How can a Tax Control Framework help external auditors address VAT for the (tax) audit of hospitals?

How can a Tax Control Framework help external auditors address

VAT for the (tax) audit of hospitals?

Master’s Thesis Accountancy

University of Groningen, Faculty of Economics and Business

5th of June 2019 TOMAS MEIBOOM Student number: 1884557 Oppenheimstraat 30a 9714 ER Groningen phone: +31 (0) 6 54698547 e-mail: t.w.meiboom@student.rug.nl Supervisor: prof. dr. I.J.J. Burgers

Co-assessor: dr. S. Girdhar

2 Abstract

According to the audit layer model a Tax Control Framework helps for being in control over VAT risks. In this audit layer model the Dutch tax authority wishes to rely on, amongst others, the external auditor. The TCF could help auditors differentiate between value-added tax risks for the external audit and for the audit by the Dutch tax authority. The aim of this research is to contribute to the gap of differences in perceptions of materiality between the external auditor and the Dutch tax authority. This research investigates which VAT risks are present within hospitals in the Netherlands and what the role of the TCF hereby is. After analyzing relevant frameworks such as COSO (2013), the audit layer model and horizontal monitoring and after conducting interviews with the Dutch tax authority and external auditors, this research found that a Tax Control Framework is not relevant for the external auditor whereas it is relevant for the Dutch tax authority when it comes to being in control over material VAT risks. This implies that the Dutch tax authority should not rely on work done by the external auditor and rely more on businesses themselves through intensifying cooperative compliance.

List of abbreviations

COSO = Committee Of Sponsoring Organizations of the Treadway commission

CIT = Corporate Income Tax

OECD = Organization for Economic Cooperation and Development ISA = International Standards on Auditing

NOS = Nederlandse Omroep Stichting SOX = Sarbanes-Oxley act

TCF = Tax Control Framework VAT = Value-added Tax

- Input = VAT that suppliers towards a business charge - Output = VAT that is charged by the business to its customers

3 Table of content

1. Introduction 4

2. Theoretical background 10

2.1 Theories 10

2.1.1 Theory of Inspired Confidence 10

2.1.2 Stakeholder Theory 11

2.2 Frameworks 13

2.2.1 Horizontal monitoring + Audit layer model 13

2.2.2 COSO 14 2.2.3 TCF 17 2.3 Audit of Tax 19 2.4 Tax audit 20 2.5 Value-added Tax 21 2.6 Initial expectations 24 3. Method 26 4. Results 29 4.1 Frameworks 29 4.2 Audit of Tax 31 4.3 Tax audit 32 4.4 Value-added Tax 34 5. Discussion 38

4 1. INTRODUCTION

On the 13th of December 2016 the Dutch public news organization NOS published an article about the Dutch tax authority stating that “The Dutch tax authority is not capable anymore of performing their work in a correct way”1

Due to a loss of personnel the Dutch tax authority is not capable anymore of inspecting all filed tax returns. On the 17th of October 2018 the same NOS stated that “The Dutch tax authority has more personnel, but still not enough.”2

This personnel shortage has consequences for the Dutch tax authority, namely that they have to decide how to allocate their scarce personnel resources. To be as efficient as possible the Dutch tax authority makes use of horizontal monitoring (Belastingdienst, 2013). Under horizontal monitoring the tax authority makes use of co-operative compliance. Colon (2017) describes this as a new form of legal tax compliance where businesses give early insight in their tax strategy and procedures. Businesses benefit through real-time insights in their tax position and for the tax authority it becomes easier to allocate their resources depending on a business’s risk appetite (Colon, 2017; OECD, 2016). The OECD (2013) states that this risk management of tax authorities is an essential tool when bearing in mind the overall revenue consequences.

Figure 1: Audit layer model3

To allocate these resources the Dutch tax authority furthermore makes use of an audit layer model (figure 1) whereby they (partly) rely on the work of the internal and/or external auditor of a business (Belastingdienst, 2013). This audit layer model comprises of multiple layers whereby the first layer is the internal control environment of the business. The tax authority takes this as a starting point due to the fact that it is in the business’s own best

1

https://nos.nl/artikel/2148239-belastingdienst-kan-werk-niet-goed-meer-doen.html

2

https://nos.nl/artikel/2255205-meer-menskracht-voor-belastingdienst-maar-nog-niet-genoeg.html

5

interest to be in control of the information their business processes produce (Belastingdienst, 2013). External control is seen as the second layer. If for example an external auditor has given assurance over certain accounts, the tax authority will not perform the same work again, but will support on the work of the external auditor. The third layer then is the fiscal inspection of the Dutch tax authority itself. Furthermore, according to the Dutch tax authority, businesses should set up a Tax Control Framework (TCF) to be in control of all tax related issues (Belastingdienst, 2008). A TCF can help both the internal audit department and the external auditor to gain better insights in tax related issues and is seen as an extension of the business control framework (Belastingdienst, 2008). An example of such a framework is COSO (2013). One of the elements of a TCF, based on the COSO framework, is risk identification.

