Compliance Risk Management: Developing Compliance Improvement Plans

All tax administrations seek to maximize the overall level of compliance with tax laws. Compliance improvement plans (CIPs) are a valuable tool for increasing taxpayers’ compliance and boosting tax revenue. This note is intended to help tax administrations develop a CIP, by providing guidance on the following issues: (1) how to identify and rate compliance risks; (2) how to treat risks to achieve the best possible outcome; and (3) how to measure the impacts that treatments have had on compliance outcomes.


All tax administrations seek to maximize the overall level of compliance with tax laws. Compliance improvement plans (CIPs) are a valuable tool for increasing taxpayers’ compliance and boosting tax revenue. This note is intended to help tax administrations develop a CIP, by providing guidance on the following issues: (1) how to identify and rate compliance risks; (2) how to treat risks to achieve the best possible outcome; and (3) how to measure the impacts that treatments have had on compliance outcomes.

I. Introduction1

All tax administrations seek to maximize the overall level of compliance with tax laws. Compliance improvement plans (CIPs) are a valuable tool for increasing taxpayers’ compliance and boosting tax revenue. This note is intended to help tax administrations develop a CIP, by providing guidance on the following issues: (1) how to identify and rate compliance risks; (2) how to treat risks to achieve the best possible outcome; and (3) how to measure the impacts that treatments have had on compliance outcomes.

Leading tax administrations have adopted standardized processes for managing compliance risks. One commonly used approach is the compliance risk management (CRM) process model developed by the Organisation for Economic Co-operation and Development (OECD, 2004).2 Figure 1 places the CRM process within a broader framework that includes the key inputs, outputs, and other CRM prerequisites.3 As the figure shows and this note makes clear, CIPs are an integral part and a key output of the CRM framework.

Figure 1.
Figure 1.

Compliance Risk-Management Framework

Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A001

Source: IMF staffNote: CRM = compliance risk management; OECD = Organisation for Economic Cooperation and Development; Tax-GAP refers to methodologies for measuring taxpayers’ compliance with the tax laws

CIPs offer a systematic approach to mitigating the main compliance risks facing the tax system. Tax administrations that adopt a standardized methodology for designing and implementing CIPs help ensure that a coherent, consistent, and repeatable approach is applied to enhancing taxpayers’ compliance. Such a methodology also helps unify the actions of the tax administration’s various functions and activities in improving compliance and safeguarding tax revenue.

Leading tax administrations develop CIPs for key taxpayer segments, important industry sectors, and major focus areas. Segments are broadly homogenous categories of taxpayers with common characteristics. The segments typically include large enterprises, small and medium enterprises, micro businesses, and high-wealth individuals. Key industry segments vary across jurisdictions and may include, for example, construction, manufacturing, wholesale and retail, extractive industries, telecommunications, and banking and finance. Major focus areas cut across segments and industries and are regarded as sufficiently important to warrant customized approaches to risk analysis and risk treatment. Examples include such areas as the informal economy (IMF, 2021; Russell, 2010b), e-commerce, and international tax issues.

Although tax administrations structure their CIPs in different ways, many CIPs share common features. An internationally typical plan would include some or all of the seven components listed below and illustrated in Figure 2:

  • Plan Overview (panel 1) contains a brief statement that summarizes the broad approaches that will be adopted in managing compliance across a particular segment, sector, or major focus area. The statement helps inform the development of the other six parts of the plan, each of which should be aligned to and consistent with the overview statement.

  • Segment Profile (panel 2) highlights the key features of a particular segment, sector, or major focus area, such as its definition, the number of taxpayers, the types of taxes that apply and amount of tax collections, and key intermediaries. These features have important implications for designing and implementing the CIP.

  • Risk Assessment (panel 3) identifies the key compliance risks within a segment, sector, or major focus area and sets a rating for each risk (for example, high, medium, low). The risks are commonly assessed against each of the core tax compliance obligations: correct registration, on-time filing, correct reporting, and full and on-time payment. The panel may also highlight other, more specific (category-level) risks, such as omitting cash income, overstating or illicitly claiming a specific deduction or credit, abusive financial arrangements, or transfer mispricing. By assessing all core risks and selected category-level risks, panel 3 provides a comprehensive picture of the overall risk profile in a particular segment, industry, or major focus area for the CIP to mitigate.

  • Risk Treatments (panel 4) are the main actions (treatments) for mitigating the risks identified in panel 3. The treatments typically comprise both facilitative (preventive) and corrective (enforcement) actions. They may also include legislative changes to correct deficiencies, remove ambiguities, or enhance the tax administration’s authorities. International experience shows that a balanced set of treatments (which includes, but is not limited to, audit) is likely to achieve the biggest impact on improving taxpayers’ compliance.

  • Workflows and Monitoring (panel 5) represent the number and type of treatments from panel 4 that will be deployed to mitigate the compliance risks. The workflows operationalize the CIP by setting targets for each tax office to deliver. These workflows would typically be included in annual plans for the tax administration’s various operational areas. Importantly, these plans should include a feedback mechanism that allows administrations to monitor and review the delivery of the planned workflows and adjust plans when required.

  • Evaluation of Compliance Impacts (panel 6) entails criteria for evaluating the CIP’s impact on improving (or sustaining) compliance and reducing the compliance risks identified in panel 3. The criteria could include, for example, the trends in the percentage of taxpayers who file tax returns on time, the level of tax arrears, the estimated tax gap, and community perceptions about the tax system and its administration.

  • Capacity Development (panel 7) describes the tax administration’s capabilities that must be strengthened to effectively implement the CIP. These capabilities typically include enhancing staff skills, improving data and analytics capabilities, and strengthening core tax administration processes.

Figure 2.
Figure 2.

Example of a Compliance Improvement Plan for Medium-Sized Businesses and Their Value-Added Tax Obligations

Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A001

Source: IMF staff.

Figure 2 presents in diagrammatic form the key elements of a CIP. The diagram is a convenient summary of the plan, which facilitates communication and discussion with tax administration staff and external stakeholders. It is typically underpinned by additional documentation that elaborates on the research and analysis used in preparing the plan. The structure of the plan depicted in Figure 2 is suitable for implementation by both advanced tax administrations and those with more limited capabilities, although the latter may find it necessary to simplify some of the plan’s underlying analysis and features as described in various sections of this note.

The balance of this note provides guidance on designing and implementing a CIP. Sections II through VIII describe the key design features for each of the CIP’s seven components. Section IX sets out the governance arrangements for managing a CIP. Section X describes the important implementation considerations for a CIP, including the main actions and major deliverables.

II. Plan Overview

The plan overview gives a concise description of the approach that is to be used in managing the compliance of taxpayers in a particular segment, industry, or focus area (Figure 2, panel 1). It outlines the plan’s broad approach to managing compliance risks and how this tactic reflects what is known about the target population’s compliance behaviors. The overview also highlights the methods for bringing the risks under control and how they are to be tailored to the characteristics and known behaviors of the target population.

The overview serves as a foundation statement for the CIP, providing the context that guides the development of the plan’s other six components (Figure 2, panels 2–7)—all of which should align with and reinforce one another. The overview also provides both senior management and operational staff with a shared vision of what the plan aims to achieve and how it will be achieved. Box 1 shows examples of overview statements for large, medium, and small business segments’ CIPs.

The plan and its overview statement are informed by intelligence, research, profiling, and analysis of the target population’s characteristics and behaviors. Stakeholder consultations usually supplement the analysis, supporting a deeper understanding of the compliance behaviors and challenges across the target population as well as the likely compliance risks. Stakeholders may include representational bodies, tax professionals, policymakers, senior executives, and field staff, each of whom have a perspective that should be considered when forming a view about the target population.

