How to use Tax Risk Management processes to identify and prioritize risk Featured

9:01pm EDT April 30, 2011
How to use Tax Risk Management processes to identify and prioritize risk

In the past two months, we have defined tax risk management (TaxRM), discussed the optimal structure of TaxRM processes and provided examples of tax risks. More specifically, TaxRM is an enterprisewide process that is effected by a company’s board of directors, management and/or other personnel, and is designed to minimize tax liabilities and maximize compliance, each within the guidelines of tax laws. TaxRM processes are most effective when they are treated as a component of the organization’s overall enterprise risk management (ERM) process. Typical risks mitigated by TaxRM processes might pertain to uncertainties in the application of tax law to numerous areas of the business, financial reporting decisions, acquisitions and divestitures, and asset purchases and sales.

In this month’s article, Smart Business sat down with Walter M. McGrail, JD, CPA, a senior manager at Cendrowski Corporate Advisors LLC, to discuss how risks can be identified and prioritized in TaxRM processes.

“Prioritization of tax risks is an essential component of TaxRM processes. It may directly impact the effectiveness of a business’s tax function,” says McGrail.

What are some prevalent tax risks?

Many tax risks exist for any organization; however, one of the largest risks an organization faces is the risk of proper tax compliance. IRS audits are costly, time consuming events. The risk of an IRS audit should be mitigated by an organization’s TaxRM process. While TaxRM processes are seemingly the domain of the tax department, tax professionals are dependent on data from outside the tax department. For instance, tax managers must understand the basis of information presented in a business’s financial statements, including the derivation of GAAP-based accounting estimates. Without such an understanding, a tax professional may improperly prepare tax-basis financial statements, increasing the likelihood of an IRS audit. Furthermore, tax professionals should bear in mind that there exists no standard of materiality in the event of a tax audit. Unlike audits of GAAP-basis financial statements, where a threshold of materiality governs the audit, every item in a tax-basis financial statement is material. This is a significant, often overlooked tax risk that organizations must assess and mitigate.

How should tax risks be identified?

One way to promote tax risk identification is through risk workshops. In these workshops, participants from various levels of the organization jointly voice their concerns regarding prevalent tax risks. Workshop participants must possess a personality that affords them the ability to freely voice their concerns. If participants do not possess this personality, the workshop will not optimally identify risks.

Additionally, risk identification in workshops requires participants to identify foundational risks rather than superficial risks or effects of risks. For example, workshop participants might enumerate ‘poor tax compliance’ as a risk. However, poor tax compliance is a consequence of risk realization, not a foundational risk itself.

Poor tax compliance might be caused by the receipt of inaccurate information from a business’s operations. Going a step further, a lack of accurate information might be caused by an outdated IT system, a lack of an appropriate data entry policy, or a poorly executed but well-intentioned data entry policy, among other things.

In any event, it is essential for participants to identify foundational risks in order to properly analyze and mitigate them and the exposure associated with these risks.

How should tax risks be analyzed?

Once identified, tax risks should be quantified along two dimensions, impact and likelihood, before a detailed analysis of the risks is performed. The impact of a risk denotes the consequences of its realization. For instance, if a risky event is realized, this realization may cause the business to be subject to tax-related interest and penalties.

Furthermore, while the realization of tax risks will generally have a negative impact on the business’s after-tax earnings, numerous spillover effects may also occur. These spillover effects may include degradation in the business’s revenue, profits, reputation with customers and reputation with suppliers. It is important to include spillover effects when quantifying the impact of tax-related risks.

The likelihood of a risk is the probability or chance that it may occur. Likelihood is a function of the business’s internal environment, including the tone at the top set by management and the board of directors; business’s organizational structure; chain of communication; assignment and authority of responsibility; human resources policies and practices; and the culture of risk awareness present at the organization. It is also a function of the controls designed to mitigate the likelihood of risky events, including the implementation of risk assessment and monitoring policies.

Lastly, the likelihood of risky events is dependent on the business’s external environment, including its susceptibility to regulatory changes and shifts in its competitive landscape.

What types of tax risks should businesses prioritize?

Businesses should prioritize high impact/high likelihood tax risks, as these risks present the greatest exposure to the organization. High impact/high likelihood risks may be known to the organization due to their frequency of occurrence, but they must be properly mitigated to ensure the business does not suffer frequent, severe consequences. High impact/low likelihood risks, including ‘Black Swan’ events are also of high importance. A business is often highly vulnerable to such risks as employees may be unfamiliar with their occurrence, and proper ways to mitigate these risks in the event they arise.

Walter M. McGrail, JD, CPA, is a senior manager at Cendrowski Corporate Advisors. Reach him at (866) 717-1607 or              , or visit