Part 4: Case Selection and the Conduct of Audits

Introduction

4.1
There are a number of key steps in the audit process – including case selection, conducting field activities, gathering evidence, and satisfactory resolution of any discrepancies with the taxpayer.

4.2
In this part of the report we examine the key steps in the taxpayer audit process that we feel need to be improved. Our decision to focus on these steps arises from our field work results and from the findings of the IRD’s previous reviews of taxpayer audit. These steps are:

• selection of cases to be audited;
• preparation of case plans;
• organisation of working papers;
• choice of audit methodologies; and
• case management to improve timeliness.

Case Selection

4.3
Investigators use a number of techniques to select cases, but they do not use the techniques on a co-ordinated or consistent basis across the IRD. The techniques include:

• computer analysis of data in tax returns;
• analysis of compliance and/or payment records of taxpayers; and
• responses to information received in the form of (sometimes anonymous) phone calls or letters from members of the public.

4.4
Individual investigators have discretion, so that how specific cases are selected varies between audit teams. The level of involvement of team leaders in case selection also varies considerably. Some team leaders are closely involved, while others leave the decision to team members, even though some may not have much experience in assessing risk. There is, therefore, little by way of directed targeting of audits.

4.5
We are concerned that there is no standard practice or policy that binds audit staff to proven methods of case selection.

Compliance Risk Analysts

4.6
In 1999, Compliance Risk Officers (CROs) were introduced into the service centres on a trial basis to assess whether the role should be established. Their primary purpose was to collect and collate information to improve targeting of cases selected for audit – for example, they were responsible for improving the queries run in Taxpayer Audit Selection System (see paragraphs 4.12-4.14 on the opposite page).

4.7
There are currently five CROs. In practice, audit area managers decide the nature of the CRO role, and the enthusiasm with which service centres endorsed the role has varied. Individual investigators can choose whether or not to use the CROs’ results, and where an audit area manager or team leader is not supportive, it is less likely that they will do so.

4.8
When we started our audit, the CROs’ role had still not been formalised. CROs told us that they had no job description, and they felt that the low profile of the role hindered their effectiveness.

4.9
In May 2003, the IRD announced the position of Compliance Risk Analyst (CRA)⁸. At the time of writing this report, IRD was interviewing applicants and plans to have made 10 appointments to these positions by late-July 2003.

Use of Risk Analysis in Case Selection

4.10
In April 1998, a paper to the IRD’s Senior Management Team identified two major problems with the risk identification process:

• The process was a closed system that made little use of external research to determine risk areas and the geographical location in which they occur. The result was self-perpetuating cycle – for example, a focus on GST because it is an area of high discrepancies results in a focus on gathering information about GST that reinforces the view of GST as a high-risk area.
• There was little analysis of the optimal mix of service and enforcement delivery, and no cost/benefit analysis to assist in determining the value of one type of audit as opposed to another, or as opposed to education.

4.11
Addressing these issues will be crucial to the successful implementation of the new Audit Strategy.

Taxpayer Audit Selection System

4.12
The Taxpayer Audit Selection System (TASS) is currently run twice a year in December and June on all return types to generate a selection of potential taxpayers for audit. It involves interrogating the Data Warehouse database (see paragraphs 5.31-5.33) using selected queries (currently 26, though not all are relevant to every type of tax return). The results are exported onto a computerised database so that individual investigators can screen cases. The investigators then complete a risk analysis for each taxpayer and conclude with a risk rating that is used to help make the final audit selection.

4.13
Other than using TASS to select some cases, selection methodologies have been unchanged for a long time. Case selection plays an important part in achieving the audit outcome of maintaining and improving compliance. The Audit 2000 project sought to review case selection methods. As part of the review a predictive case selection model was created but the review was then deferred because other work was judged to be a higher priority.

4.14
The IRD recognises that improving case selection will require improved intelligence systems and resources, which we discuss in Part Five on pages 64-69.

Case Plans

4.15
The IRD requires case plans to be prepared for all audits other than short-term audits (see Figure 4 on page 34). The plans are required for a number of important purposes – to:

• provide continuity between investigators;
• facilitate file review and team leader sign-off;
• provide training for juniors on the job;
• document the most appropriate type of audit test for the risk identified;
• ensure that all risks are addressed;
• allow determination of the cost-benefit of the audit; and
• document the division of work between team members.

4.16
The IRD has a process that investigators should follow in preparing case plans, but often it was not followed. For the service centre cases we reviewed, plans were rarely done. And, where there were plans, they generally did not meet the required standards.

4.17
Many of the investigators we interviewed stated that they saw little or no value in preparing a plan, and that they preferred to rely on their experience. Preparing case plans was seen by some as an unnecessary overhead that did not merit the additional time required to prepare them, particularly so when audit discrepancies can be identified without using a case plan. Some of the case plans we saw were poor and offered no indication of what risks had been identified and what audit tests were to be carried out.

4.18
By contrast, the Corporates Division has devised and operates a planning process that starts with industry risk analysis, followed by analysis of company risk, with the results being used to help formulate an audit plan. One of the Corporates Division case plans we reviewed was particularly comprehensive.

4.19
A case plan is required to be updated after the initial interview with the taxpayer. This requirement is supported by the Quality Measurement System that indicates that risks should be finalised after the initial client interview. The requirement is important because the interview often uncovers what the issues and accounting practices are.

