Operational tax risks in charity organizations: Building a tax control framework

(1)

Operational tax risks in charity

organizations: Building a tax control

framework

Master’s thesis

MSc Business Administration - Organizational and Management Control Faculty of Economics and Business

University of Groningen

Author:

Siebe Alexander de Jong

Student number: S3272516

Supervisor: dr. Kristina Linke Co-assessor: Prof. dr. Irene Burgers

Word count: 10,818 (excl. references and appendices)

(2)

2

Abstract

Tax risk management has been gaining an increase in attention from boards in multinational corporations. Prior research has investigated how these organizations can manage their tax risks by the use of a tax control framework. Despite the fact that several topics have been studied for charity organizations, no research has been done in the area of tax risk management with charity organizations as a case setting. This study investigated how charity organization control their tax risks. Therefore a tax control framework based on the COSO 2017 ERM model was developed. For the findings a case study was conducted. This case study consisted of a main case firm and a second case firm which was used to make a comparison with the main case firm. The results showed that charity organizations want to be fully compliant with the laws in all the countries they operate in, but that they do not have a tax risk strategy for this. They identified different types of tax risks, which appeared to be firm dependent, but they do not have a central approach for risk identification or assessment. The main case firm has an internal control framework to control their risks, but the tax component is very limited and there is insufficient monitoring of the controls. The second case firm does not have such an framework. Intercountry communication related to tax issues is limited. The conclusion of this study is that charity organizations do not have a structured approach towards tax control, but they want to makes improvements in order to make sure that they are compliant.

(3)

3

Various topics related to charity organizations have been studied in the past. One of the topics that prior research has focused on, is the accountability of charity organizations towards stakeholders (for example: Connolly & Hyndman, 2017; Cordery & Baskerville, 2011; Ebrahim, 2003). Prior research also addressed the way charity organizations raise their funds, compete for resources (donations) and brand themselves (for example: Balabanis, Stables, & Phillips, 1997; Barman, 2002; Schlegelmilch, Love, & Diamantopoulos, 1997; Stebbins & Hartman, 2013). The role of charity organizations related to corporate social responsibility (for example: Arenas, Lozano, & Albareda, 2009; Puentes, Mozas, Bernal, & Chaves, 2012) as well as the importance of reputation (for example: Meijer, 2009) for charity organizations have also been studied. However, prior research did not study how charity organizations manage their tax risks.

Organizations have seen an increase in the importance of tax risk management (TRM). Boards of multinational corporations (MCO’s) become more involved in TRM instead of delegating this responsibility to the CFO or finance director (Huibregtse & Sood, 2016). The authors relate this development to the reputational risk that is involved with tax minimization strategies. In her research in 2009, Wunder found that MCO’s have come to recognize the importance of TRM and started to separate it from general risk management. Tax administrations have shown initiatives to further stimulate MCO’s to use TRM (van der Hel & Siglé, 2016).

The Dutch tax administration started with a project in 2005, named horizontal monitoring (The Netherlands Tax and Customs Administration, 2010). Horizontal monitoring is a monitoring approach based on trust and equality between the tax payer and the tax administration that should reduce administrative work, increase certainty for the taxpayer and should reduce the amount of monitoring by the tax administration (Veldhuizen & Kamerling, 2009). A similar approach has been found in different countries under the name cooperative compliance (OECD, 2013; van der Hel & Siglé, 2016). Firms that want to apply for horizontal monitoring need to have an effective tax control framework (TCF). This allows the tax administration to check whether firms are in control of their tax risks (Veldhuizen & Kamerling, 2009). A TCF can be defined as a part of the internal control system that enables the tax function to be in control (Belastingdienst, 2008; Veldhuizen & Kamerling, 2009). The goals of the TCF are for the firm to comply with tax regulations and to mitigate tax risk that go beyond the firm’s risk appetite (Cornelisse, 2014). The risk appetite can be defined as the amount of risk the firm is willing to take (Aven, 2013).

(5)

5

2016; Veldhuizen & Kamerling, 2009; Wunder, 2009). Yet, most of the prior studies focus on TRM and TCF’s for MCO’s in the for profit sector. This research on the other hand will focus on the tax risks of international charity organizations as part of the public sector. What tax risks charity organizations face and how these firms can control these risks. This study will contribute to the existing literature because, to the authors best knowledge, no prior research has been done regarding the tax risks of charity organizations, but also because charity organizations face different tax risks than MCO’s. Tax regulations for charity organizations differ from commercial organizations as they have certain exemptions; in the Netherlands these exemptions include inheritance taxation, gift taxation and energy taxation (Belastingdienst, n.d.). Aggressive tax strategies can cause severe reputational damage (Lavermicocca & Quilter, 2017). This risk is even higher for charity organizations because they depend on donations and are expected to behave ethically (Nash, 2015).

As mentioned above, this study will focus on the tax risks that charity organizations face. More specifically, this study will attempt to answer the following question:

How do charity organizations control their tax risk?

(6)

6

2. Theoretical background

This chapter will be structured as follows: the first section will explain several aspects of risk management. This section will end with an introduction to the COSO framework. This framework will provide the basis of the second section where the sub-questions of this research will be developed.

Risk management

This section will explain the concepts of risk management that are relevant for this research. The first paragraph will start with Enterprise Risk Management, which is about all types of risks. The second paragraph will narrow down to Tax Risk Management. The third paragraph will then narrow down even further by focusing on the Tax Control Framework. The last paragraph will introduce the COSO framework.

ERM in general

Enterprise risk management (ERM) is a process with the objective to identify, assess and manage risks that a firm faces (Gates, 2006). This process is part of a firm’s corporate governance and internal control practices (Hall, Mikes, & Millo, 2015). Unlike traditional risk management, ERM considers risks to depend on and relate to each other (Ai, Brockett, & Wang, 2017). The firm’s risk portfolio is considered as being an holistic integrated whole (Beasley, Pagach, & Warr, 2008; Gatzert & Martin, 2015; Grace, Leverty, Phillips, & Shimpi, 2015). Some studies found evidence that ERM may actually have an adverse effect on the performance of firms, especially in the first year after implementation (Bangaan Abdullah, Janor, Hamid, & Yatim, 2017; Lin, Wen, & Yu, 2011). Bangaan Abdullah et al., (2017) argue that this may be caused by implementation costs, managerial difficulty in cultural changes and the fact that firms can have very different approaches towards ERM. Other authors argue that ERM has positive results on the performance as well as internal control effectiveness (Cohen, Krishnamoorthy, & Wright, 2017; Gatzert & Martin, 2015; Grace et al., 2015; Nocco & Stulz, 2006). Nocco & Stulz, (2006) for example, argue that ERM brings not only value to firms at the corporate level, but also at the divisional level because risks will be evaluated throughout the different layers of the firm. They show that this can be accomplished by decentralizing internal decision making. Despite that there is a contradiction in the academic literature whether ERM is effective, more firms start adopting COSO (Deloitte, 2017; PriceWaterhouseCoopers, 2017), which is the most widely adopted framework for ERM and internal control (Hayne & Free, 2014). This framework will be elaborated on at the end of this section. The next paragraph will continue by describing Tax Risk Management.