In respect of taxes an external auditor possibly sees risks differently than the Dutch tax authority and thus have a different perception of what is material. This could potentially lead to difficulties since the tax authority wishes to support on work done by the internal/external auditor. Wesdorp (2015) points out a materiality level of 30 million euro for an external Dutch auditor whereas the Dutch tax authority is considering 50 thousand euro as material for the same business. Through the development of TCF’s businesses are in better control of their tax risks. However there still is a gap between the internal/external auditor and the Dutch tax authority which implies that tax authorities are not fully in control of the tax risks they perceive as material if they rely on the work of the external auditor. Thus the question is if the Dutch tax authority is able to support on work performed by the external auditor.

In the following sections of this introduction I will address the scope and research question of this study, explain the practical and scientific contribution of this research and explain what is needed to answer the research question at hand.

Scope of the study

Due to the limited time scope of this study the research will focus on a small area of investigation namely value-added tax (VAT) risks within hospitals. Using VAT risks in hospitals as a case study gives insight in what possible differences in perceptions of material risks mean for the working of the audit layer model. Moreover this research’s aim is not to identify the gap between VAT risks of hospitals as perceived by the external auditor and as

6

perceived by tax administrators. Instead this research limits to giving insights into what possible differences implicate for the working of the audit layer model. In the next paragraphs the justification of this scope is explained further.

Amongst others Bakker and Kloosterhof (2010) and the OECD (2013) named a TCF as an adjustable device, meaning that the implementation differs among businesses. This might mean that it is hard to compare businesses in the first place, so it leaves room for investigating a particular subset. Burgers and Van der Meer (2018) address the need for more research on the use of TCF’s and other than multinational organizations. Furthermore Burgers and Van der Meer (2018) mention that apart from corporate income tax (CIT) a proper TCF should include also, amongst others, value-added tax (VAT) and wage tax. According to Burgers and Van der Meer (2018) the latter two forms of tax have massive fiscal processes which are important to have under control. Respondents in a survey by Wunder (2009) rated value-added tax as third out of six concerning the amount of risk it bears, meaning persons responsible for tax risk management in multinational enterprises consider it at least as a minor to moderate risk. Furthermore VAT is one of the largest income sources for the Dutch government4, so it is important for the Dutch tax authority that businesses are in control of this form of tax. Van Loon (2015) mentions that research by the European Commission shows a VAT tax gap of 200 billion dollars per year, meaning European tax authorities are not able to collect expected VAT. Taking into account that tax authorities are able to reclaim VAT for multiple years back, the amount mentioned by Van Loon even increases further. Furthermore Van Loon (2015) describes VAT as a form of indirect tax that in general hits every business process, again underpinning the importance of being in control over this form of tax. Van Loon (2015) also mentions an example of a business with a new ERP system which was led by an Indian team without European VAT knowledge. Due to incorrect application of VAT procedures, over 50 billion euro was over-claimed as input VAT. In a global survey by EY (2018) taxpayers rate indirect taxes, such as VAT, as their top source of risk after transfer pricing. Bakker and Kloosterhof (2010) name five major risks concerning VAT in the Netherlands. One of the five risks Bakker and Kloosterhof mention is wrongfully claiming input VAT on non-deductible categories. Given the following scope of this study, this risk is of importance.