4.20
Often, therefore, it is only after this interview that the investigator is in a position to identify what audit tests need to be performed and what evidence needs to be gathered. However, we saw nothing to show that the requirement to update case plans after the initial interview was being met. Thus, the plans we reviewed often did not reflect the work that was actually carried out.

4.21
The exception we observed is that comprehensive case management planning is applied to effectively manage the audit activity undertaken in Auckland and Wellington directed at mass-marketed schemes involving aggressive tax issues.

Use of Risk Analysis in Planning Audits

4.22
We did see evidence of some good risk analysis in the Corporates Division. For example, the Tax Risk Analysis Report for one industry sector was a comprehensive and excellent analysis of current issues and emerging trends in that industry.

4.23
However, in one very large Corporates Division audit we examined, the risk analysis process was inefficient. Many generic risks were initially identified but then ignored, and other risks were identified but not documented in a revised case plan. Additionally, the Tax Risk Analysis Report prepared on the company did not identify any of the important issues.

4.24
Based on the case files we reviewed in service centres, risk analysis at the taxpayer level is being done to varying extents and standards. In some cases, it was not possible to tell from the file what risks had been identified and how (and, indeed, whether) they had been addressed. Where risks were identified, the work was often superficial, and we saw numerous examples of work performed not following the case plan.

Organisation of Working Papers

4.25
Investigators take widely varying approaches to organising their working papers. Some of the files we reviewed were helpfully ordered and referenced, and were therefore easy to follow. However, the majority were difficult to follow and did not use any standard format. The documentation management practices supporting the audits that we examined in Auckland and Wellington of schemes involving aggressive tax issues were of a significantly higher standard.

4.26
As noted above, this made it difficult to see what risks had been identified or whether the risks had been addressed. Nor was it clear (without asking the investigator) how audit findings were supported by the working papers.

4.27
The IRD does not currently operate a system of computer-based working papers but – in line with long-established practice in major audit firms – may wish to do so in future. It will be important to substantially improve investigators’ approaches to keeping orderly working papers in any event – but particularly in the event that a computer-based system is introduced.

Audit Methodologies

4.28
Audit methodologies are detailed in audit manuals. There are two key manuals – the Business Investigations Manual and the Audit Techniques and Policies Manual, which were written in 1994 to support modernisation following the 1992 audit strategy. Separate chapters for each type of audit task are designed to provide in one place all the material that audit staff need.

4.29
Until a rewrite of the manuals was started in September 2002, neither had been updated since 1994. The rewrite has now been completed and the new manuals are available on the IRD’s intranet. The IRD is also undertaking a project to ensure that the new manuals support a risk-focused approach, rather than the task-based approach currently documented. The manuals are to be amended to provide more information on matters such as common risk factors and available audit tests.

4.30
Audit staff we interviewed indicated that they currently do not use the manuals. The only use of manuals that we noted was the inclusion in some case files that we examined of copies of standard working papers drawn from a manual. Junior staff indicated that team leaders were their main source of advice and guidance about auditing.

4.31
The low level of use of manuals may partly account for us finding that audit staff rarely used some of the techniques we would expect to be used (e.g. ratio analysis, asset accretion techniques⁹, and reasonableness tests) – including techniques in training manuals (although those staff applying TASS selection criteria would automatically be applying some of these techniques). Team leaders told us that investigators previously made more use of the techniques, but moved away from them when the performance focus changed to emphasise quantitative measures such as audit hours and tasks, and the size of assessed discrepancies (see paragraphs 6.6-6.13 on pages 76-77).

4.32
Some investigators also told us they felt they had lost the ability to undertake income-related tests. We noted a generally low level of testing of income, which was borne out by some specific examples. In one service centre, audits of farming operations did not include tests of cost of sales or of livestock valuations. For a manufacturer being audited in another service centre, the investigators did not understand the manufacturing system, and they undertook no testing of cost of sales or product margins.

Case Management to Improve Timeliness

4.33
Timeliness of audits is an inherent problem for the IRD (as it is for many tax authorities), and is sometimes hampered by slow responses of taxpayers (or their agents) to information requests. Case management is an important technique to help improve timeliness of audits.

4.34
Several recent initiatives illustrate the high priority that the IRD has set for managing timeliness through better case management:

• In Corporates Division, time bar dates are identified in audit plans. The National Manager – Corporates receives monthly feedback on the status of open cases, and the sector managers are responsible for expediting the progress of older cases.
• At their monthly meeting, area audit managers based in the service centres also monitor their timeliness statistics. However, the approach of different service centres to expediting older cases varies, as does the extent of management oversight at this more detailed level. The Quality Measurement System has identified “non-consideration of time bars” as an area of concern.

4.35
TACTICs is a tool that is available to managers to enable them to view case information and to see, for example, how a case is progressing. The tool requires delegated sign-off matters to be recorded. However, the IRD does not have organisation-wide software to support workflow issues for groups heavily focused on cases of evasion and aggressive tax issues. It needs to look at sourcing such a product externally or to create one in-house.

8: The job title was changed from “officer” to “analyst” to better reflect the type of work involved in the role.

9: Asset accretion is a common method of determining the level of income based on statements of financial position.