The Management of Compliance in the Small to Medium Enterprises Market
The objective of the audit was to assess the effectiveness of the ATO’s compliance management approach in the SME market.
1. Australia’s self-assessment taxation system places responsibility on taxpayers to declare all assessable income and claim only the deductions and offsets to which they are entitled. The self-assessment taxation system allows the Australian Taxation Office (ATO) to apply a risk managed approach to revenue administration, and focus on the risks of taxpayers failing to comply with registration, lodgement, reporting and payment obligations. As the agency responsible for administering the federal taxation system, the ATO seeks to manage these risks and optimise the level of voluntary compliance by taxpayers through its Compliance Model strategies.
2. The ATO’s Compliance Model links compliance activities to taxpayers’ attitudes to compliance. Taxpayers who deliberately and persistently do not meet their tax obligations may be subject to legal action, whereas education and supportive communication is preferred for taxpayers who are willing to comply with their obligations. The Compliance Model approach is implemented through the ATO’s Compliance Program, which is published annually. The Compliance Program identifies compliance trends and issues in each market, and outlines the focus of compliance activities. These activities include taxpayer education, telephone calls, letters, campaigns, reviews and audits.
3. The ATO differentiates its approach to compliance across the following market segments:
- micro enterprises—those with an annual turnover below $2 million;
- small to medium enterprises (SME)—those with an annual turnover between $2 million to $250 million;
- large businesses—corporate groups with an annual turnover above $250 million; and
- non-profit organisations.1
4. In undertaking its compliance activities, the ATO further breaks down the SME market into the following four sub-segments based on annual turnover:
- S1—$2 million to $10 million;
- S2—$10 million to $50 million;
- S3—$50 million to $100 million; and
- S4—$100 million to $250 million.
Small to medium enterprises
5. There are around 175 000 SMEs in Australia, with 97 per cent being in the S1 and S2 market sub-segments. The SME market segment is an important contributor of taxation revenue. Of the $273 billion in net cash collections for 2010 11, some 27.4 per cent ($74.7 billion) was from the SME market segment. Compliance activities related to these taxpayers during the same period resulted in collections of approximately $1.266 billion in taxes, penalties and interest.2
6. SME taxpayers are notable for the diversity of their structures, business size, activities and the industries in which they operate.3 They can be individuals engaged in business ventures, or partnerships, superannuation funds, trusts, and public or private companies. At their simplest, SMEs can be sole traders who pay tax at the personal rate of income tax; or single companies with employees and a company director. In addition, taxpayers can be linked to one or more trusts, companies and/or partnerships, and these taxpayers may fall across a number of ATO market segments.
7. SMEs operate in a broad range of industries, including the construction, finance, insurance, wholesale and retail trade industries, and employ 28 per cent of Australia’s workforce.4 They contribute significantly to economic growth, national development, innovation and employment.5 SMEs are also liable to pay a wide variety of taxes, depending on their circumstances.6
ATO organisational arrangements for the SME market
8. Within the ATO, responsibility for the administration of income tax compliance of the SME market is centred in the Small and Medium Enterprise Business Line (S and ME Business Line). In addition, this business line is responsible for promoting income tax compliance for the following business and individual taxpayers:
- ‘Highly Wealthy Individuals’, those Australian residents who, together with associates, effectively control net wealth of $30 million or more;
- ‘Wealthy Australians’, Australian residents controlling a net wealth of between $5 million to $30 million; and
- non-profit and government organisations.7
9. The business line, which has over 1400 staff located in 21 centres across all states and the Australian Capital Territory, is also responsible for managing Fringe Benefits Tax (FBT) across all market segments. Similarly, other business lines are responsible for managing SME compliance with specific taxes and payment obligations such as the Goods and Services Tax (GST), superannuation and excise.
Managing compliance in the SME market
10. The key tax compliance obligations are to register for tax purposes, file tax returns on time, correctly report liabilities, and pay taxes on time.8 The ATO seeks to optimise the level of voluntary compliance with these obligations. It has a risk management framework that provides a structured approach for identifying and prioritising the compliance risks associated with each market. Although the SME market is defined on the basis of annual financial turnover, there is considerable diversity in the business structures, size and market segment positioning of SME taxpayers.9 From a compliance perspective, this means that the compliance risks within this group are also diverse and not necessarily correlated with a taxpayer’s turnover. For this reason, the ATO seeks to influence taxpayer compliance by addressing specific risks in the SME market.
11. Compliance activities are developed to mitigate and manage risks, and are outlined in the ATO’s annual Compliance Program. In accordance with the ATO’s Compliance Model, these compliance strategies differentiate between the various perceived behaviours of taxpayers. Strategies range from educational information aimed at making compliance easier, through to prosecution for serious non-compliance.
Measuring compliance effectiveness
12. Revenue administrations commonly face the challenge of measuring their effectiveness in promoting voluntary compliance and addressing non-compliance. One approach generally taken is to measure the size of the tax gap, that is the total amount of unpaid tax, and changes to it. Another is to measure the impact compliance activities have on promoting taxpayer voluntary compliance. Within these general parameters revenue administrations develop approaches tailored to their own national circumstances. Some, such as the United Kingdom and the United States of America, emphasise measurement of the tax gap as an integral part of their monitoring approaches.10 Others, like Australia, place more emphasis on monitoring the specific contribution their own activities make to government revenue targets and to changes in taxpayer behaviour.11
13. The ATO assesses the effectiveness of its compliance activities using the Compliance Effectiveness Methodology (CEM), which it introduced in 2008. The methodology, adopted by the Organisation for Economic Co-operation and Development (OECD), is based on two key elements: the identification of measurable compliance objectives; and the articulation and treatment of risks to achieving them.12 The ATO implements these elements in four phases that:
- describe the risk and align it with the ATO’s business intent of optimising voluntary compliance;
- efine a successful outcome and develop compliance strategies to achieve this outcome;
- identify and test indicators of success; and
- use these indicators to measure the extent of the effectiveness of the compliance strategies.
Audit objective and scope
14. The objective of the audit was to assess the effectiveness of the ATO’s compliance management approach in the SME market.
15. The focus of the audit was on the SME market. At the time of the audit, the Inspector General of Taxation was reviewing the ATO’s audit and risk review policies, procedures and practices in the $100 million to $250 million sub-segment of the SME market and Highly Wealthy Individuals.13 For this reason, these topics were excluded from the ANAO’s audit scope.
16. The audit examined, taking into account the desired outcomes of compliance activity, whether: the ATO’s governance arrangements were appropriate; systems and processes to identify and assess compliance risks were adequate; and strategies to promote compliance and address non-compliance were appropriate and implemented effectively.
17. SMEs play a vital role in Australia’s economy and contribute significantly to economic growth, national development, innovation and employment.14 They have diverse structures and operate across a range of industries. They also pay a variety of taxes, contributing around $74.7 billion to taxation revenue in 2010–11. The ATO defines the SME market on the basis of an annual financial turnover of between $2 million and $250 million. As with all markets, the ATO seeks to improve the voluntary compliance by SMEs in meeting their taxation obligations. To achieve this, it identifies and prioritises compliance risks and employs a range of compliance activities to manage these risks.
18. The ATO’s Compliance Model approach is structured around four compliance strategies that are designed to address the underlying cause of taxpayer non-compliance: make it easy; help to comply; deter by detection; and use the full force of the law. Assistance is provided to those taxpayers willing to comply, and taxpayers who deliberately avoid their taxation obligations may be subject to prosecution. The ATO uses its CEM to measure the effectiveness of these activities in improving compliance in its priority risk areas.
19. In 2010–11, the ATO’s compliance activities in the SME market resulted in the recovery of $1.266 billion in taxes, penalties and interest.15 In addressing significant areas of non-compliance, in 2010–11 the S and ME Business Line identified eight priority risk areas directly associated with the SME market.16 Risk assessment is also conducted at the population level (a defined sub-set of the SME market). Risk managers and population strategists within this business line use a range of data sources and risk profiling tools to determine the extent of these risks, the affected population and the information and data that can be used to quantify the risks. The key automated profiling tools are the SME Risk Engine and the Risk Differentiation Framework.17 These are used, ultimately, to assist with determining appropriate risk treatments, as well as contributing to a pool of potential cases for compliance activity.