7

The scope of this research is thus limited by focusing only on hospitals in the semi-public sector in the Netherlands. Semi-semi-public organizations are expected to be more transparent (Greiling, Traxler and Stötzer, 2015) making them an interesting subject since transparency is one of the basics of horizontal monitoring (Belastingdienst, 2013). Another important aspect of hospitals is their size. The turnover of Dutch general hospitals was 17,7 billion euro’s in 20175

. In general Dutch hospitals classify as very large businesses. For these very large businesses the Dutch tax authority make use of individual horizontal monitoring agreements (Belastingdienst, 2013b). Furthermore VAT could be more complex for semi-public organizations since parts of its business is VAT exempt.6 As a result thereof the process of being in control becomes more complex since a clear distinction has to be made between exempt and non-exempt activities and all transactions have to be processed accordingly. Amongst others hospitals are able to reclaim input VAT for general activities due to the possibility of “reclaiming pro rata.”7 For example selling medicines through an in-house pharmacy is not VAT exempt and on the basis of this turnover they might be able to reclaim VAT pro rata on general incurred costs. In 2015 a Dutch court in The Hague ruled that hospitals should allocate their costs, and thus determine what they are able to reclaim, in a more strict manner.8 In appeal the Council of The Hague concluded the same.9 Both the amount of costs and the percentage of reclaim are debatable. This leads us to the following research question:

“How can a Tax Control Framework help external auditors address VAT for the (tax) audit of hospitals?”

Contribution of the study

For academic purposes this research extents to literature on internal control and the assessment of risks by giving an explicit manifest for dealing with tax risks as an own subject in the assessment of risk instead of being a part of total risk assessment. Amongst others the OECD (2013) called for more research on the assessment and guidance of Tax Control Frameworks due to its centrally important position. Another key driver on why the tax

5 https://ziekenhuiszorgincijfers.nl/assets/uploads/NVZ-Brancherapport-2018.pdf 6_{https://www.belastingdienst.nl/wps/wcm/connect/bldcontentnl/belastingdienst/zakelijk/btw/tarieven_en_vrijstell} ingen/vrijstellingen/vrijstellingen 7_{https://www.belastingdienst.nl/wps/wcm/connect/bldcontentnl/belastingdienst/zakelijk/btw/btw_aftrekken/belas} te_en_vrijgestelde_omzet/inschatting_van_het_gebruik2/inschatting_van_het_gebruik 8

Rechtbank Den Haag, 09-03-2015, nr. SGR 14/4008.

8

position gained more interest is the implementation of SOX (Deumes and Knechel, 2008). More in particular SOX 404. Under SOX 404 businesses have to disclose on weaknesses in their internal control that could possibly lead to material misstatements (Graham and Bedard, 2015). By analyzing these disclosures Bauer (2016), Graham and Bedard (2015) as well as Wunder (2009) mention that twenty to thirty percent of internal control weaknesses are tax related. An example of such a risk is reputational risk. For example many businesses engage in tax avoidance schemes successfully for longer periods of time (Gallemore, Maydew & Thornock, 2014) even though the public has little tolerance for aggressive tax planning (Gallemore, Maydew & Thornock, 2014; Shulman, 2009). Therefore this bares a reputational risk on a business. However there are more tax related weaknesses. Bauer (2016) mentions the high degree of uncertainty in the tax position. Wunder (2009) describes seven different risk elements concerning taxes for multinational enterprises, however these disclosures and risks are focused on material weaknesses concerning the external audit and not on material weaknesses as seen by the Dutch tax authority. This research will therefore extent to research on internal control and tax by, amongst others, Bauer (2016), Graham and Bedard (2015) and Wunder (2009) and due to the fact that it tries to dive deeper into tax related weaknesses in general and differentiate between possible different levels of materiality as seen by the external auditor and the Dutch tax authority. Another aspect is that this research investigates an indirect form of tax whereas most research has been done on corporate income tax, which is a direct form of taxation (Belastingdienst, 2017).

Furthermore this research contributes towards the work of practitioners in the field. It could possibly help external auditors as well as employees of the Dutch tax authority to gain better insights in how a Tax Control Framework is used and how it is ultimately able to help the Dutch tax authority decide if they are able to support (better) on the work of the external auditor and thereby to help reach the goals of horizontal monitoring (Belastingdienst, 2013). Furthermore it will contribute to the understanding of the functioning of the audit layer model and therefore help the Dutch tax authority to evaluate whether or not the audit layer model is a sound depiction of how they are able to support on the work of others

In the next section I will discuss the main theory underlying the research question at hand. Furthermore I will propose and elaborate on a set of sub-questions so that I am able to give a full and complete theoretical background to this research. The following will be addressed.

9 What is a Tax Control Framework?

I will give a background on how the need for a Tax Control Framework has originated. I will elaborate on horizontal monitoring, the audit layer model, the COSO framework and ultimately TCF’s and the guidelines provided.

How does an external auditor use a TCF?

External auditors audit a business. Amongst others an audit of tax is conducted. I will explain how an auditor audits (tax). Furthermore I will elaborate on external auditor materiality and tax as expected beforehand.

