Appendix 1. Statistical Methods for Risk Identification
When a tax administration has access to a significant volumes of data, a data-driven or statistical method can be used to identify compliance risks. Data-driven approaches can detect anomalies or variances in data ,/ that might otherwise go unnoticed. These approaches also allow for data to be matched and analyzed quickly to identify variations or variances that may indicate a risk. The rapidly changing environment makes it impossible to compile an exhaustive list of data-driven approaches, and no one approach is better than another. With a growing prevalence of open-source statistical packages, and increasingly faster and cheaper computing power, most tax administrations can now make use of these sophisticated approaches to data analysis to identify category-level risks.
The most important part of data-driven risk identification is accepting that variation alone does not automatically mean a risk exists. Any variation or inconsistency identified through data-driven or statistical methods indicates a potential risk. Further analysis must be undertaken to understand why the variation may be occurring and to identify the underlying compliance issue causing the variation. This additional work may include a detailed analysis of taxpayers’ returns, a sample of specific enquiries with taxpayers, and, in some cases, specific-issue and/or comprehensive audits of selected cases.
If the underlying compliance issue cannot be determined, then a compliance risk does not exist. The variation must be able to be defined with reference to tax law. For example, k-means clustering of a large data set can identify an optimal number of clustering and observations that are a significant distance away from a cluster; however, the distance from a cluster alone is not a compliance risk. Instead, analysis of the underlying data is needed to establish the underlying tax compliance risk, which might be, for example, that the distance represents claims of business deductions for a certain industry and income segmentation. In this case, the underlying compliance risk is overclaiming business deductions to reduce tax.
Statistical and other CRM analytic approaches are often categorized as the following:
Descriptive (and also sometimes referred to a descriptive [what] and diagnostic [why])
Predictive
Prescriptive
Descriptive/Diagnostic Analytics
Descriptive/diagnostic statistical methods are an important contributor to CRM. In particular, these methods volve exploratory work (sometimes called data mining and enabling identification of outliers and anomalies) to analyze taxpayer populations at a comprehensive level and to understand where taxpayers fit within a population relative to peers and previous behavior. It includes a range of approaches of varying degrees of complexity, from undertaking simple comparisons of data features to applying very complex multivariate regression techniques. Some examples of the approaches for outlier/anomaly detection (in order of increasing complexity) include the following:
Ordering population attributes or potential risk indicators by size (and frequency)
Making simple quantitative or percentage-based comparisons with other taxpayers
Applying standard basic descriptive statistics to understand the variation and the statistical significance of differences in population statistics (such as mean, median, range, variance, standard deviation, and so on)
Applying clustering analytical techniques to identify cohorts of similar attributes and/or behaviors for further analysis
Conducting population and taxpayer trend analysis (such as via time-series analysis and other statistical regression–based techniques). Such analysis allows identification of material changes from previous periods, changes adjusted for seasonality, or other changes in taxpayer behaviors away from their norm (either their individual norm or in relation to their peers).
Very complex multivariate analyses for outlier/anomaly detection and classification
Predictive Analytics
Predictive analytical methods involve predicting an expected value for taxpayer risk attributes of interest. Predictions can be made using statistical/mathematical understandings of taxpayer individual or population data patterns and relationships. This predicted (expected) value can be compared with actual values provided by the taxpayer. Statistically significant differences between predicted and actual can indicate potential risk.
Predictive analytics can include advanced statistical approaches (such as logistic, logit regression methods) and machine learning approaches (which involve additional mathematical met hod s). The sometimes messy and incomplete nature of third-party data used in CRM can necessitate significant data cleansing and data transformation to enable confident statistical prediction. Machine learning approaches can offer additional options for CRM risk identification and case selection in these circumstances.
Machine learning predictive analytics entail the use of statistics alongside other mathematical approaches. These additional mathematic approaches include calculus, probability theory, and linear programming and optimization. Machine learning is often seen as a branch of artificial intelligence in that it involves machines “learning” from data. The machines can be “trained” to detect patterns, improve over time with experience, and make decisions without being explicitly programmed.
Machine learning can be supervised or unsupervised. Supervised machine learning involves training the algorithms using past outcomes. In CRM, this approach often means using prior taxpayer audit results as training data for training the machine learning algorithms. Supervised machine learning enables complex data patterns that were associated with successful case outcomes to be emphasized in the case selection algorithm, with those not leading to successful case outcomes being deemphasized. Unsupervised machine learning algorithms do not have a training data set to influence algorithm development; consequently, the performance of models based on unsupervised approaches are more difficult to assess. Unsupervised approaches are often employed in exploratory analysis, such as clustering.