20. The ATO’s compliance management approach in the SME market is generally effective. The corporate governance framework of planning, performance measures and reporting supports the S and ME Business Line and compliance activities in the SME market. The ATO’s Risk Management Framework provides a structured approach for identifying and managing compliance risks, and particularly the specific priority risks associated with this market. The CEM has been applied to seven out of the eight priority risk areas. Four CEMs have been completed to date and three priority risks are now in their annual review phase.18 Results from the CEM are providing the ATO with useful directions for improving the effectiveness of its compliance strategies. Compliance activities also cover the full range of strategies outlined in the ATO’s Compliance Model. Voluntary compliance is promoted through marketing and communication strategies and interpretative assistance19 and campaigns, reviews, audits and investigations address the continuum of non compliance. However, enhancements could be made to the SME Risk Engine used to assist in identifying potentially non-compliant taxpayers. There is also an opportunity for the ATO to use the risk engine more effectively.
21. The SME Risk Engine is a computer program that profiles taxpayers against risk rules (indicators of a taxpayer’s non-compliance with an obligation) and gives a probability score of potential non-compliance.20 The results of the risk engine contribute to a pool of potential cases for compliance activity. The ANAO’s analysis has shown that, of the 100 SME taxpayers with the highest probability score, only 55 were subject to compliance action. Of these, the ATO found no evidence of non-compliance for 42 taxpayers (76.4 per cent). This low success rate would suggest that the methodology used to calculate risk scores could be improved. The methodology would be enhanced by running the risk engine more regularly, updating risk engine rules to incorporate additional data sets, and documenting the process and criteria used for a manual process of weighting results.
22. The outcome of the risk assessment process is a pool of potential compliance cases. At the time of the audit compliance cases were selected from: the risk engine by individual regional compliance teams; the risk engine and data matching analysis by risk managers and population strategists; and from referrals by the Case Management Unit. In the absence of documented procedures and lack of national coordination of case selection, regional compliance teams did not necessarily consider the compliance cases with the highest risk priority. As a result, the business line had no assurance that the cases with the highest risk priority had been considered for action. The ATO’s new ‘Front End Operations’ approach, introduced in January 2011, has the potential to improve national consistency and oversight of case selection. Importantly too, compliance cases validate the rules in the risk engine by providing feedback about their accuracy. Not all risk rules are currently tested in this way, as cases were not selected for this reason. There is an opportunity for the ATO to establish a process to validate all risk rules to better inform potential case selection, and to support strategic level consideration of compliance risks. The benefits to the ATO would include more robust output from the risk engine, and useful intelligence to support the identification of emerging risks.
23. The ATO’s CEM methodology for measuring its compliance effectiveness is relatively new. To date, the CEMs have shown that compliance activities are having a positive impact on the voluntary compliance of SMEs in some priority risk areas. These include the lodgement of tax returns, reporting FBT liabilities and the interest income disclosed in relation to shareholder loans.21 Where compliance activities have not had a positive impact, the ATO has redirected its compliance activities.
24. The ANAO has made two recommendations aimed at improving the effectiveness of the SME Risk Engine, and making more effective use of its results.
Governance arrangements supporting compliance in the SME market (Chapter 2)
25. The ATO reports to government on its performance against one outcome, which is delivered through five program components.22 The S and ME Business Line is primarily focused on delivering Program Component 1.3.23 This component is further divided into four deliverables, and the focus of this audit was on deliverables 1.3.4: Active Compliance; and 1.3.5: Compliance Intelligence and Risk Management.
26. The corporate governance framework of planning, performance measures and reporting supports the S and ME Business Line and compliance activities in the SME market. Reflecting its responsibility for the SME market, the business line has established coordination and consultative forums with other areas of the ATO that have intersecting responsibilities in the SME market.
27. Planning, performance measures and reporting are linked through a suite of corporate documents, which include the ATO Plan, various supporting business line plans and the Annual Report. There are clear linkages for deliverables under the ATO Plan to the S and ME Business Line Plan, although lower level business plans within the business line could be better aligned with the S and ME Business Line Plan through capabilities, deliverables and KPIs.
