications, and what are the secondary issues, such as the sources of funding for the rental properties. • Hidden economy. For example, the discovery of a “shadow economy” profile. In this case, an individual may be responsible for more than 40 rental properties, yet no HMRC returns are found in connection with any of these properties. • VAT multiple cell. Numerous VAT registrations may list the same mo- bile phone number as the contact number. Many of these may contain a plus sign, which suggests other underlying links. • Corporations. The revenue service is interested in corporations as an organization, such as the VAT structure of the company, a cluster of directors who are also directors of other subsidiaries, the corporate tax structure of the parent company, and the directors’ local networks, in- cluding property, bank accounts, and family members. • Hot listing. Hot listing is a way of adding information to persons who are probably already under scrutiny or appear on a non-Connect work list. It is the same as profiling, but uses external information that provides an additional risk metric, such as if declared income does not Building and Integrating Databases for Risk Profiles in the United Kingdom 69 match derived income. For example, a list of offshore bank accounts and account holders is “hot listed” to attach the information held by the HMRC. This is then risk assessed by a specialist team. Lessons Learned for Compliance Risk Analysis The following are some of the lessons learned from the use of Connect and other tools for analyzing compliance risks: • Profiles should initially be subjected to a trial period and then repeatedly tested to strengthen the efficacy or strike rate. • It is important to be flexible and dynamic. • As behaviors and motivations change, so should the campaigns to target these behaviors. • It is beneficial to have an analysis team that incorporates both analytical skills and tax experience. • Teams should include people with data manipulation expertise such as data analysts, statistical analysts, and business experts. • It is also helpful to incorporate users and businesses who know how to ask the right questions. • The data model is the key element and should be built to serve business needs. • Common-link fields, such as a unique taxpayer reference, can reduce costs substantially. This includes legacy systems and data-quality stan- dards. Although the software is currently targeted for compliance measures, it has the potential to support the wider business of the HMRC. Benefits The use of the Connect software can potentially deliver three important benefits: increased yield, more efficient staff, and strategic benefits. • Increased yield. Connect can increase yield by improving the hit rate, which results in a larger number of better targeted cases. It can increase the strike rate, meaning that cases are larger in number and better tar- geted. It can improve efficiency because staff members can handle more cases. Finally, better targeting of cases allows for identification of the most suitable type of intervention. 70 Risk-Based Tax Audits • Staff efficiencies. The integrated compliance environment has resulted in considerable time savings, as staff can see a visual representation of a complex network. The increased hit rate also has improved staff efficiency. • Strategic benefits. Connect has supported strategic benefits by shrinking the pay-as-you-earn tax gap and deterring noncompliant behavior. Note 1. Information gathered as a result of intelligence operations. CHAPTER 7 Data Warehouse and Data-Mining Tools for Risk Management: The Case of Turkey Ugur Dogan Data mining is a powerful tool for compliance management and for both risk analysis and risk scoring. Its importance has grown over the last decade due to the ever-increasing use of information technology (IT) and the growing availability of large databases. Data warehouses receive data from both internal sources (declarations, tax audit history) and external sources, such as other government agencies and private sector institutions (banks, insurance companies, other taxpayers). Data mining and matching of third-party information are particularly useful for analyzing unreported activities of registered taxpayers. Value added tax (VAT) fraud, where traders issue false invoices or businesses use those invoices to reduce their VAT liabilities or claim a fraudulent VAT refund, is another area where data mining comes in very handy. This involves large-scale cross-checking of transactions and analysis of suppli- ers and subsuppliers to score and rank profiles for high-risk taxpayers. Several international studies testify that data matching using informa- tion from third-party reporting is an effective deterrent to evasion. A recent Danish study that observed the behavior of a random sample of 40,000 taxpayers in 2007–08 found that categories of taxpayers subject 71 72 Risk-Based Tax Audits to third-party reporting and matching had evasion rates below 1 percent compared to 40 percent for categories of taxpayers not subject to third- party reporting and matching (Kleven et al. 2008, 3). A more recent study of the income tax gap in the United States revealed significantly higher underreporting among taxpayers whose income was not subject to systematic third-party reporting and matching (such as sole traders) compared to those whose income was subject to regular third-party reporting and matching (U.S. GAO 2009). Inputs for the Data Warehouse In Turkey the data warehouse receives input from three primary sources: public organizations, private sector organizations, and the Revenue Administration. The Revenue Administration collects data from e-declarations, registration information, debt and collection notices, busi- ness ownerships and partnerships, previous audit results, as well as tax assessments and payments. Various public sector organizations provide valuable information about business and domestic activities, including information from the Central Bank, the Post Office, and the Department of Motor Vehicles. The Revenue Administration also receives information from the Customs Administration and the Land Registry, including infor- mation on imports and exports and on the purchase and sale of homes. From the private sector, data are collected from banks, factoring-services companies (which provide accounts receivable financing), insurance companies, leasing companies, and portfolio management companies. Monitoring Unregistered and Potential Taxpayers Individuals who have a tax identification number but no trade activity are referred to as potential taxpayers and are registered with the Tax Office Complete Automation (VEDOP) project. The transactions of potential taxpayers through financial institutions are recorded in the data ware- house and analyzed to determine unreported trade activities or links with underreported company profits. Potential taxpayers are designated as high risk in cases where the number of transactions in the fiscal accounts exceeds a predetermined threshold. Tax administration officials can further investigate whether these indi- viduals have links with companies, as partner, owner, or employee, and whether these companies transfer money through these individuals to hide trade activity. The rationale for such money transfers is questioned Data Warehouse and Data-Mining Tools for Risk Management: The Case of Turkey 73 during the audit procedure, which helps to identify companies that have underdeclared sales. VAT Returns Receipts from credit card sales and VAT declarations are also cross- checked for accuracy. Credit card sales data are received from banks on a monthly basis and stored in the data warehouse. This information is then compared to the corresponding line for credit card sales on the VAT return. The Revenue Administration used to compare information on credit card sales with information on VAT returns and selected cases for audit where there were discrepancies. However, this system produced an excessive amount of audits, which resulted in high costs for both the Revenue Administration and the taxpayers. In order to reduce the number of noncompliant taxpayers and ease the burden on audit units, the Revenue Administration developed a proactive mechanism in August 2008. The data warehouse compares credit card sales, bank and credit machine identification numbers, and the amount of sales. The Revenue Administration puts that credit card sales information on the Internet so that taxpayers can check their monthly credit card sales while filling out their VAT returns. When these numbers do not correspond, a warning is issued so that taxpayers may visit the tax office to resolve the warning. This cross-check occurs in real time as the data warehouse receives credit card sales information from the banks. From the warehouse, the credit card sales information appears on the computer screen of taxpayers while they fill out the VAT return. When filling out the appropriate e-VAT refund form, taxpayers can choose either to ignore or to approve the discrepancy. If they choose to ignore the discrepancy, the automated system at the tax office is notified and they are displayed on screen as noncompliant. Then the tax officer initiates compliance activities, and taxpayers are asked to explain discrepancies. In some cases, for example, the information received from the banks may be incorrect. When the explanation is not satisfactory, taxpayers are selected for audit. The automated system and data warehousing have resulted in a sub- stantial decrease in the number of noncompliant taxpayers. In June 2008, nearly 140,000 taxpayers did not fill out credit card sales information on their VAT returns, 60,000 taxpayers had discrepancies in more than 20 percent of transactions, and more than 100,000 taxpayers had discrep- ancies in more than 5 percent of transactions. Within two months, as 74 Risk-Based Tax Audits users became familiar with the system, there was a substantial reduction in the number and amount of discrepancies. Within one year, the number of discrepancies was a fraction of the total from the previous year. By June 2009, substantially fewer than 20,000 taxpayers had a discrepancy rate of more than 20 percent. The VAT Refund Risk and Risk Assessment Models VAT fraud has recently become a serious concern for Turkey. The most common type of VAT fraud is traders issuing false invoices and businesses using those invoices either to reduce their VAT liabilities or to claim a fraudulent VAT refund. Within this context, using a selective risk-based approach to VAT input credit claims will ease the burden on both the tax administration and legitimate businesses. Risk-based approaches enable the Revenue Administration to better identify high-risk businesses and fraudulent claims. In Turkey a risk-profiling model has been developed using a computer- based credibility or validity check to assess refund claims against a set of variable parameters. Claims that fail the test are referred for further examination, either on a prepayment or a postpayment basis. This pro- cess, known as VAT risk analysis, effectively assesses the risk of taxpayers similar to the way that financial institutions assess the creditworthiness of applicants for loans, mortgages, and credit. One of the key components of a VAT risk model is sending necessary documents via the Internet in order to process a VAT refund. This has the dual benefit of enabling the tax offices to generate a VAT refund check report and to monitor the activity of fraudulent traders. Scoring and Ranking Profiles for High-Risk Taxpayers In order to identify high-risk taxpayers, data are collected, taxpayer behaviors are analyzed, and a risk score is assessed. Data from bank accounts, VAT registrations, prior audit results, payment history, prior tax returns, Ba and Bs forms, and norms and parameter tables are collected and analyzed. The taxpayer’s behavior history is compared to the col- lected data, including late payments, frequency of address changes, figures that are submitted as a round number, high turnover, and the failure to file a VAT return. This information is compiled and analyzed to create the taxpayer’s profile and assign a risk score to determine which taxpayers are considered high risk. Data Warehouse and Data-Mining Tools for Risk Management: The Case of Turkey 75 Taxpayers are rescored each month, based on the latest VAT returns and Ba and Bs forms. Rescoring taxpayers on a monthly basis is crucial because fraudulent traders tend to disappear a couple of months after they have issued numerous fictitious invoices. The VAT risk model scores more than 2 million VAT traders every month and is used as an early- warning indicator for potentially fraudulent activity, creating a database of traders suspected of fraud. Analyzing Lists with the Automated VAT