What is materiality to the Dutch tax authority?

This research tries to identify differences in perception of materiality between the external/internal auditor and the Dutch tax authority. I will define how the Dutch tax authority sees materiality and what the purpose of a tax audit is.

What are the risks concerning value-added tax for hospitals?

Since this research focusses on VAT, I will define beforehand risks concerning VAT. A brief summary of important legislation, specified for hospitals, will be given. Furthermore a basic understanding of cost allocation and determining pro rata will be given

The theory section will end with an initial expectation as to how a TCF is able to serve as a framework for being in control over VAT in hospitals.

10 2. THEORETICAL BACKGROUND

2.1 Theories

This research investigates different levels of materiality as seen by the external auditor and the Dutch tax authority. Therefore it addresses two different perspectives namely that of the external auditor and of the Dutch tax authority. The perspectives originate out of different theories being Limperg’s theory of inspired confidence and the stakeholder theory. The purpose of the external auditor is to give assurance on the annual accounts of a business. The external auditor’s goal hereby is to “enhance the degree of confidence of intended users of the

financial statements.”10 This means that the external auditor has a responsibility towards intended users of the financial statements. One of the items addressed in the financial statements is taxes. This responsibility is linked to Limperg’s theory of inspired confidence that originates out of 1932 (Limperg, 1985).

The Dutch tax authority has a same sort of commitment with society as external auditors have, namely fair taxation. Businesses are only able to enter into horizontal monitoring when they incorporate the Dutch tax authority as a stakeholder to the business, whereby they have to be transparent and cooperative towards this stakeholder. The Dutch tax authority thus forces a stakeholder approach. Therefore I take stakeholder theory as theory for the Dutch tax authority perspective.

The perspective of the external auditor, and thus Limperg’s theory of inspired confidence, will be addressed first

2.1.1 Theory of Inspired Confidence

In 1932 Theodore Limperg jr. first proposed his theory of Inspired Confidence (Limperg, 1985). Limperg describes that the financial system has changed in such a way that businesses are dependent of banks and other partakers of society for financing (bank loans or for example a person buying shares). Limperg underpins the importance of an unqualified opinion of an independent auditor on the financial statements of a business. The auditor hereby becomes “a confidential agent of the community at large” (Limperg, 1985: 11) which has the right of existence due to the need for independent and expert opinion on financial statements of a business (Limperg, 1985). However with that need also comes responsibility.

11

By fulfilling societies need, society places confidence in the auditor and it is that confidence out of which auditors legitimize their existence. It is important to notice an expectation gap between society and the auditor. Auditors and public have different beliefs about what the responsibility of the auditor is during an audit (Chye Koh and Woo, 1998; Mills, 1990), for example when it comes to detecting fraud. While the public might deem this to be the responsibility of the auditor (Mills, 1990), this actually is the responsibility of “those charged

with governance of the entity and management.”11

However even with the presence of an

expectation gap, auditors still legitimize their existence through the confidence society has placed in them. According to Limperg (1985) it is that confidence that drives auditors to perform good audits. So for that confidence to not to be mistrusted auditors amongst others perform a risk analysis and set materiality12 so that the outcome of their audit is of a sufficient quality to give a reasonable amount of assurance. The driver of external auditor materiality and why it is set is thus society and out of that perspective Limperg’s theory of Inspired Confidence fits to explain the external auditors perspective. I will explain the more technical part, determining how it is set and how it is related to this research further on.

Another theory that is relevant for this research is stakeholder theory. It enlightens the perspective of the Dutch tax authority.

2.1.2 Stakeholder Theory

To be able to function properly the Dutch tax authority needs information out of a business. Amongst others the Dutch Corporate Governance Code instructs the board of businesses to disclose information on risks and how internal control addresses these risks (Tabaksblat Committee, 2008). One way to address risks is via the COSO (2013) framework. The need for internal control originates out of the well-known agency problem, whereby managers of a business might have other interest than the owners and thus act out of self-interest instead of in the best self-interest of the owner (Fama and Jensen, 1983). Internal control would lead to reducing this information asymmetry between owner and manager, and is seen as rather helpful when management discloses information on these controls (Hermanson, 2000). Deumes and Knechel (2008) furthermore describe the managerial need of internal control, since, for example, investors will view an absence of monitoring as a warning that a manager’s interest is not in line with theirs. The Dutch tax authority is not directly involved in