28. The internal performance monitoring reports provided to the S and ME Business Line and ATO Executive adequately account for the performance of the active compliance capability. Reporting against the compliance intelligence and risk management capability could be improved by developing more meaningful and measurable KPIs. External reporting on the SME market is limited in extent and coverage, but results achieved by the business line are incorporated into results reported for Program Component 1.3 as a whole.
Assessing compliance risks (Chapter 3)
29. The ATO’s Risk Management Framework is applied to both the SME market and the business line’s broader FBT responsibilities in order to identify the highest risk areas. In 2010–11, this resulted in the business line contributing to the mitigation of nine strategic risks24 and being the corporate risk owner for three: Phoenix; Non-Resident Withholding Tax;25 and Trusts. There were eight risk areas, directly associated with the business line, rated as ‘priority risks’.26 A further 10 risks were monitored by the business line.
30. Risks are assessed by ‘risk managers’ or ‘population strategists’, at either the priority risk level, or a sub-set (or ‘population’) of the SME market. The S and ME Business Line’s Risk Management Committee (RMC) is responsible for decisions relating to the prioritisation of risks and consistency of treatments. The ATO has identified that risk managers and population strategists had not consistently shared knowledge and information or fully integrated their risk approaches. In response to this shortcoming, the S and ME Business Line conducted workshops and formalised interaction between risk and population approaches in the RMC’s forward planning framework.
31. An important factor in effective risk assessment is the use of appropriate information. The ATO has systems and processes in place to collect data and intelligence from a wide range of sources, enabling it to assess compliance risks. It also has processes for analysing and disseminating this data and intelligence across the ATO.
Risk assessment methodologies
32. The size and complexity of the SME market necessitates the use of automated profiling tools to assist risk assessment processes, determine appropriate risk treatments and contribute to a pool of potential cases for compliance activity. Risk managers and population strategists use two automated profiling tools: the SME Risk Engine; and the Risk Differentiation Framework (RDF).
33. The SME Risk Engine includes an automated algorithm, specifically developed to support compliance activities relating to the SME market, and produces a probability score of potential non-compliance against each taxpayer.27 The scores are moderated by an ATO officer, who may change the weighting of results against rules where multiple indicators overlap. However, this process is not documented, rather relying on the experience and judgement of the ATO officer. The resulting pool of taxpayers is one of the sources of compliance cases used by risk managers, population strategists, specialist compliance teams and general compliance teams. Cases are selected either directly from the risk engine results, or after further data matching analysis.28
34. Limitations associated with the SME Risk Engine (version nine) include:
- only 44 of the 128 risk rules differentiated between the SME market sub-sectors (S1, S2, S3 and S4);
- small business benchmarks for detecting undeclared cash income were not incorporated;
- ANZSIC codes can be subject to error and this error rate had not been assessed in terms of SME risk engine outputs;29 and
- only 19 of the 128 risk rules assessed data sets other than internal ATO data, resulting in more manual processes being needed for taxpayer profiling.
35. The risk engine had not been run between November 2009 and the end of fieldwork for this audit (a period of more than 18 months). In this period there were no updates on each taxpayer’s risk score against all risk rules in the risk engine. It is also important to document the process and criteria currently used to manually moderate results.
36. To assess the effectiveness of the risk engine methodology, the ANAO reviewed the compliance outcomes of the 100 taxpayers rated by the risk engine with the highest potential risk of non-compliance. As at 30 June 2011, only 55 had been subject to compliance action. Of these, only 13 (23.6 per cent) were found to have an outcome from the compliance action. The low success rate in finding evidence of non-compliance suggests that the methodology used to calculate risk scores could be improved. This improvement would also benefit the RDF, which uses the risk engine score.
SME market compliance strategies (Chapter 4)
37. The ATO’s strategies for increasing compliance and targeting non compliance are: marketing and communications; interpretative assistance; active compliance; and prosecutions.
Marketing and communications
The ATO’s marketing and communications activities are designed to raise awareness and educate taxpayers about their obligations. The ATO engages with SME taxpayers, tax practitioners and financial services industry representatives through formal ATO forums, including a specific online SME Tax Forum. Out of approximately 175 000 total taxpayers in the SME market only around 500 SMEs participate in the online forum. There is little specific SME market educational information, as the broad range of taxation topics applicable to this market are covered in general ATO publications.
