-
Transactional advisory services
Find out more about the transactional advisory services of Grant Thornton Financial Advisory Services
-
Valuations
Find out more about the valuations services of Grant Thornton Financial Advisory Services
-
Mergers and acquisitions
Find out more about the merger and acquisition services of Grant Thornton Financial Advisory Services
-
Forensic and investigation services
Find out more about the forensic and investigation services of Grant Thornton Financial Advisory Services
-
Recovery & reorganisation
Find out more about the Recovery & reorganisation services of Grant Thornton Financial Advisory Services
-
Business risk services
Find out more about the business risk services of Grant Thornton Financial Advisory Services
-
Business consulting
Find out more about the business consulting services of Grant Thornton Financial Advisory Services
-
Capital market
Capital market
-
Corporate and business tax
Find out more about our corporate and business tax services.
-
Direct international tax
Find out more about our direct international tax services.
-
Global mobility services
Find out more about our global mobility services.
-
Indirect international tax
Find out more about our indirect international tax services.
-
Transfer pricing
Find out more about our transfer pricing services.
-
Litigation
Our lawyers and accountants can manage all defense measures provided not only by the Italian law, but also by EU regulations and conventions
-
Family business
Find out more about our Family business services.
-
Legal
The client can be assisted in every need and with the same care both on important operations or disputes and on simple matters
-
Back office outsourcing
Find out more about our Back office outsourcing services
-
Business process outsourcing
Find out more about our business process outsourcing services.
-
Compilation of financial statements
Find out more about our compilation of financial statements services.
-
Tax compliance
Find out more about our tax compliance services.
-
Electronic invoicing
Find out more about our electronic invoicing services
-
Electronic storage
Electronic storage is an archiving procedure that guarantees the legal validity of a digitally stored electronic document
-
Revaluation of corporate assets
Find out your civil and fiscal revaluation of tangible, intangible and financial assets
-
Human resources consulting
Find out more about our human resources consulting services.
-
Payroll
Find out more about our payroll services.
-
HR News
HR News the monthly information newsletter by Grant Thornton HR
-
Cybersecurity
GT Digital helps clients structure information security management internal functions, also through partially or totally outsourced functions
-
Agile and Programme Management
GT Digital provides support in the adoption and implementation of different portfolio management
-
Robotic Process Automation
Our “BOT Farm” can rely on digital workers able to help clients in routine activities, allowing employees to deal with more added-value activities
-
Data strategy and management
GT Digital can support clients in seizing the opportunities offered by Big Data, from the definition of strategies to the implementation of systems
-
Enterprise Resource Planning
We support clients in selecting the most appropriate ERP System according to their specific needs, helping them also understand licensing models
-
IT strategy
GT Digital supports clients in making strategic choices, identifying innovation opportunities, comparing themselves with competitors
-
IT service management
We can support with software selection and with the implementation of dedicated tools for the management of ICT processes
-
DORA and NIS 2
The entry into force of the DORA Regulation and NIS2 represents a major step towards the creation of a harmonised regulatory framework
In order to illustrate the methodology to be applied to devise and implement a Tax Control Framework (TCF), we need to start from its definition: a Tax Control Framework is a component of the internal control system which guarantees the accuracy and completeness of the tax documentation and of the fulfilments carried out by a company.
To this end, it is necessary for a company wishing to create a Tax Control Framework to have an internal control system which allows a preliminary self-assessment of tax risks, providing a continuous and updated monitoring of the situation and which can help to eliminate, or at least mitigate, the uncertainties related to the management of tax risks.
Generally speaking, the tax risk detection, measuring, management and control system needs to be integrated in the corporate management and internal control system, with a clear assignment of roles and responsibilities to guarantee an ongoing mapping and monitoring of the most significant risks.
A key role to this end is played by management bodies (usually the Board of Directors) which can perform an assessment and evaluation of said risks, identifying the criticalities and the proper corrective actions.
This obligation also involves, to a given extent in terms of corporate liability, the supervisory bodies (such as the internal audit function, the board of statutory auditors and the legal auditor) and is a commitment by the corporate top management with reference to the activities planned to remedy gaps possibly identified in the period considered.
A tax risk management framework should include the following elements:
- a clear representation of the tax strategy, highlighting the objectives pursued by the top management when managing tax matters and thus reflecting the corporate tax risk appetite;
- a clear distribution of roles and responsibilities to people with a suitable training and expertise within the organisation, according to the segregation of duties criteria;
- the inclusion of effective methodologies and procedures for the identification, measurement, management and control of tax risk;
- an ongoing monitoring of the control system functioning and the activation of remedies in case of faults or errors;
- the system’s ability to adjust to changes in the internal organisational context and in the regulatory framework;
- lastly, the inclusion of a report to the management bodies (usually the Board of Directors) on the findings, the remedies implemented and, in general, the activities planned within the tax risk control system on a yearly basis at least.
