The ATO has recently published information about the "e-Audit" technology it utilises as part of its ongoing tax compliance activities. It says that if a taxpayer maintains electronic financial records, the ATO may use computer-assisted verification techniques to audit and analyse the records.
Using formal access powers, the ATO is permitted full and free access to documents required for the purposes of the Acts it administers. Those documents include electronically stored information. The ATO says it will usually seek access to a taxpayer's information through a cooperative approach and it will consult with the taxpayer on the records required.
When the ATO identifies a need for a taxpayer to provide electronic information, it will schedule a meeting – often with the taxpayer's adviser and information technology specialist – to obtain that information. The ATO says it will always discuss this with the taxpayer beforehand to develop an understanding of their electronic systems and identify what information the ATO may need to collect.
The ATO says it will seek to understand:
- the accounting systems the taxpayer uses;
- the taxpayer's system architecture and how the data flows through their systems;
- the format and extent of the taxpayer's electronic records; and
- the documentation available to assist the ATO's analysis, eg the taxpayer's chart of accounts, reference tables or data dictionary.
The ATO says it is flexible when organising a meeting time. Taxpayers will also be able to assist the ATO by having certain information ready prior to the meeting. This includes details of the taxpayer's software programs, relevant system documentation and contact details of advisers or staff who prepare the taxpayer's business activity statements or financial records.
Once the taxpayer has provided the necessary information, the ATO uses specialised software to verify that the data is accurate and complete. The ATO then conducts a series of tests on the data to ensure the taxpayer has complied with relevant tax laws.
Taxpayers can be assured that:
- the ATO's tests do not alter the data itself, so the integrity of the taxpayer's data is not at risk; and
- the ATO does not operate the taxpayer's computer system but, rather, works with a copy of the data.
The ATO says the integrity of the information systems used to support a taxpayer's business will affect the accuracy and completeness of the information they report. As part of the e-Audit process, the ATO may use its information systems risk assessment (ISRA) tool to assess a taxpayer's system risks in relation to correct reporting of tax and super obligations.
An ISRA is essentially a process that provides a high-level overview of a taxpayer's information systems and enables the ATO to derive a risk rating for key elements of the taxpayer's systems. The ATO will perform the assessment by speaking to someone within the taxpayer's business with knowledge of the information systems. The ATO will ask a series of questions about the history of the taxpayer's systems and what planning and support they have in place.
One benefit of an ISRA is that it can highlight particular compliance risks for a taxpayer, which may reduce the scope of further compliance activity. The ATO will provide the taxpayer with a final report that includes recommendations for addressing any issues the ATO identifies.