Together, all these views paint a rich picture of the target population—and the environment in which it operates. This knowledge is used to shape the other elements of the CIP, including the approaches to risk assessment (panel 3) and the design of the tailored compliance treatments (panel 4). Tailoring of treatments is intended to maximize the impacts of those treatments.

The plan overview should be considered and approved at a senior level because it sets the general direction of the entire CIP. The level at which it is approved will depend on existing governance arrangements, but it would typically be discussed and approved at the CRM steering committee or equivalent senior decision-making forum that has been assigned the role of approving the CIPs, as described in Section IX.

Examples of a Strategy Overview Statement

Large segment. “Large businesses account for half of the revenue of registered entities—despite making up only 0 1 percent of them Many large enterprises are publicly listed, have a foreign owner, or engage in international operations Because of their complexity and significance, large enterprises require that we take a different approach to our help We offer a range of advice to large enterprises to provide certainty about different tax arrangements We have a relationship management program including one-to-one account management Our approach to risk identification for large enterprises is more entity-specific than it is for other businesses We identify issues on an individual basis as well as general and industry concerns across the sector We review income tax returns for many large enterprises on an annual basis and discuss any risks identified with the large enterprise before deciding if any further action is required” (New Zealand Inland Revenue Department, 2009)

Medium segment. “Taxpayers in this segment range from simple businesses with high turnovers to businesses with complex structures involving multiple entities They generally do not have access to the same resources and expertise as large businesses, although they may have to deal with equally complex tax issues The relative lack of disclosure requirements for private companies also presents us with particular compliance challenges, as does the personal connection the controllers have with their businesses Our risk-management approach is to (1) give businesses the information and support they need to comply with tax obligations; (2) alert businesses to practices and patterns of activity that may suggest noncompliance; and (3) take action against those who deliberately or persistently fail to comply, which may include letter or phone contact, visits, audits, penalties, or court action” (Australian Taxation Office, 2008)

Small businesses. “Small businesses play a vital role in stimulating economic activity, job creation, poverty alleviation, and the general enhancement of living standards Small businesses also present a high risk because they are numerous and because their income is often neither fixed nor, in most cases, capable of easy verification against third-party data Our compliance activities focus on (1) improving registration of small and micro businesses through a registration drive with other government agencies; (2) encouraging small businesses toward a developed structure of record keeping; (3) providing more electronic options for registration, filing, and payments; (4) cooperation with other government agencies to enhance the existing ‘one-stop’ shop where small businesses can have all their regulatory needs serviced; (5) imposing administrative penalties for noncompliance including late submission of returns; and (6) the use of agency appointments for the collection of outstanding debts” (South Africa Revenue Service, 2012).

III. Segment Profile

The profile provides data on the key features of the taxpayer population in the segment or focus area for which the CIP is developed (Figure 2, panel 2). By explaining the characteristics of the target population, the profile informs the development of the whole CIP. It typically includes both demographic data and broader research into the factors that shape the population’s compliance behavior.

Demographic data describe the broad characteristics of a taxpayer population. This information provides insights into the population’s size, complexity, importance to revenue collection, and potential leverage points—all of which are critical in designing a CIP. The following data are commonly included:

  • Amount of tax collections, by tax type: Understanding the revenue contributions of a target population informs decisions about sizing of risks, prioritization, and resourcing.

  • Numbers of taxpayers, by forms of ownership: When determining the number of taxpayers within a segment, consideration should be given to identifying the economic group and to linking all associated and related entities under the common economic group.4

  • Major industry sectors: Industry composition of a segment may affect the CIP, as some industries may be subject to special provisions in the tax legislation, account for a large proportion of revenue contributions and numbers of taxpayers, and pose specific types of compliance risks.

  • Key intermediaries: Intermediaries are organizations and individuals who can influence the compliance of large numbers of taxpayers or otherwise play an important role in tax administration. They may include industry associations, tax professionals, financial institutions, and other government—including local government—agencies.

Demographic information is compiled mainly from the tax administration’s operational data. Examples include data from the taxpayer register (the numbers and types of taxpayers, form of ownership, and industry) and taxpayer accounts (the type and amount of tax payments, refunds, and tax arrears). Operational data maintained in separate databases should be consolidated to facilitate CIP preparation. Operational data can be complemented by external data—for example, national accounts data—to identify key industries and other relevant information for the plan.

In addition to demographic information, the profile draws on broader research into the elements that influence taxpayers’ behavior, such as business, industry, sociological, and psychological (BISEP) factors.5 The research should be presented to reveal any patterns and trends that may be relevant to designing the CIP, particularly in identifying and rating the compliance risks (as described in Section IV) as well as formulating treatments for mitigating the risks (see Section V). The analysis typically covers the following:

  • Business factors: The types of business, business size and structure (sole trader, partnership juristic entity, public or private, international dealings), how long businesses have been operating, and geographic distributions

  • Industry factors: The main sectors of operation and the significant characteristics of the major sectors, including competition, typical profit margins, level of regulation, financing arrangements, capital intensity, and international ownership

  • Sociological factors: The behavioral norms of the groups represented in the target population that are likely to influence compliance behaviors, such as the age, gender, general education levels, and business acumen of the business owners/operators

  • Economic factors: The impact of broader government policies, economic conditions, inflation, interest rates, international trends, specific tax provisions, and rates on the target population

  • Psychological factors: What drives the behaviors of the target population, such as fear of regulators and lack of trust in government, views about the tax administration and how it operates, the level of entrepreneurship and risk taking, and compliance levels

Each profile will be developed differently depending on the nature of the CIP and the target population, but each would be approached and structured along similar lines. For ease of presentation, the profile in Figure 2, panel 2, is limited to the demographic data. The broader and more detailed research may be recorded in separate documentation, where it can be drawn on, as needed, in developing the CIP.

The profile should be refreshed at least annually using the new information provided with the latest year’s tax filings. This approach ensures that the profile is current and representative of the latest local and global economic trends and events.

IV. Risk Assessment

Risk assessment (Figure 2, panel 3) is a crucial element in designing CIPs. The assessment involves identifying the existence of major compliance risks in the target population and, once identified, determining the significance of these risks. For each CIP, risks may be assessed in relation to core compliance obligations, which may also be broken down into more specific category-level risks as described below.6

Core compliance obligations are the fundamental requirements for taxpayers to register, file, report, and pay taxes. These four core compliance obligations are universal across all taxpayer segments, but their nature, levels, and drivers will vary significantly across segments. Assessment of risks with these core compliance obligations seeks to determine the extent of noncompliance that is likely taking place across the target population. These risks may be defined broadly as follows:

  • Registration risk: Failing to register with the tax authorities when required to do so, or registering when not required to do so (such as for fraudulent purposes)

  • Filing risk: Failing to file all required tax documents by the statutory deadline

  • Reporting risk: Inaccurate or fraudulent reporting (declaration) of the information used to determine the amount of tax due or refund claimed

  • Payment risk: Failing to make full and on-time payment of taxes due by the statutory deadline

Category-level risks are specific types of compliance risks. They may differ across populations, depending on the characteristics and behaviors of the taxpayers concerned. Examples of category-level risks for large businesses in relation to the reporting obligation for income taxes are set out in Box 2. Reducing these underlying category-level risks is necessary to improve compliance with the overarching core compliance obligations mentioned above.