Machine learning use in CRM is typically not autonomous. Machine learning models should be strongly tested for unintended bias before use and then closely monitored for performance. Because they are not “set and forget,” they typically need periodic performance tuning or retraining. Deep learning (for example, using neural net analytical techniques) is an extension of the general machine learning approach, and it too can be used in CRM for risk prediction and differentiation/ case selection.
Prescriptive Analytics
Prescriptive analytics extend the use of predictive analytics to also suggest optimal decision options. These options and associated effectiveness in specific circumstances can be learned from the outcomes of past decisions and actions. In the CRM context, the analysis and/or training can involve predicting the types of outcomes that will be delivered from different risk treatments for a taxpayer—and then recommending an optimal treatment. A current example of a CRM prescriptive analytics use case is when recommender (or next-best-action) algorithms identify and suggest an optimized next action for payment compliance activities.
Appendix 2. Calculating Risk Ratings: Registration Risk
Every tax administration should aim to ensure that all taxpayers are appropriately registered in the tax system. This effort guarantees that the number of taxpayers operating illicitly, outside the system, is kept at a minimum. Taxpayers operating outside the tax system represent a serious form of noncompliance and may be related to illegal and criminal behavior.
The tax administration can look at external data sets to detect discrepancies. For example, data captured by the company registry office on the number of business names and/or company registrations can be compared with the tax administration’s internal information held on each taxpayer, to confirm the proportion of taxpayers who are registered in the tax system and identify potential gaps. Most tax administrations would aim for all juristic entities and active businesses to be correctly registered.
After registration, the focus shifts to correct and complete registration. The tax administration should use internal and external data sources to confirm that taxpayers are registered for the correct tax obligations (for example, businesses with employees should be registered for income tax, VAT, payroll tax, and other employer/employee obligations). The administration should aim for all entities to be correctly registered for all of their tax obligations.
One of the challenges for all tax administrations is the integrity of the registration system.
When businesses cease operations, business registries must be updated to remove these businesses; otherwise, registration statistics will be inaccurate. Tax administrations should periodically review their registration data to identify “signs of life.” When there is no sign of life for a business, its registration record should be removed. Similarly, models or risk filters must be developed and regularly run to identify and prevent false registrations, which are often motivated by refund fraud attempts.
At the segment level, a specific registration risk might exist that would be rated using the tax administration’s CRM framework. An example appears below.
Example: Small Business VAT Registration Compliance
Risk definition: Some small businesses may not have registered for VAT even though they meet the requirements for VAT registration. Rating this risk requires an assessment of likelihood and consequence (refer to Section IV). This example assumes that all operational businesses are required to register for VAT.
Data: The data for this risk assessment will be directed toward determining likelihood and consequence of a registration compliance risk for the small business segment. Likelihood might be defined as the estimated proportion of small businesses required to be registered that are not registered; consequence might be defined as the amount of VAT not collected each year by the tax administration due to the nonregistration. Potential useful data sources may include the following:
The total number of small businesses registered with the tax administration for any taxes
The number of small businesses registered with the tax administration for VAT
The number of small businesses registered for other taxes but not for VAT
The business turnover and expenses (and net) of businesses that are filing and paying VAT
Information from other local or national government registrations (for example, a corporate registry) or business licensing authorities (if separate from the tax administration)
Indicators of business activity from, for example, the following:
√ Industry associations that may have contact lists or other insight into the size of their industry
√ Utilities (for example, electricity, communication providers) on the number of business client accounts they hold
√ The financial sector (banks) on the number of business bank accounts they hold
Estimates from the national statistical administration, which may have used survey or other research methods to estimate the number of small businesses and their turnover
Information from any existing tax compliance operational activities that might give a sense of the prevalence of nonregistration—for example, if audit and review work involved walk-in visits across a geographical area or precinct
Approach: The data sources available and their suitability for use in risk assessment (factors include relevance, completeness, and accuracy) will dictate the assessment approach. The tax administration may decide to test certain assumptions or acquire some new data through field activity to, for example, randomly sample businesses registered in the corporate registry or licensing authority that are not in the tax system, to understand the amount of revenue that might be at risk (consequence). They may decide to sample businesses offering goods and services for sale in a particular area (to provide indications of likelihood and consequence). Even if not fully reliable, available data sources may inform a qualitative assessment of the likelihood and consequence.
Criteria for assessment: The tax administration’s risk-management area will set criteria for likelihood and consequence assessments. Tables 2.1 and 2.2 below set out the criteria to be used.
Likelihood Criteria
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Consequence Criteria
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Likelihood assessment: If the data are available, likelihood might be calculated by comparing the tax administration’s information on VAT registration with external registry office data. In this example, analysis might find that 8 percent of small businesses are not correctly registered for VAT. Applying the criteria would provide a likelihood rating of “possible” in Table 2.1.