Tax risk management

(7)

7

related events that can have an unforeseen effect on the firm (Rabenort, 2007; Wunder, 2009). These events usually have a negative influence on a firm’s results (Benjamin & Mohamed, 2014). Examples of tax related risks firms can be exposed to are risks related to compliance, adequate documentation, changes in ownership, sales and multiple jurisdictions (Rohner, 2013). Similarly practical research identified seven categories for the different types of tax related risks: transactional risks, operational risks, compliance risks, financial accounting risks, portfolio risks, management risks and reputational risks (PriceWaterhouseCoopers, 2004). Firms cannot ignore the risks incorporated with taxation and

many managers have acknowledged the importance of managing these risks

(PriceWaterhouseCoopers, 2013).

TRM can be defined as the part of ERM that is specifically aiming to control these tax risks (Benjamin & Mohamed, 2014). TRM can have several benefits for firms. Rabenort, (2007) gives some examples: improving profits and cash flows, maintaining a good reputation, improved insight in tax costs, effective control of tax risks and effective resource allocation. It is of great importance that the tax function is not isolated from the rest of the firm because a lack of communication between the tax function and the rest of the firm has been the cause of many tax risks (Rabenort, 2007). An integral approach towards controlling tax risks has become more common within TRM (Rabenort, 2007). This caused the Tax Control Framework to become more important. The Tax Control Framework will be described in the following paragraph.

Tax control framework

In order to decrease the amount of tax related administrative work, several tax authorities have undertaken initiatives to stimulate firms to manage their tax risks more effectively (cooperative compliance/horizontal monitoring), which has benefits for both the firm and the tax administration (van der Hel & Siglé, 2016). Implementing a TCF is a requirement for firms that are active in the Netherlands and want to apply for horizontal monitoring (Belastingdienst, 2008; The Netherlands Tax and Customs Administration, 2010; van der Hel & Siglé, 2016; Veldhuizen & Kamerling, 2009).

(8)

8 (identifying risks and gaining more insight in the tax processes), design, implementation and monitoring. The authors explicitly stress the importance of IT in each of these phases (except the first one). Veldhuizen & Kamerling, (2009) mentions five phases that are in line with Peters et al., (2009) whereas Benjamin & Mohamed, (2014) give four phases that are quite similar to the last four phases of Peters et al., (2009). These similarities can be explained by the fact that the authors use COSO as the basic framework that is necessary to set up a TCF. Therefore the COSO framework has been chosen as the foundation of this study.

Introduction to COSO

The COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework is a widely known system for ERM, Internal Control and fraud deterrence (COSO, 2013). COSO has made a distinction between ERM and internal control and has created a framework of each. Enterprise Risk Management integrates strategy and performance (COSO, 2017) and the internal control integrated framework (COSO, 2013). Similar to Colon & Swagerman, (2015) and Veldhuizen & Kamerling, (2009), this study will use the ERM framework because this framework has a bigger focus on risk management. These studies used the 2004 version of this framework, but this study has chosen to use the 2017 framework as basis because of its greater emphasis on strategy. The

2004 framework will be used to compliment on the 2017 framework. The versions of 1992-2013 (both ERM an internal control ) are depicted as cubes (see figure 1 for the 2004 ERM version) consisting of three layers. The objective layer (top), the structural layer (right side) and the components layer (front). More detailed information regarding the earlier COSO frameworks can be found in COSO, (2004, 2013); Cruz, (2016); Hayne & Free, (2014); Mcnally, (2013)

The COSO framework, despite having been criticized for

being mechanical (Power, 2009), has been adopted by firms and auditors worldwide and was accepted as the standard instrument to measure the effectiveness of internal control systems (Cruz, 2016; Hayne & Free, 2014; Mcnally, 2013). As mentioned above, COSO has updated the ERM framework from 2004. This new framework was developed in 2017 and is illustrated in figure 2. COSO updated the framework because of changes in the nature and complexity in risks. This new framework aims to integrate ERM with corporate strategy and performance management (COSO, 2017). The framework consists of twenty principles that have been categorized in five components. The components are governance and culture, strategy and objective setting, performance, review and revision and information,

Figure 1: COSO ERM integrated

(9)

9

communication & reporting. The next section will further elaborate on the components and principles of the COSO framework.

Developing the framework

This section will continue with the COSO framework and use this as the basis of the remainder of this study. Each paragraph will describe one of the components of the framework. The sub-questions of the research will be developed in these paragraphs and will be based on the components.

Governance and culture

This first component is about the structures within the firm and the oversight responsibilities related to ERM (governance) and about the way the organizational members perceive risks and how committed they are to the mission, vision and core values of the firm (culture) (COSO, 2017). This components consists of five principles. 1) Exercises board risk oversight. 2) Establishing operating structures. 3) Define desired culture. 4) Demonstrate commitment to core values. 5) Attracts, Develops, and Retains Capable Individuals. This component is similar to the internal environment component of the old ERM framework as well as the control environment component of the Internal control framework and can be seen as the basis for all other components (COSO, 2004, 2013, 2017). This first component of the COSO framework is responsible for making organizational members aware of the necessity of ERM (Graham, 2015). It is important for the development of a TCF that the highest levels of management show commitment to TRM and communicate the desired behavior regarding tax risks throughout the firm (COSO, 2004, 2017; OECD, 2016; PriceWaterhouseCoopers, 2004). For charity organizations it is very important to be in compliance with regulations in order to keep their exemptions and donations (Nash, 2015; OECD, 2009). It is also very important to make sure that fraudulent behavior will not be tolerated (Jacoby, Lorigo, & Mccallum, 2011).

This study focusses on the question if charity organizations control their tax risks. The first step is to learn about the firm’s governance and culture related to tax risks and TRM. From here the first

(10)

10 sub-question of this research can be formulated. What attitude do charity organizations have towards

TRM?

Strategy and objective setting

The second component of the COSO framework is about the firm’s strategy and objectives based on its business context and in relation with ERM, taking into account the firm’s mission, vision and core values as well as its risk appetite (COSO, 2017). This component consists of four principles. 6) Analyzing business context. 7) Defining risk appetite. 8) Evaluating alternative strategies. 9) Formulates Business Objectives. Despite the greater emphasis on strategy in this framework, similarities can be found with the second component of the old ERM framework, which focusses more on the firm’s objectives (COSO, 2004, 2017). When developing a TCF it is important to have a documented tax strategy as an extension of the overall strategy of the firm (COSO, 2017; PriceWaterhouseCoopers, 2004; Rabenort, 2007; Veldhuizen & Kamerling, 2009). From this strategy, tax related objectives can be developed (Peters et al., 2009; Rabenort, 2007; Veldhuizen & Kamerling, 2009).

The previous part underlined the importance of a tax strategy, which leads to the second sub question. What kind of tax risk strategy do charity organizations have?