Examples of Category-Level Risks for Income Tax Reporting by Large Businesses

International risks

  • Profit shifting to low-tax jurisdictions using non-arm’s-length:

    • √ Interest charges on related-party debt

    • √ Charges for offshore service hubs

    • √ Charges for intangible assets

    • √ Outbound permanent establishments

    • √ Inbound supply chains

Domestic risks

  • Recharacterization of income to exploit tax arbitrage

  • Miscategorizing expenses as research and development to receive tax concessions

  • Group structuring to shift profits to loss entities

  • Overstating tax losses or shifting losses between revenue and capital

Risk Identification

The risks to core compliance obligations are, by definition, potential risks for all segments. As a way of assessing the overall health of the tax system, most leading tax administrations routinely monitor, and track over time, the levels of compliance with each of the core compliance obligations (registration, filing, reporting, and payment) at the whole-of-population level and within major taxpayer segments. This monitoring allows the tax administration to readily identify when compliance levels are declining or reach unacceptable levels within specific populations and to target risk analysis and compliance interventions to better understand and address these areas of lower compliance.

Various methods can identify category-level risks. The typical method utilizes the intelligence gathered from current and historical compliance activities, such as risk reviews and audits, to identify common types of noncompliance. If the compliance activities reveal that a specific risk exists widely across a segment, industry, or the entire taxpayer population, then a potential category-level risk has been identified. This approach to spotting category-level risks is commonly used across all market segments—large business, medium business, small business, and even for individuals in business (sole traders). Box 3 describes the approach.

Identifying Category-Level Risks: Intelligence-Based Methods

Previous and current compliance activities (for example, registration checks, audits, arrears collection) can be reviewed to determine the existence of category-level risks that may be present across a market segment or industry sector When a risk is confirmed to exist for one taxpayer, it is likely that the same risk can exist for other taxpayers For example, a tax administration may undertake a successful audit of a café underreporting cash receipts The risk relating to underreporting of income can reasonably be expected to exist in many cafes and restaurants that accept cash payment.

Intelligence gained from productive audits and other compliance activities should be reviewed to determine if other taxpayers exhibit the same or similar risks If the results of these activities indicate that the risk is indeed prevalent within a particular segment, then the risk would be confirmed, and the risk assessment process would proceed in establishing a rating for that risk (as described in Section IV and elaborated on in Appendixes 4–7) and eventually in developing a treatment plan for that risk (as described in Section V).

This approach applies equally across all market segments In the large business sector, intelligence can be based on compliance activities within the tax administration and also on knowledge of compliance activities in other countries For example, the recent international focus on multinational tax avoidance has identified tax avoidance arrangements that are likely to be considered category-level risks in many countries (for example, the shifting of profits through transfer mispricing).

In other market segments, local intelligence is more likely to inform the tax administration of category-level risks These risks are likely to involve specific provisions of the tax law and/or industry-wide practices that are inconsistent with the tax administration’s view of how the tax laws should be applied.

Category-level risks may also be identified by forming a hypothesis of what potential noncompliance might look like and then testing that hypothesis using tax-related data. This process entails considering whether there are possible opportunities or incentives for noncompliance and then understanding how the behavior associated with these opportunities/incentives might be observed in a tax disclosure, such as a tax return. This approach utilizes an understanding of tax law to develop a testable hypothesis that can be examined by data analysts. Like the intelligence-based method described above, the hypothesizing process is used across all market segments to detect category-level risks. Box 4 elaborates on this approach.

Identifying Category-Level Risks: Hypothesis Methods

Applying a hypothesis-driven approach to category-level risk identification is useful for new and emerging risks In this situation, existing and current compliance activities (for example, audits) are not yet available This approach is also the most appropriate when new tax law is enacted, to test for and understand potential compliance risks that might arise with new law.

Relevant experts, typically in tax law and tax accounting, can review tax law and develop a testable hypothesis The hypothesis details how the tax law can be exploited to minimize and/or evade tax, and how this evasion might be evident in tax disclosures: specifically, which labels/fields will be affected in the tax return or any associated schedules For example, company entities might be revaluing intellectual property to reduce their tax liabilities through related-party debt Based on this hypothesis, the tax administration can look for company entities with high levels of related-party debt and indicia of intellectual property that might be revalued Indicia can include domestic research and development (R&D) activities and/or the payment or receipt of royalties relating to patents, software, design, and so on Data analysts can then collect and analyze the administration’s data to identify taxpayers who may exhibit the characteristics identified in the hypothesis.

If the data analysis identifies many taxpayers who meet the criteria outlined in the hypothesis, this finding would suggest a possible category-level risk Further analysis should be undertaken to identify whether any key industries or sectors or other patterns or trends must be considered when developing a risk treatment strategy.

Data-driven or statistical approaches to risk identification may also be used. Whereas traditional risk identification requires a risk to first be observed or hypothesized, data-driven approaches analyze data to identify any unexplained variances that may point to new potential risks. Both supervised and unsupervised machine learning algorithms are commonly employed in this instance (for example, the unsupervised algorithm k-means clustering and the supervised algorithm k-nearest neighbor). Other statistical methods/modeling include logistic regression, logit regression, gradient boosting, random forests, decision tree, vector support machine, and neural networks. Although these data-driven statistical approaches are applicable across all market segments, they are employed mainly in high-volume, low-complexity segments such as small business and individuals, as they require larger numbers of observations to improve precision and accuracy. Box 5 highlights common data-driven approaches; Appendix 1 elaborates on them.

Examples of Statistical Methods for Risk Identification

Descriptive Analytics

  • Many of the statistical methods used in compliance risk management (CRM) involve some form of descriptive statistics to describe populations, build a deeper understanding of taxpayer attributes, and enable detection of outliers in attributes that may represent a potential compliance risk.

  • Basic comparisons and trends across years and attributes within taxpayer segments can be effective in quickly providing new insights, such as identifying changes in taxpayer behavior (at both the individual and population levels of analysis), and identifying outliers or anomalies—particularly when used in combination with graphic/visualization tools They also have the advantage of being easier to explain compared with more complex analytic approaches such as machine learning and deep learning.

  • Outlier/anomaly detection approaches also use advanced statistical methods to detect and understand complex data patterns and relationships that are not otherwise discernable.

Predictive Analytics

  • Complex statistical methods can be used for predictive analytics by applying the identified data relationships to calculate expected values of risk attributes, which can be compared with the values submitted by taxpayers.

    • Time-series forecasting methods and peer-based nearest neighbor methods can be used, for example, to influence a taxpayer’s behavior in real time Such methods involve forecasting an expected range of values for a taxpayer’s upcoming tax return (such as for value-added tax refund claims) Where relevant, the tax administration algorithms may check the return information and prompt taxpayers as they attempt to file their electronic returns—enabling taxpayers to check for mistakes and reconfirm entered values before filing.

  • Machine learning methods (using a combination of statistical and other mathematical approaches) involve training algorithms to discern specific patterns and are often used to identify and rate taxpayer transaction information for compliance risk.

    • A relatively mature application of machine learning in CRM uses previous compliance case results (both successful and unsuccessful results) and a range of other data to train algorithms and develop predictive models for selecting audit cases This training approach is an example of supervised machine learning.

  • Extensions of the traditional machine learning approaches, such as developing predictive models using neural networks analytics (a form of computer deep learning), can also be used for risk prediction and differentiation/case selection.

Prescriptive Analytics

  • Advanced analytics methods can be used for prescriptive analytics, which may be employed in CRM not only to identify potential risks from discrepancies from predicted values but also to prescribe the optimal mitigation or treatment An example of a recommender (or next-best-action) algorithm is to recommend an optimized next action for payment compliance activities (that is, appropriate actions to take for recovering late tax payments, based on the size of the tax debt, the taxpayer’s compliance history, and other factors).

When a new risk is identified, it should be presented and discussed at a senior management committee. The committee (described in Section IX) will determine if the risk warrants further investigation and, if so, will task the tax administration’s staff (for example, functional department, segment department, risk-management department) with preparing a risk assessment to determine the significance and prevalence of the risk, as described in the following section.

Risk Rating

After a risk has been identified, the risk assessment then seeks to determine the prevalence and magnitude of the risk within and across taxpayer segments. This assessment will result in assigning a rating (for example, “high,” “medium,” or “low”) to each risk. The rating will shape the resource allocations and influence the type and intensity of treatments that the tax administration deploys to mitigate the risk, as described in Section V.