Consequence assessment: Consequence can be defined as the amount of VAT estimated to have been avoided by small business that are not registered. Operational data may provide insights into the types of small businesses that are not registered for VAT. In the absence of operational data, samples can be undertaken of businesses that are registered in the corporate registry but not in the tax system to understand the types of small businesses that have failed to register. Identifying benchmark VAT amounts from existing VAT filers can also guide the estimates of the amount of VAT being avoided.
Any of these insights can be employed to estimate the VAT forgone, which can be used to estimate consequence. For example, operational data in Table 2.3 may be used to estimate the VAT forgone:
Estimated Forgone VAT Revenue from Nonregistered Businesses
Estimated Forgone VAT Revenue from Nonregistered Businesses
| Café | 4,500 | 30,300 |
| Construction | 6,300 | 23,500 |
| IT services | 2,200 | 41,200 |
| Other | 4,400 | 18,600 |
Estimated Forgone VAT Revenue from Nonregistered Businesses
| Café | 4,500 | 30,300 |
| Construction | 6,300 | 23,500 |
| IT services | 2,200 | 41,200 |
| Other | 4,400 | 18,600 |
These tabulated data give a total VAT forgone of 456.9 million local currency units. If the total revenue base is calculated as 6 billion (6,000 million) local currency units, then the VAT forgone as a percentage of the total revenue base is 7.6 percent (100 x 456.9/6,000). This percentage is between 2 percent and 10 percent of the total revenue base, which, after applying the consequence criteria in Table 2.2, represents a “medium” consequence.
Risk rating: Applying a possible likelihood and medium consequence to the risk rating matrix, shown in Figure 2.1 below, would result in a risk rating of “moderate” (as illustrated by placement of the star).
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
A risk assessment with a moderate risk rating would be reviewed and endorsed by a CRM Committee. The committee would require the creation of a risk treatment plan that outlines the actions required to (1) increase the proportion of small businesses that are registered for VAT and (2) focus on ensuring these small businesses correctly file and pay once they are registered in the system.
Appendix 3. Calculating Risk Ratings: Filing Risk
Filing compliance is typically defined as entities filing by the due date tax returns and other documents for all their tax obligations. Once a taxpayer has been appropriately registered, the tax administration can use internal data to verify whether tax forms (including tax returns and other required submissions) are filed on time. To understand the extent and revenue impact of late filing, and the extent and timing of voluntary late filing, tax administrations should continue to measure filing compliance at various points after the due date has passed—for example, within a month of the due date and up to six months late—and to monitor the application of penalties imposed for filing the tax form late.
Monitoring the trend of on-time filing sheds light on the filing risk for the tax system. If necessary, filing risk can be determined for market segments. Likelihood can be determined by the proportion of the taxpayer population that files on time or within a certain time period (for example, filing within 30 days of the due date). Consequence can be determined by reference to the tax paid by on-time filers compared with the total tax of all filers (both on-time filers and late filers). Using this consequence measure ensures not only that the risk rating considers the number of on-time filers but also that taxpayers with a tax liability file on time.
To determine on-time filing, tax administrations must first establish the pool of registered taxpayers expected to file. This number may be estimated based on the income levels in prior years; the length of time since registration; and, where collected, information about future filing obligations (such as a question in the tax return asking if the tax return is final).
In the absence of a consequence rating, filing risk can be determined by likelihood alone if the administration has a predetermined standard or benchmark on the proportion of on-time filing considered acceptable. For example, a tax administration may consider acceptable filing as at least 70 percent of tax returns filed by the due date and at least 85 percent of returns filed by 90 days after the due date. These standards or benchmarks can be used to assess whether the filing risk is acceptable or unacceptable.
Example: Small Business Income Tax On-Time Filing Compliance
Risk definition: Some small businesses may be late in filing their annual income tax returns, which may delay receipt of tax revenue collections.
Data: The data sought for this risk assessment will focus on determining likelihood and consequence. Likelihood may be defined as the estimated proportion of small businesses that are expected to have tax liabilities and are required to file their income tax returns, and that will file late. Consequence might be defined as a measure of the cost of delayed collections from late filers. Potential useful data sources may include the following:
The total number of small businesses regularly filing income tax returns (on time and late)
The total amount of revenue collected from the previous period’s income tax returns
Granular distribution information on the late-filer population for previous periods—for example, number of late filers, their associated tax liabilities, and number of days late in previous periods
Information allowing an assessment of the trend in late filing (numbers, tax liability amounts, days late) over the past two to three filing periods
Approach: The data sources available to estimate the expected likelihood and consequence of late filing are primarily tax administration operational data. These data are likely to be of relatively high quality and should allow a reasonably accurate estimate to be made (assuming no material changes in the general business environment have occurred that might impact the number, revenue magnitude, and timing of late filing).