Refund System The central database receives input from four primary sources: the VAT return, a list of suppliers, a list of customs declarations, and a list of export invoices. This information, in conjunction with the taxpayer’s application for a refund, is fed into the central database and analyzed and a VAT refund control report is issued to the tax offices. One of the exceptional parts of the VAT risk model is the use of Ba and Bs forms to analyze additional suppliers in the transaction chain. This is a very important aspect of the model because, in most cases, fictitious companies are hid- den under the claimants’ suppliers. Typically, they disappear after they issue false invoices for a couple of months. Therefore, detecting them as soon as possible in the transaction chain is vital for spotting false VAT refunds. Large-Scale Cross-Checking Mechanism of Ba and Bs Forms A taxpayer’s sales and purchase totals are cross-checked based on the taxpayer identification number, and inconsistencies are analyzed. For example, on the Bs form, if Taxpayer A reports sales to Taxpayers B, C, D, and E, these numbers are then cross-checked with the purchase declara- tions of Taxpayers B, C, D, and E on the Ba form. If the sales declaration amounts correspond to the purchase declaration amounts, no audit is initiated. If sales declarations are not reported, or are reported as substan- tially lower than the purchase declaration amount, an audit is initiated. Analysis of Suppliers and Subsuppliers The initial phase of the risk analysis model analyzes supplier and subsup- plier traders in the transaction chain after receiving the claimants’ supplier list via the Internet. Simultaneously, the model uses Ba forms in the data warehouse for the second phase or analysis of subsuppliers. The 76 Risk-Based Tax Audits system automatically checks all of the traders in the supplier’s list of refund claimants. If a fraudulent trader appears on the claimant’s list of suppliers, the model automatically identifies that trader as high risk. Additionally, the VAT risk model drills down further into the transactions chain and analyzes the use of Ba forms. If a fraudulent taxpayer is discovered among the subsuppliers stored on the Ba database, the model automatically marks that trader as a high risk and reports him to the tax office. The combination of the risk-scoring system with use of the Ba and Bs forms offers a more detailed, in-depth analysis of the supply chain. The model identifies any intermediary taxpayers who provided false invoices. Prior to implementation of the VAT risk model, the inability of auditors to progress further down the supply chain reduced the likelihood of suc- cess. The use of Ba and Bs forms, combined with the ability to investigate the legitimacy of transactions further down in the supply chain, has increased the likelihood of identifying false invoices. References Kleven, H., M. Knudsen, C. Kreiner, S. Pedersen, and E. Saez. 2008. “An Experimental Evaluation of Tax Evasion and Tax Enforcement in Denmark.” http://www.tinbergen.nl/files/papers/tax_audit_experiment_v7.pdf. U.S. GAO (Government Accountability Office). 2009. “Tax Gap: Reducing Sole Proprietor Loss Deductions.” GAO Highlights. U.S. GAO, Washington, DC. PA R T I V Country Experiences in Risk-Based Tax Audits CHAPTER 8 Sweden Lennart Wittberg There are three main organizational requirements for implementing risk-based audits within a tax agency: resources, administrative structure, and cooperation. A key element of risk assessment is that there is a con- sensus on the overall goals to be achieved and that the staff is trained and capable of implementing the steps required to achieve these goals. The implementation of risk-based audits in Sweden has required the technical capacity to gather and understand data. Information technology (IT) sys- tems, including software and hardware, as well as the technical compe- tence to manage the data, are also key components. Equally important is having the capacity to understand the statistical significance of the data, as well as having the requisite investigative skills to drill deeper into data that may appear questionable. The goal of the Swedish Tax Agency is to identify and select taxpayers who are intentionally avoiding their tax obligations as opposed to taxpay- ers who have just made errors on their forms. An attempt is made to understand the behavioral aspects of taxpayers instead of just the infor- mation submitted on the tax return. A successful compliance strategy is based on knowledge of taxpayer behavior and motivation. Without the three critical pillars of data, tools, and analysts, it is difficult to build the requisite knowledge necessary to understand taxpayer behavior and motivation. 79 80 Risk-Based Tax Audits Risk Management Data and intelligence are the fundamental building blocks of risk-based audit systems. This gives analysts critical insights into taxpayer behavior and enhances the knowledge base. The results of this analysis must then be prioritized in order of importance. Management uses the strategies and goals of the agency in order to prioritize and decide which groups of taxpayers deserve higher levels of attention. Once the target groups are identified, it is important for auditors to share the results of the informa- tion with IT experts within the organization so that the lessons learned from the audits can be applied to future models. In Sweden, data are gathered at both the central and regional levels. This information is shared with a risk management group led by the head office, with participation from regional offices. The risk management group creates and sends a list of prioritized tasks to the management team, which chooses the selection team. The head office leads the selection team, which is composed of regional participants as well. The selection team chooses which groups will be targeted as well as which audit strategies will be implemented. This decision is made based on available data as well as the capabilities of the internal staff. These factors determine which tools are needed. The fundamental building blocks of risk-based audits in Sweden are the competence and knowledge of the staff. In addition to these resources, administrative structures are necessary that place risk assessment in line with the overall goals and strategies of the tax agency. Risk assessment is a part of standard business planning and decision making. Coordination at the central level, as well as a high level of local involvement, is critical. These interactions between central and local offices can be structured in order to facilitate information exchange. Information Needs in Relation to Audit Selection Method There is a direct correlation between the power of the information received and the amount of value it creates. The better the data and infor- mation, the more precise the knowledge. As the data analysis becomes more complex, the value of the data trends significantly upward. The audit selection method and need for tools are, of course, determined by the audit strategy, availability of data, and capabilities of the tax administration. Sweden 81 The first audit selection method is to sort and filter data. This is a relatively simple method of auditing and is limited in scope. A rules-based method allows for more complex queries. A rules-based method with ranking is based on a points system. This method provides a subjective ranking and requires a more advanced IT toolkit. Finally, the statistical methods system relies on both advanced IT tools and statistical expertise to develop complex models and computer-based likelihood scenarios. According to the Fiscalis Risk Management Platform Group, European Union countries use different risk tools as follows: sorting databases (34 percent), rules-based methods (36 percent), data mining (15 percent), and other (15 percent). Beginning with standardized reporting and ad hoc data, the complexity of data analysis progresses to modeling and then predictive behavior analysis. Complex analytic capabilities include the ability to employ data-mining and data-clustering techniques and to conduct modeling, simulations, statistical testing, and forecasting. CHAPTER 9 The Netherlands Jon Hornstra The strategic goal of the Dutch Tax and Customs Administration (DTCA) is compliance, defined as the willingness of taxpayers, either businesses or individuals, to fulfill their tax obligations by reporting relevant facts cor- rectly, on time, and in full.1 The DTCA maintains a service-oriented, respectful approach toward taxpayers. Voluntary compliance is promoted through corrective action and, as a last resort, enforced through the criminal court system (DTCA 2008). Risk Management Process Risk management is a systematic process in which the tax administration chooses which instruments will be used to stimulate compliance and prevent noncompliance, based on the knowledge of taxpayer behavior and the available capacity of the tax administration.2 Risk management is predicated on combining subjective information from tax returns and objective information from audits and third-party information. All avail- able data are used for risk analyses, and particular risks are selected for treatment after policy makers define strategies and prioritize goals. The DTCA has a broad range of enforcement tools at its disposal in order to deal with risks, including preventive instruments and enforce- ment tools. Preventive measures include legislation, communication, 83 84 Risk-Based Tax Audits services, and visits to companies. Repressive tools include audits, fraud investigations, and administrative fines. Additionally, some relatively new tools are available, such as horizontal monitoring and enforcement com- munication as well as collaboration with other enforcement agencies (DTCA 2008). Due to limitations of supervisory capacity, it is not possible to monitor every single tax return. The DTCA focuses on risks with the highest impact, such as damages in the financial or social sphere, and looks for the most effective and efficient instrument for treating those risks (see figure 9.1). Instruments for Improving Compliance In order to increase the number of accurate tax returns, the DTCA offers services such as service desks, call centers, and prefilled tax returns. Prefilled tax returns can offer several benefits, including a decrease in the number of unintentional errors and in the costs of compliance. They also improve the service quality and have a positive effect on compliance. This helps to build transparency and is an integral part of building a relation- ship of trust between citizens and tax authorities. Additionally, compli- ance communication or information campaigns are used to deter noncompliant behavior and to support the tax authorities. Additionally, the DTCA attempts to reduce the likelihood of taxpayer error by simpli- fying complex fiscal rules. There is strong evidence that the use of pre- filled returns can be effective and efficient. The DTCA has developed horizontal monitoring between authorities and the business sector to foster cooperation and agreements. Businesses, either on their own accord or by legislation and regulations, are becoming increasingly more transparent in their operational management. The DTCA assists in these efforts by sharing responsibility for compliance with businesses and sector organizations (Dutch Tax Office 2008). The DTCA undertakes discussions and dialogues with large enter- prises, sector organizations (for small-size companies), and fiscal advisers in order to create a relationship based on transparency and to prevent errors on tax returns. As a result of horizontal supervision, cooperation between the tax authorities and taxpayers means anticipating issues before they happen, rather than verifying them through audits. By intensifying dialogue with specific target groups, the DTCA seeks to reinforce partnerships and to prevent tax adjustments. These partner- ships also seek to use less repressive instruments, such as corrections and Figure 9.1 Diagram of Risk Management Process subjective information: no action tax returns, taxpayer information tax audit or desk audit risk analysis enforcement communication legislative and objective information: organizational solutions third-party information, sector information horizontal monitoring learning cycle output / outcome Source: Author. 