The ATO raises the bar on indirect tax governance expectations

ATO on indirect tax governance expectations

Sam Mohammad and Julia Brosnan discuss the ATO's Tax Risk Management and Governance Review Guide.

Sun shining through trees

By now, most taxpayers would be aware of the Australian Taxation Office (ATO) Top 1,000 Justified Trust program and, in particular, the continued focus on tax risk management and governance. The ATO has documented its expectations relating to tax risk management in its Tax Risk Management and Governance Review Guide, which has recently been updated.

Whereas the Guide has historically had an income tax focus, the updated Guide’s ‘whole of tax’ approach now gives equal importance to indirect taxes such as goods and services tax (GST) and excise. In particular, one of the key focuses for the ATO in relation to indirect tax is on systems or sub-systems that are used in the excise and business activity statement (BAS) return preparation process and their related information technology (IT) controls.

In order to demonstrate “better practice”, the ATO expects that taxpayers will be able to evidence that they have effective IT system and application controls that:

  • maintain the integrity and security of indirect tax data
  • are properly documented 
  • are regularly and rigorously tested.

For many taxpayers, this heightened scrutiny on GST and excise data integrity, IT controls and regular and substantive testing represents a significant step change from simply relying on the proforma BAS or excise report from the accounting system or rolling over the previous month’s Excel template. In this new world of justified trust, taxpayers should now seriously consider fully automating the BAS and excise return processes or, at a minimum, putting in place greater automated controls and exception testing and having these externally reviewed.

Since its original release in 2015, the Guide has expanded exponentially from 25 pages to 100 pages, reflecting the ATO’s growing expectations of taxpayers. Given that the Guide is intended to be used by ATO audit teams, its update is a welcome act of transparency by the ATO. Taxpayers, especially large corporations, can now confidently predict the approach an ATO audit team will take. This can be used in the design of internal processes and review procedures.

Similarly, where corporates are considering the future of their internal tax functions, as well as the increasing role of automation of those functions, the updated Guide provides useful insights into the governance and design processes which will need to be included.

KPMG Australia acknowledges the Traditional Custodians of the land on which we operate, live and gather as employees, and recognise their continuing connection to land, water and community. We pay respect to Elders past, present and emerging.

©2022 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.

Liability limited by a scheme approved under Professional Standards Legislation.

For more detail about the structure of the KPMG global organisation please visit

Connect with us

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.