The revenue impact (consequence) of late filing requires some additional consideration. It could be argued that there may be no revenue impact on a cash revenue (collections) basis and, therefore, no material consequence to the extent that the late filers all filed and eventually paid before the end of the fiscal period in which filing and payment were due. Additionally, late filing penalties and interest imposed and paid in the fiscal period might offset any revenue shortfall from very late filers.
For simplicity, this example will assume that no late-filing penalties and interest are imposed and paid. A further assumption is that the relevant consequence revenue measure is one that reflects an estimate of the actual additional interest that the government might need to pay on higher borrowings than would be the case if there were no late filers.
Criteria for assessment: The tax administration’s area responsible for risk management will set criteria for likelihood and consequence assessments. The criteria to be used for this example are listed in Tables 3.1 and 3.2 below.
Likelihood Criteria
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Consequence Criteria
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Likelihood assessment: Assuming that the trend in late filing had been reasonably constant over the past few filing periods, and that no material changes have occurred in the operating environment, a reasonable expectation is that the number and composition of late filers might remain the same as in previous periods. If the total number of regular filers (on time and late) was 5 million, and the number that were late in the previous years was about 0.1 million (100,000), then the percentage of the population affected would be 2 percent (calculated as 100 x 100,000/5,000,000). Applying the criteria gives a likelihood rating of “unlikely” in Table 3.1 (as 2 percent is in the less-than-5 percent of the population category).
Consequence assessment: If the assumption of relative constancy in taxpayer behavior applies, then it may be reasonable to assume the same number of late filers, associated tax liabilities, and days late as in the previous filing period. Assuming these data are available for each individual late filer in the previous period, the consequence could be roughly estimated by the following formula:
Consequence = ∑ (tax liability x days late x interest rate percent per day)
For the purposes of this example, it is assumed that the consequence amount is 20 million currency units. This amount represents the additional amount of public debt interest that the government must pay on borrowings because late-filing revenue amounts were not available to pay down government debt principal amounts on time. If the total revenue collections base is assumed to be 6 billion (or 6,000 million) currency units, then the late-filing impact as a percentage of total revenue base is 0.33 percent (100 x 20/6,000). Applying the criteria yields a consequence rating of “low” in Table 3.2.
Risk rating: Applying an unlikely likelihood and a low consequence to the matrix in Figure 3.1 below would result in a risk rating of low (as illustrated by placement of the star).
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Appendix 4. Calculating Risk Ratings: Reporting Risk
The correct reporting risk gives the tax administration insights into the amount of tax forgone due to the incorrect reporting of tax obligation on an entity’s tax return. Many reasons could explain why the amount of tax is incorrectly reported, ranging from an honest mistake to the taxpayer being unaware of an obligation, to the taxpayer deliberately attempting to evade taxes.
For some taxes, such as VAT, the amount of tax forgone can be estimated by comparing consumption data captured in the national accounts with the amount of VAT collected by the tax administration. This approach is equivalent to estimating a tax gap and can shed light on the consequence of incorrect reporting (Hutton, 2017). Estimating likelihood would need to rely on the tax administration’s operational data to estimate the number of incorrect returns filed as a percentage of the total population of VAT taxpayers.
For other taxes, operational data may be used to estimate the level of noncompliance and the size of compliance as proxies for likelihood and consequence. At a minimum, the tax administration can accumulate operational risk data to estimate both likelihood and consequence. If these data are maintained across different tax offices, they should be brought together in a centralized national database so that information can be aggregated to estimate the proportion of the population likely to be misreporting or incorrectly reporting their tax liability. This estimate is the likelihood of incorrect reporting. The same data can be used to estimate the amount of underreported tax, which can form the basis of an estimate of consequence. If necessary, the same data can be used to estimate reporting risk at an industry, sector, or market segment. Again, such an estimate requires that the data be consolidated into one national database.
Example: Large Business Correct Reporting Compliance
Some large businesses may not voluntarily provide accurate and complete reporting of information required to calculate their tax obligations. Voluntary accuracy is based on the tax returns filed by large businesses before they are adjusted by tax office interventions.
Risk definition: Some large businesses may adopt a range of tax planning strategies to reduce taxable income and/or inflate tax deductions, resulting in a reduced tax liability and loss of government revenue. Other businesses may simply make errors leading to incorrect reporting of the information required to calculate correct tax liabilities.
Data: This risk assessment for the whole large business segment will use the outcomes of the various category-level reporting risks assessments, which will have already been completed by risk owners.16 The category-level risk assessment data are aggregated to estimate the total amount of tax underreported. (Note that this estimate may differ from a tax gap estimate, but tax gap estimates may also be used to inform the assessment of the likelihood and consequence of this risk.)