85 86 Risk-Based Tax Audits penalties. Increasing clarity and certainty for taxpayers in advance improves the business climate, and the DTCA is better able to forecast tax income. Additionally, the tax administration enjoys lower operating costs by enhancing taxpayer compliance with regulations and information. Horizontal Monitoring The instrument of horizontal monitoring includes collaboration with three primary groups: industry sector organizations, tax service providers, and large companies. Horizontal monitoring has added value for small and medium-size businesses (SMEs) as well as other homogeneous groups of entrepreneurs. The DTCA also engages in dialogue with indus- try sector organizations to see if certain agreements can solve problems specific to certain sectors. The DTCA makes generic agreements with fiscal service providers, such as accountants and consultants, on the substance and quality of their activities in order to increase the flow of compliant tax returns. Individual agreements with large companies are made on the manner and intensity of monitoring. This monitoring focuses on the extent to which a company is managing its tax liabilities properly. It requires insight into the design, existence, and functioning of the firm’s internal control, known as the tax control framework. Horizontal monitoring is conducted in several ways. An annual survey is conducted on the extent of taxpayer compliance, known as “compli- ance monitor.” Additionally, meta-monitoring is used, which is based on the audit results of the fiscal intermediaries and service providers that have an agreement with the DTCA. The DTCA does not focus on indi- vidual taxpayers, but on the system of governance, management, and accountability of tax advisers. Meta-monitoring focuses on the quality of the tax returns made under a horizontal agreement. The DTCA also uses the results of random audit selection, which can indicate the reliability of different groups of taxpayers. The Importance of the Learning Cycle The importance of evaluation is critical. Lessons learned from the treat- ment of selected risks need to be analyzed and reapplied to the risk selec- tion model in order to improve the accuracy of the model. Risk management is about making choices to improve the behavior of taxpay- ers. Repressive instruments are not always the most suitable means for The Netherlands 87 bringing about long-term shifts in behavior. For example, if taxpayers default out of ignorance, providing informational services to and com- municating with new businesses can prove to be more effective instru- ments (Dutch Tax Office 2008). Risk-Related Information The DTCA gathers and analyzes many types of information at the central level, including industry sector–related information, trends, and data; information from tax returns; information on taxpayer behavior; insight into the extent of compliance (filing tax returns on time, declaring tax liabilities correctly, paying on time); nationwide compliance surveys, risk database information from regional offices; third-party information (real estate transactions, bank transactions, wages); and information from other authorities. 2009 Fiscal Compliance Survey In 2009 the DTCA commissioned a fiscal compliance survey to improve its understanding of the impression that the public has of the services provided, as well as their views on taxes in general. The majority of the respondents have a favorable impression of the tax administration, as indicated in the following responses: • Clarity. 84 percent of the respondents are satisfied about the clarity of letters, campaigns, and tax assessments or bills. • Accessibility. 66 percent are satisfied with the ability to reach the tax services by phone. • Website. 74 percent think that information is easy to find on the web- site. • Evasion. 78 percent think that the tax administration will detect tax evasion, 92 percent think tax evasion is unacceptable, and approxi- mately 87 percent say they will never evade taxes. • Tax support. 58 percent of people view paying taxes as a kind of contri- bution, while a minority view taxes as “giving up” money. Randomly Selected Audits Over the past three years, the DTCA has used nationwide random audit selection, in addition to risk-based audit selection, as a tool to get a clearer 88 Risk-Based Tax Audits picture of taxpayer behavior. Approximately 15 percent of DTCA field audit capacity is allocated to this purpose. Annually, DTCA audits roughly 4,000 businesses. The Central Risk Management Organization analyzes these audit results. This instrument provides information on issues related to risk and target risk groups and indicates the most effec- tive ways to address these risks. This tool also helps to understand the efficacy of the current risk assessment model. Regional Approach to Risk Identification Although it is preferable to gather risk-related information at the central level, it is also necessary to collect risk information at the regional or local level. Risk management is not just the purview of electronic databases and analysis; it is also about noticing what is occurring on the ground. Important data and information include annual reports and tax returns (regional comparison of assets, comparison of turnover ratio), information on business development, on-site observations (to ensure that the com- plete sales are registered at the point of sale or to compare the real cash balance with the administrative cash balance), traditional and digital desk research to discover new entrepreneurs, professional judgment, and the intuition of the regional tax auditors. Challenges Several challenges can be encountered during the implementation of risk management. Commitment at the central and political levels is extremely important. The goal of risk management is to change behavior to achieve a higher level of compliance. At the political level there is a tendency to maintain traditional approaches, such as the total number of audits and the tax yield. As risk management is more focused on behavioral change, the goals should be defined as achieving a higher level of compliance. Another challenge to implementation is to ensure a regular flow of infor- mation between the local offices and the central office. As data and avail- ability are constantly evolving, it is important to work with the data that are currently available and to construct a learning cycle to improve the process. Finally, it is important to consider that traditional, punitive instruments are not always the most suitable means for bringing about long-term changes in behavior. The Netherlands 89 Keys to Success and Lessons Learned The following elements are critical to the successful implementation of a risk-based audit strategy: • Having clear and detailed vision, goals, and strategy • Obtaining political commitment and support • Maintaining a central risk management department that is responsible for discovering the risks; providing assessments; gathering risk-related knowledge, including analyses of random sampling results; maintaining a cycle of learning; and focusing on nationwide risks • Understanding taxpayer behavior, either through randomly selected audits, a nationwide compliance survey, or both • Learning about new instruments that are available, such as services, horizontal monitoring, legislative solutions, and enforcement commu- nication to improve compliance • Focusing on large issues and phenomena such as real estate transactions, construction companies, property, assets in foreign countries, and new entrepreneurs. • Meeting taxpayers to understand their behavior and motives. Notes 1. For international standards, tax compliance consists of registration for tax purposes, filing tax returns on time, declaring tax liabilities correctly, and pay- ing taxes on time. 2. According to the Fiscalis Risk Management Platform Group. References DTCA (Dutch Tax and Customs Administration). 2008. “Dutch Tax and Customs Administration Business Plan 2008–2012.” DTCA, Amsterdam. http://download.belastingdienst.nl/belastingdienst/docs/business_ plan_2008_%202012_bjv0031z81fdeng.pdf. Dutch Tax Office. 2008. Annual Report 2008. Amsterdam: Dutch Tax Office. CHAPTER 10 Bulgaria Vesela Gencheva Prior to 2000, the National Revenue Agency (NRA) of Bulgaria did not employ risk-based assessment. There was a deficiency of objective criteria for audit determination, and the NRA did not fully analyze taxpayer data. During this time period, there was also a substantial increase in fraud and tax noncompliance. However, since 2000, the NRA has implemented a risk-based assessment system in order to use the available data better and define audit targets objectively. Over the past nine years, the tax administration has refined and updated the audit selection criteria with the use of various tools and computer programs. This has increased the use of resources and effective- ness of tax control. By analyzing data and preliminary information, the NRA has created individual risk assessments for specific taxpayers. The central level is responsible for creating audit plans using defined selection methods, procedures, and tools. Noncompliance risk criteria are defined using tax and social security legislation at the central level and are imple- mented at the regional level. Audit cases are screened individually accord- ing to the instructions and criteria approved by the executive director. Audit selection is implemented using two measures: active selection and current selection. Active selection is used to screen liable people by comparing data from different information sources. This selection process 91 92 Risk-Based Tax Audits cross-checks and compares different kinds of data that were submitted, including tax returns and other sources of information within the tax administration. The current audit selection process uses information from value added tax (VAT) refunds, as well as from other revenue bodies and external sources. An audit is triggered when a taxpayer submits a refund claim that is extraordinary (that is, not in line with the normal business pattern of the firm or industry) or claims bankruptcy proceedings, transfers, or corporate transformations. Tips about questionable activities from external sources and other tax administrations can trigger an audit as well. During the selec- tion process, specific information is obtained by filling out downloadable forms on the selection register. This gives the taxpayer access to NRA data- bases at a basic level. This process ensures an automated risk-based assess- ment of VAT returns for taxpayers who meet the criteria of VAT laws. The NRA uses both internal and external information during the audit selection process. Internal information includes registers, tax returns, tax and social security accounts, purchases, sales journals of individuals regis- tered under VAT law, and background information on taxpayers available in the information databases. Information from the taxpayer’s file is accessed, including prior audit reports and control checks. The NRA also has access to various external databases. Selection Criteria Both general criteria, which are applicable to all taxpayers regardless of characteristics, and specific criteria are used for selection. General criteria provide background information about taxpayer behavior and compli- ance with tax and social security laws. Specific criteria divide taxpayers into five groups, depending on legal status, tax status, whether an indi- vidual or a company, VAT registration, and social security or self- employment status. The criteria stem from national legislation. Selection criteria are based on the legal status of the taxpayer, the social security status of the taxpayer, and the criteria for persons under the VAT laws. To select taxpayers for audit, the following criteria are taken into consideration: • Large-scale self-assessed taxes have not been paid. • The taxpayer has not been audited since initial registration or for an extended period of time and has produced large turnover. Bulgaria 93 • Supplemental assessments and offenses were noted during previous tax audits. • VAT payment does not correspond to a large self-assessed turnover. • The taxpayer has VAT taxable transactions with suppliers identified as “high risk.” • The annual tax return does not conform with financial statements. • The taxpayer has an audit history of fraudulent or deceptive behaviors. Automated risk assessment applies to taxpayers who have claimed, VAT refund in cases where the turnover of exports and intra–European Community supplies are more than 30 percent of total turnover. Taxpayers who have already been identified under the previously men- tioned criteria and who declare suspicious VAT refund activity are selected under the risk-based assessment screening mechanism. If the police have not requested a suspension of VAT refunds or if the taxpay- ers are not linked to criminal activity, they are not subjected to an audit. Additional criteria for automated risk-based assessment is a large devia- tion of taxes from the established monthly average of exports, deviation of the declared refundable VAT from the average monthly rate, or iden- tification of the taxpayer as high risk by a special unit that investigates fraud. Additionally, the following items are taken into consideration: • Deliveries to and from a counterparty identified as “high risk” • The proportion of domestic deliveries to the total supply of exports • Any deregistration initiated by the Revenue Authority within the past five years • The ratio between the available fixed assets and the declared amount of refundable VAT • The amount of the VAT refund. Risk-based assessment is individually calculated for each taxpayer based on a point system.1 The complex risk-based assessment includes the amount of penalty points that are assessed. The selection department cre- ates a list of persons to be examined, as well as, a list of persons considered low risk. For those deemed low risk, VAT is refunded using an accelerated recovery procedure. The officer in charge of the audit is authorized to review these lists. 