11

http://www.ifac.org/system/files/downloads/a012-2010-iaasb-handbook-isa-240.pdf

12

a manager owner relationship with a business, but is rather seen as a stakeholder towards the business (Donaldson and Preston, 1995). Donaldson and Preston (1995) describe stakeholders as “Persons or groups with legitimate interests in procedural and/or substantive aspects of

corporate activity.” Since the Dutch tax authority has a legitimate interest, namely taxation of

corporate activity, this definition fits the perspective of the Dutch tax authority for this research. Not only do Donaldson and Preston (1995) describe what a stakeholder is, they also link stakeholders to stakeholder theory. Stakeholder theory is described as a theory whereby businesses should be managed in the interests of all stakeholders, not only shareholders. This theory is seen an extension to agency theory (Donaldson and Preston, 1995; Freeman, 1984; Freeman and Reed, 1983; Laplume, Sonpar and Litz, 2008). According to Freeman (1984) managers need to take into account all of those groups and individuals that can affect, or are affected by, the accomplishment of the business enterprise. Donaldson and Preston (1995) justify the normative nature of this theory, meaning that moral and philosophical guidelines serve to determine why businesses should act in the interest of all stakeholders.

This research therefore takes stakeholder theory as a starting point as to why businesses should be in control of their tax towards the Dutch tax authority, so that they are able to enter into a horizontal monitoring agreement. The work of the Dutch tax authority hereby changes from vertical monitoring to determine whether a tax return is acceptable or not in accordance with horizontal monitoring(Belastingdienst, 2013). Internal control disclosure helps to reduce the information asymmetry between business and stakeholder, which is a basis for horizontal monitoring (Belastingdienst, 2013). Thereby a Tax Control Framework, like COSO (2013), is an instrument to reduce information asymmetry between amongst others the Dutch tax authority and a business via disclosure of information on tax risks. This research will not only focus on why a TCF could help a business to be in control, but also how. In line with the research question at hand this means that mainly the how part will be examined. The how part is the part of a TCF that helps the external auditor differentiate between what is material towards an external auditor and what is material for the Dutch tax authority. The perspective of the external auditor is thereby underpinned by Limperg’s theory of Inspired Confidence and the perspective of the Dutch tax authority by the stakeholder theory. In the next section I will discuss the different frameworks that have led to the forming of Tax Control Frameworks.

13 2.2 Frameworks

2.2.1 Horizontal Monitoring and the Audit Layer Model

Horizontal monitoring

As of 2005 onwards the Dutch tax authority makes use of horizontal monitoring. The Dutch State Secretary for Finance introduced the definitive implementation of this concept of mutual trust via a letter to the Dutch parliament (Staatssecretaris van financiën, 2005). As mentioned in the introduction the idea of horizontal monitoring is working together on the basis of co-operative compliance (Colon, 2017). Hereby the Dutch tax authority is able to identify low risk businesses who are willing to comply with law and regulation (Veldhuizen, 2015). The Dutch tax authority then enters into a horizontal monitoring covenant with these businesses (Veldhuizen, 2015). In this way the Dutch tax authority is capable of distributing their resources in the best possible way. The goal hereby is that the Dutch tax authority tries to avoid doing work double and supports on the work done by amongst others the internal/external audit (Belastingdienst, 2013). To execute the purpose of horizontal monitoring the Dutch tax authority makes use of their Audit Layer Model. As figure 1 shows horizontal monitoring reduces the amount of work done. Horizontal monitoring is the subset of work that is performed out of each layer as opposed to performing all work within each layer. The amount of work done is determined via statistics and so called sample reduction, depending on to what extent the Dutch tax authority is able to support on the work of others (Belastingdienst, 2013).

Audit Layer Model

The Audit Layer Model is a depiction of the Dutch tax authority as to how different forms of auditing and control come together. Since this research aims at identifying different levels of materiality, as seen by the Dutch tax authority and the external auditor, it is necessary to have a basic understanding on how the internal, external and fiscal audit and control relate to each other. The model works as follows. The inner circle represents the primary processes of a business. The business then has an internal control environment put into place, for example based on COSO (2013). The internal control environment is complemented by the internal audit layer. Together they form the first layer of the Audit Layer Model. These parts do not completely overlap since the internal audit also audits parts of business that do not per se have controls into place. The next layer is the external audit layer. Again certain parts overlap the internal environment/audit and others do not. This means that the external audit partly relies

14

on the internal environment/audit and does the rest of the work themselves. The last layer is the fiscal audit of the Dutch tax authority, which partly relies on the internal control environment and the external audit. However for the Dutch tax authority to be able to support on these factors, it is important that proper controls are into place and it is important that the external audit makes use of the same norms as the Dutch tax authority (Belastingdienst, 2013). To be able to determine the working of this layer model I will determine how the internal control environment, and thereby a Tax Control Framework, could, from a theoretical perspective, help the Dutch tax authority and the external auditor support on internal controls.