Risk ratings can be established by applying quantitative (data-driven) methods or, where data is lacking, adopting a qualitative (subjective) approach. Both approaches generate analyses that are used to support the application of a risk rating matrix, such as the one depicted in Figure 3, to assign a risk rating. As the figure shows, the rating is based on a combined assessment of the likelihood (probability) and consequence (impact) of the risk. Likelihood can be assessed by the risk’s prevalence (frequency) among taxpayers within a segment. Impact is commonly measured by the amount of revenue at risk and/or the amount of income or sales that is accounted for by taxpayers who are viewed (estimated) as possessing the risk.

Figure 3.
Figure 3.

Risk Rating Matrix (3 x 3)

Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A001

Depending on data availability, a risk rating may be determined by applying a quantitative, rules-based approach. Data will need to be compiled from the tax administration’s internal information and, in some cases, sourced from other agencies (for example, a registry office may maintain data on the number of registrations). The typical types of data are set out in Box 6. When taxpayer-level data are available, a risk rating can be calculated for each taxpayer in the segment and the results aggregated to determine the risk’s overall rating for a segment or an industry. In other instances, national account–level data (or equivalent) are used and compared against aggregated tax administration information to determine the risk rating. Appendixes 2 through 5 provide examples of risk assessment methods for core compliance obligations.

Typical Data Sources for Quantitative Risk Assessment


  • Comparison of number of taxpayer registrations in the following:

    • √ Data on company registrations maintained by the registry office

    • √ Other business registration data (for example, partnership registrations, licenses) maintained by responsible authorities

    • √ Business registration information held by chambers of commerce, trade associations, and the like


  • Comparison of population of registered taxpayers expected to file a return with tax office data on the number and value of tax returns filed on time

  • Comparison of population of registered taxpayers expected to file a return with tax office data on the number and value of tax returns filed late but within 12 months of the due date

Correct Reporting

  • Analysis of audit files to establish noncompliance rates and values

  • Comparison of returns filed to third parties (for example, customs data) to identify underreporting rates and values


  • Tax office data on the following:

    • √ Number and value of tax liabilities paid on time

    • √ Number and value of payment arrangements entered into as a proportion of total payments due

    • √ Payment arrangements ending through default

    • √ Trend over time in number and value of debt stocks

A standardized risk assessment template ensures that risk ratings are determined via a consistent approach. The template should include all the information that decision makers—such as the CRM Committee—need when deciding how a risk should be treated. It will typically include the title of the risk; a description of the risk; details of the affected market segment, industry, or other taxpayer population; a description of the drivers of the risk; the risk rating (including analysis of likelihood and consequence); and the extent to which the risk is currently under action and under control. The use of a template ensures that decisions are made on a consistent and comparable basis for all of the compliance risks across the tax administration. These templates can then be stored in a risk register (described below) as a permanent record supporting the decisions made and actions taken.

Compliance risks are commonly recorded in a risk register. The register acts as a repository for all current and past risks. It is typically a database that contains important, searchable metadata for each risk, such as a definition of each risk, likelihood and consequence ratings, and the number and types of taxpayers who exhibit the risk. Box 7 describes the typical contents of a risk register.

Risk Register Content

  • A name and unique identifier number for the risk

  • The status of the risk (open/closed) and the date that the risk was approved

  • A description of the key risk drivers and how it affects compliance

  • The risk rules for assessing the likelihood and consequence of the risk

  • An assessment of the likelihood (probability) of the risk’s occurrence and the possible consequences of its occurrence (a brief high-level description of the implications of the potential consequences of the risk)

  • An overall risk rating (high, medium, low) and risk rating documentation

  • Whether a treatment plan is in place (yes or no)

  • An outline of proposed mitigation actions (including preventative, facilitative, and enforcement actions) This should be expanded in supporting documentation, such as a treatment plan (Box 8) for the risk and high-level analysis supporting the proposed treatment plan’s specific actions

  • Identification of other stakeholders that may also be impacted by the risk

  • Whether the risk is emerging or existing (is it an emerging risk or already present/current risk?)

  • The next review date for this risk

  • The division or area and the position details of who will be responsible for overseeing the risk including the risk owner, risk manager, and a contact officer1

1 A risk owner is a senior staff member with overall accountability for the risk A risk manager is a staff member with operational responsibility for managing the risk The risk manager may also be the risk owner The risk contact officer is the first point of contact and can be risk owner/manager.

In the absence of data, a risk rating may be determined by applying a qualitative approach. This approach could be undertaken through a workshop in which the views and experiences of a group of senior and operational tax officers are considered, discussed, and agreed on to arrive at risk likelihood and consequence ratings. This approach relies on anecdotal evidence, such as the practical experience of senior staff, and results in the assignment of a preliminary risk rating (high, medium, low).

V. Risk Treatments

Risk treatments encompass the actions that a tax administration deploys to mitigate each major compliance risk (Figure 2, panel 4). The set of treatments is customized to reflect the nature and severity of the risk as well as the characteristics of the target taxpayer population and the behaviors of the taxpayers in the population. CIPs typically provide a balanced set of treatments (including both facilitative and corrective actions) to maximize compliance outcomes across segments and focus areas.

Tax administrations commonly apply three broad categories of treatments:

  • Facilitative treatments aim at helping taxpayers (and tax intermediaries) understand and comply with their tax obligations. These treatments (also referred to as preventative treatments) should include proactive taxpayer education programs and informative products that are delivered through a variety of user-friendly service channels (for example, telephone, website, brochures, fact sheets, rulings) and customized to the needs of key taxpayer segments (TADAT, 2019, 51– 62).

  • Corrective treatments are enforcement actions aimed at redressing previous (and deterring future) incidences of noncompliance involving taxpayers’ registration, filing, reporting, and payment obligations. These treatments should include a broad range of verification activities (for example, registration checks, advisory audits, data matching processes, and both limited-scope and comprehensive audits) and actions for recovering delinquent tax returns and tax arrears (for example, warning letters, default assessments, asset seizures, payment plans). Efforts should be deployed according to taxpayers’ circumstances and risk level (TADAT, 2019, 21–30, 63–97).

  • Legislative treatments involve changes to the legal framework. These treatments seek to reduce the scope for noncompliance and ensure that the tax administration has sufficient authorities to administer the tax laws. Actions should include revisions to the tax legislation and regulations as well as the issuance of operational guidelines that support tax officers with the practical application of the legislation and regulations.

A balanced mixture of treatments is normally required to address each compliance risk, because the underlying causes and motivations for noncompliance typically vary from taxpayer to taxpayer. For some taxpayers, noncompliance may be unintentional, reflecting a genuine lack of understanding of the tax laws or an inability to comply with them. In these cases, the tax administration will place relatively greater emphasis on facilitative treatments and potentially on law reform and simplification of administrative requirements. For other taxpayers, noncompliance reflects a deliberate decision to disregard the law or to interpret its provisions in a way that is most advantageous to the taxpayer, despite the legislative intent. In these cases, an emphasis on corrective treatments would be more appropriate. These differences necessitate treatment plans that include a mixture of facilitative, corrective, and legislative measures (Russell, 2010a).

Treatments may be applied on a (1) one-to-one basis, (2) one-to-several basis, or (3) one-to-many basis. The different characteristics among treatments allow the tax administration to deploy them strategically across taxpayer segments and risks:

  • One-to-one treatments are generally designed to apply to a single taxpayer, require a high degree of customization, and may entail significant administrative costs. These characteristics make individually tailored, one-to-one treatments well suited for taxpayers with high compliance risks and/or with unique or very complex tax issues. Examples include audits, private rulings, and other individualized information products. Large business taxpayers with complex affairs will typically be subjected to proportionately more one-to-one interactions compared with a typical medium or small taxpayer.