94 Risk-Based Tax Audits Organizational Structure for Risk Management The organizational structure of the risk management system includes an executive director, the Risk Management Directorate (18 tax experts), and three deputy directors. The deputy directors are responsible for the investigation of special cases. The initial phase of the risk management system is based on information technology support and software. The process of risk selection consists of the following steps: • Identification of risks • Analysis of risk characteristics • Prioritization in order of importance • Treatment of risks to reduce the impact on tax administration • Evaluation of the process for optimization. The risks are then organized in order of priority, by the expected damages and treatment measures and costs. Treatment measures are implemented and the results are analyzed. The process is evaluated for its efficacy and efficiency, and optimization measures are proposed. The risk management system is predicated on users filing their taxes and social security declarations. As such, there is a declaratory risk, as some taxpayers fail to file or do so after the deadline, becoming noncompliant. Prior to January 2008, the country’s tax and social security legislation did not have a common, systematic approach to the manage- ment of noncompliance risks. In order to create a direct link between the objectives of the NRA and the targeted risks, an organizational structure responsible for the risk management process was implemented. Risks are now assessed using a structured prioritization system, resulting in a more functional revenue administration. Benefits of Risk Management System Software Risk management software is used to cover all phases of the process, including identification, analysis, prioritization, treatment, evaluation, and reference and administration modules. Entering risk information in a software package enables the data to be structured and analyzed, yielding a better understanding of risk characteristics, significance, and symptoms. Risk management software allows for more detailed information about the risk profiles of individuals as well. In addition to detecting trends, the Bulgaria 95 software facilitates information about treatment and establishes a more efficient and targeted assignment of activities. Note 1. The point system generates points for each of the criteria depending on level of deviation. These points are aggregated to determine the total risk score for the taxpayer. CHAPTER 11 India Rajul Awasthi By 2007, India had nearly 30 million taxpayers, 300,000 of which were corporate enterprises. An additional 14 million taxpayers were businesses with sales turnover of more than Rs 4 million (approximately US$90,000). As a result, the need to carry out selective audits, referred to as “scrutiny” of tax returns, became apparent. The basic principle: trust the taxpayers, but verify their claims. A system of selective audit was first introduced in 1987. However, at that time, the criteria for selecting a case for scrutiny remained largely discretional. Given the broad guidelines, tax officials had a fair amount of discretion in determining whether or not a particular case should be scru- tinized. Clearly, this gave unfettered power to tax officials and led to rent-seeking behavior. In fact, the ability of tax officials to select cases for detailed audit has been a source of many complaints of corruption, and taxpayers have often gone public with claims that officials have demanded bribes not to select their cases. During the 1990s, the Central Board of Direct Taxes (CBDT) began to specify the criteria for selecting cases for audit in their annual action plans. Tax officials were directed to adhere strictly to the specified crite- ria. However, exceptions were possible, which enabled the selection of some cases not covered by the criteria, with the approval of a superior officer. As a result, discretion was still present. 97 98 Risk-Based Tax Audits Introducing a System of Risk-Based Tax Audit In 2004 the CBDT began to move to a more accurate self-assessment system using risk-based audits supported by information technology. The elements of this system are as follows: • A countrywide computer network encompassing all tax offices. Setting up this network was a huge task, given that there are more than 750 offices in 540 cities and towns across India. • Data entry of all returns into a central computer system. In 2006 electronic filing of returns was made mandatory for all corporate entities. In 2007, this was extended to other businesses with an annual turnover of more than Rs 4 million, and professional entities were required to get their accounts audited by professional accountants. • Computer processing of returns. Initial processing and checking the basic accuracy of returns are done electronically on the computer system. • Criteria for audit. The CBDT used to establish the criteria for audit case selection on an annual basis. Now the CASS—Computer Aided Scrutiny Selection—designates which cases are to be audited. • Specification of parameters. A senior-level team, appointed by the CBDT, specifies a large number of confidential parameters.1 Moreover, high- order claims of tax incentives are also flagged by the system. • Use of computer models. The computer models use Gaussian distribu- tions to generate outliers within each parameter, and then a complex scoring technique is applied to the data to develop a risk ranking for taxpayers.2 The CBDT then specifies a cap on the number of audits for each parameter selected, starting with the highest-risk cases and progressing to the lower-risk cases. In 2004 the concept of annual information returns was introduced, containing information on six expenditure and investment items. By law, third parties, including commercial banks, the Reserve Bank of India, the property registrars of state governments, and companies, had to send this information to the Income Tax Department. The information on invest- ment or expenditure includes cash deposits over Rs 1 million, invest- ments in initial public offerings of stocks of over Rs 100,000, investments in mutual funds over Rs 200,000, investment in bonds of the Reserve Bank of India of more than Rs 500,000, payment of credit card bills of more than Rs 200,000 a year, and buying or selling property worth more than Rs 3 million. All of this information is captured electronically and India 99 fed into the CASS, which compares this information with the information on income tax returns. Based on internally developed criteria, the system identifies particular cases to be selected for scrutiny. Less than 1 percent of all cases are selected for audit each year, based on the level of taxpayer risk identified by the computer model. This allows the tax administration to undertake fewer audits that are better focused on high-risk cases. Due to selective risk-based audit, the tax administration has been able to keep operational costs low, and there has been virtually no increase in employees or resources. New Risk Assessment Law A new direct taxes code was drafted in 2009 and will soon be introduced to Parliament to be passed into law after a nationwide public debate. In the direct taxes code, section 156 specifies the process of selecting a tax return for scrutiny. Section 156(2) defines that the selection of cases for scrutiny “shall be made in accordance with the risk management strategy framed by the Board in this behalf” (India, Ministry of Finance 2009). The section further prescribes a time frame within which the taxpayer must be informed of the fact that his or her case has been selected for scrutiny. Notes 1. These parameters are known to include several basic financial ratios, such as operating profit margins, accounts payable as a percentage of sales, inventories as a percentage of sales, and depreciation claims. More than 40 parameters are currently being used. 2. For example, one parameter the computer model could use is the mean level of profitability in a particular industry or sector. Cases lying within two standard deviations, for instance, could be defined as outliers. Reference India, Ministry of Finance. 2009. “Direct Taxes Code, Draft August 2009.” Ministry of Finance, Department of Revenue, New Delhi. CHAPTER 12 Ukraine Inna Lytvyn and Iryna Udachyna Ukraine employs a multistage process with frequent communication between the central and provincial offices in the formation of risk- based criteria for tax audits. Feedback is routinely shared between the local and central offices, and multiple data sources are analyzed in order to create the list of target corporate taxpayers. The size of the taxpayer operations is an important starting point. The percentage of taxpayers in Ukraine, according to business size, is as follows: 90.1 percent are small, 6.4 percent are medium, and 3.5 percent are large businesses. Although few in number, large businesses account for the majority of gross income (84 percent) and profit taxes paid (72 percent). Data Sources Information is gathered from multiple sources at the local and state levels as well as from sources outside the State Tax Administration. These data are mined for relevant information, and feedback is shared between local and central offices. Local tax offices check previously issued reports on tax evasion schemes, as well as information about counteragents (firms with whom the taxpayers have business). The central office checks registration data, 101 102 Risk-Based Tax Audits tax payments, declarations and evasion schemes, and value added tax (VAT) refunds. This information is compared against a depository of reports, including reports on questionable nonresident firms and a registry of pending checks. Information is also analyzed from other state agencies, including the Customs Service, the State Commission for Securities, and the Stock Market. The Internet is also used to gather information. The following is the list of data sources: • Registration data • Declarations and reports • Tax settlements, including VAT refunds claimed • Tax liabilities and tax credits broken down by the counteragents • Information about tax benefits applicable in the case • Information about the valid licenses • Inspection schedule • Findings of inspections and checks completed • Reports, schemes, registers of counteragents, and other documentary outcomes of the checks completed • Information about foreign trade activity (export and import transactions). For example, useful data from a taxpayer’s registration include identifi- cation code, status of the corporate taxpayer, core business, ownership status, financial status, and management control. Risk Criteria Criteria for risk-based audits are based on the background data that are mined. A preliminary list of the target corporate taxpayers is created, analyzed, and refined with feedback from local tax offices. Once the list of target corporate taxpayers is finalized, a tax inspection schedule is completed using 32 risk criteria applicable to corporate entities. These criteria are based on industry ratios and industry turnover standards, including the following: • Growth in turnover or income correlated with the growth in tax paid • Lower corporate tax paid compared to the average tax revenue for the relevant industry sector Ukraine 103 • Reported gross expenditure too close to gross income in the tax declaration • Significant amount of VAT refund claimed at one time • Tax liability too low or tax credit too high • Excessive financial and business transactions. Some actions of other government authorities could provide use- ful information that may be flagged for determining compliance risks. The following are some examples of what the information could include: • The taxpayer firm’s registration certificate was canceled by a court de- cision, because it was involved in a criminal case or is under criminal investigation. • The firm has business relations with parties that are wanted by law enforcement agencies, are bankrupt, or fail to report taxes. • Documents from the State Financial Monitoring Committee of Ukraine indicate potential criminal money laundering. Inspection Schedule for 2009 Almost all of the corporate taxpayers chosen for audit in Ukraine had some exposure to tax compliance risks in their business process as deter- mined by the risk criteria. Among corporate taxpayers, 87 percent of those chosen for inspection are exposed to between two and five tax risks: • One risk criterion: 2.2 percent • Two risk criteria: 28.4 percent • Three risk criteria: 30.4 percent • Four risk criteria: 18.4 percent • Five risk criteria: 10.7 percent Risks Screen Shot A typical screen shot of a taxpayer profile (in Ukrainian) gives the list of taxpayers in the first left-hand column and the adjusted gross income and the list of criteria in the following columns. 