2.2.2 COSO

Amongst others the Dutch tax administration views a Tax Control Framework as a framework that is part of the business framework of which COSO is a standard (Belastingdienst, 2008). Furthermore in a large variety of research on TCF’s both COSO Integrated Control Framework and COSO Enterprise Risk Management are used or mentioned as an important framework for both internal control and risk management purposes (Bakker and Kloosterhof, 2010; Dijk and Siglé, 2016; Veldhuizen and Kamerling, 2009). So to be able to get a grasp of how a Tax Control Framework is set-up it is important to understand the building blocks of COSO. Since this research focuses on external auditors I will only discuss the COSO Internal Control Framework. ISA 315, which mentions the responsibility of the auditor for assessing the internal control environment, also uses the building blocks of the COSO Internal Control Framework. The COSO Internal Control Framework (2013) defines internal control as follows: “Internal control is a process effected

by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.” Furthermore the COSO framework comprises of five

components that contribute towards being in control (COSO, 2013). I will shortly describe these different components as to better be able to link them to Tax Control Frameworks.

15 Figure 2: COSO integrated framework 201313

Control Environment

The first building block of COSO is the control environment. Romney and Steinbart (2015) amongst others mention the importance of management’s philosophy, operating style and risk appetite. Romney and Steinbart (2015) furthermore address commitment to integrity, ethical values and competence as important factors of the control environment. Stating the philosophy and commitment to important values are all shown via management’s ‘tone at the top’ (Shapiro, 2014). The Dutch tax authority also takes this organizational tone as an important factor for the other components of control (Belastingdienst, 2008). This tone works as a soft control for the rest of the business. Falkenberg and Herremans (1995) as well as Otley (2016) find that soft controls (informal controls) are an important factor that are needed to supplement hard controls if goals are to be achieved. Falkenberg and Herremans (1995) define soft controls as controls that are not measurable, but are about beliefs and values that have influence on displayed behavior. Thus the purpose of the control environment is setting the tone for the hard controls within the other control components.

Risk Assessment

The control environment sets the basis for performing a risk assessment since, amongst others, the risk appetite determines . Risk is defined as the possibility that the implementation of strategy or achievement of business goals is affected (Romney and Steinbart, 2015). As mentioned before Wunder (2009) as well as Bakker and Kloosterhof (2010) describe seven major areas of tax risk for multinational enterprises. Concerning VAT compliance risk, which is one of the seven that is mentioned, is an important factor. In a tax survey by EY (2018)

13 _{See COSO (2019) in references.}

16

both the tax authorities and businesses rate indirect tax compliance risks in their top two of risks (next to transfer pricing). When risks are assessed businesses have to decide whether to reduce, accept, share or avoid risks (Romney and Steinbart, 2015). This choice should be in line with the identified risk appetite of the business. The chosen risk response is then executed via control activities.

Control Activities

If risks have been identified the next step is to put control activities into place that are able to mitigate these risks to an acceptable level for the business. Romney and Steinbart (2015) define control activities as: “policies, procedures, and rules that provide reasonable

assurance that control objectives are met and risk responses are carried out.” The Dutch tax

authority describes control activities as necessary to achieve business objectives (Belastingdienst, 2008).

Information & Communication

Shapiro (2014) describes the seventeen principles of COSO (2013). For information and communication Shapiro (2014) states that it is important to “Verify that all key data are

timely distributed to responsible persons, verify that regulatory risk is promptly addressed and obtain assurance that key data are timely developed.” The purpose hereby is to provide

management with the information they need to assess whether or not the internal control system is able to reach its objectives (Belastingdienst, 2008). In a publication on healthcare institutions COSO (2019) advises to set up a risk and control matrix as to be better able to better document and thus provide and communicate information. The implementation for healthcare institutions (COSO, 2019) is also based on the COSO Internal Control Framework.