  • One-to-several treatments are generally designed to apply to a subset of taxpayers with common characteristics. These treatments require some customization, may require one-to-one follow-up action, and incur moderate administrative costs per taxpayer treated. Examples include public rulings, industry-specific information products sent to identified taxpayers who appear to have made errors, and use of tax agents to review filings in which clients appear to have made similar errors. One-to-several treatments are appropriate for circumstances in which there is a need to address similar tax issues and/or in which individualized one-to-one treatments for all affected taxpayers would be impractical (such as due to administrative costs or deadlines). When one-to-several treatments are used, tax administrations must follow up on taxpayers who do not respond to the treatment; failure to do so will impact the tax administration’s credibility. One-to-several treatments may be used across all segments but will typically be employed more intensively in mitigating the risks posed by smaller numbers of taxpayers— often for medium businesses or others with moderate revenue risks.

  • One-to-many treatments are generally designed once and applied to a large number of taxpayers. These treatments require minimal customization (or involve customization that can be automated) and, after their initial design, entail limited need for one-to-one follow-up actions and relatively low administrative costs per taxpayer treatment. Examples include general information products; public rulings; benchmarking letters that advise outliers to review their position; and data-matching discrepancy letters, (Slemrod, 2019). They are particularly useful for situations in which a minor risk for each taxpayer might aggregate to a more significant risk across many taxpayers.

Figure 4 presents a framework for differentiating the mix of treatments with the risk level and the characteristics of the taxpayer segment.7 As the figure shows, treatments are applied in a graduated manner according to risk severity. Accordingly, the treatments will shift from a service (facilitative) focus to an enforcement (corrective) focus as the risk level increases. Similarly, the treatment approach tends to vary across segments, depending on, among other factors, the number of taxpayers in the segment and the amount of revenue collected. As such, tailored one-to-one treatments will be applied extensively to the larger business segment (which features a relatively small number of taxpayers and a large amount of revenue). In contrast, the medium and small business segments will typically have proportionally more one-to-several or one-to-many treatments applied (as they will normally feature relatively larger numbers of taxpayers and lower amounts of revenue per taxpayer compared with the large business segment).

Figure 4.
Figure 4.

Tailoring the Risk Treatments to Segments and Risk Posture

Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A001

Note: The risk treatments used at each increased risk level can include those shown in lower risk categories. Source: IMF staff.

Figure 4 displays the treatments’ relative emphasis across segments and not their absolute numbers. Many of the treatments will be applied to all segments, but their proportion will vary across segments according to the segments’ risk levels and other considerations. For example, because the small business segment generally presents a relatively low revenue risk, when compared with the large business segment, the treatments tend to rely more on one-to-many measures (both facilitative and corrective). However, the treatments may elevate to one-to-one corrective measures for those small businesses whose behavior is particularly egregious or fraudulent. For example, small businesses will be subject to a proportionally small number of audits (relative to the number of taxpayers in the segment), and most of the audits will entail automated processes or simple (desk) audits. Nevertheless, some small businesses may undergo a more complex (comprehensive) audit if their noncompliance involves a significant amount of revenue relative to that of other small businesses or if their behavior jeopardizes the community’s confidence in the fairness of the tax system.

The various treatments will be packaged in a treatment plan that specifies the types of treatments that are to be applied and the criteria for evaluating their effectiveness for mitigating the risk. The plan will typically include most of (if not all) the information contained in the risk register (as outlined in Box 7). As such, the plan should describe the risk and why it is important as well as its likelihood and consequence (and overall risk rating). The plan would also set out the considerations and options for dealing with the risk (that is, mitigation strategy and treatment options, including costs/resources needed), the rationale for the risk treatments chosen, and how the plan outcomes will be delivered and measured. Box 8 summarizes the type of information commonly included in a treatment plan.

A standardized risk treatment plan template provides a useful means to ensure a level of completeness and consistency of treatment plan information across risks. Such template provides a common format and specifies the information requirements to support comprehension, comparability, and aggregation of risk treatment plans. The template facilitates, for example, the identification of potential resources and skills required to implement the risk treatment plans, the appropriate allocation of skilled staff who may be in short supply, opportunities for combined action when multiple risks apply to specific taxpayers, and better-informed decisions on the overall mix of treatments and their timing.

The risk treatment plan should be reviewed and updated periodically. This vigilance enables the plan to reflect changes in context and any other new or improved information (including from mitigation feedback/results monitoring) as it becomes available.

Contents of a Risk Treatment Plan and Risk Treatment Template

Aspects typically covered in a risk treatment plan include the following:

  • An executive summary/overview

  • Treatment plan contacts, including who is accountable for managing the risk and delivering the treatments

  • The risk context, including the following:

    • √ A description of the risk and why it is a problem

    • √ How the risk has emerged/evolved—including, for example, its expected trajectory (whether it is increasing quickly, stable, and so on) and any drivers or other factors that might influence the future nature or proliferation of the risk

    • √ What previous actions have been taken to mitigate the risk (if any) and the outcomes/effectiveness of these earlier efforts

  • Risk mitigation strategy and treatment considerations:

    • √ How the risk population can or will be identified for treatment

    • √ The strategy and treatment element options and rationale

  • Strategy and treatment elements to be adopted (or recommended), including the following:

    • √ The mix and intensity of treatments to be deployed

    • √ The estimated resources/costs/capabilities required—including data requirements, information technology (IT) and data analysis infrastructure, and the numbers and range of staff skillsets required

    • √ The expected outcomes—the criteria for evaluating their effectiveness in mitigating the risk (including impacts on current revenue and risk behaviors and on locking in sustained improvements)

    • √ How the outcomes will be monitored and measured

  • A risk treatment delivery plan including the following:

    • √ A granular-level description of the treatment elements to be applied

    • √ The staff and Infrastructure resources to be applied over the treatment delivery period

    • √ The workflow targets and timeframes for delivery of each treatment element (so that delivery progress can be monitored)

    • √ The planned outputs and outcomes from treatment elements

  • A monitoring and evaluation plan including the following:

    • √ The performance indicators to be monitored and measured, covering treatment plan inputs and outputs, and risk mitigation outcomes

    • √ The staff, infrastructure, data, and data capture processes to be applied

    • √ The progress reporting and final reporting timeframes for each performance indicator

VI. Workflows and Monitoring

Effective CIPs include workflow targets and reporting systems for monitoring their delivery (Figure 2, panel 5). Workflow targets are the number and types of treatments (for example, taxpayer services, audits, arrears collection activities) that the tax administration intends to deliver during the year for each taxpayer segment and/or major focus area. The workflows are meant to operationalize the treatments highlighted in Figure 2, panel 4, and are typically set out in annual plans (sometimes referred to as action or operational plans), which may include overall tax administration–wide targets and separate targets for each field office. Table 1 presents examples of workflows for the core compliance obligations.

Table 1.

Illustrative List of Workflows for Key Compliance Obligations

article image

Several factors must be considered in setting workflow targets. Examples include the amount of revenue accounted for by a particular segment, the amount of staff resources available, and the average amount of time required to complete each treatment. In setting workflow targets, tax administrations must distinguish between those activities that are initiated by taxpayers (for example, submission of tax returns, telephone enquiries, requests for private rulings) and those that are initiated by the tax administration (for example, issuance of information products, audits, arrears collection). Unlike tax administration–initiated activities, which can be delayed or deferred, taxpayer-initiated activities tend to be nondiscretionary and mandatory. Appendix 6 provides an example of how to set workflow targets for a particular taxpayer segment.

