GST and tax governance back on the agenda for boards and management

Tax Insights

Release of ATO’s new “GST Governance, Data Testing and Transaction Testing Guide”


Many businesses would be familiar with the Australian Taxation Office's (ATO's) embrace of the “justified trust” methodology and its strong focus on tax governance. Under its justified trust methodology, the ATO takes an assurance-based approach to ensuring that both it and the wider community, have confidence that businesses have an appropriate tax governance framework in place and are paying the right amount of tax.

To date, much of the historic focus has been on income tax but the ATO now has GST firmly in its sights. To this end, the ATO has recently released its “GST Governance, Data Testing and Transaction Testing Guide” (the Guide) which outlines how the ATO intends to rigorously test a business’s GST systems, processes, and controls (GST control framework) as part of any review of a business’s tax governance. 

The Guide provides detailed guidance on how a business should:

  • Tax governancePrepare itself for a GST audit by the ATO;
  • Review the design of its existing GST control framework; and
  • The minimum scope for undertaking regular GST data testing.

As the ATO has flagged that its GST audit activity is set to restart and ramp-up in August 2020, all businesses should familiarise themselves with the Guide and look to self-review their GST control framework against the Guide and undertake their own data testing before the ATO undertakes its own GST audit.

What are the key points from the Guide?

The ATO has announced that a key focus area for any GST audit will be reviewing a business’s GST control framework and ensuring that these are designed and operating effectively. The three core areas of a GST control framework that the ATO will be focussing on are:

1. Considering the existence of and scope of periodic internal control testing

  • Tax governanceHow do boards obtain assurance that the GST control framework is operating effectively?
  • How is the GST control framework tested and how often (eg a board-endorsed testing plan and methodology)?
  • What documented policies are in existence related to testing GST controls? 

2. Reviewing what controls are in place for data

  • How have business systems been designed for GST and how do they interact with the calculation, recording, and reporting of GST?
  • How are tax and master vendor codes set-up and reviewed?
  • How is the GST treatment and calculation of transactions undertaken?

3. Determining the level of documentation of the GST control framework

  • Is the process for preparing, reviewing, and signing off the monthly/quarterly BAS adequate?
  • What level of trend and variance testing and exception reporting occurs as part of each BAS process?
  • How do boards and management ensure that high risk, material, or unusual transactions are appropriately escalated for detailed review or external sign-off?

One of the key messages from the Guide is that the ATO highlights the critical importance of regularly undertaking data and transaction testing from a GST perspective. This makes it clear to many businesses that have historically not reviewed their GST data regularly that the ATO is expecting more from them and the status quo may not be acceptable in the future.  

The ATO is aware that undertaking a self-review can be a major time and resource investment but the benefit of undertaking such a self-review is that the ATO may not need to undertake its own testing during a GST audit. In addition, undertaking a self-review ahead of any ATO activity will provide a business with the time needed to take fix any systemic errors, without the pressure of an ATO audit.

Q. My business may not be a “Top 1000” business, do I need to worry about the Guide?

tax governanceA. While the Guide is primarily aimed at those businesses with aggregate turnover greater than AUD250 million (ie potentially, a “Top 1000” business), all businesses regardless of size should be aware of the Guide and take appropriate action.

In particular, high net wealth individuals and high wealth private groups (generally, businesses with a turnover of AUD100 million or more) will be reviewed by the ATO under GST audit programs separate from the Top 1000 program. Under these programs, such as the Top 500 private groups program, the ATO will be looking at a business’s tax governance and GST control framework to ensure they are effective and fit-for-purpose. As such, many of the elements contained in the Guide will be relevant to all businesses, whether they are privately held SMEs, larger private companies, or multi-national organisations.

What should your business do next?

The Guide makes it clear that the ATO will be focussing heavily on reviewing tax governance and GST control frameworks as part of its next round of GST audits. 

There is significant value in being prepared beforehand, particularly in terms of documenting key elements of a GST control framework such as GST-related policies, procedures, instructions, and source data. In addition, the ATO has escalated the importance of undertaking regular data analysis and testing from being a “nice to have” to be a key part of any GST control framework. 

Given that, under the new director penalty notice regime, directors of companies can be held personally liable for any underpaid GST, now is the time to review your GST control framework.


If you require further information for GST and tax governance contact your local RSM office.

RSM in Sydney - providing accountanting, auditors and consultants for sydney Businesses