Approach: The most appropriate way to aggregate the category-level likelihood rating needs to be carefully considered. This is important because a high-level additive/cumulative approach will overstate overall likelihood for the whole segment and may result in a higher-than-appropriate likelihood rating. As an extreme illustration of this problem, if there were two category-level risks, each with 100 percent likelihood, then a simple additive approach results in a nonsensical 200 percent estimate as the overall risk likelihood for the large business segment reporting risk.
The likelihood aggregation methodology, therefore, requires access to the underlying total and risk-affected population estimates. Therefore, a weighted average likelihood estimate can be calculated and an appropriate overall likelihood rating established for the risk at the large business segment level.
The revenue consequence amounts do not suffer from this aggregation difficulty. The revenue consequence amounts estimated for each relevant category-level risk can therefore be aggregated to establish an overall consequence rating.
Criteria for assessment. The tax administration’s area responsible for risk management will set criteria for likelihood and consequence assessments. Tables 4.1 and 4.2 present the criteria to be used for this example.
Likelihood Criteria
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Consequence Criteria
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Consequence Criteria
| Revenue | < 2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
Likelihood assessment: It is assumed for the purposes of this example that the overall likelihood is calculated to be 6 percent, which places the risk in the category of overall risk occurring for between 5 percent and 10 percent of the large market population. Hence, the 6 percent likelihood estimate equates to a likelihood rating of “possible” in Table 4.1.
Consequence assessment: If the aggregate consequence amount (calculated by summing the tax consequences of each category-level reporting risk) is assumed to be 800 million currency units, and the total tax revenue is 6 billion (or 6,000 million) currency units, then:
Revenue consequence = 800/6,000 x 100 or 13.3 percent
Applying the consequence criteria to this 13.3 percent estimate of the population affected places the overall risk in the consequence criteria category of revenue impact being greater than 10 percent of the overall revenue base. The 13.3 percent estimate translates to an overall consequence rating of “high” in Table 4.2.
Risk rating: Applying a possible likelihood and a high consequence to the matrix in Figure 4.1 would result in a risk rating of high (as illustrated by placement of the star).
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Appendix 5. Calculating Risk Ratings: Payment Risk
Payment risk can be considered to be a factor of both the proportion of tax liabilities not paid on time and the number of taxpayers not paying on time. The tax administration can use internal data to measure and monitor the proportion of tax liabilities and the number of taxpayers who are paid on time and/or paid within a certain timeframe after the due date (for example, paid in full within 90 days of the due date).
As with filing risk, the tax administration may set a standard or benchmark against which payment compliance can be compared. For example, the tax administration may aim for 70 percent of payments, by value, to be paid on time and 85 percent of payments, by value, to be paid within 90 days of the due date. In the absence of standards or benchmarks, the payment risk can be determined by measuring the number of taxpayers with payments outstanding after the due date and then using this figure as a likelihood estimate. The value of outstanding payments can form the consequence estimate.
A complementary measure of payment risk is the proportion of collectable tax debt (tax arrears) to tax collections. This measure can be tracked over time to understand the drivers of changes in collectable debt—for example, an increase in payment arrangements as a result of businesses struggling due to natural disasters or generational events, such as the COVID-19 pandemic.
At the segment level, specific payment-related risks can be defined and assessed using CRM methods. For example, the tax administration may identify a risk related to on-time payment of tax for medium businesses. In preparing a risk assessment, a risk rating would be calculated to rate the risk using operational data. In this example, the risk is lower if those medium businesses that file late are not taxable or are entitled to a refund. The risk is higher if the medium businesses that file late have significant tax liabilities payable.
Factors other than revenue impact can lead to an increased consequence rating. If the community had a very high level of expectation that the tax administration would ensure payment on time, and if a failure of the tax administration to meet the community expectation would have serious negative impacts on the tax administration’s reputation (and therefore significantly reduce community confidence in the tax administration), then the consequence criteria may need to cover this potential impact.
Reductions in community confidence can have highly negative consequences. Reduced community confidence in the tax administration’s competency and capacity may lead to a spiral involving a general further erosion in the community’s willingness to voluntarily comply with tax obligations. The consequence of this resultant broader impact may be very severe and very difficult for the tax administration to recover from.
Consequence for this risk might, therefore, in addition to revenue impacts, be considered and defined in terms of the proportion of the total tax revenue from medium businesses that is filed on time consistent with community expectation. An analysis of filing might show that on-time filing accounts for 83 percent of total tax payable for medium businesses. The tax administration might consider the community’s strong expectation as being more than 95 percent on time as low consequence, between 85 percent and 95 percent as medium consequence, and below 85 percent as high consequence. In this case, consequence would be rated high. The risk assessment consisting of a high likelihood and high consequence would generate a risk rating of “high.” The following example illustrates this point.