Next to the strategic objectives mentioned above, there are three other types of objectives as categorized by COSO. The operational objectives (effectiveness and efficiency of operations), the reporting objectives (quality and reliability of internal and external reporting) and the compliance objectives (adherence to law and regulations) (COSO, 2004; Veldhuizen & Kamerling, 2009). This study will focus on the operational objectives because these objectives should specifically reflect the type of firm as well as its environment.(COSO, 2004). This should allow us to get a better understanding of tax related issues for charity organizations.

Now the next sub-question can be formulated. What are the operational objectives of charity

organizations related to taxation?

Performance

The third component is about the identification and assessment of risks, while taking the risk appetite of the firm into account, as well as the responses to these risks (COSO, 2017). This component consists of five principles. 10) Identifying risks. 11) Assessing the severity of risks. 12) Prioritizing risks. 13)

Implementation of risk responses. 14) developing a portfolio view. This component seems to contain

(11)

11

This study will mainly focus on the operational tax risks in order to continue on the operational objectives in the previous component. Operational risks in general can be defined as the risk of losses caused by deficiencies related to internal processes, systems or people (Power, 2005). Practical research complemented this definition by specifying operational tax risks as the risks that organizational members have insufficient knowledge or experience to identify taxation issues related to the decisions they make and tax reporting requirements (Ernst and Young, 2014; PriceWaterhouseCoopers, 2004). Many reported material weaknesses related to taxation are caused by insufficient review, lack of staff and poor execution of processes (Ernst and Young, 2014). Ernst and Young, (2014) mention that in the United States this is the case for more than 50% of all the tax related material weaknesses. In order to effectively manage the operational tax risks, it is necessary for the tax function to be close to the day to day business of the firm (PriceWaterhouseCoopers, 2004). Ernst and Young (2014) also found that in the three years prior to their survey, 66% of the Dutch respondents mentioned that their tax function had increased in size, only Germany had a higher percentage. They explain that the main reason for this is that the type of tax risks has changed. The reporting requirements have increased and have become more complex as well.

The previous part showed that the next step that should be taken is the identification of risks and underlined the importance of operational tax risks. From here the next sub-question can be formulated: what are the operational tax risks faced by charity organizations?

Once the operational risks have been identified, it becomes possible to categorize these risks based on their priority (COSO, 2004, 2017; Peters et al., 2009; Veldhuizen & Kamerling, 2009). This can be done by assessing these risks based on their possible impact (magnitude) and the likelihood of occurrence (Benjamin & Mohamed, 2014; COSO, 2004, 2017; Deloitte & Touche LLP, 2012; PriceWaterhouseCoopers, 2004). In addition to these two criteria, it also important to assess how fast the risk occurs (velocity) and how long it will continue (persistence) (Graham, 2015). Keeping the firm’s risk appetite in mind is key during the assessment of these risks (Veldhuizen & Kamerling, 2009).

This part showed that risk assessment is the most logical step to take once the risk have been identified. This allow us to formulate the next sub-question. How are operational tax risks assessed by

charity organizations?

(12)

12 Veldhuizen & Kamerling, 2009). PriceWaterhouseCoopers, (2004) emphasize that it is necessary to know who is responsible for operating a certain control activity, what needs to be done, how is it supposed to be done and when should it be done.

From this last part of this component the next sub-question can be formulated. What kind of

responses and controls have been established for the operational tax risks?

Review and revision

The fourth component of the COSO framework is about reviewing the effectiveness of the risk responses and monitoring all components of ERM (COSO, 2017). This component consist of three

principles. 15)Assess substantial change. 16) Review risk and performance. 17) Pursue improvement

in Enterprise Risk Management. This component is similar to the last component of the old ERM-framework and the last component of the Internal control ERM-framework (COSO, 2004, 2013, 2017). COSO emphasized the importance of monitoring the controls and risk responses by delivering an additional report on this subject (COSO, 2008). For the TCF it is important that the control activities are being tested at the level of design, operation and performance (Rabenort, 2007). Every component of the framework should be monitored continuously because the tax risk portfolio can change and a lack of monitoring can cause a decay in the effectiveness of controls (Benjamin & Mohamed, 2014; COSO, 2008).

For this component another sub-question can be formulated. How is the effectiveness of the

identification and assessment of risks as well as the effectiveness of the risk responses and controls being reviewed/monitored by charity organizations?

Information, communication and reporting

This last component is about the internal and external communication of information necessary for managing and reporting risks (COSO, 2017). Similar to the previous component this component also consists of three principles. 18) Leverage information systems. 19) Communicate risk information. 20) Report on risk, culture, and performance. This component shares similarities with the eighth component of the old ERM-framework and the fourth component of the internal control framework (COSO, 2004, 2013, 2017). In order for a TCF to be successful it is necessary to have useful and reliable information at the right moment (COSO, 2004, 2017; PriceWaterhouseCoopers, 2004). Effective communication throughout the firm is key as well (COSO, 2004, 2017; PriceWaterhouseCoopers, 2004). Everyone in the firm should be aware of the firm’s tax risk strategy, objectives and risk appetite (COSO, 2004, 2017; PriceWaterhouseCoopers, 2004).

Now the last sub-question of this research can be formulated. How is the information related

(13)

13

3. Methods

Since there is no prior research in regard to charity organizations, this study is exploratory. An effective research method for exploratory research is the case study (Eisenhardt, 1989). Therefore a case study has been conducted for this research. This study is mainly a single case study instead of a multiple case study because using multiple cases can lead to less detailed and more superficial data (Gagnon, 2010). However, It should be noted that a single case study is even less generalizable than multiple case study (Gagnon, 2010). Therefore, data from a second case site was used to verify the data obtained from the original case site.

Data sample

In order for the case study to be successful, the case site needs to meet the following criteria. The case site should be a charity organization, has to operate internationally (which makes the tax function a lot more complex), must be headquartered in the Netherlands and should be considered a large organization by Dutch regulation (meeting at least two of the following criteria: more than 250 employees, more than 20 million euro in assets and more than 40 million euro turnover (Kamer van Koophandel, n.d.).) Based on these criteria, a multinational charity organization was selected as the case site. This organization helps people that are living in poverty by trying to increase the incomes and employment opportunities and tries to improve accessibility of basic services (energy and water for example). This organization works in more than 30 countries, employs more than 1100 people has more than 100 million euro in assets and over 100 million euros turnover. The organization was founded in the Netherlands and has over 50 years’ experience. This multinational charity organization, which was previously publicly funded, but has now become a private organization, is interested in the development of a TCF and wants to integrate a TCF with its internal control framework. This firm now receives its funds from external donors that usually make donations for particular projects. Due to the fact that this firm was previously publicly funded, this organization lacks some experience in the area of tax control.

Data collection

(14)

14 also present during the interviews and a presentation held by the corporate controller of the firm. This enabled the author to get a broader understanding of the internal control procedures and the issues that the firm faces. The additional interview within the second case site was held by fellow researchers, but the transcript was made available for this study. By using different data sources a greater quality of the data can be ensured (Gagnon, 2010; Gillham, 2010). This will increase the overall reliability of the research (Eisenhardt, 1989). The following table shows the details of the interviews.