104 Taxpayer’s Profile Ukraine 105 The screen shot shows which risk criteria are met for each taxpayer, for instance, whether the tax payment level is found to mismatch the industrial average or the loss is reported in the tax declaration, and so forth. This helps to determine the aggregate number of risk criteria met by the list of taxpayers. National statistics of top-level compliance risks for corporate taxpayers in Ukraine indicate underreporting in about 18,000 cases; mismatches between the tax liability declared and the tax credit in the counteragents’ tax profile in another 8,400 cases; doubtful taxpayer counteragents in about 6,400 cases, transactions with related parties in 2,200 cases, and reported loss in 1,400 cases. Practical Benefits of the Risk-Based Checkup System Implementation of a risk-based audit system has yielded numerous ben- efits, chief of which are better voluntary compliance and a more efficient means of tax collection. There has been a 10 percent decrease in the number of audits performed at the same time as a 45 to 72 percent increase in tax collections as a result of audits because the audits are more focused on high-risk cases. A higher hit rate creates a deterrent for delin- quent behavior. Accordingly, the level of voluntary compliance seems to have increased, as indicated from declarations received from taxpayers. As a result of information matching, as highlighted in final audit or inspec- tion reports, the level of data conformity has more than doubled, from 19 to 39 percent. Approximately one-third of corporate taxpayers have declared higher profit tax payments, and 40 percent have declared higher VAT payments. Among companies that declared losses in 2007, 703 com- panies declared lower losses in 2008 by Hrv 5 billion compared with the previous year. As a result, more than 50 percent of the companies that posted negative results in 2007 did not do so in 2008. CHAPTER 13 Kazakhstan Aidar Mekebekov and Yerzhan Birzhanov The Tax Committee of the Ministry of Finance of Kazakhstan has implemented measures to facilitate voluntary compliance as well as to base audits on objective measures. The use of a risk management system (RMS) allows audits to be based on a number of indicators, which reduces arbitrary audit selection and increases the focus on noncompliant taxpayers. RMS is being introduced in a phased manner: • For the general regime, which includes 13 percent of taxpayers (approximately 115,000 legal entities and nonresidents) and generates 94 percent of the consolidated tax revenues, RMS was scheduled to be introduced in 2009, but this has now been put off until 2011. • For nonprofit organizations, social organizations, and public institu- tions, representing 1 percent of taxpayers (roughly 6,000 entities), RMS is scheduled to be introduced in 2011. • For legal entities and individual entrepreneurs operating under the special regime, which includes 86 percent of taxpayers (740,000 entities), RMS is scheduled to be introduced in 2011. • For individuals, RMS will be introduced only after a decision is made to introduce universal filing of tax declaration. 107 108 Risk-Based Tax Audits Methodology of Risk Indicator Assessment A point system, or scorecard, will be used to assess the level of risk of a particular taxpayer. The scorecard includes a list of seven risk indicators, and points are assigned based on the severity of the risk or infraction. A taxpayer can score between 5 and 330 points, with a lower score indicat- ing a lower level of risk. Some of the general criteria being considered are as follows. The more specific points for each criteria will be kept confi- dential. • A taxpayer tax payment coefficient lower than the sectoral average • Transactions that have been made with false or inactive enterprises or taxpayers • Submission of copies of invoices with no value for corporate income tax or value added tax • Ratio of the wage bill to aggregate annual income • Ratio of assets to aggregate annual income • Previous audit history • Unusual behavior such as multiple deregistrations during the same year. Depending on the number of points received, a taxpayer may be des- ignated as high risk, medium risk, or low risk. High-risk taxpayers will be audited annually. Those who qualify as medium risk will be audited once every three years, and low-risk taxpayers will be audited once in five years. Resources for audits will be distributed as follows: 80 percent for high-risk, 15 percent for medium-risk, and 5 percent for low-risk taxpayers. Example of Audit Selection of Taxpayers at the Rayon Level Here is an example of how audit resources are expected to be allocated. If, in a given rayon (county), there are 19 auditors and each auditor is scheduled to carry out six audits a year, a total of 114 audits (19 x 6) will be conducted. The audits are scheduled according to the distribution formula mentioned in the previous paragraph. Hence, the total number of audits available (114) is multiplied by the percentage of companies. If 1,228 legal entities are designated as high risk, 91 will be audited based on the formula above (114 x 80 percent). Likewise, if 3,525 entities are designated as medium risk, 17 will be audited (114 x 15 percent), and if Kazakhstan 109 5,875 entities are designated as low risk, only 6 will be audited (114 x 5 percent). This enables the tax administration to focus more resources on the high-risk group. Algorithm for the Development of an Annual Audit Schedule for 2010 The schedule of audits will be developed as follows: • At the central level, taxpayers will be selected for audit based on their risk analysis score, in consideration of the required frequency of audits. • The regional tax departments will receive a copy of the list. • The regional tax departments will then distribute a list of relevant taxpayers to city and rayon regional tax units. • The regional tax units will develop a preliminary annual audit schedule, accounting for RMS principles and human resource availability. • A preliminary audit schedule will then be presented at the central level. • The Tax Committee will develop a single audit schedule, which takes into account enterprises already being monitored. • This schedule will be presented to the Minister of Finance for approval and sent to the Prosecutor General’s Office. • The Prosecutor General’s Office will publish the schedule of audits. The number of scheduled audits takes into account the number of employees within the tax agency. In 2007 18,200 scheduled audits were completed by 2,000 tax auditors, each responsible for 6 comprehensive and 3 thematic audits a year. CHAPTER 14 Which Audit Selection Strategy? A Review Charles Vellutini Many developing and transition countries work in an environment with low capacity, not only with regard to the availability of information and information technology (IT) tools, but also with regard to human capac- ity. Because of these constraints, the approach to using quantitative meth- ods for audit case selection needs to be tailored to the limited resources, which are more often the rule rather than the exception. There are cer- tain features that would indeed be useful to adopt, including keeping the approach simple and flexible with regard to country context. Keeping the Approach Simple Many useful econometric and data-mining tools are available for audit case selection. However, there are benefits in keeping the approach sim- ple by focusing on just a few such tools. These benefits include the devel- opment of standard training packages and economies of scale in developing in-country models. Criteria for selecting tools are as follows: • They should be compatible with available IT resources. If IT resources are limited, sophisticated data-matching techniques generally should be ruled out. 111 112 Risk-Based Tax Audits • Priority should be given to models likely to be familiar to tax adminis- tration analysts; the standard linear regression model typically falls into this category. • Selected model(s) should address the specific problems posed by audit selection. • Small data sets put data-mining techniques at a disadvantage with respect to regression models. In view of the above, and conditional on the next phase of modeling based on sample data, a possible model would be the Heckman two-step model for linear regression, with expected monetary outcome from audits as the endogenous variable. The model, which is essentially a linear regression with Heckman selection bias correction, is included in most econometric packages, including Stata. Using the model estimations to compute risk scores for each taxpayer is not analytically difficult, but raises questions of IT management and procedures within the tax administration. How, and by whom, scores are actually computed, disseminated, and used in audit planning is likely to be a country-specific issue. Adapting to Country Environments In the risk assessment cycle presented in figure 14.1, practical implemen- tation issues revolve around the question of who does what and are best answered within the context of a specific country. The right option in a given country should be based on a preliminary assessment covering the following: • Procedures for audit planning, including procedures for matching taxpayer risks with the type of audit • Availability of IT and data • Human resources, particularly regarding econometrics and data analysis. Options are as follows, starting from the most ambitious, locally owned scenario: • In environments with relatively good IT and human resources and where adequate procedures for audit planning are already used, the tax administration would use risk scores in audit planning, and tax Figure 14.1 Risk Assessment Cycle • risk scores integrated in • model initial use of scores audit planning update of the model estimation model in audit procedures model re-estimated based estimation • risk scores planning estimation on new audit data computed • audits carried out and databases updated Source: Author. 113 114 Risk-Based Tax Audits administration analysts could periodically update the model estimation themselves, based on new audit data. • In environments with lower IT and human resources, after devel- oping and estimating the first version of the model, the audit plan- ning division could use a simple spreadsheet scorecard to compute individual risk scores. Significant resources should be allocated to training. • In low-capacity environments, early steps should be taken to facilitate the appropriate risk management strategy. These would include (a) re- moving legal obstacles to obtaining third-party information, (b) im- proving the reliability of the taxpayer register, (c) initiating the use of third-party information to generate automated desk audits, (d) creating taxpayer segments, (e) undertaking economic analysis of tax compli- ance gaps, (f) promoting preventive controls to reduce risks, and (g) consulting and interacting with taxpayers. Lessons from International Comparisons of Approaches to Risk-Based Audits Table 14.1 summarizes the approach to tax audit selection used in several Organisation for Economic Co-operation and Development (OECD) and non-OECD countries. It shows that relatively little infor- mation has been published on audit selection strategies in developing countries. Given the lack of resources available to tax administrations (IT resources as well as analytical skills to implement a statistically robust approach to selection), many developing countries cannot do better than audit their biggest taxpayers.1 Finally, nontransparency tends to be stron- ger when manual screening is the main selection method, which in itself is a strong argument for introducing statistically grounded methods in developing and transition countries. Both developed and developing countries with a score-based audit selection strategy generally choose to keep it confidential to prevent tax- payers from adopting strategic behavior to ward off an audit. Even OECD