Example: Medium Business Tax On-Time Payment Compliance
Risk definition: Some medium businesses may be late in paying their tax obligations, which may delay receipt of tax revenue collections and cause an erosion of the community’s confidence in the tax administration.
Data: The type of data and process used for this risk assessment are similar in many respects to that used in the Filing Risk example in Appendix 3. The data required for the risk assessment are likely to be of relatively high quality and somewhat easily available. The revenue impact might also focus mainly on estimating a public debt interest impact of delayed collections.
Rather than repeating these aspects of an assessment, this example will focus on determining likelihood and consequence of the community expectation/tax administration reputation impacts of the on-time payment risk. For the purposes of this example, therefore, an assumption is that the base-case assessment of the risk from a revenue perspective would result in a “moderate” overall risk rating.
Approach: For this risk, given the community expectation context, the consequence impacts will be considered for both revenue and community expectation/tax administration reputation. The resulting risk rating will be based on the risk impacts that provide the highest risk rating overall.
Criteria for assessment: The tax administration’s area responsible for risk management will set criteria for likelihood (Table 5.1) and consequence (Table 5.2) assessments. For this risk, consequence impacts beyond just revenue impact may be relevant and important to consider. The criteria to be used for this risk assessment include expanded consequence factors (Table 5.2).
Likelihood Criteria
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Likelihood Criteria
| Subjective Definition | Could occur at some time | Might occur at some time | Will probably occur at some time |
| Event: Current Exists | Less than 5 percent of population affected | Between 5 percent and 10 percent of population affected | More than 10 percent of population affected |
| Event: Yet to Occur | Likely to occur in five years or longer | Likely to occur within the next three years | Likely to occur this year |
Consequence Criteria
Consequence Criteria
| Revenue | <2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
| Community Expectation/Reputation | Criticism that: | ||
| Is justified but minor and likely to last less than a week | Results in moderate loss of support and small amount of adverse media coverage | Results in large volume of adverse media coverage, attracts government scrutiny, and causes extensive wide-ranging and long-term damage to reputation | |
Consequence Criteria
| Revenue | <2 percent of total revenue base | 2 percent to < 10 percent of total revenue base | > 10 percent of total revenue base |
| Community Expectation/Reputation | Criticism that: | ||
| Is justified but minor and likely to last less than a week | Results in moderate loss of support and small amount of adverse media coverage | Results in large volume of adverse media coverage, attracts government scrutiny, and causes extensive wide-ranging and long-term damage to reputation | |
Likelihood assessment: An assumption for this example is that the existing underlying on-time payment rate for medium businesses is 83 percent. If there are no strong reasons to expect this to change without significant additional risk treatment activities directed toward its mitigation, then the likelihood rating of a continuation of the 83 percent or similar on-time payment rate is “high” (likely to continue to occur).
Consequence assessment: An assumption for this example is that the tax administration considers the community’s strong expectation and associated impacts as being more than 95 percent on time as low consequence (causes minor criticism impacts lasting for less than a week), between 85 percent and 95 percent as medium consequence (causing moderate loss of support and a small amount of adverse coverage), and below 85 percent as “high” consequence (expected to cause very significant adverse impacts).
Applying this professional judgment consideration to the 83 percent expectation indicates a “high” consequence rating. A high rating would result in a large volume of adverse media coverage, attract government scrutiny, and cause wide-ranging long-term damage to the tax administration’s reputation.
Risk rating: An assessment considering only the revenue consequence and likelihood was assumed to indicate an overall risk rating of moderate, whereas the risk rating resulting from an expanded assessment that includes community/confidence/reputation impacts would be “high” (applying the likely likelihood and high consequence to the matrix, shown in Figure 5.1, and as illustrated by placement of the star). The overall risk rating for the medium business payment on-time risk is set at the higher rating level—and is therefore assessed as “high” overall in Figure 1.
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Risk Rating Matrix (3 x 3)
Citation: Technical Notes and Manuals 2022, 001; 10.5089/9798400205910.005.A999
Appendix 6. Setting Workflow Targets
The tax administration will establish workflow targets during its annual planning process. Each business area will typically be responsible for setting workflow targets based on already established performance and output targets. The workflow management team will work with each business area in setting targets so that the administration’s work program can be prepared and entered into the WMS. The following example relates to filing compliance.