Synonym Case site: Function Recorded Interview time Language

Corporate controller Site 1 Corporate controller Yes 130 minutes Dutch

Respondent at head office #1 Site 1 Business developer Yes 70 minutes English

Respondent at head office #2 Site 1 Global accounting support Yes 75 minutes Dutch

Country finance manager #1 Site 1 Country finance manager Yes 70 minutes English

Controller #2 Site 2 Controller Yes 65 minutes Dutch

Data analysis

In order to analyze the data several steps were taken. The interviews were all recorded with permission of the participants. The recordings were used to make transcripts of the interviews. The transcription task were divided amongst different researchers. The transcripts were analyzed in an interpretive way. By reading the transcripts similarities and differences were found and recorded in a separate document. Different categories were defined in this document which allowed the author to identify different patterns. The patterns recorded in this document were used to report the results.

Validity

In order to ensure the validity of the research several steps were be taken. The interviews were recorded which increases the reliability of the analysis (Gagnon, 2010; Gillham, 2010). Multiple interviewers were present during the interviews which will decrease researcher bias (Gagnon, 2010). The transcripts were made by different researchers and all researchers had access to the recordings. This allowed all researchers to check parts of the transcripts made by the other researchers. As suggested by Gillham, (2010) the interview guide was practiced before the first ‘real’ interview took place.

(15)

15

4. Results

This chapter will present the results of this research based on the framework that was developed in chapter two. In the first section the case analysis will be discussed. The second section will summarize the case analysis. In the last section the case will be compared with the second case site.

Case analysis

In this section the case analysis will be discussed. Each paragraph will describe a component of the framework. The sub questions will be answered as well.

Governance and culture

The basis of the development of a tax control framework is the commitment of top management to be in control of the tax risk and the communication of this vision towards the rest of the organization (COSO, 2004, 2017; OECD, 2016; PriceWaterhouseCoopers, 2004). The vision of the management of the case firm is to be fully compliant with the rules and regulations in all the countries that the firm operates in. During a presentation of the Corporate controller, he underlined the importance of paying a fair share of taxes in all countries that the case firm operates in.

“Our situation is obviously different than a few years ago. In all the countries where we used to negotiate tax holidays, we get the question if it isn’t unreasonable that we don’t pay income taxes or import duties. I’ve always said that paying taxes is just part of it… if you want to carry corporate social responsibility right, then you also have to pay taxes.” (Corporate controller)

He also believes that it is important to pay the fair share of taxes instead of minimizing the amount of taxes to pay. The vision of the management on being fully compliant seems to be shared throughout the firm.

“let me say that… [our firm]… has to comply [with] the local rules and the conditions in terms of tax[...]. [It is our] country directors point of view that… in principle we have to comply with what is… the tax context in our country. (Country finance manager #1)”

“Exactly [You want to be fully compliant], especially locally[…]. It impacts everything you do, so you just need to be sure that you’re on top of it. Because if you’re not, you don’t know what the… implications [are going to] be. (country finance manager #2)”

(16)

16 The reaction of these respondents allow us to suggest that the vision of the management in relation to tax risk management has been sufficiently communicated throughout the firm. From here the first sub question can also be answered. The first sub question was stated as follows: What attitude do

charity organizations have towards TRM? For the case firm the answer is that the firm wants to be fully

compliant with all rules and regulations in the countries that it is active in. They also want to pay their fair share of taxes.

Strategy and objective setting

The next part of the framework described in chapter two is the tax risk strategy and the tax related objectives. During the interviews, it became clear that the case firm does not yet have a documented tax risk strategy. The firm also has not defined any objectives related to tax other than being fully compliant with all rules and regulation in all the different countries that it operates in. The corporate controller of the firm mentioned the following:

“[We don’t have a documented tax risk strategy]. A tax strategy is of course quite hard for… or is actually really easy for a firm like ours. The strategy is actually full compliance with local rules and regulation. This means that we want to comply with all our tax obligations[…]. We have no corporate tax obligations in almost all countries that we operate in, so a strategy based on profit optimization in country A or at head office or in country B, is irrelevant.” (Corporate controller)

This was confirmed by other respondents who did not know about a global tax risk strategy. The different countries also do not have their own tax risk strategy. one respondent thought there should be one and another expected there was a strategy as part of the internal control framework.

“[there is no documented tax strategy] that I know of… Not with the current strategies[…]. [I think there should be one] because one of the big risk we have on our balance sheet are tax liabilities[…]. [our organization] has to recognize the different tax laws between countries an how to handle it globally. (country finance manager #3)”

“[there is no tax risk strategy][…] not that I know specifically […]. I think… head office probably does because that’s part of the control framework[…]. Head office basically asks you to look at what they’ve derived from head office and see if there is any country specific [risks], but I’m pretty sure that tax is covered under the financial risks section… driven from head office. But not specifically in [our country] do we have [a specific strategy]… to counterbalance any specific[…] risks here. (country finance manager #2)”

The sub questions for this part of the framework were stated as follows: what kind of tax risk strategy

do charity organizations have? And: what are the operational objectives of charity organizations related to taxation? The answer to these questions is that there are no documented strategy or

(17)

17

Performance

The performance aspect of the framework focusses on the identification and assessment of tax risks as well as the risks responses and controls. During the interviews several tax issues were discussed. Many of these issues or risks were related to the different regulations in the countries the firm operates in.

“The tax department here, they take the money, but […] there is not much follow up. So… I think there is a risk there[…]. So there is no[…] ongoing regulation where someone comes and makes you accountable in the organization. So for instance we just pay our tax every month, but we never get any feedback [from the tax administration][…]. [Another risk here is] we don’t get VAT charged… on a lot of our supplier invoices[…]. So we just don’t pay it because it’s not on there, but what should happen is that the supplier should be VAT registered[…] with the tax department. (Country finance manager #2)”

“In [our country][…] there [are] several kinds of taxes. Like[…] source taxes, that is very common. VAT is also applicable. Different [aspects] have different VAT [rates]. So there is no universal rate in [our country]. So you have[…] 50 kinds of taxes… I think more than 50 kinds of rates. (Country finance manager #4)”

“The biggest risk is probably the regulation related to corporate income taxes. The consultants in foreign countries send invoices to us or to the [country team]. There could be a risk there because we do not pay taxes there sometimes ,while we should. When we receive an invoice from outside the EU then we don’t have to pay taxes for that[…]. But if a consultant, for example in Uganda, sends an invoice to [the team] in Uganda, then it could be that taxes have to be paid [over that invoice]. (Respondent at head office #2)”

Another risk that came forward was also related to corporate income tax because one country required the firm to fill in a tax declaration. The corporate controller thinks that the tax authorities in some countries might consider the corporate overhead costs, that the country team pays to head office, to be income in their country and that it should not be paid to the Netherlands.