countries surveyed in table 14.1 provide only general information about the selection strategy—and no technical details that could be strategically used by taxpayers (especially the specific attributes used to compute risk scores). Table 14.1 Country Experiences in Risk-Based Tax Audits Random Risk-based Workload Country Manual screening audits audits management Bulgaria Yes, but based on No program Risk analysis and risk criteria at the Regional, based on national centralized risk cri- national level guidelines teria and guidelines Canada No Stratified sampling by indus- Macro-level analysis using time-series Centralized and automated try and range of revenue; econometrics (trends comparison); audit audit selection yearly program: 1,000–2,000 selection based on data-mining tech- random audits a year niques (neural networks, decision trees) France Yes, for intelligence No program Audit selection based on data-mining and Combination of centralized- gathering other statistical tools; data-mining automated and techniques decentralized-manual audit selection Kazakhstan Abandoned in 2010 No program Centralized, based on manually designed Centralized and automated risk criteria audit selection Malaysia Abandoned in 2001 No program Data-driven selection of audit cases since Centralized and automated 2001 audit selection Netherlands No About 15% of audit resources Centralized at national level but also car- Regional based on national devoted to random audits ried out regionally; both data-matching guidelines (10% of total audits) and predictive techniques Sweden No Yes, to gather unbiased data Centralized at national level; both data- At the national level, but with matching and predictive techniques participation of regional managers Switzerland Yes Periodic surveys for specific No risk-based audit selection strategy Decentralized and manual taxes; no national program of random audits 115 (continued next page) 116 Table 14.1 (Continued) Random Risk-based Workload Country Manual screening audits audits management Tanzania Abandoned in 2007 No program Data-driven selection of audit cases since Centralized and automated 2007 audit selection Turkey No Yes, to gather unbiased data Centralized at national level; implement- Centralized and automated ed by tax instruments (value added tax, audit selection corporate income tax) United Kingdom Yes, for 55% of audits Simple random sampling for Extensive data-matching and data-mining Combination of centralized- self-assessment taxpayers; techniques (including decision trees and automated and decentral- yearly program: 6,800 ran- neural networks); score-based risk as- ized-manual audit selection dom audits a year (10% of sessment (estimation method un- audits) known); 35% of audits; regression analy- sis for value added tax returns Ukraine No No Score-based risk assessment (estimation Centralized and automated method unknown); centralized at na- audit selection tional level United States No Stratified sampling by tax- Discriminant function (DIF score), based Centralized and automated payer category for income on prior random samples audit selection tax; around 2,000 random audits every year for learn- ing purposes (unbiased data); long experience of randomly selected audits (first program in 1963) Sources: OECD 2004a, 2004b, 2004c; CATA 2007; interviews with tax administrators. Which Audit Selection Strategy? A Review 117 Several conclusions relevant for many countries can be drawn from this survey: • Audits are critical in a system where taxes are self-assessed; when taxes are not self-assessed but filed by a third party (for example, direct tax- es on salaries withheld, paid, and filed by employers for their employ- ees), the risk of noncompliance by the taxpayer is low. In our sample, the only country still using screening as its main audit selection strategy, Switzerland, does so because direct taxes are not self-assessed. • Given the widespread use of self-assessed taxes (either direct or indi- rect), automated audit selection (random or based on risk assessment) is the norm in OECD countries. • Random and risk-based audit selection strategies are complementary rather than mutually exclusive; most countries use outcomes from ran- domly selected audits to calibrate and update their risk-based audit selection tools. • Samples used to assess the level of tax compliance and to calibrate the risk-based tools do not need to be large to be useful. Canada and the United Kingdom audit only a few thousand cases every year. Relevant sample stratification a priori can enable an administration with limited resources to design an efficient audit selection strategy. Note 1. This is not always easy, because in a poor enforcement environment many of the largest taxpayers may be hiding in the shadows or grossly underreporting to avoid detection. References CATA (Commonwealth Association of Tax Administrators). 2007. Implementing Computerisation and Information Technology for Tax Administration. London: CATA. OECD (Organisation for Economic Co-operation and Development). 2004a. “Compliance Risk Management: Audit Case Selection Systems.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2004b. “Compliance Risk Management: Managing and Improving Tax Compliance.” OECD, Centre for Tax Policy and Administration, Paris. ———. 2004c. “Compliance Risk Management: Use of Random Audit Programs.” OECD, Centre for Tax Policy and Administration, Paris. CHAPTER 15 Conclusion: Lessons for Reforms Rajul Awasthi Most modern tax administrations now subscribe to the view that using risk assessment for tax audits is the correct approach, and many have developed audit strategies focusing on taxpayer noncompliance risks. “Risk” is defined here as the likelihood of yielding large amounts of audit adjustments and penalties. The audit selection strategies are, therefore, based on risk-scoring techniques comparable to those used to categorize clients in banking or insurance. Lessons Learned from Country Experience Several key issues emerge from the discussions in the preceding chapters, which may be useful to reiterate. First, a critical point to appreciate is that risk management in revenue administration is not confined to the selec- tion of tax audit cases. It is part of a holistic and cooperative approach to enhancing compliance and an important element of effective and effi- cient compliance management. Risk management drives the operational priorities of modern revenue administrations, and this approach has 119 120 Risk-Based Tax Audits dramatically changed the way tax administrations and taxpayers interact with each other. Second, risk-based audit selection is an integral part of the overall audit strategy and planning. An important recent trend in audit strategy has been to separate the audit selection function from the actual audit process. Unlike in the past, auditors no longer decide which cases to audit. The criteria for audit selection are typically mandated by the headquar- ters, based on regular analysis of risk criteria. The criteria are then used to generate an automated list of taxpayers selected for audit. Linked to this is the extent to which risk criteria may be made public. Publishing the detailed risk criteria runs the danger of encouraging taxpayers to adopt strategic behavior to avoid being audited. It is good practice to keep the detailed risk criteria and parameters confidential. At the same time, publicizing the general risk-based approach can be a useful deterrent to noncompliant behavior.1 Third, random selection of audit cases and risk-based selection are not considered to be mutually exclusive strategies, but rather comple- mentary. Most countries, even with advanced risk management systems, use outcomes from random audit selection to calibrate and fine-tune risk-based methods of audit selection. Fourth, while the deliberations on country practices in risk-based audit in the foregoing chapters present a useful first-hand guide on how different countries have adapted the system to local conditions, certain practices may need closer examination and some assessment of their potential use and limitations. For instance, Turkey uses data-mining tech- niques extensively as a tool for compliance management, and taxpayers are rescored on a monthly basis. It would be interesting to see if this monthly rescoring system is cost-effective and what effect it has on com- pliance costs. In Ukraine, for instance, there seems to be an over emphasis on the number of risk criteria met in order to determine high-risk tax- payers, rather than on the qualitative and quantitative assessment of risk. This approach may need to be adjusted. Likewise, in Kazakhstan, the distribution formula for allocating and scheduling audits among rayons (counties) focuses on allocating audit cases geographically rather than on selecting the riskiest cases for audits. Further, the practice in Kazakhstan of the audit schedule being published by the Prosecutor General’s Office is not standard practice since it automatically sets the presumption of guilt on taxpayers and is not conducive to creating an atmosphere of voluntary compliance and greater coordination between taxpayers and the tax authority. Conclusion: Lessons for Reforms 121 Risk Management as an Effective Compliance Management Tool As the foregoing chapters demonstrate, development of sophisticated systems for analyzing risk and selecting cases for audit is an effective tool for improving not only the enforcement capacity of the tax administration but also the level of voluntary compliance, while reduc- ing the avenues for corruption. These systems usually use information from different sources to zero in on cases where the risk of tax fraud is high. The selected cases are then picked for detailed investigation and audit. Statistical techniques enable the tax administration to build “profiles” of taxpayers and to identify those most likely not to comply with tax rules. Using statistical models, taxpayers are categorized into high-, medium-, or low-risk categories. They are assigned risk scores based on (a) their attributes (size, industry, compliance history) and (b) knowledge acquired during previous audit campaigns, regardless of the selection strategy employed. The high-risk taxpayers are subjected to a detailed tax audit, while those deemed to be low risk are audited much less frequently, usually under a random audit plan. Adopting a risk-based approach to curbing tax evasion has many advantages. First, since the selected cases, prima facie, have some suspi- cious characteristics, this approach is more likely to find actual tax evasion than if cases were picked up at random. Thus, enforcement activities are more productive, gathering additional revenue and penaliz- ing evasion more often. Such actions also enhance deterrence. Second, risk analysis allows the revenue administration to be more selective in scrutinizing cases. The percentage of cases selected for examination is usually between 1 and 10 percent of the total number of cases. This leads to more intense scrutiny and better use of investigation, inspection, and audit skills, which are invariably in short supply in most revenue admin- istrations. Third, the reduction in the number of cases facing revenue administration interventions implies that most of the other cases are accepted after only a desk review, conducted automatically by computer systems. Therefore, there is a greatly reduced need for person-to-person interaction between tax officials and taxpayers. This serves the dual purpose of reducing opportunities for corruption while also reducing the overall compliance costs to taxpayers. A risk-based tax audit system optimizes tax collection, while being fair, equitable, and less prone to corruption. It allows the tax administration to optimize its resources by focusing time and resources on its core 122 Risk-Based Tax Audits strategic goals of promoting voluntary compliance and improving effectiveness and efficiency of tax administration. Core Principles of Risk Assessment Summarized below are the principles that are at the heart of the risk-based approach: • Trust, but verify. The tax administration believes that a taxpayer will honestly compute and pay his taxes, but ensures a reasonable probabil- ity that the taxpayer’s statement will be checked, to ensure that tax liabilities are computed correctly and paid.2 • Self-assessment of taxes. Taxpayers have enough knowledge of tax laws to assess their own tax liabilities correctly and to file and pay taxes on time. • Equity. Honest, compliant taxpayers are treated with respect, while noncompliant taxpayers are identified and treated with severity. • Taxpayer service orientation. The tax administration is a service organi- zation that treats all taxpayers with respect and as valued clients. Operational Objectives of Risk-Based Tax Audits What should