To improve filing compliance, a business area may have included, as a part of a treatment plan, a prompting strategy. The strategy uses a combination of short message service (SMS) text messages, emails, and letters to remind targeted taxpayers of their upcoming filing obligation. These treatments are intended to reduce the costs of other interventions and would be a precursor to a more traditional compliance review or audit in which the prompt does not produce a result. In developing this treatment strategy, the tax administration may recommend the various workflows set out in Table 6.1
Treatment Strategy Workflows
Treatment Strategy Workflows
| SMS text messages | Individuals | 2,000,000 | January–March |
| Follow-up phone calls | Individuals | 400,000 | April–May |
| Emails | Small business | 4,000,000 | June–August |
| Follow-up reviews | Small business | 3,000 | September–March |
| Letters | Large business | 600 | July–August |
| Follow-up reviews | Large business | 50 | September–November |
Treatment Strategy Workflows
| SMS text messages | Individuals | 2,000,000 | January–March |
| Follow-up phone calls | Individuals | 400,000 | April–May |
| Emails | Small business | 4,000,000 | June–August |
| Follow-up reviews | Small business | 3,000 | September–March |
| Letters | Large business | 600 | July–August |
| Follow-up reviews | Large business | 50 | September–November |
The workflow plan would be scheduled to ensure that the workflow targets are achieved. A team responsible for SMS text messages would be required to prepare for approximately 666,000 SMS prompter text messages to be sent in January, February, and March. The call centers will need to be on alert to the expected increased incoming calls following these SMS messages. Follow-up phone calls would be scheduled to be made to the individuals who do not respond in April and May. To achieve 400,000 phone calls, the tax administration would need a workforce to undertake 10,000 outbound phone calls a day, or 1,250 an hour. If the average phone call lasts 5 minutes, then the tax administration would require approximately 100 staff to achieve this target.
A similar scheduling plan would be required for the email and letter strategies proposed for small businesses and large businesses, respectively.
Appendix 7. Examples of Common Applications
The IMF does not recommend or endorse specific hardware and software vendors or products.
| Customer Relationship Management |
|
| Contact/Correspondence Management |
|
| Data Storage for Compliance Risk Analytics |
|
| Business Intelligence and Visualization (BI&V) Tools. |
|
| Advanced Analytics |
|
The IMF does not recommend or endorse specific hardware and software vendors or products.
| Customer Relationship Management |
|
| Contact/Correspondence Management |
|
| Data Storage for Compliance Risk Analytics |
|
| Business Intelligence and Visualization (BI&V) Tools. |
|
| Advanced Analytics |
|
The IMF does not recommend or endorse specific hardware and software vendors or products.
References
Australian Taxation Office. 2008. “2008–09 Compliance Program.”
Betts, Sue. Forthcoming. “Compliance Risk Management: Driving Tax Administration Results.” IMF Technical Note, International Monetary Fund, Washington, DC.
Hutton, Eric. 2017. “The Revenue Administration-Gap Analysis Program: Model and Methodology for Value-Added Tax Gap.” IMF Technical Note 17/04, International Monetary Fund, Washington, DC. https://www.imf.org/en/Publications/TNM/Issues/2017/04/07/The-Revenue-AdministrationGap-Analysis-Program-Model-and-Methodology-for-Value-Added-Tax-Gap-44715.
Internal Revenue Service. 2021. Internal Revenue Manual, Part 6 (Human Resources Management)/Sub-section 6.575.1.4 (Retention Incentives).
International Monetary Fund. 2021. “Measuring the Informal Economy.” IMF Policy Paper No. 2021/002, International Monetary Fund, Washington, DC. https://www.imf.org/en/Publications/Policy-Papers/Issues/2021/02/02/Measuring-the-Informal-Economy-50057.
New Zealand Inland Revenue Department. 2009. “Inland Revenue’s Compliance Focus 2009–10.” https://www.ird.govt.nz/-/media/project/ir/home/documents/international/multinational-enterprises---compliance-focus-documents/compliance-focus---2016.pdf?modified=20200401122151-modified=20200401122151.
Organisation for Economic Co-operation and Development (OECD). 2004. Guidance Note: Compliance Risk Management; Managing and Improving Tax Compliance. Paris: OECD Publishing. https://www.oecd.org/tax/administration/33818656.pdf.
Organisation for Economic Co-operation and Development (OECD). 2014. Measures of Tax Compliance Outcomes: A Practical Guide. Paris: OECD Publishing. https://www.oecd.org/ctp/administration/measures-of-tax-compliance-outcomes-9789264223233-en.htm.
Russell, Barrie. 2010a. “Revenue Administration: Developing a Taxpayer Compliance Program.” IMF Technical Notes and Manuals No. 10/17, International Monetary Fund, Washington, DC. https://www.imf.org/external/pubs/ft/tnm/2010/tnm1017.pdf.
Russell, Barrie. 2010b. “Revenue Administration: Managing the Shadow Economy.” Technical Notes and Manuals No. 10/14, International Monetary Fund, Washington, DC. https://www.imf.org/external/pubs/ft/tnm/2010/tnm1017.pdf.