“Well, what I could imagine is that in several countries the tax authorities say: it is quite strange that you pay that in the Netherlands, because it is actually income for my country[…] your income is 1.1 million, your direct costs are 1 million, and maybe your local overhead is 50.000. So you make a profit of 50.000 on that project. Those are actually the central overhead costs that we have here, they ignore those for taxation. that is the risk I see for corporate income tax. (Corporate controller)”

(18)

18 system has to be imported in the global finance system manually. One country uses excel for their payroll administration because local payroll software is too expensive in that country.

“[If there are wage taxes that were not calculated in the project budget] then it has to be paid anyway[…]. Sometimes we spend more then we get, that happens[…]. Usually the donor is always passing on all that risk down to the contractor. [So] generally it is [our organizations] problem.(Respondent at head office #1)”

“Recently in Cambodia[…] a new regulation was introduced, our exemption on income tax for expats was still based on the old regulation, so from one day to the next we had to pay tax on the salary of our expats. If we hadn’t anticipated on this in the contact with the donor, we would have had to pay these taxes ourselves. (Corporate controller)”

“I should mention that it is risky that we have to download an excel sheet [from one system] and then process it into [another][…]. Doing it this way makes it very laborious. (Respondent at head office #2)”

The third sub question of this research is: what are the operational tax risks faced by charity

organizations? The risk that the firm or its employees do not fully understand the regulation in certain

countries can be seen as an operational risk. Also possible errors in calculations as discussed above can be seen considered to be operational risks. Another operational risk that came forward was that there is no tax function in the firm on either country or global level.

“In many countries the tax holiday for corporate income tax is still applicable[…]. [in one country] we are just taxable for corporate income tax[…]. Transfer pricing documentation has to be in order. For many people that I work with, this is completely new. Within our organization there is no one who goes about taxes.(Corporate controller)”

“[We do not have a specific tax function]. For salary taxes, HR is responsible for determining the right amount, but the final check is done by the finance department and the country finance manager. Other taxes are also checked by the country finance manager at the end. (country finance manager #3)”

There seems to be no structured way of identifying tax risk and there is no central place to document these risks. A respondent at head office mentioned that they don’t do anything about the identification of tax risks. One country finance manager mentioned that in their country they try to follow any changes in the law in order to identify tax risks. Whereas another mentioned that they check their tax risks on an annual basis. However this finance manager also mentioned that they had one risk that took them three years to discover. At the head office, an ERM session is organised every year in which all types of risks are being discussed. The results of this session are reported to the board.

(19)

19

Different approaches to risk assessment came forward during the interviews. The approach mentioned by the corporate controller is very similar to the approach discussed in the literature, but other approaches came forward as well.

“There is actually a weighting given to the various risks. We look at the possible impact and the [chance] that it occurs[…]. The action points then go to the best-place person who is responsible for controlling that risk. If it is a financial risk, then it will go to me[…], if it is a strategic risk then it will go to the CEO. (Corporate controller)”

“[In order to determine the importance of risks] I use my judgement… based on my experience[…]. There is a lot of extra risks to what you have… in a developed country for instance. So you need [to be] on top of everything.there is… impact [in] everything you do on a daily basis. So[…] probably all risks need to be treated… the same. (Country finance manager #2)”

“Per project, in some cases the risks can be higher than in others. So I think it has to be case by case. But that is a key part of securing or starting a new project. And defining these risks, and at least planning for them, even if you can't stop them[…]. [For determining the importance of a risk] we often have to follow a funder or donor policy there, they usually have their own requirements for the risk assessments. (Respondent at head office #1)”

The last part of this component is about how the firm responds/controls the risks that were identified. The sub question that was defined for this part is: What kind of responses and controls have been

established for the operational tax risks? In several countries there are controls related to wage taxes.

If information has to be processed in the global finance system from the local payroll system or if any changes have to be made in the payroll system due to regulatory changes, then there is a separation of duties.

“When the government changes the rates, I authorize to change the calculation in the Excel sheet and based on the calculation we send it to the specific employee that we have based on the government changed rate. [We ask this employee:] can you please let me know whether this is OK with you or not[…] So, based on this kind of control mechanism, we check.(Country finance manager #4)”

“The payroll system is mainly the processes of… who prepares, who reviews, who verifies and who approves. So that’s a procedure we have[…]. Preparation is done by [a] separate person, review by [a] separate person, verified by a different person and approved by a different person. So that way there is segregation of duties. (Country finance manager #1)”

(20)

20 reviewed because the internal auditor will be using the internal controls more. The firm currently only has one internal auditor which is insufficient according to the corporate controller.

“principally we want to get all financial risk in the picture. In any case we have internal control framework, which we call ICF. Where, per section[…], we identified certain risks and how to mitigate them[…]. We also incorporated tax risks in that, but only as one general risk. (Corporate controller)”

“At the moment our internal audit team consist only of one person. This person visits the different countries, but not annually because that is impossible for one person. The countries are selected based on a sample and for these countries and internal audit will be executed. (Respondent at head office #2)”

One country finance manager mentioned that they developed a manual procedure in order to control a risk that is related to a time gap between a VAT reimbursement and the declaration of the refund.

“At the moment [our firm] doesn’t have any control procedures in place on a global level. On country level we started to recognize these risks as they became multi donor involved[…]. In our country we started to develop our own way of controlling by manual procedures.(country finance manager #3)”

Review and revision

This component focusses on the monitoring of the activities of the performance component. The sub question for this component was formulated as follows: How is the effectiveness of the identification

and assessment of risks as well as the effectiveness of the risk responses and controls being reviewed/monitored by charity organizations? As was already mentioned in the previous paragraph,

the case firm does not thoroughly analyse the self-assessment forms. One country finance manager mentioned that they never got any feedback on their self-assessment. The head office is able to review the correctness and quality of these self-assessment forms. As mentioned previously, internal audits are not done annually because there is only one internal auditor. The head office does however, hire an external auditor to do a detailed tax compliance review in several countries every year. When severe mistakes are detected the consequences will be visible in the assessment of the country finance manager and the country director.

(21)

21

“The documents can be compared to the information that is available in the global finance system, additional questions can then be asked by the head office as well. Also the mid-term review can be used to see if [these] answers are somewhat comparable with the answers that were given.(Respondent at head office #2)”

“At every year-end audit we let[…] our external auditor does a detailed review for tax compliance in several countries, about six or seven countries. We also did that this year. In this case [our audit firm] did a detailed tax relation audit in six countries.(Corporate controller)”

“At this financial statement audit I found out, when we did the balance review, that certain items from the balance sheet[…] are payable taxes[…]. It now appears that they did always pretend that the taxes had to be paid, but they never actually paid it[…]. In this case it’s about a tax obligation from 2016[…]. The country director and the country finance that were active in [this country] at the time, no longer work for us. So the consequence… (corporate controller)”

Information, communication and reporting

The last component of the framework is about the communication of (tax) risks throughout the firm. The sub question related to this topic was stated as: How is the information related to tax risks being

communicated throughout the firm? There is not a lot of communication between the different

country finance managers about the different tax risks or issues they face. One country finance manager explained that the issues really depend on the local rules and regulation and that they might not really be able to help each other out because of that. Another country finance manager explained however that it could be useful, but it should probably be driven by head office. A third country finance manager mentioned that the relations and communication with the other countries and head office is good, but also mentioned that they have different methods and therefore cannot always help each other.

