Kathy Krawczyk and Roby Sawyers

Kathy Krawczyk and Roby Sawyers

Project Title: Tax Risk Management

Managing risks has become critical for companies in today’s business environment due to increased focus on corporate governance, greater regulation by state and federal governments, and more intensive scrutiny by the media and the general public. Much of the attention on risk management in companies has been focused on the preparation of financial statements. While tax risks are theoretically addressed in financial statements through the determination of the income tax provision, if the tax implications are “immaterial,” management may focus little time or energy on tax risks. This focus on financial statement preparation risk may cause companies to discount other sources of tax risk, including transactional, operational, and compliance risk. Tax issues also impact a company’s reputation so reputation risk associated with tax must be considered part of risk management. The importance of managing reputational risks associated with tax is clearly seen in the front-page articles in the Wall Street Journal lambasting companies and their chief executives for participating in aggressive tax shelters.

COSO’s Enterprise Risk Management (ERM) Framework proposes an enterprise wide approach to risk management that looks at risk in a holistic fashion. It requires management to: determine how much risk an entity is prepared to accept; consider the entity’s risk appetite in determining objectives and evaluating strategies; and use a portfolio rather than a silo approach to managing risks. It bears in mind that managing a company’s risks does not necessarily mean eliminating risks. Tax risk are one of many risks in ERM that must be integrated at the entity level and assessed and managed with an understanding of the entity’s company wide risk appetite. An ERM approach to risk management would also reduce the danger that tax risks will be viewed in isolation without considering other sources of risk in a company and the company’s overall risk taking propensity.

The goal of this research is to investigate how tax directors of major companies have responded to the increased regulation and scrutiny of the tax function and the use of ERM by companies to manage tax risks along with other risks. Tax directors at companies across the country will participate in structured interviews and experiential questionnaires (EQ). The EQ method is useful for studying decisions made by tax directors and other managers and is built around the actual experiences of respondents (Gibbins and Qu, 2005).

The Risk Management Environment

Section 404 of the Sarbanes Oxley Act (SOX) requires managers of publicly owned companies to establish and maintain adequate internal controls over financial reporting and to disclose any material weaknesses in the company’s internal controls. The SEC defines internal control over financial reporting to mean “a process … to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.” The transactions and processes related to the determination of the income tax provision for financial statement purposes clearly fall within this definition.

Section 302 of SOX also requires corporate officers to assess the effectiveness of the company’s “disclosure controls and procedures.” Disclosure controls and procedures are intended to cover a broader range of non-financial information than internal controls over financial reporting and include procedures to ensure that information on significant matters, such as those involving tax issues, is captured and reported to management.

Congress and the Internal Revenue Service have instituted new disclosure requirements for aggressive tax saving strategies and new reporting requirements (Schedule M-3) on the corporate tax return, both with the goal of increasing the transparency of tax matters. Congress has also significantly increased the penalties associated with participating in tax shelter activities.

Corporate governance rules (Section 303A) enacted by the New York Stock Exchange (NYSE) require the audit committee of a NYSE listed company to discuss the company’s guidelines and policies with respect to risk assessment and risk management. As part of these duties, the audit committee should “discuss the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures.”

Tax Risks

Tax risks can take many forms. Transactional tax risk considers the tax risks associated with specific transactions. While routine transactions can include tax risks, out-of-the-ordinary transactions such as mergers, acquisitions, and other restructurings are likely to entail greater tax risks. Operational tax risks are typically associated with every-day business operations such as selling products to individuals in other states or countries (and exposing a company to new taxing jurisdictions) or buying parts from related suppliers (transfer pricing issues). Compliance risks deal with the risks that the accounting information system, along with processes and procedures adopted by a company to prepare and file tax returns are not sufficient. In other words, does the system generate the up-to-date data necessary to file complete and accurate returns and are there processes and procedures in place that ensure that the company is aware of all filing obligations and is current with respect to the tax law?

A survey conducted by Ernst and Young in 2004 found that almost 70% of tax directors believe that tax risk management is a critical factor in corporate governance and is important in preserving the company’s reputation. Seventy five percent of respondents reported that their performance was measured based on risk management and that the CFO, CEO, audit committee, and outside service providers frequently provided “active direction on tax risk matters.” Forty-four percent of tax directors also said their companies have become more risk averse on tax issues.

This finding is consistent with a 2005 KPMG survey which found that risk management plans often entailed following a “conservative approach.” The KPMG survey found that the SOX 404 compliance process has increased the tax department’s visibility with the board of directors, audit committee and peer departments in the company and that the primary reaction to SOX has been an examination of the internal controls and improvements in the processes employed in determining the financial statement provision for taxes.

An ERM approach to tax risk management recognizes that companies make money by taking risks and that tax planning provides legitimate opportunities to companies. An ERM approach to risk management identifies tax risks across the enterprise and ensures that CEOs, senior management, the board of directors and audit committee are made aware of them. ERM also establishes a framework for evaluating tax risks in light of the company’s risk tolerance and level of other identified risks, helps to prioritize those risks and helps to determine an appropriate response.

Research Approach

This project will focus on whether tax risks are being integrated with other types of risk at the entity level and whether the end result of tax risk management has simply been risk minimization. We propose structured in-depth interviews of several corporate tax directors, followed by experiential questionnaires(EQs) to several other tax directors and CFOs. According to Gibbins and Qu (2005), EQs are advantageous because they study the context in which experts or respondents actually behave, they are developed using theory about the context, and they have undergone extensive pre-testing on representatives of the respondent’s target population. This approach will extendthe results of the existing KPMG and Ernst and Young surveys and provide a solid foundation for future research using experiment approaches to see what type of tax risks drive the behavior of tax directors/managers.