In measuring performance, staff members routinely focus their attention on those targets that are measured, so it is important to have a comprehensive framework. Such a framework should measure all the activities considered to be significant and should also balance measures of both workflows and outcomes. Failure to do so may drive behaviors focused on outputs (workflows) at the expense of outcomes. Section VII further discusses evaluation of compliance outcomes.

Once the workflow targets have been set, tax administrations must monitor their delivery. The field offices should produce periodic reports, normally on a monthly or quarterly basis, for headquarters review on their delivery of the planned workflows. To promote accurate reporting, the information in the reports should, wherever possible, be generated automatically as by-products of the tax administration’s workflow management system instead of being prepared on an ad hoc basis. Where workflow delivery is found to be off track, the tax administration’s management will identify actions to bring the delivery back on track (including by reallocating resources) or adjust the targets to a more appropriate level.

The monitoring framework is also concerned with the quality of the workflows. Quality can be measured by comparing a sample of treatments (for example, audits, arrears collection actions, taxpayer services) conducted by tax officers against a prescribed set of standards in terms of accuracy and timeliness. For each treatment, an established set of procedures should be in place that directs how the work is to be performed. Check sheets can then be developed for reviewers to assess the extent to which the correct and timely procedures were followed. Reviewers apply the check sheets to a sample of treatments to determine whether the appropriate procedures were followed and, on that basis, assign a score to each case. The case scores can then be tabulated for the entire sample, to calculate an overall quality rating for each treatment.

Some tax administrations have developed a centralized workflow management system (WMS). These systems are designed to facilitate and monitor the allocation and progress of work across tax officers, teams, and offices as well as to generate automated reports on the stocks and flows of the tax administration’s work.8 When cases are selected for the various risk treatments, they can be entered into a WMS, which, in turn, allocates the work to the office/team/officer who has the capacity and capability to undertake it. This automated process would see cases given to an officer’s in-tray for action. Officers would update the progress of a case and key milestones into the system and, upon completion, close the case.

The WMS should be accessible by managers to monitor live case work and used to generate management reports. These reports can be tailored to provide information on, for example, the stocks and flows of cases and the timeliness of cases, including such measures as days elapsed between commenced and finalization of case, and days elapsed between key milestones. These measures can be used to monitor performance and to drive improvements in the administration’s performance.

Workflow management should be undertaken by a dedicated workflow management team in each of the tax administration’s departments. This team should have end-to-end responsibility for the WMS, if one is available, and associated processes. The workflow management team works with other tax administration departments during their planning processes to understand the type and number of proposed activities for the year. The team would then develop the workflow plan, including case numbers and expected performance standards, and assign and track the progress of work, highlighting any emerging backlogs, and generate and present performance reports to management. On this basis, the team obtains outputs from the various case selection processes and loads them into case management for allocation.

Where data (and supporting systems) are limited, the workflow management process should include a focus on improving monitoring and evaluation data. The workflow management team plays an important role in building this capability. Initially, the team may establish workflow targets for a few of the more easily measurable indicators and manually allocate cases to a few pilot tax offices. As experience is gained, the number and types of indicators can be expanded to additional tax offices and an automated WMS developed.

Insights from the workflow management process and workflow management team would be an important input into the administration’s capability and capacity development, as described in Section VIII. Performance reports would highlight areas for improvement, which would be addressed through training and development efforts.

VII. Evaluation of Compliance Impacts

Evaluation is concerned with determining whether the CIPS are achieving their expected outcomes (Figure 2, panel 6). Whereas the monitoring framework described in Section VI is designed to assess the extent to which the workflows have been delivered in line with their planned targets and quality standards, evaluation assesses the extent to which the collective impacts of tax administration activities (including, but not limited to, CIP workflows) have brought about the intended tax compliance outcomes as described below. Evaluating the impacts of a tax administration’s actions to reduce compliance risks can be challenging; it is no surprise that this is often the weakest link in CIPs.

Many tax administrations align the framework for measuring compliance outcomes with the OECD focus areas for measuring tax compliance outcomes (OECD, 2014):

  • Revenue outcomes: Relates to collecting (enforced or voluntary) the right taxes at the right time and is evaluated through measures such as audit yield and total revenue effects

  • Voluntary compliance outcomes: Relates to shifting taxpayer compliance behavior toward higher unprompted voluntary compliance levels. Measures include monitoring trends in core compliance obligations and tax gap trends.

  • Integrity outcomes: relates to whether taxpayers and the community have confidence in the operation and fair administration of the tax system. Better perceptions are known to be a lead indicator of improving voluntary compliance.

Measures of revenue outcomes consist of direct and indirect revenue effects, referred to as total revenue effects. The measure combines the audit yield (direct effects) and wider revenue effects (indirect effects). Audit yield is the collection of the liabilities raised from enforcement activities and includes the adjustments, interest, and penalties. Wider revenue effects are an estimate of the additional revenue received from taxpayers who have been influenced by interventions; these effects represent revenue resulting from improved voluntary compliance following those interventions.

It is important to ensure that there is a reasonable and defensible connection between the treatment and the claimed outcomes, such as observed changes in taxpayer behavior. These estimates are supported by the development of statistical techniques for evaluating potential flow-on (indirect) effects from direct tax administration interventions as well as revenue benefits arising from a broader range of interventions. Indirect effects measures use methodologies that involve control groups to support the evaluation of the flow-on revenue effects as well as the revenue effects of facilitative service treatments, such as personalized reminders and other compliance prompts.

Because tax administrations may struggle to establish methodologies for measuring indirect effects, they may commence with simpler approaches while building a more comprehensive framework for evaluating revenue performance. Simple approaches could include measuring trends in actual revenue collection for each segment. Although there is no clear connection between trends at this level and the activities of the tax administration, such measures can provide some (broad) indication as to whether compliance behaviors are improving, particularly if the revenue increase exceeds that which may have been explained by changes from macroeconomic impacts on tax bases and/or tax policy changes.

Even with the use of these advanced methods to assess revenue yield, total revenue effects remains an incomplete measure. Total revenue effects is, out of necessity, a conservative measure and does not capture all the revenue effects generated where the nexus between the treatment and the revenue is not considered to be rigorous enough. This is especially true with more broadly targeted treatments such as general guidance products and public rulings.

Another measure of revenue outcomes is tax assured. This measure assesses the proportion of the tax base where the tax administration has a high level of confidence that the correct amount of tax has been declared. This confidence may flow from activities such as data matching, including third-party reports (such as employer declarations), or from cooperative compliance arrangements with large taxpayers.9 Tax assured may be seen as a measure of voluntary tax compliance, although compliance may be motivated by the knowledge that the tax administration has data sources to detect underreporting. Publicizing tax-assured activities and amounts may help improve confidence in the tax administration, enhancing integrity outcomes.

The evaluation framework should also include voluntary compliance outcome indicators for tracking compliance with core obligations (registration, filing, reporting, and payment). For each indicator, the tax administration should establish a baseline level of performance and then target and track changes over time. The implementation of CIPs for each taxpayer segment would be expected to contribute to improvements over the baseline. The core compliance indicators can be supplemented by compliance gap estimates, which present a broader measure of compliance across all compliance obligations.10

Integrity outcomes are monitored using measures of perceptions about the operation and fair administration of the tax system, as well as measures of quality. Many tax administrations conduct some form of taxpayer and stakeholder surveys about satisfaction with service levels, but such feedback is often limited in scope. Enhancing the quality of services is important, but this is not enough to understand and improve community attitudes about tax administration fairness or professionalism, or the level of confidence that the community has in tax administration. To provide these insights—and help tax administrations implement services and other measures likely to boost voluntary compliance levels—surveys must also focus on these matters specifically. To facilitate analysis, surveys should be conducted, and results compiled, for major taxpayer segments, taxes, sectors, and locations. Other factors such as quality and timeliness of administrative actions and the levels and types of complaints should also be tracked.

Tax compliance outcomes tend to be compiled on an annual basis because it can take time for shifts or trends to become apparent, particularly for annually assessed taxes such as individual and corporate income taxes. Other taxes with more frequent reporting, such as the VAT and withholding taxes, may be monitored more frequently. Table 2 gives examples of indicators that may be used in evaluating the impact of CIPs on each of the three elements for assessing compliance outcomes.

Table 2.

Illustrative Tax Compliance Outcome Indicators

article image

Some tax administrations use prescribed evaluation methodologies, often documented in a standardized template, to ensure consistent and comprehensive analysis. Such an approach promotes rigor in the gathering and citations of evidence, and the documentation of the methodologies used; it also supports potential subsequent independent evaluation. Typically, the standardized template would include details on the methodology used, including selection of the test sample and control group; the data and data sources; the level of confidence in the data and assessment; and the basis on which the changes observed are attributed to the actions of the tax administration, including any extraneous factors that may have contributed to the observed patterns.

Monitoring workflows (Figure 2, panel 5) and evaluating tax compliance outcomes (Figure 2, panel 6) should be complementary. Taken as a whole, the workflow (outputs) and tax compliance outcome indicators provide an overall view of the efficacy of the CIPs in mitigating the main compliance risks posed by taxpayers in each segment and across the whole tax system.

Where evaluation capacity is weak, tax administrations may seek to build up capacity in a gradual manner. Revenue outcome measures may be initially limited to trends in collection and enforcement results while the tax administration develops its methodologies for measuring total revenue effects and revenue assured. Voluntary compliance outcomes may first focus on monitoring trends in core compliance obligations (including trends in collections relative to proxy tax bases) while a tax gap analysis program is under development. Integrity outcomes can begin with surveys that are limited to relatively few questions and conducted on only one or a few taxpayer segments, tax types, and locations. The surveys can expand to include other integrity indicators (such as quality and timeliness of administrative actions) as the tax administration’s evaluation capacity grows.

VIII. Capacity Development

Capacity development involves those capabilities the tax administration needs to enhance in order to effectively implement CIPs (Figure 2, panel 7). Tax administrations face many challenges in adopting CIPs, including weak legislative frameworks, ineffective organizational and management arrangements, poorly designed tax administration processes, rigid human resource management policies, and inadequate information technology (IT) systems and data holdings. Addressing these weaknesses is critical if the tax administration is to effectively analyze risks, develop and implement treatments, and monitor and evaluate results.

New management and organizational arrangements may need to be created or existing ones refined. A high-level CRM Committee (as described in Section IX) should be established to review, approve, and oversee the CIPs. A dedicated working group (also described in Section IX) is needed to design and manage the implementation of each CIP. A specialized risk-management unit may be needed to provide technical support in identifying emerging compliance risks and designing risk filters. Crucially, the tax administration’s various departments must work with each other in a highly collaborative manner to ensure that a coordinated, tax administration–wide approach is applied in designing and implementing the CIPs. Achieving such collaboration will often require strong executive leadership to overcome the tendency for departments to operate in silos.

Administrative processes should be reviewed and tailored to the characteristics of the different taxpayer segments. The tax administration could consider benchmarking its existing treatments against those of other tax administrations, with a view to identifying any treatments that are used in other countries and that may be suitable for adoption.11 In addition, guidelines should be prepared that inform the types of treatments (both preventive and corrective) that should be deployed according to, among other factors, the risk and the size of the taxpayer. More ambitiously, the guidelines could be built into the tax administration’s case selection and WMSs so that, for less complex cases, the treatments could be automatically identified at the time a case has been selected for action.

Information systems and analytics capabilities may need to be strengthened. As a first step, tax administrations should review and document their existing data holdings. This effort includes identifying and understanding any data quality issues and determining which elements of the existing data holdings will be required to support CRM—this will allow the tax administration to determine any steps that need to be taken to make required data available for timely and easy use by computer analysis. Ideally, this documentation would be organized and structured in a standardized way, and then used to develop a data catalogue (also referred to as a data asset register) for CRM information.12

Tax administrations should consider a range of issues when deciding on an appropriate infrastructure and toolset to support their CIPs. International experience strongly recommends adopting a single centralized CRM database, separate from existing operational databases, along with infrastructure and tools to support an advanced analytics capability. Cloud-based options should be considered for some or all of these needs, given such advantages as continuous access to contemporary tools and technology for analytics as well as flexible scaling of computation and storage capacity.

A range of tools, techniques, algorithms, and analytic risk models are also required. Examples include statistical analysis, statistical modeling, outlier detection, pattern recognition, data visualization, data mining, text mining, network analytics, machine learning, natural language processing, and computer vision. Algorithms and analytic models may include those developed internally and those sourced externally.

Some applications will be more relevant than others. Important core capabilities include an ability to acquire, load, store, and access all taxpayer-related data holdings needed for risk analysis and treatment strategies. The data should include each taxpayer’s allocated segment and any past compliance risk treatments and their results. In addition, CIPs also require an ability to identify and analyze risk indicators across taxpayer populations and to profile each individual taxpayer. This requirement could be reached by using a single analytical database, as described above, and by trialing a commercial off-the-shelf software (COTS) or open-source business intelligence and visualization (BI&V) tool. Modern COTS BI&V tools typically incorporate some advanced statistical functions or can integrate with analytic models. Appendix 7 describes other useful applications for supporting the development and implementation of CIPs.13

Specialized skills, particularly for data and analytics capabilities, are needed to support the CIPs. Tax administrations typically use multiple mechanisms to build these capabilities—for example, supporting several staff each year to upgrade their qualifications via part-time tertiary-level studies (and sometimes full-time studies). This effort could be supplemented by provision of licensed online packaged training options (where available). Participating staff may be allowed to allocate some work time each week to this instruction. Benefits are maximized if staff can apply their education in the workplace during or soon after the training. Staff should be encouraged to share what they learn with their colleagues as well as present relevant information from any conferences attended.

Tax administrations also arrange skills transfer from consultants and contractors to build specialized competencies. Tax administrations often engage short-term consultants, contractors, and development partners to supplement existing capability or to provide specialist services. This engagement is often an opportunity for skills transfer to tax administration staff, which is best achieved by specifying a skills transfer requirement in the contract documentation. Proper planning for and monitoring of this effort ensures that the intended degree of knowledge transfer occurs and the intended capability increase persists. Often, tax administrations must temporarily reduce other work requirements of transferee staff; this workload decrease ensures that staff members have sufficient time to absorb and then embed the new skills and knowledge by applying it during the consultant or contactor engagement period. Tax administrations should consider including CRM-related skills and knowledge transfer requirements in the contracts they sign with external consultants and contractors. The skills transfer requirement should be regarded as a key element in any contract— and should be specified and planned, and outcomes monitored accordingly.

Retaining staff with specialized skills, particularly in IT and data analytics, is crucial to sustaining CIPs. These skills are scarce and very much in demand in both the private sector and academia. Competition to recruit and retain such staff is intense; however, tax administrations may attract valuable candidates by providing staff with training and educational programs, regularly recognizing career milestones and other professional achievements, and offering an opportunity to use advanced analytics to serve a wider public interest. While remuneration may be constrained by government-wide policies and may not be as lucrative as that offered by the private sector, it may be possible to design a retention incentive scheme that offers staff more flexible working arrangements and, for those with high-level or unique qualifications, a bonus payment in return for agreeing to a specific period of employment (Internal Revenue Service, 2021).