“The thing is… [discussing tax issues with other countries] would appear [to be a] good idea, but we have different issues at country level[…]. For example we don’t have issues with the international staff. [But for country B] it is a requirement [that] they file tax on the international staff[…]. The context of… wage tax in Country B is totally different from [our country’s] contexts. So I am not seeing where we would be adding value to one another. (Country finance manager #1)”

“[We are currently not communicating tax issues with other countries. And[…] you’ll find that[…] the local tax laws in… Asia might be similar, but […] they could be completely different too[…]. I’m not saying it’s not a worthwhile exercise, but to me[…] someone needs to probably drive this from… the head office. (Country finance manager #2)”

(22)

22

“I have good relationships with [country A][…]. And also with some countries in Asia and some countries in Africa as well[…]. We have good relationship but you know the problem is, they have different methods[…]. It is completely different than [our country]. (Country finance manager #3)”

The corporate controller thinks that country finance managers should communicate with each other when a particular (tax related) case involves multiple countries (with non-local consultants), but he believes that this is not happening.

“[The communication between the country finance managers is not good]. This is because tax related problems are considered to be very complex. They usually are complex. And then they are like: you know what, we just book it like this then it’s out of our hair[…]. And that is a risk mostly for multi-country projects with non-local consultants. (Corporate controller)”

Case summary

From the analysis described above, the following findings can be highlighted. The case firm wants to be fully compliant with laws of all the different countries they are active. The case firm has not defined a tax risk strategy or any additional objectives related to tax risk management. Various tax risks were identified, but most of these risk are related to all the different laws from all the different countries that the case firm has to deal with. Operational tax risks seem to be the lack of a tax function, the risk that the laws in certain countries are not clear to the firm and possible errors in budget calculations. There are no standard procedures of risk identification or assessment throughout the firm. The case firm has an internal control framework in order to control their risks, but is does not seem to be monitored very thoroughly yet. Communication between head office and country teams is existing, but not yet sufficient according to some participants. Communication between the country finance managers seems to be very limited.

Case comparison

Similarly to the main case firm, the attitude of the second case firm towards taxation is also to be compliant, but the risk appetite seems to be somewhat bigger. The Controller mentioned that they sometimes use a wait and see approach towards tax payments for expats. So they only do something when the government tells them they should. They use this approach because it is nearly impossible to handle it administratively.

(23)

23

expats from all those different nationalities, and make a good match for how the tax agreements are. (controller #2)”

The second case firm identified several tax risks that were mostly related to the different governments they have to deal with. Especially in countries with weaker government systems. The controller also admitted that the risks related to their ‘wait and see’ philosophy for the wage taxes of the expats is their greatest risk related to wage taxes.

“We mostly have risks is in the countries where the governments are not very strong or where they are very changeable, like in South-Sudan […]. Where we have big risks, which we are aware of by the way[…], has a lot to do with wage tax duties[…]. And how we pay that or not for our expats. (Controller #2)”

Unlike in the main case firm, there is no overarching control framework within this firm. The controller mentioned that their controls are segmented across different departments with based on their responsibilities and he has to hold them accountable for that.

“What we do not have is an all overarching control framework in that sense. It is a lot more segmented over the departments that are responsible for something. For example the finance department has an oversight of all our reporting requirements[…]. Human resources[…] have a unit that looks at for example[…] terms and conditions of employment. (Controller #2)

(24)

24

5. Conclusion and discussion

The final chapter of this study will attempt to answer the central research question, discuss the theoretical and practical contributions, look at the limitations and will finally give some avenues for future research.

Conclusion

The purpose of this study was to get more insight in the way charity organizations control their tax risks. COSO 2017 ERM was used as the basis of the development of a TCF and therefore gave structure to this research. The sub questions of the study were formulated based on the different components of this framework. A case study at an international charity organization was used to collect the data. The central question of this research is: how do charity organizations control there tax risks? To answer this question we again need to look at the components of the framework separately. The attitude of international charity organizations related to tax risks seems to be full compliance. The risk appetite is quite small. A reason for this could be that this type of firm is really dependent on its reputation (Nash, 2015). This low tolerance for risk seems to be well communicated throughout the firm. Other then being fully compliant, there is no real strategy related to tax risks. Neither are there any additional objectives related to this matter. This could be explained by the fact that taxes were never considered to be a strategic risk before because of the tax exemptions this type of firm enjoyed. Various tax risks were identified, but most of these risks are related to all the different types of regulation from all the different countries that this type of firm is exposed to. This causes the head office to be very dependent on the tax expertise of the local teams, also because there is no real tax function centrally or locally. The identification and assessment of risk is done in various ways depending on the person. There is no documented procedure for this, but there is a procedure for handling risks that were already identified before (ICF). However only one tax risk was identified in the ICF. A major part of the ICF is to control risks by asking all the country teams to do a self-assessment, but these assessments are not reviewed thoroughly. When the country teams faces any tax related issues they usually don’t contact the other countries, but they do communicate with head office or ask a local tax consultant for advice. So, based on the results, charity organizations do not appear to have a structured approach to control their tax risks, but they want to make improvements in order to make sure that they are compliant.

Contributions

(25)

25

responsibility (Arenas, Lozano, & Albareda, 2009; Puentes, Mozas, Bernal, & Chaves, 2012) and reputation (Meijer, 2009) have all been discussed to some extent. However, the tax risks that these firms face and how these can be controlled were not yet discussed. Prior studies did look at tax risks and tax control frameworks for MCO’s (for example: Benjamin & Mohamed, 2014; Colon & Swagerman, 2015; Huibregtse & Sood, 2016; OECD, 2013, 2016; Peters, van den Brink, de Roest, & Janssen, 2009; Rabenort, 2007; van der Hel & Siglé, 2016; Veldhuizen & Kamerling, 2009; Wunder, 2009). The focus of those studies was to elaborate on TRM and TCF’s for MCO’s in the for profit sector. This research looked at the tax risks of multinational charity organizations. What tax risks charity organizations face and how these firms can control these risks. This study contributes to the existing literature in two ways. First because, to the authors best knowledge, no prior research has been done regarding the tax risks of charity organizations, or how they identify, assess and control their tax risks. Second because this type of firm faces different tax risks than MCO’s. Tax regulations for charity organizations differ from commercial organizations as they have certain exemptions; in the Netherlands these exemptions include inheritance taxation, gift taxation and energy taxation (Belastingdienst, n.d.). and because they usually do not make profit they are also exempt for corporate income tax. However, as highlighted in the results, different countries have different regulations, which means that tax holidays or exemptions are not universal. Next to that aggressive tax strategies can cause severe reputational damage (Lavermicocca & Quilter, 2017). This risk is even higher for charity organizations because they depend on donations and are expected to behave ethical (Nash, 2015).