Slemrod, Joel. 2019. “Tax Compliance and Enforcement.” Journal of Economic Literature 57 (4): 904–54. https://www.aeaweb.org/articles?id=10.1257/jel.20181437.
South Africa Revenue Service. 2012. “SARS Compliance Programme 2012/13–2016/17.” https://www.gov.za/sites/default/files/gcis_document/201409/sarscompliancepogram-2012final2–30-march.pdf.
TADAT Secretariat. 2019. “Field Guide to the Tax Administration Diagnostic and Assessment Tool.” April 2019.
Whyte, Graham. Forthcoming. “Compliance Risk Management for Leaders.” IMF Note, International Monetary Fund, Washington, DC.
This note was prepared by John Brondolo, Annette Chooi, Trevor Schloss, and Anthony Siouclis. It was reviewed by Ruud De Mooij, Katherine Baer, Debra Adams, Andrew Okello, Margaret Cotton, Susan Betts, Tamas Kulcsar, Muyangwa Muyangwa , Cindy Negus, and Graham Whyte (IMF). It benefted from information provided by Eduardo Medel (Chile, Internal Revenue Service); Jóhanna Ellendersen Brogård, Jeppe Larsen, and Malte Romer Thomsen (Danish Tax Administration); Remenyi Gabor, Monika Mak, Jozseph Sinka, and Gergely Toth (Hungarian National Tax and Customs Administration); Craig Ashton and Dave Rowley (New Zealand Inland Revenue Department); Adrian Bizumugabe, King Geoffrey Ngabonzima, and Innocente Murasi (Rwanda Revenue Authority); Darija Šinkovec (Financial Administration of the Republic of Slovenia); Thomas Gardiner (United Kingdom, Her Majesty’s Revenue and Customs); and Vu Chi Hung, Nguyen Minh Ngoc, Nguyen Thu Tra, and Nguyen Thi Huyen My (Vietnam, General Department of Taxation).
Also see Russell (2010a) and Whyte (forthcoming).
Refer to Betts (forthcoming) for a description of the various components in the CRM diagram.
This approach is commonly applied to corporate entities and assumes that related entities in an economic group are effectively, although not necessarily legally, controlled by the same decision makers (for example, same board of directors or same owners).
These factors, sometimes referred to as the BISEP model, are described at length in many CRM publications, including OECD (2004).
For ease of presentation, the risks highlighted in Figure 2, panel 3 are core compliance obligations and do not include category-level risks.
Figure 4’s list of treatments is not exhaustive; rather, it is intended to illustrate how the treatments may be applied strategically across segments and risk levels.
WMSs are often supported by broader enterprise systems. For example, both Australia and Singapore operate a commercial off-the-shelf (COTS) software system, Siebel, to provide the necessary core functionality to support their client contact and case management systems. Treatment (supplied by Techno Brain) also has optional client contact and case management functionality. Subsystems supporting call center workfow management are typically supplied as part of call management systems, such as Genesys and Enghouse Contact Center. Note: The IMF does not endorse or recommend vendors or products.
The following simplifed example may help to clarify the intuition behind the revenue assurance concept. If (1) individual taxpayers reported a total of $260 billion in personal income tax (PIT) and (2) $100 billion of the total was subjected to various verification activities (audits, data matching, prefiling arrangements) that (3) confirmed $90 billion in PIT was accurately reported and $10 billion was underreported, then (4) the tax administration could conclude that 37 percent of the PIT revenue had been assured (that is, [$90+$10]/ [$260 +$10]).
The compliance gap for a particular tax represents the difference between the amount of tax actually collected and the potential amount of tax collected if taxpayers had fully complied with their obligations. The gap can be measured via a top-down approach (typically using statistical data to estimate potential tax collections) or via a bottom-up approach (such as random sampling of taxpayers for audit to estimate the gap). Refer to Hutton (2017) for an example of calculating the VAT compliance.
The IMF’s Tax Administration Diagnostic Assessment Tool (TADAT) provides an appropriate approach for benchmarking a tax administration’s functions, processes, and institutions. See https://www.tadat.org/home for further information on the TADAT program.
A data catalogue is an organized inventory of the data assets that exist in an organization. It usually contains the context of and other elements about the data, including their source, quality attributes, and uses. It also typically contains for each data set information on ownership and stewardship responsibilities.
The IMF does not recommend or endorse specific hardware and software vendors or products.
Different countries have different names for their compliance risk-management department, including Smarter Data (Australia), Compliance Services (Canada), Compliance, Impact Assessment and International Management Group (Netherlands), and Risk and Intelligence (United Kingdom).
Some tax agencies make a distinction between a risk owner (who is typically a very senior official with overall leadership responsibility for the CIP) and a risk manager (who has day-to-day management responsibility for implementing the CIP under the supervision of the risk owner).
Refer to Section IV for a description of category-level risks.