39. Active compliance activities predominantly involve intervention with taxpayers to assess and verify non-compliance. This interaction is generally undertaken in a manner consistent with the materiality of the risk.30 Taxpayers with cases of lower materiality may be contacted by letter or telephone. Higher materiality issues may be subject to reviews and audits.
40. In July 2009, the S and ME Business Line implemented an ongoing ‘Campaign Team’ to undertake a program of tailored telephone and letter verification activities, as directed by risk managers and population strategists. In 2010–11, $16.7 million in liabilities was raised as a result of campaigns.
41. The campaign approach has been successful. For example, between August and September 2010 the Campaign Team contacted 430 taxpayers by telephone to address the outstanding lodgements of FBT schedules. As a result, 56 per cent of these taxpayers agreed to lodge, which justifies the team’s focus on assisting taxpayers to understand their obligations and promoting self correction. In addition, 23 per cent of taxpayers were found to have already lodged their returns, but due to a systems error their schedule was not visible in the ATO’s systems. This interaction identified the systems error, which was subsequently addressed.
Selection and management of review and audit cases
42. Review and audit cases were selected by:
- regional compliance teams, from the pool of potential compliance cases produced by the SME Risk Engine;
- risk managers and population strategists, from both the risk engine and data matching analysis; and
- the Case Management Unit, from internal ATO referrals.
43. At any one time, the risk engine, data matching and referrals provide a large number of potential cases.31 There were limitations associated with the methods for selecting cases for reviews and audits. In particular, the absence of documented procedures for case selection and of national coordination meant that regional compliance teams were not necessarily considering cases with the highest risk priority. As a result, the business line has no assurance that the cases with the highest risk priority had been considered for action. Validated risk rules would better inform potential case selection, and support strategic level consideration of compliance risks. There is an opportunity for the ATO to establish such a process.
44. The ANAO analysis of the highest 100 risk-scored cases showed that, of the 45 cases not subject to compliance action, 14 had been identified by the previous three versions of the risk engine, and three cases had been identified in all nine versions of the risk engine.32 While there are circumstances that may have led to these cases not being selected for compliance action, the reasons for not considering these cases were not documented by the ATO. Compliance cases also validate the rules in the risk engine, and if these cases are not selected this feedback loop is incomplete. Every six months a report on the effectiveness of risk engine rules compares the number of ‘hits’ against outcomes from closed compliance cases. However, the effectiveness of these rules cannot be validated if compliance cases are not conducted on that particular indicator. The risk engine would be further improved if all risk rules coded within its program could be validated and refined.
45. In January 2011 the ATO introduced a new ‘Front End Operations’ approach that has the potential to improve national consistency and oversight in case selection and create efficiencies in the way candidate case pools are created. It will be important to document the assessment criteria used for selecting cases and reasons for non-selection, and to follow up on reasons for high-risk cases remaining in the pool of potential cases.
46. The ATO uses the Client Contact—Work Management—Case Management (CWC) system to manage compliance cases. The ANAO analysed a sample of 100 reviews and 100 audits selected randomly from completed cases for 2007–08 to 2010–11. These were assessed against six key ATO administrative guidelines for case conduct, which included documentation of key points in the case, and management sign-off.33 The majority of cases (163 out of the 200 cases) passed the six guidelines. This result comprised 91 per cent of sampled reviews but only 72 per cent of sampled audits. Of the cases failing checks, there were 23 instances of insufficient documentation to support the case, such as a lack of evidence to support decisions. Potentially this could lead to the ATO not being able to support the decisions relating to a case outcome.
47. There are two separate quality assurance processes undertaken by the S and ME Business Line on review and audit cases completed in CWC:
- the S and ME Business Line internal Quality Assurance Review (QAR); and
- the ATO-wide Integrated Quality Framework (IQF). The IQF sampling of closed cases is set corporately, but sampling of open cases is discretionary.
48. Key differences between the two systems are that QAR assesses administrative procedures within the CWC, while the IQF assesses the decision-making process for the case. There are, however, elements of duplication, and the same case can be assessed by both processes. There would be merit in the ATO reviewing the QAR to reduce any potential duplication, further align the two systems and optimise the impact of quality assurance activities.