A workforce plan should support CIP implementation. CIPs, if developed appropriately, will involve shifts in the types of compliance interventions used as well as modifications to how these interventions are delivered in the field. These changes are likely to require a different mix of staff capabilities and may also necessitate changes in the numbers and levels of staff assigned to different functions. A workforce plan will be necessary and should include an evaluation of the jobs and competencies/capabilities required to deliver the CIPs; an assessment of the current workforce’s competencies/capability and locations compared with those required (often referred to as a gap analysis); a strategy for training, deployment, and recruitment to address gaps; a location and accommodation strategy to ensure that the skilled workforce is able to be located where needed; and a succession plan.

IX. Governance Arrangements

Proper governance arrangements are needed for managing the design, implementation, and monitoring of the CIPs. These arrangements will vary, depending on the tax administration’s existing organizational governance structures and processes as well as whether any CRM governance measures are already in place. Typical CRM governance arrangements include the following:

  • Establishing a specialized CRM Committee responsible for approving and overseeing the CIPs or assigning this responsibility to an existing senior committee; and

  • Assigning responsibility to a specific department(s) for designing the CIPs. The assigned department should also include a working group to conduct research and analysis, consult with relevant departments, and design each plan

Such arrangements help bring about greater integration and coordination among core tax administration functions that together determine compliance outcomes.

Tax administrations commonly establish a top-level CRM Committee to approve and oversee the implementation of CIPs and other key CRM tasks. Some tax administrations create a single committee to oversee all CIPs; others may establish a separate committee for clusters of plans such as for each taxpayer segment. The CRM Committee is typically chaired by a top-level official (for example, an official who reports directly to the tax administration head) and includes as its members senior officials from relevant tax administration departments. Its main functions include reviewing, approving, and overseeing all CIPs developed by the working group (described below). The committee normally meets on a quarterly or monthly basis, or more frequently if required, to review progress and resolve any major issues. It is typically supported by a full-time secretariat responsible for liaising with officials, bringing matters to the committee, preparing meeting papers, following up on action items, and conducting research on behalf of the committee.

Tax administrations have adopted different arrangements for assigning responsibilities for designing CIPs. In cases in which the tax administration has a CRM department,14 that department may be assigned either broad or limited responsibilities for the CIPs and for supporting the CRM Committee. Some tax administrations task the CRM department with end-to-end responsibilities for designing the CIPs in cooperation with other headquarters departments; other tax administrations limit the CRM department’s responsibilities to preparing guidelines and providing analytics support. In these tax administrations, other headquarters’ departments are responsible for applying the guidelines in designing the CIPs.

A key consideration in assigning CRM responsibilities within a tax administration involves the tax administration’s experience with CRM programs. For those tax administrations that possess limited CRM expertise, a compelling case can be made for concentrating the responsibilities for CIPs in the CRM department. Over time, as capability matures, other parts of the organization may play an increasing role. For those tax administrations with considerable CRM expertise, the CRM department’s role is often limited to designing guidelines and providing analytical support, with other departments taking the lead in developing the CRM programs.

Tax administrations should create working groups to design and monitor the implementation of the compliance activities. Each CIP typically has a working group headed by a risk owner and whose members include subject matter experts, data analysts, risk and intelligence specialists, and other technical staff.15 The working groups submit their proposed CIPs to the CRM Committee for approval. Once approved, the CIPs are sent to the various headquarters departments, where they may be incorporated into the departments’ overall annual work plans and communicated via the normal channels to the field offices for execution. Working groups regularly monitor implementation and periodically report progress to the CRM Committee.

The tax administration’s leadership must ensure that the working groups have the authority to coordinate the design and implementation of the CIPs across the organization. When the tax administration is organized into departments based on taxpayer segment (for example, large, medium, and small taxpayers), a senior official from the relevant segment department typically heads the working group in designing that segment’s CIP. When the tax administration is organized into departments based on function (for example, taxpayer services, audit, arrears collection), the working groups are often headed by an official from one of the functional departments or the CRM department. In all cases, the CRM Committee would appoint the working group’s head and members.

X. Key Implementation Issues

The challenges in implementing CIPs should not be underestimated. Full implementation, including building CIPs for all segments and major focus areas, is likely to take considerable time to achieve and will require significant resources for both staffing and infrastructure. A change of this magnitude and importance requires systematic oversight, planning and management, and a full-time and ongoing commitment of resources.

Projects of this level of complexity benefit from a process of experimentation, evaluation, and iteration to test and refine design elements before full deployment. This approach may be best supported by choosing a suitable pilot area to test (and enhance) the methodologies for designing, deploying, and evaluating the CIPs. Options for pilots should be considered across taxpayer segments, major focus areas, and category-level risks.

It may be beneficial to choose one taxpayer segment as the initial pilot—possibly adding a major focus area and/or category-level risk later. Factors to consider in choosing pilot projects include current CRM organizational arrangements; the nature, quality, and quantity of data available; and the existing data management capability and capacity. Although minor deficiencies can be rectified as part of a pilot, it is unlikely to be feasible to effectively test methodologies if these factors are materially inadequate.

Particularly important in choosing a pilot are the CRM organizational arrangements and processes. They will be critical if a cross-organizational pilot is chosen. If cross-cutting organizational arrangements and oversight processes have not been established and are not feasible to be set up as part of the pilot, then a more limited pilot that can be confined to an existing organizational division or unit would be preferable to ensure appropriate governance.

For many tax administrations, an initial focus on the large business segment may be a sensible option. Most tax administrations have established a large taxpayer organization to manage the compliance of the country’s largest enterprises; such an arrangement presents a convenient platform for piloting new tax administration reforms such as CIPs. In addition, the tax administration’s data repositories for large businesses are often centrally held and significantly more complete than are those for other taxpayer segments. This centralized information depository facilitates identifying and assessing risk; developing comprehensive treatment strategies; and creating and testing other activities, such as monitoring and evaluation approaches, that are critical to designing and implementing effective CIPs.

In parallel, early trialing of statistical approaches for risk assessment could be piloted for common risks found among smaller taxpayers. The greater number of smaller taxpayers is likely to be more conducive to using large-scale analytic methods than would be the smaller number of large taxpayers. For this reason, it could be useful to trial statistical approaches for selected risks in the small taxpayer populations. These methods may be confined to a few tax offices where the data holdings on small taxpayers are of sufficient breadth and quality to support analysis. Limiting initially the application of statistical methods to a few tax offices would allow the tax administration to quickly trial various statistical methods suitable for analyzing larger populations. It would also allow the tax administration to identify and address any significant data, infrastructure, and methodological issues before extending CIPs and other CRM activities more broadly.

The implementation of the CIPs should be supported by a detailed plan that sets out the key milestones and deliverables. Key milestones are listed below, and major deliverables are listed in Table 3:

  • Select a particular taxpayer segment or major focus area to pilot the development of an initial CIP.

  • Appoint a CRM Committee and secretariat, to approve and oversee the CIP, or assign these roles to an existing senior committee.

  • Agree on the responsibilities of the tax administration’s various departments in designing and implementing the CIP.

  • Appoint a working group and a group leader to prepare an action plan for the pilot project, including an identification of the resource requirements for its implementation.

  • Undertake analysis and profiling of the pilot segment or focus area.

  • Select and apply a methodology for identifying and rating the compliance risks, taking into account existing data holdings and additional data that realistically could be compiled during the pilot.

  • Fully complete the CIP design (including determining the number and types of risk treatments to be deployed and agreeing on the measures for monitoring delivery and evaluating impacts).

  • Begin implementing the CIP and prepare the quarterly performance reports by a stipulated date for presentation to and consideration by the CRM Committee.

  • Provide feedback to the working group and modify the CIP to address weaknesses and/or areas of underperformance.

Table 3.

Major Deliverables for Implementing a Compliance Improvement Plan (CIP)

article image
article image
Source: IMF staff
Compliance Risk Management: Developing Compliance Improvement Plans
Author: Mr. John D Brondolo, Annette Chooi, Trevor Schloss, and Anthony Siouclis