Next to these theoretical contributions, this study could also be useful for charity organizations that want to be more in control of their tax risks and develop a tax control framework. The literature in chapter 2 showed the most important aspects of a tax control framework based on the COSO 2017 ERM framework. By analyzing the case firm based on this framework several suggestions for the case firm can be made as a start for the development of a TCF.

(26)

26 countries. This could be done by expanding the internal audit team which would also allow more regular internal audits. In order to improve intercountry communication, head office could drive regular meetings between different countries on a timely basis. These meetings could be used to discuss all types of issues. This way, despite of the different situations of the different countries, the country teams could learn from each other.

Limitations

The results of this study do not come without its limitations. This was a single case study thus, despite the use of a second firm too compare the findings, this study should not be generalized without caution. Several aspects of the findings seemed to be case dependent (the tax risks the firms faced and the controls they established) and would therefore not be applicable to other charity organizations. This also makes it somewhat difficult to develop causal propositions. Another limitation lies in the method of data analysis because no formal codebook was developed for the data analysis. The results were generated based on an interpretive approach. This could be a cause for researcher bias.

Avenues for future research

(27)

27

Literature

Ai, J., Brockett, P. L., & Wang, T. (2017). Optimal Enterprise Risk Management and Decision Making With Shared and Dependent Risks. The Journal of Risk and Assurance, 84(4), 1127–1169. https://doi.org/10.1111/jori.12140

Arenas, D., Lozano, J. M., & Albareda, L. (2009). The Role of NGOs in CSR: Mutual Perceptions among Stakeholders. Journal of Business Ethics, 88(1), 175–197. https://doi.org/10.1007/sl0551-009-0109-x

Aven, T. (2013). On the Meaning and Use of the Risk Appetite Concept, 33(3), 462–469. https://doi.org/10.1111/j.1539-6924.2012.01887.x

Balabanis, G., Stables, R. E., & Phillips, H. C. (1997). Market orientation in the top 200 British charity organizations and its impact on their performance. European Journal of Marketing, 31(8), 583– 603. https://doi.org/10.1108/03090569710176592

Bangaan Abdullah, M. H. S., Janor, H., Hamid, M. A., & Yatim, P. (2017). The Effect of Enterprise Risk Management on Firm Value: Evidence from Malaysian Technology Firms. Jurnal Pengurusan, 49, 36–50.

Barman, E. A. (2002). The Strategic Response of Nonprofit Organizations to Competition. Social

Forces, 80(4), 1191–1222.

Beasley, M., Pagach, D., & Warr, R. (2008). Information Conveyed in Hiring Announcements of Senior Executives Overseeing Enterprise-Wide Risk Management Processes. Journal of Accounting and

Finance, 23(3), 311–332.

Belastingdienst. (n.d.). Algemeen Nut Beogende Instellingen. Retrieved January 7, 2018, from https://www.belastingdienst.nl/wps/wcm/connect/bldcontentnl/belastingdienst/zakelijk/bijzo ndere_regelingen/goede_doelen/algemeen_nut_beogende_instellingen/belastingregels_algem een_nut_beogende_instellingen

Belastingdienst. (2008). Tax Control Framework. Van risicogericht naar “in control”: het werk

verandert. Retrieved from

http://www.wimlaman.nl/brochures/bel~alg~tax_control_framework.pdf

Belastingdienst. (2011). Leidraad Horizontaal Toezicht MKB Brancheorganisaties. Retrieved from https://download.belastingdienst.nl/belastingdienst/docs/lei_hor_toez_mkb_branche_dv4081z 1pl.pdf

Belastingdienst. (2016). Leidraad Horizontaal Toezicht Fiscaal dienstverleners. Retrieved from https://download.belastingdienst.nl/belastingdienst/docs/leidraad_horizo_toezicht_fiscaal_die nstverl_dv4071z3pl.pdf

(28)

28 Cohen, J., Krishnamoorthy, G., & Wright, A. (2017). Enterprise Risk Management and the Financial

Reporting Process: The Experiences of Audit Committee Members, CFOs, and External Auditors.

Contemporary Accounting Research, 34(2), 1178–1209.

https://doi.org/10.1111/1911-3846.12294

Colon, D. W., & Swagerman, D. M. (2015). Enhanced relationship preparedness in a Dutch

multinational context : A tax control framework. Journal of Accounting and Taxation, 7(1), 13– 18. https://doi.org/10.5897/JAT2014.0129

Connolly, C., & Hyndman, N. (2017). The donor–beneficiary charity accountability paradox: a tale of two stakeholders. Public Money and Management, 37(3), 157–164.

https://doi.org/10.1080/09540962.2017.1281629

Cordery, C. J., & Baskerville, R. F. (2011). Charity Transgressions, Trust and Accountability. Voluntas:

International Journal of Voluntary and Nonprofit Organizations, 22(2), 197–213.

https://doi.org/10.1007/s11266-010-9132-x

Cornelisse, R. (2014). Tax Control Framework. Retrieved January 3, 2018, from

https://www.linkedin.com/pulse/20140623210042-14470549-design-and-test-a-vat-control-framework

COSO. (2004). Enterprise Risk Management – Integrated Framework. Retrieved from http://ehss.moe.gov.ir/getattachment/2b57139a-e934-4f59-84f9-c9b46e385241/

COSO. (2008). Internal Control — Integrated Framework Guidance on Monitoring Internal Control

Systems (introduction). Retrieved from

https://www.coso.org/Documents/COSO_Guidance_On_Monitoring_Intro_online1_002.pdf COSO. (2013). Internal Control — Integrated Framework (Executive Summary). Retrieved from

https://www.coso.org/Documents/990025P-Executive-Summary-final-may20.pdf

COSO. (2017). Enterprise Risk Management Integrating with Strategy and Performance (executive

summary). Retrieved from

https://www.coso.org/Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf

Cruz, S. (2016). What Are the Five Components of the COSO Framework? Retrieved January 3, 2018, from http://info.knowledgeleader.com/bid/161685/what-are-the-five-components-of-the-coso-framework

Deloitte. (2017). Overcoming threats and uncertainty Extended enterprise risk management global

survey 2017. Retrieved from

https://www2.deloitte.com/us/en/pages/risk/articles/extended-enterprise-risk-management-global-survey.html

Deloitte & Touche LLP. (2012). Risk Assesment in Practice. Retrieved from

(29)

29

Ebrahim, A. (2003). Accountability in practice: Mechanisms for NGOs. World Development, 31(5), 813–829. https://doi.org/10.1016/S0305-750X(03)00014-7

Eisenhardt, K. M. (1989). Building Theories from Case Study Research. Academy of Management

Review, 14(4), 532–550.

Ernst and Young. (2014). Managing operational tax risk. Retrieved from

https://webforms.ey.com/Publication/vwLUAssets/EY-Managing-operational-tax-risk/$FILE/EY-managing-operational-tax-risk.pdf

Gagnon, Y.-C. (2010). The Case Study As Research Method : A Practical Handbook (1st ed.). Québec: Presses de l’Université du Québec.