It is clear that such a system cannot do without a correct circulation of relevant information within the organisation, as well as a suitable information flow and reporting to all corporate levels.
Below are analysed in detail the factors above.
Tax Strategy
This implies a document undersigned by the Directors, containing a long-term action plan which defines the company’s targets in the management of tax risks, both from a strategic and operational point of view.
The tax strategy needs, first of all, to reflect the company’s risk appetite and should include the operational paths to be followed in order to align the company to the selected risk levels, such as for example the rationale of incentives granted to managers with reference to the tax factor, the adoption of detailed procedures to guard against tax risks with the identification of roles and responsibilities and the approach towards the Tax Authorities.
It should also include codes of conduct related to tax matters, training plans for employees, management commitment towards a correct tax approach, as well as penalties for those breaching the code of conduct rules.
Roles and responsibilities
The development of a Tax Strategy and of a TCF in general is the primary responsibility of the company’s senior management, but a critical success factor for an effective implementation is the involvement of people with the right abilities and expertise.
Therefore, there needs to be a clear assignment of roles and responsibilities, also according to segregation of duties criteria, both horizontally and vertically:
- horizontally, by dividing duties and responsibilities among people taking part in the same process. A critical factor in this area is also the configuration of information systems;
- vertically, guaranteeing the necessary separation between operational functions and control ones, also in order to avoid conflicts of interest.
Control functions include:
- first level controls (line controls): carried out by operational functions;
- second level controls: aimed at evaluating the efficiency and effectiveness of first level controls;
- third level controls (e.g. internal auditing): aimed at assessing the adequacy of the risk control system in general.
Tax Risk Assessment
The map of tax risks identified by the tax risk control system plays a key role within the Tax Control Framework.
It is worth making a preliminary distinction right away between tax risks which can originate within ordinary activities related to the usual corporate functioning cycles and risks related to specific transactions which, for their qualitative or quantitative aspects, cannot be considered as routinary activities (e.g. M&A operations).
Consequently, the approach to the assessment of the relevant tax risks should be adequately adjusted keeping into account the specific features of the relevant areas.
Tax Risk Assessment should start from the mapping of processes to identify tax risks. Therefore, the Risk Owners will have to be involved, i.e. the corporate management in charge of the process, for the identification of tax risks potentially related to a specific process, tracking information on taxation (direct taxation, indirect taxation, local taxation) and the type of tax on which the risk impacts (e.g. IRES, IRAP, VAT, etc.).
Each risk will have to be assessed in terms of probability and impact (economic/fines, reputational, legal) to determine the inherent risk; the controls in force to address the risk then need to be identified and the residual risk evaluated. For those risks in which the residual risk is higher than the acceptable risk, the controls will need to be integrated with further ones.
In the Risk Assessment phase, the use of a RIsk Assessment Criteria Matrix, in short RACM, can be of help to break down processes into activities and, within activities, to identify and evaluate risks and the relevant controls.
As far as non-routinary operations are concerned, instead, it is clear that the method to assess related tax risk should necessary be simplified and that, even if it is applied basing on criteria of probability and impact, it implies a case-by case analysis.
Within Tax Risk Assessment, it is possible to capitalise on what possibly already analysed about the company with reference to tax offences ex Legislative Decree no. 231/01; this analysis can be a good starting point, though not comprehensive, to address the activities related to tax risk management.
Monitoring and information flows
The internal control system must include effective monitoring procedures allowing the identification of possible gaps or errors in its functioning and the consequent activation of corrective actions.
It will also be advisable to identify Key Risk Indicators (KRI) to measure the performance of the TCF as a whole and the effectiveness of the controls put in place; besides, the TCF must adjust to the main internal changes, i.e. concerning the business, and in the external scenario, such as possible amendments to the tax legislation.
The system is to be based on accurate, complete and timely information flows and guarantee the circulation of information to all corporate levels, each insofar as it concerns them; in particular, it must include, on a predefined basis (e.g. yearly) the sending of a report to the management bodies, containing the result of the assessments made on tax fulfilments, planned activities, results obtained and actions implemented to remedy possible gaps identified further to the monitoring.
Conclusions
Considering the above, it is evident that the devising and implementation of a Tax Control Framework requires a multi-disciplinary approach involving tax, legal, organisational, risk governance and technological skills.
The devising, preparation and maintenance of a TCF over time must be included within the wider internal government and control system, without being a tax appendix of other control systems.
A full and constant involvement of the tax function will be necessary, also prior to business decisions; this involvement will need to be granted by processes which involve the participation of the head of the tax function in committees in which operations and significant project regarding the company are evaluated or resolved upon.
All the above, together with the monitoring and continuous improvement requirements, leads to the need to create a Tax Management System with a consistent approach with other management systems, possibly already in place in the company.