Monitoring Activities

Not only is it important to have controls put into place it is also important to effectively monitor the working of these controls. Via ongoing procedures a business is able to assure the operating effectiveness of controls over time (Belastingdienst, 2008). Romney and Steinbart (2015) mention the importance of an Internal Audit function that performs the monitoring process. Furthermore it is of importance that deficiencies in the internal control system are reported to the appropriate level of management (Belastingdienst, 2008).

17

Together these building blocks are able to deliver a sound internal control framework. However it does not per se specifically address taxes as an own subject, while a tax control framework does. For this reason the Dutch tax authority wants businesses to have a TCF put into place (Belastingdienst, 2008).

2.2.3 Tax Control Framework

Bakker and Kloosterhof (2010) describe a TCF as “a system (process) to identify,

mitigate, control and report tax risks.” In 2016 the OECD published a guideline on how a

Tax Control Framework could be implemented and what six building blocks it could consist of (OECD, 2016). Bakker and Kloosterhof (2010) also describe six building blocks, that partly differ from those of the OECD. According to the Dutch tax authority the tax control framework should be designed in such a way that it incorporates all relevant events and consequences when it comes to taxation (OECD, 2016). For this research I will use the more recent COSO based structure of building blocks of the OECD. However I will also make use of Bakker and Kloosterhof (2010) and a report issued by the Dutch tax authority (Belastingdienst, 2008).

Tax Strategy Established

The OECD (2016) as well as Bakker and Kloosterhof (2010) start their framework with the tax strategy of a business. This strategy should encompass the overall strategy and objectives of the business. Furthermore Bakker and Kloosterhof (2010) and the OECD (2016) both state that top level management should display a “tone at the top”. This tone works as a soft control for the rest of the business. The balance between hard and soft control however differs per business (Bakker and Kloosterhof, 2010). Furthermore the tax strategy should clearly display the business’s risk appetite (OECD, 2016). Eastburn and Sharland (2017) define risk appetite as the willingness to take on risk. The strategy should also display elements as how the business is going to be transparent and comply with the law (OECD, 2016). This is a rather important aspect for the Dutch tax authority to be able to enter into horizontal monitoring (Belastingdienst, 2008). For an efficient TCF it is thus important to display a clear message about risk appetite, strategy and tone at the top. This part of the TCF is strongly linked with COSO’s control environment. Concerning hospitals this means that management should elaborate on the cost allocation process and for example determine if they are willing to allocate costs that are debatable for reclaiming VAT under “general incurred” costs. This

18

would imply a more risk-seeking form of behavior and thus imposes more risk on a business itself.

Applied Comprehensively

The second building block of the OECD (2016) entails which transactions are able to impact the tax position. In general every transaction is able to have impact (OECD, 2016). It is thus important that the TCF is able to cover all parts of a business. By applying a TCF comprehensively all areas of a business are covered and thus some sort of risk assessment is performed. The OECD (2016) states that it is important that the TCF needs to address the complete process from identifying until monitoring for all tax processes. Related to VAT to be paid by a hospital, where a large part of business is VAT exempt, it is necessary to allocate all transactions properly to make sure that VAT that is reclaimable is reclaimed and to make sure that VAT that is not reclaimable is not reclaimed.

Responsibility Assigned

“Responsibility assigned” encompasses that the tax strategy is executed by the right people that are thus assigned responsibility (OECD, 2016). They should have the right experience and skills and furthermore the main responsibility should lie within the tax department (OECD, 2016).

Governance Documented

The TCF should encompass the tax governance and tax policy of the business (OECD, 2016). Not only internally, but also to external stakeholders. Vodafone for example published their tax strategy and their tax policy online.14 They give a complete outline of how their employees in all layers within the business should act. By documenting this properly all stakeholders are well informed. Employees know how to handle within the guidelines and external stakeholders, like the Dutch tax authority, are aware of the chosen risk appetite. Furthermore the OECD (2016) states the importance of management taking responsibility. By documenting governance the board is able to demonstrate that the highest level takes responsibility for tax compliance. Bakker and Kloosterhof (2010) also mention the importance of providing personnel with knowledge, tools and skills. Governance documented is for a large part linked to COSO’s information and communication.

19 Testing Performed

Testing performed is linked to COSO’s monitoring. The OECD (2016) mentions the importance of the monitoring process. This process should be able to deliver feedback and be able to detect and correct errors. Even though this is an important part, it does not significantly differ from the COSO building block.