risk assessment yield? What are the key goals a tax admin- istration may want to fulfill in adopting a risk-based tax audit system? A good risk-based audit system would have the following objectives. • The system must be able to select high-risk cases for detailed audit and be able to find those that have the highest probability of underreport- ing. As a whole, the audit program would be successful if cases that get selected for audit based on this system yield higher tax collection returns. • Case selection must be based on objective criteria, not left to the discretion of the individual tax inspectors, in order to reduce the opportunities for rent-seeking behavior. • It must ensure better use of resources of the tax authority with fewer cases required for audit. Professionally competent officers should be assigned to the task of selecting cases for tax audit and carrying out the audit activities as well. • Finally, it must result in lower cost of tax collection, per unit of tax collected. Conclusion: Lessons for Reforms 123 Organizational Arrangements It is critical that the objective criteria established for identifying high-risk taxpayers are developed by a central audit committee composed of the senior management of the tax administration. The senior management is usually assisted by a strong analytical and research unit that studies mar- ket and taxpayer behavior to help select the risk criteria. This exercise is necessary to provide appropriate inputs that will go into the design of any computer model. The cases selected for tax audit are based on the model and lists sent to tax offices throughout the country. This ensures that individual tax inspectors have no discretion in selecting a particular case for audit and that these cases meet the established objective criteria; if they do not, they should not be selected. At each tax office, an audit unit should be established to audit the selected tax returns, based on the list provided by the central audit com- mittee. The audit cell should be staffed by very competent, reliable officials. Some countries have taken the step of publishing the list of taxpayers selected for audit, either locally or on the department’s web- site. Tax inspectors would then not be able to exercise any discretion in audit selection, thereby eliminating opportunities for corruption. Whether the list of selected cases should be made public or not is an important decision and should be made based on the facts and circum- stances in the prevailing environment. In countries where information technology (IT) capabilities permit, taxpayers could visit their tax account on a secure web page and ascertain the status of the case. Risk Assessment Strategy Adapted to the Level of IT Sophistication In an ideal world, a risk-based audit system works best in a wholly computerized environment that uses sophisticated statistical and econo- metric modeling software and tools. However, a question that often arises in countries that do not have advanced IT capabilities is whether risk assessment can be used even in such cases. The answer is yes. Principles of risk assessment can and should be adopted even where the tax administration operates manually. An example of a possible approach is given in figure 4.3 in chapter 4, where a simplified “risk- scoring card” has been developed and is being tested in the Republic of Yemen. Kenya also uses risk assessment in its Large Taxpayer Office, which uses risk criteria to select or categorize taxpayers in risk catego- ries in a purely manual process. Since the Large Taxpayer Office has a 124 Risk-Based Tax Audits limited number of large taxpayers (about 700), it is possible for this to be done without the use of computer systems. Other countries con- tinue to use human assessments of taxpayer risk to supplement weak computer models and in some cases override them. This may also be done because the relevant information is not captured in the tax returns or the criteria in a computer model have not been adequately updated to include newly identified risk areas. In India, for example, the following cases were selected for manual inspection because they where not sufficiently covered in the computer model: • Fresh capital introduced during the year exceeds a specified amount (excluding public limited-liability companies). • Value of international transactions as defined in section 92B of the Income Tax Act exceeds a specified value. • First-time claims or tax deductions under a specified list are considered to be amenable to fraudulent claims. In addition, an assessing officer may select any case for audit after recording the reasons in writing and obtaining approval from the most senior officer of the unit. An appropriate risk assessment strategy for tax audit needs to be developed based on the level of IT sophistication of the tax administra- tion. A highly sophisticated IT environment allows for the development of a risk assessment model that may make use of several databases and sources of information, past records of the taxpayer (including past audit results), and relevant macroeconomic and industry data to build a true 360 degree profile of a taxpayer, as in the United Kingdom and Sweden, for example. These profiles are then compared by the system against objective parameters to determine the risk level of the taxpayer. Rudimentary IT capabilities will necessitate using basic records and data and working with simple models, as in the Kyrgyz Republic, for example. The matrix in table 15.1 summarizes this discussion. In general, a risk-based audit system can and should be developed, even in an environment where computerization is at a basic stage in the tax administration. Next Steps and Directions for Reform The preceding discussion highlighting various country experiences with risk assessments and operational country tax reform programs of the World Bank Group clearly demonstrates that risk assessment for tax Conclusion: Lessons for Reforms 125 Table 15.1 Risk Assessment Strategy and IT Sophistication Risk Level of IT Characteristics of Country level sophistication and features risk assessment strategy examples Low Basic IT capabilities, re- Work with limited data, Kyrgyz Republic, gional offices not all net- prepare risk criteria even Republic of worked, database of tax- if used for select groups Yemen, Kenya payers not fully (such as large taxpayers) developed, access to and verification done other databases limited, manually, use past tax- banking system not fully payer audit data to create computerized, e-filing ei- simple statistical models ther not used at all or not (such as regression) using used extensively, extent of “off-the-shelf” software IT expertise in economy and capacity to absorb in- formation limited Medium Tax offices networked, data- Largely use past taxpayer Bulgaria, India, base of taxpayers devel- data, supplemented with Kazakhstan, oped, e-filing popular, IT external data and infor- Ukraine expertise available or can mation where available, be outsourced, other da- use custom-built software tabases not linked with to create risk scores and tax, limited data exchange categories High Tax offices networked, data- Use sophisticated IT mod- United Kingdom, base of taxpayers well de- els, prepare detailed 360 Sweden, Neth- veloped, 100% e-filing, degree profiles of taxpay- erlands high levels of IT expertise, ers using past taxpayer databases of taxpayers compliance data, and and other sources of infor- other sources of informa- mation linked together tion including banks, cus- toms, and foreign sources Source: Authors. administrations is here to stay. The question is not whether risk assess- ment approaches should be adopted, but rather how and how soon. In many developing countries, development partners and international financial institutions can support tax administrations in their efforts to adopt risk assessment for tax audits. The following are some of the critical steps in this effort: • Assess the understanding of, and demand for, adopting risk assessment methods. • Evaluate the tax environment, including provisions in the tax law that facilitate risk assessment—specifically, is a self-assessment system of tax 126 Risk-Based Tax Audits filing in place and is use of risk assessment methods specifically pro- vided for in the law? Are tax officials at all levels ready to adopt risk assessment? Are vested interests getting in the way? Do steps need to be taken to weaken these vested interests, for example, by training and educating tax officials? Are taxpayers aware of, and ready to adopt, self- assessment and risk-based methods of audit? For example, in many cases a successful risk assessment program requires taxpayers to furnish additional information. Do taxpayers have the capacity and willingness to comply? Are taxpayer education programs needed to increase awareness of risk-based methods? • Evaluate the IT environment in the country. Based on criteria similar to those listed in table 15.1, (a) categorize the level of IT sophistication of the tax administration, (b) understand the level of IT skills available in the country and within the tax administration, and (c) choose the relevant model of risk assessment adapted to the level of IT sophistication. • Use appropriate external and in-country experts to develop an appropriate risk assessment strategy and IT model. Notes 1. While this book focuses on risk-based audit and not on the overall audit strategy, a recent International Monetary Fund publication presents in some detail the development of effective audit plans and audit strategy and their role in managing compliance (see Biber 2010). 2. That is the reason why most risk management systems have a small element of random selection in addition to risk-based selection. Reference Biber, E. 2010. “Revenue Administration: Taxpayer Audit; Development of Effective Plans.” Technical Note and Manual 10/03, 2010, International Monetary Fund, Washington, DC. Glossary Accuracy rate measures the percentage of cases predicted correctly by the model. Affine transformation is composed of linear transformations (rotation, scaling, or shear) and a translation (or “shift”). Several linear transformations can be combined into a single one. Artificial neural network (ANN), usually called a “neural network,” is a mathemat- ical model that is inspired by the structure or functional aspects of biological neural networks. It consists of an interconnected group of artificial neurons and processes information using a connectionist approach to computation. In most cases, an ANN is an adaptive system that changes its structure based on external or internal information that flows through the network during the learning phase. Modern neural networks are nonlinear statistical data-modeling tools. They are usually used to model complex relationships between inputs and outputs or to find patterns in data. Ba and Bs forms are to be completed by traders in Turkey, in compliance with value added tax obligations. Ba forms are for recording details of purchases; Bs forms are for recording sales. Cluster analysis, or clustering, is a common technique for statistical data analysis used in many fields, including machine learning, data mining, pattern recognition, image analysis, and bio-informatics. 