Risk assurance
418
When an organization sets up a risk-based audit programme, it will be seeking to 
ensure that internal audit activities are focused on the priority significant risks facing 
the organization. The board may well be looking for a joint risk management/internal 
audit contribution that will achieve better strategic decisions, more successful delivery 
of projects and more efficient core processes.
The introduction of a risk-based audit programme will be facilitated by ensuring 
that internal audit participates in risk assessment workshops and that risk manage-
ment and internal audit produce a joint annual programme of work. The overall 
intention is to ensure that control measures discussed at risk assessment workshops 
are described in the risk register as fully auditable controls, and to ensure that 
managers have greater awareness of their control responsibilities and fulfil those 
responsibilities in practice.
Three lines of defence is a concept that seems quietly to be taking over the whole field of
risk management. It now seems ubiquitous in financial services and is finding its way,
often through public-sector procurement requirements, into a vast range of new areas.
But while it may be in use elsewhere in an organization, so far it hasn’t been widely 
applied to the management of risk in tax. Tax risk management is about having clearly
defined and understood roles and responsibilities covering data management, transaction 
processing, information gathering, verification and escalation. Applied to tax, the three lines 
concept could broadly look like this:
●
●
First line: this means having a strategic understanding and the right people responsible for 
the basic business processes as they affect tax – the complete and accurate recording of 
transactions, for example the purchase-to-pay, record-to-report and fixed asset processes, 
and the gathering and processing of the related tax information.
●
●
Second line: this is the regular monitoring process. It requires frameworks and guidelines, 
developed by the tax and finance functions together, which are designed to facilitate 
effective monitoring of tax risks, pick up problems early and identify weaknesses in the 
process. People are human and they do make mistakes.
●
●
Third line: this is independent assurance that the tax function is running properly, through 
both internal and external auditing. It requires both that internal auditors bring themselves 
up to speed on tax risk matters, and that tax functions welcome the additional assurance 
that a successful audit can bring. After all, it’s better to have your internal auditor spot
a mistake than to have to explain it to a tax authority.
three lines of defence applied to tax

Download 3.45 Mb.

Do'stlaringiz bilan baham: