The ATO has released a tax risk management and governance review guide to help businesses develop and test their governance and internal control frameworks (as they relate to tax), and demonstrate the effectiveness of their internal controls to reviewers and stakeholders.

The guide sets out principles for board-level and managerial-level responsibilities, and examples of evidence that entities can provide to demonstrate the design and operational effectiveness of their control framework for tax risk.

It was developed primarily for large and complex corporations, tax consolidated groups and foreign multinational corporations conducting business in Australia. The principles outlined can be applied to a corporation of any size if tailored appropriately, the ATO says. When appropriate, the ATO says, it assesses the tax governance processes of large business entities that it has under review; however, the aim of this guide is to help businesses understand what the ATO believes better tax corporate governance practices look like, so businesses can:

  • develop or improve their own tax governance and internal control frameworks; 
  • test the robustness of the design of their frameworks against ATO best practice benchmarks; and
  • understand how to demonstrate the operational effectiveness of their key internal controls to their stakeholders, including the ATO.

For directors, the guide covers areas such as corporate governance and risk management, justified trust and key controls (eg periodic internal control testing and document control frameworks), the three lines of defence (board-level controls, internal controls testing and managerial-level controls) and directorship responsibilities and liability.

Source: ATO, Tax risk management and governance review guide, 27 January 2017,