49. Since June 2009 the most consistent error identified by the QAR was case finalisation reports not being completed appropriately (these document the decisions and outcomes from the case). For the period 1 April 2010 to 30 March 2011, the IQF identified a number of inconsistent practices relating to information not being entered or attached to the CWC.
50. An important part of both the QAR and the IQF is continuous improvement, facilitated through ‘workshopping’ deficiencies with active compliance staff. The ATO advised that delays in completing activities designed to improve case management were caused by a lack of resources assigned to these tasks. From 1 July 2011 the business line had increased staffing in this area to implement these continuous improvement recommendations.
Measuring compliance effectiveness (Chapter 5)
51. The ATO’s method for assessing the effectiveness of its compliance activities is set out in its 2008 Compliance Effectiveness Methodology (CEM). At the core of the methodology are two key elements: the identification of measurable compliance objectives, and the articulation and treatment of risks to achieving them. The CEM is undertaken in four phases, with an ongoing annual review conducted after completion.
52. The S and ME Business Line has implemented the CEM for seven of its eight priority risks.34 As at June 2011, there were four finalised CEM assessments.35 As the CEMs are focused on a priority risk rather than a market view of compliance risk, they do not provide a comprehensive compliance profile for the SME market as a whole. The S and ME Business Line attempted to apply the CEM to the SME market, but was unable to do so because of the number of variables present in such a large and diverse population.
53. The use of the CEM is maturing within the business line, but results already indicate that this methodology has the potential to provide evidence of the impact of compliance strategies on improving voluntary compliance. Results have also provided useful directions for the ATO to pursue to improve the effectiveness of its compliance strategies. Compliance strategies have improved the on-time lodgement rate and there has been an increase of 3.7 per cent in the number of FBT lodgements, and 17 per cent in the value of FBT payable. Compliance strategies have also been effective in increasing the interest income disclosed in relation to shareholder loans. The CEM for the International risk was inconclusive, and is now being undertaken at the sub-risk level. The CEM for the Phoenix risk identified the need for a revised approach, as it showed compliance activities were not effective. As a result, the ATO redirected its approach and jointly developed a submission (with the Australian Securities and Investments Corporation) for the Treasury.
Market research as a measure of effectiveness
54. The ATO surveys its taxpayer base and SME market taxpayers to assess its marketing and communication activities. The results of these surveys indicate that the ATO is generally effective in providing information to taxpayers, and therefore in improving voluntary compliance. Independent feedback received by the ANAO generally supports the ATO’s survey findings that information assisting taxpayers to comply with their obligations is available. However, there was also feedback that the ATO website search engine could be improved, as information was difficult to find using this function, and that consultative forums could be better promoted. The ATO may also benefit from including tax agents who service SME clients in their future SME surveys.
Summary of agency response
55. The ATO welcomes this review and considers the report supportive of our overall approach to managing the income tax compliance of the Small-to-Medium Enterprise (SME) market segment. The review recognises a number of recent innovations having potential to further enhance our compliance approach. In finding the ATO’s compliance approach toward the SME market segment to be generally effective, the review identified a number of opportunities for improvement in our risk assessment processes. The ATO agrees with the two recommendations contained in the report.
56. The full response is at Appendix 1.
 ATO, Compliance Program 2010–11, p. 3.
 Information provided by the ATO.
 ATO, Compliance Program 2011–12, June 2011, p. 17.
 ibid., p. 18.
 CPA Australia/CGA-Canada, Forum on SME Issues—a Background Paper, May 2010, p. 6.
 These taxes can include Income Tax, Capital Gains Tax, Fringe Benefits Tax, Goods and Services Tax and Excise. As well as taxes, SMEs with employees are required to make related payments such as superannuation contributions and Pay As You Go Withholding Tax.
 ATO, Compliance Program 2011–12, June 2011, pp. 14–15.
 OECD, Forum on Tax Administration: Compliance Sub-group, Final report, Monitoring Taxpayers’ Compliance: A Practical Guide Based on Revenue Body Experience, 22 June 2008, p. 9. <http://www.oecd.org/document/31/0,3746,en_2649_33749_46282143_1_1_1_1,00.html> [accessed 1 September 2011].