127 128 Glossary Correlation is defined as the statistical relationship between two or more random variables or observed data values. Correlation is a statistical technique that can show whether and how strongly pairs of variables are related. Data mining is the process of extracting patterns from data. Data mining is becoming an increasingly important tool for transforming data into informa- tion. It is commonly used in a wide range of profiling practices. Data mining can be used to uncover patterns in data but is often carried out only on samples of data. The mining process will be ineffective if the samples are not a good representation of the larger body of data. Therefore, data mining is not foolproof but may be useful if sufficiently representative data samples are collected. Data warehouse is a repository (collection of resources that can be accessed to retrieve information) of an organization’s electronically stored data, designed to facilitate reporting and analysis. An expanded definition for data warehous- ing includes business intelligence tools, tools to extract, transform, and load data into the repository and tools to manage and retrieve meta-data. Decision tree is a tool to support decision making that uses a tree-like graph or model of decisions and their possible consequences, including chance event outcomes, resource costs, and utility. Decision trees are commonly used in operations research, specifically in decision analysis, to identify a strategy most likely to reach a goal. Another use of decision trees is as a descriptive means for calculating conditional probabilities. Deductible expenses are allowed in nearly all jurisdictions that tax business income. Deductible expenses include expenses incurred in trading or carrying on the trade or business. Technical details of the allowance vary and may be very general or very specific. The amount of particular deductions may be limited based on character or amount, or deductions in aggregate may be limited or reduced. Dependent variables are variables that cannot be directly controlled. Their value depends on the value taken on by the independent variable. Error term is the deviation of the sample from the (unobservable) true function value. In statistics and optimization, statistical errors and residuals are two closely related and easily confused measures of the deviation of a sample from its “theoretical value.” Extraneous variables are variables that might affect the relationship between the independent and dependent variables. Extraneous variables are usually not theoretically interesting. They are measured in order for the experimenter to compensate for them. Heckman correction (the two-stage method) is any of a number of related statisti- cal methods developed by James Heckman that allow the researcher to cor- rect for selection bias. Statistical analyses based on nonrandomly selected Glossary 129 samples can lead to erroneous conclusions and poor policy. The Heckman correction, a two-step statistical approach, offers a means of correcting for nonrandomly selected samples. HMRC (Her Majesty’s Revenue and Customs) was formed on April 18, 2005, following the merger of Inland Revenue and Her Majesty’s Customs and Excise departments. Independent variable’s values are controlled or selected by the experimenter to determine its relationship to an observed phenomenon (that is, the dependent variable). In such an experiment, an attempt is made to find evidence that the values of the independent variable determine the values of the dependent vari- able. The independent variable can be changed as required, and its values do not represent a problem requiring explanation in an analysis, but are taken simply as given. Industry benchmarks are indicators that capture several fundamental business ratios, such as the cost of goods sold to turnover, labor costs to turnover, rent to turnover, and so forth, and allow for the identification of outliers from industry norms. Integrated compliance environment (ICE) is a platform used by the HMRC that allows risk groups to be segmented according to different risk levels and viewed via network visualization in which the user sees all related informa- tion graphically to determine multiple risks or root causes. ICE can be used for high-risk or complex networks and enables the user to display on one screen the vast array of connections that a subject may have. Limited audit is usually confined to certain accounts or operations, is for a period less than one year, or is restricted to a specific purpose. Linear discriminant analysis and the related Fisher’s linear discriminant are meth- ods used in statistics, pattern recognition, and machine learning to find a lin- ear combination of features that characterize or separate two or more classes of objects or events. Linear regression is any approach to modeling the relationship between a scalar variable y and one or more variables X. In linear regression, models of the unknown parameters are estimated from the data using linear functions. Most commonly, linear regression refers to a model in which the conditional mean of y given the value of X is an affine function of X. Logistic regression (logistic model, logit model) is used to predict the probability of occurrence of an event by fitting data to a logit function logistic curve. It is a generalized linear model used for binomial regression. Like many forms of regression analysis, it makes use of several predictor variables that may be either numerical or categorical. Management information system (MIS) is a system or process that provides infor- mation needed to manage organizations effectively. Management information 130 Glossary systems are regarded as a subset of the overall internal controls procedures in a business. Management information systems are distinct from regular infor- mation systems in that they are used to analyze other information systems applied in operational activities in the organization. PAYE (pay as you earn) is a tax payment method in which an employer is required by law to deduct income tax (and national insurance, if applicable) from an employee’s taxable wages or salary. This amount (with the employer’s contri- bution, if applicable) is deposited with the revenue office usually within 14 days of collection. Prediction efficiency measures the percentage of noncompliant cases correctly pre- dicted by the model. Prefilled tax returns are tax declarations that are filled automatically by the tax authority’s computer system based on its database of third-party information on taxpayer’s economic activities during the tax period. These returns are sent to the taxpayer merely to verify or confirm that the information is accurate, thus avoiding the need for the taxpayer to fill in his own return. This system is simplifying filing procedures and improving legislation and generally reduces compliance costs. Presumptive taxation involves the use of indirect means to ascertain tax liability, which differ from the usual rules based on the taxpayer’s accounts. The term “presumptive” is used to indicate that there is a legal presumption that the taxpayer’s income is no less than the amount resulting from application of the indirect method. This presumption may or may not be rebuttable. The con- cept covers a wide variety of alternative means of determining the tax base. Real time means that the information given is updated instantly. Risk and Intelligence Service of the HMRC is a unit that acquires and develops data, information, and intelligence from various sources and provides analysis. It extrapolates trends and behaviors based on these indicators, with an eye toward current and future risks, including threats and specific industry segments. Risk-based audit uses risk assessment to select taxpayers for tax audits. “Risk” is defined here as the likelihood of yielding large amounts of audit adjustments and penalties. The audit selection strategies are, therefore, based on risk- scoring techniques comparable to those used to categorize clients in banking or insurance. Risk management is the identification, assessment, and prioritization of risks fol- lowed by coordinated and economical application of resources to minimize, monitor, and control the probability and impact of unfortunate events or to maximize the realization of opportunities. Risk management information system (RMIS) is typically a computerized system that assists in consolidating property values, claims, policy, and exposure Glossary 131 information and provides the tracking and management reporting capabili- ties that enable managers to monitor and control costs. Single-issue audits focus on one particular aspect of a taxpayer’s affairs, for exam- ple, a particular expense claim. SMEs (small and medium enterprises; also small and medium businesses, SMBs) are companies whose headcount or turnover falls below a certain limit. The abbreviation SME occurs commonly in the European Union and in interna- tional organizations, such as the World Bank, the United Nations, and the World Trade Organization. The term small and medium businesses, or SMBs, is used predominantly in the United States. Software program “Connect” is a sophisticated software program used by HMRC to identify and prevent risks. The software functions as a search engine and research tool, which enables analysts to trace any case and to review complex cases. The program enables analysts to conduct risk profiling and prioritiza- tion, using statistics to identify and sort the riskiest cases. Stata is a general-purpose statistical software package created by StataCorp. It is used by many businesses and academic institutions around the world. Stata’s full range of capabilities includes data management, statistical analysis, graph- ics, simulations, and custom programming. Stratified sampling is a method of sampling from a population. When subpopula- tions vary considerably, it is advantageous to sample each subpopulation (stratum) independently. Stratification is the process of grouping members of the population into relatively homogeneous subgroups before sampling. The strata should be mutually exclusive: every element in the population must be assigned to only one stratum. The strata should also be collectively exhaustive: no element of the population can be excluded. Then random or systematic sampling is applied within each stratum. This often improves the representa- tiveness of the sample by reducing sampling error. Strike rate measures the percentage of noncompliant cases likely to be detected if the cases predicted to be evading are audited. Tax adjustment is the amount of addition to the tax liability of a taxpayer follow- ing an audit. Tax audit is an examination of an individual or a corporation’s tax return to verify its accuracy. There are several types of audits: correspondence audits (the tax authority mails a request for additional information), office audits (an inter- view is conducted at a local tax office), and field audits (an interview is con- ducted at a taxpayer’s place of business, for a corporate tax return). Tax avoidance is the legal use of the tax regime to one’s own advantage, to reduce the amount of tax that is payable by means that are within the law. The U.S. Supreme Court has stated, “The legal right of an individual to decrease the 132 Glossary amount of what would otherwise be his taxes or altogether avoid them, by means which the law permits, cannot be doubted.” Tax control framework is an internal control instrument that focuses specifically on a business’s tax processes. These are not necessarily restricted to the tax department. Tax evasion is the general term for efforts by individuals, firms, trusts, and other entities to evade taxes by illegal means. Tax evasion usually entails deliberate efforts by taxpayers to misrepresent or conceal the true state of their affairs to the tax authorities in order to reduce their tax liability and includes, in particular, dishonest tax reporting such as declaring less income, profits, or gains than actually earned or overstating deductions. Taxpayer identification number (TIN) is an identification number used in the administration of tax laws. It is usually a unique number applicable to all taxes. Work flow management system is a computer system that manages and defines a series of tasks within an organization to produce a final outcome or outcomes. Work flow management systems allow different work flows to be defined for different types of jobs or processes. ECO-AUDIT Environmental Benefits Statement The World Bank is committed to preserving • 2 trees endangered forests and natural resources. • 1 million BTUʼs of The Office of the Publisher has chosen to total energy print Risk-Based Tax Audits: Approaches • 148 lbs of CO2 equivalent and Country Experiences on recycled of greenhouse gases paper with 50 percent postconsumer fiber • 667 gallons of in accordance with the recommended stand- waste water ards for paper usage set by the Green Press • 42 pounds of solid waste Initiative, a nonprofit program supporting publishers in using fiber that is not sourced from endangered forests. For more informa- tion, visit www.greenpressinitiative.org. Saved: Risk management is an important element of effective compliance management in revenue administration. No revenue administration can monitor every taxpayer, since the opportunity costs of such roving examinations are high. Instead, an efficient revenue administration should perform tax audits using techniques focused on high-risk taxpayers. This targeted focus is more likely to raise higher revenue and, arguably, provide a stronger deterrence for noncompliance. Risk-Based Tax Audits brings together first-hand country experiences of how various tax administrations have undertaken reforms to implement risk-based audit systems. It evaluates their success while examining the fundamental principles of risk-based audits, the behavioral aspects of tax compliance, and the institutional challenges they present. Drawing from contributions by tax administrators and international experts, the book also serves as a resource for analytical techniques used in risk-based audit strategies. A blend of academic thought and practical application, this book will be useful to both tax administrators worldwide and to those working on revenue modernization strategies in international development agencies. ISBN 978-0-8213-8754-2 SKU 18754