Gates, S. (2006). Incorporating Strategic Risk into Enterprise Risk Management: A Survey of Current Corporate Practice. Journal of Applied Corporate Finance, 18(4), 81–90.

Gatzert, N., & Martin, M. (2015). Determinants and Value of Enterprise Risk Management: Empirical Evidence from the Literature. Risk Management & Insurance Review, 18(1), 29–53.

Gillham, B. (2010). Case Study Research Methods (1st ed.). London: Bloomsbury Publishing PLC. Grace, M. F., Leverty, J. T., Phillips, R. D., & Shimpi, P. (2015). The Value of Investing in Enterprise Risk

Management. The Journal of Risk and Assurance, 82(2), 289–316. https://doi.org/10.1111/jori.12022

Graham, L. (2015). Internal Control Audit and Compliance (1st ed.). Hoboken, New Jersey: Wiley Corporate F&A Series.

Hall, M., Mikes, A., & Millo, Y. (2015). How do risk managers become influential ? A field study of toolmaking in two financial institutions. Management Accounting Research, 26, 3–22. https://doi.org/10.1016/j.mar.2014.12.001

Hayne, C., & Free, C. (2014). Hybridized professional groups and institutional work : COSO and the rise of enterprise risk management. Accounting, Organizations and Society, 39(5), 309–330. https://doi.org/10.1016/j.aos.2014.05.002

Huibregtse, S., & Sood, A. (2016). Corporate ‘ Tax ’ Governance: A Necessary Addition to Best Practices for Businesses? Tax Planning International European Tax Service, 2016(July), 10–16. Jacoby, P. F., Lorigo, S., & Mccallum, B. T. (2011). Fraudulent Tax Refunds: The Notorious Career of

Harriette Walters. Current Issues in Auditing, 5(1), 23–38. https://doi.org/10.2308/ciia.2011.5.1.A23

Kamer van Koophandel. (n.d.). Waaruit bestaat de jaarrekening? Retrieved February 14, 2018, from https://www.kvk.nl/inschrijven-en-wijzigen/deponeren/jaarrekening-deponeren/waaruit-bestaat-de-jaarrekening/

(30)

30 Lin, Y., Wen, M., & Yu, J. (2011). Enterprise Risk Management: Strategic Antecedents , Risk

Integration and Performance. North American Actuarial Journal, 16(1), 1–28.

Mcnally, J. S. (2013). The 2013 COSO Framework & SOX Compliance. Strategic Finance, 45–52. Meijer, M. M. (2009). The effects of charity reputation on charitable giving. Corporate Reputation

Review, 12(1), 33–42. https://doi.org/10.1057/crr.2009.5

Miles, M. B., & Hubberman, A. M. (1984). Qualitative data analysis: a sourcebook of new methods. California: Sage publications Inc.

Nash, P. (2015). Handling reputational damage in the charity sector: what 2015 has taught us. Retrieved March 17, 2018, from https://blogs.ncvo.org.uk/2015/12/23/handling-reputational-damage-in-the-charity-sector-what-2015-has-taught-us/

Nocco, B. W., & Stulz, R. M. (2006). Enterprise Risk Management: Theory and Practice. Journal of

Applied Corporate Finance, 18(4), 8–20.

OECD. (2009). Report on abuse of charities for money-laundering and tax evasion. Retrieved from

https://www.oecd.org/tax/exchange-of-tax-information/releaseofreportonabuseofcharitiesformoney-launderingandtaxevasion.htm OECD. (2013). Co-operative Compliance: A Framework. Retrieved from

https://www.oecd.org/tax/co-operative-compliance-a-framework-9789264200852-en.htm

OECD. (2016). Co-operative Tax Compliance: Building Better Tax Control Frameworks. Retrieved from https://www.oecd.org/tax/co-operative-tax-compliance-9789264253384-en.htm

Peters, W., van den Brink, M., de Roest, G., & Janssen, S. (2009). Establishing a tax control framework: the utility and necessity of IT. Compact, 2009(3), 20–28.

Power, M. (2005). The invention of operational risk. Review of International Political Economy, 12(4), 577–599. https://doi.org/10.1080/09692290500240271

Power, M. (2009). The risk management of nothing. Accounting, Organizations and Society, 34(6–7), 849–855. https://doi.org/10.1016/j.aos.2009.06.001

PriceWaterhouseCoopers. (2004). Tax Risk Management. Retrieved from

https://www.pwc.co.za/en/assets/pdf/pwc-tax-risk-management-guide.pdf

PriceWaterhouseCoopers. (2013). Tax strategy and corporate reputation: a tax issue, a business

issue. Retrieved from

https://www.pwc.com/gx/en/tax/publications/assets/pwc-tax-strategy-and-corporate-reputation-a-tax-issue-a-business-issue.pdf

PriceWaterhouseCoopers. (2017). Federal Enterprise Risk Management 2017. Retrieved from https://www.pwc.com/us/en/industries/public-sector/library/federal-erm-survey.html Puentes, R., Mozas, A., Bernal, E., & Chaves, R. (2012). E-corporate social responsibility in small

non-profit organisations: The case of Spanish “Non Government Organisations.” The Service

(31)

31

Rabenort, M. (2007). Van symptomatisch Tax Risk Management naar Tax Control. Maandblad

Belasting Beschouwingen, 2007(10).

Rohner, E. (2013). What are some common tax related risks and opportunities facing privately held business today ? Retrieved January 3, 2018, from

http://www.sdbj.com/news/2013/jan/21/what-are-some-common-tax-related-risks-and-opportu/?page=1&

Schlegelmilch, B. B., Love, A., & Diamantopoulos, A. (1997). Responses to different charity appeals: the impact of donor characteristics on the amount of donations. European Journal of

Marketing, 31(8), 548–560. https://doi.org/10.1108/03090569710176574

Stebbins, E., & Hartman, R. L. (2013). Charity brand personality: can smaller charitable organizations leverage their brand’s personality to influence giving. International Journal of Nonprofit &

Voluntary Sector Marketing, 18(3), 203–215. https://doi.org/10.1002/nvsm

The Netherlands Tax and Customs Administration. (2010). Horizontal monitoring within the medium

to very large businesses segment (unofficial english translation). Retrieved from

https://download.belastingdienst.nl/belastingdienst/docs/horizontal_monitoring_very_large_b usinesses_dv4061z1pleng.pdf

van der Hel, L., & Siglé, M. (2016). Cooperative Compliance: Tax Risk Management. Intertax, 44(8/9), 642–650.

Veldhuizen, R., & Kamerling, R. (2009). Horizontaal toezicht en het tax control framework ( TCF ).

Maandblad Voor Accountancy En Bedrijfseconomie, 83(5), 181–191.

Wunder, H. F. (2009). Tax risk management and the multinational enterprise. Journal of International

Accounting, Auditing and Taxation, 18, 14–28.

Operational tax risks in charity organizations: Building a tax control framework