 ATO, Compliance Program 2011–12, June 2011, p. 17.
 OECD, Forum on Tax Administration: Compliance Sub-group, Final Report, Monitoring Taxpayers’ Compliance: A Practical Guide Based on Revenue Body Experience, 22 June 2008, pp. 65–70.
 ATO, Measuring Compliance Effectiveness—Our Methodology, August 2008. <http://www.ato.gov.au/corporate/content.aspx?doc=/content/00157833.htm> [accessed 2 August 2010].
 OECD, Forum on Tax Administration: Compliance Sub-group, Final report, Monitoring Taxpayers’ Compliance: A Practical Guide Based on Revenue Body Experience, 22 June 2008, p. 22.
 Titled: Review into the ATO’s small and medium enterprise audit and risk review policies, procedures and practices. The focus of the Inspector General of Taxation’s review was: staff resourcing and technical skill levels; information-gathering powers; accuracy of technical decision-making; dispute resolution; and management and conduct of compliance activities. The ANAO did not focus on these issues in this audit.
 CPA Australia/CGA-Canada, Forum on SME Issues—a Background Paper, May 2010, p. 6.
 Information provided by the ATO.
 A priority risk is assessed as having considerable impact on the SME market, and dedicated risk managers are appointed. The priority risks are: Phoenix; Division 7A; Lodgement; International; Exit Strategies; Capital Gains Tax; FBT; and Trusts.
 The Risk Differentiation Framework is a compliance modelling tool that gives a relative risk profile of a specified population, as opposed to results of the risk engine, which give a relative probability of non-compliance at a taxpayer level.
 CEMS have been completed for the Lodgement, Phoenix, Division 7A and FBT priority risks. CEMs are at various phases for Capital Gains Tax, Trusts and International risks. Exit Strategies is a newly initiated priority risk, so a CEM has not yet been started.
 Interpretative assistance involves the provision of general advice, rulings and interpretation of legislation in response to requests by taxpayers.
 Version nine of the risk engine was assessed during this audit.
 Shareholder loans relate to Division 7A of Part III of the Income Tax Assessment Act 1936.
 The program outcome is: confidence in the administration of aspects of Australia’s taxation and superannuation systems through helping people understand their rights and obligations, improving ease of compliance and access to benefits, and managing non-compliance with the law.
 This component is: implement compliance strategies to support those willing to participate, those who may need assistance, and deal firmly with those not willing to comply.
 A strategic risk affects a broad range of ATO responsibilities, or is a risk rated as high or severe when assessed on a corporate scale.
 During the course of the year, ownership for Non-Resident Withholding Tax transferred to the Large Business and International Business Line.
 A priority risk is assessed as having considerable impact on the SME market and involves the appointment of a risk manager. The eight priority risks were: Phoenix; Division 7A; Lodgement; International; Exit Strategies; Capital Gains Tax; FBT; and Trusts.
 An algorithm is a procedure for solving a particular mathematical problem in a finite number of steps.
 Data matching is the comparison of data held by the ATO and data obtained from other sources. This enables detection of potential non-compliance such as undisclosed income or non-lodgement of tax returns, and therefore forms an important step in the risk assessment process.
 ANZSIC codes can be subject to error when taxpayers have complex corporate linkages and this could mean that a taxpayer’s risk score may not be based on thresholds for the industry in which it operates.
 Materiality is defined as the seriousness of the risk, and can be judged on factors such as the potential revenue loss, impact on third parties, and the risk to the ATO’s reputation if the risk is not addressed.
 SME Risk Engine nine identified approximately 9000 taxpayers.
 These nine versions of the risk engine were run between 2004 and 2009. Cases identified as having been in the risk engine pool in previous years may not have had a high risk score in those previous years.
 The guidelines involved documentation of the: taxpayer’s profile, potential risks, approach to the case (case plan), outcomes of investigations, reasons for decisions and appropriate management signoff.
 These risks and their nature are listed in Chapter 3,Table 3.1. A CEM has not been initiated for Exit Strategies.
 The four completed CEM assessments are for the Phoenix, Division 7A, Lodgement and FBT priority risks.