Assurance Provided

The OECD (2016) describes assurance provided as the overall result of the other components of the TCF. If all parts of the TCF function properly the outcome is that the TCF is able to provide a reasonable amount of assurance that the actual tax risk is not higher than the level of accepted risk appetite, whereby the TCF is thus able to detect, mitigate and control tax risks (Bakker and Kloosterhof, 2010). An example of such a risk is complying with applicable VAT law. The TCF should be able to lower tax risks to an acceptably low level so that the TCF is able to provide assurance.

2.3 Audit of Tax

One role of the auditor is to address the internal control environment of a business and determine what risks are present within the business and how these risks are able to impact the audit of the financial statements. Dutch external auditors make use of the NV COS regulations.15 The NV COS is the Dutch implementation of the International Standards on Auditing (ISA) and provide the external auditor with guidelines (ISA’s) as to how they should perform an audit. ISA 31516 states the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements. The external auditor hereby evaluates the state of internal control and a TCF could be regarded as a part of the internal control environment that reduces material tax risks. ISA 32017 describes materiality as:

“Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.” The auditor hereby makes use of a risk based

audit approach whereby the audit risk model is used (Wesdorp, 2015). For the external audit the auditor determines materiality for the financial statements as a whole. Furthermore the auditor is able to set materiality specific for particular classes of transactions, account

15 _{https://www.nba.nl/wet-en-regelgeving/gedrags-en-beroepsregels/actueel/hra-nv-cos/} 16

http://www.ifac.org/system/files/downloads/a017-2010-iaasb-handbook-isa-315.pdf (As of now: ISA xxx)

20

balances or disclosure. Performance materiality is lower than the materiality for the statements as a whole and is set to ascertain that individual errors taken together are not higher than the materiality for the statements as a whole. The external auditor sets this “performance materiality”. How much lower this materiality is depends on the risk associated within an account balance or class of transactions. Depending on this determination the external auditor determines the timing nature and extent of further procedures.18 In general materiality is set as a monetary amount that is a percentage of an appropriate benchmark, for example net operating profit. However determining materiality and subsequent performance materiality requires professional judgement (ISA 320).

The purpose of a TCF for the external audit is mainly facilitating (Bakker and Kloosterhof, 2010). Since the external auditor is not able to review every transaction, a proper TCF with effective controls gives the external auditor the possibility to support on this work or at least reduce substantive procedures that would otherwise have to be carried out in accordance with ISA 320. So the TCF has no influence on the level of materiality, but only on the amount of work that has to be performed to gain reasonable assurance that there are no material misstatements.

2.4 Tax Audit

The Dutch tax authority performs tax audits. Under horizontal monitoring the Dutch tax Authority cooperates with businesses in determining materiality, however ultimately they set it themselves (Belastingdienst, 2008). Overall this materiality tends to be lower than the materiality an external auditor sets for the audit of the annual accounts (Belastingdienst, 2008). Concerning TCF’s the Dutch tax authority wishes to determine whether the design, existence and operating effectiveness are appropriate. Engelmoer (2015) describes the TCF as an instrument for the Dutch tax authority to be able to obtain sufficient and appropriate information out of a business. Ultimately the Dutch tax authority sets materiality at such a level that they are able to judge the tax return as ‘well enough’(Belastingdienst, 2013). Even though the Dutch tax authority uses a five percent materiality on turnover threshold (Belastingdienst, 2013), they only use this to determine the sample size, for example how many invoices they want to audit, when auditing tax. Within this sample size they have a zero fault expectancy, meaning they do not allow any faults within the sample (Belastingdienst,

18 _{Id 13}

21

2013). Depending on the state of internal control (TCF), or on the possibility of supporting on the work of others, this sample size is reduced (Belastingdienst, 2013). The TCF thus is a device that the Dutch tax authority uses to reduce the amount of performed work.

2.5 Value-added Tax

Most states levy tax on turnover on the basis of a Value-Added Tax system. The Value-Added Tax system was introduced to only levy tax on the value that is added in each stage of production until final consumption (Schenk, Thuronyi and Cui, 2015). In essence VAT is a tax on consumption (Schenk et al, 2015). Where consumption takes place is in general the country that is eligible to collect the VAT (Silva, 2014). The Dutch VAT legislation (Wet op de omzetbelasting 196819, as of now “VAT Act ’68”) is the Dutch implementation of the EU directive on Value-added Tax 2006/112/EC. To avoid going over the complete legislation I will shortly describe the most relevant articles for the scope of this study and the most significant risks below. The main focus will be on the provisions that are relevant for determining VAT due by health organizations.

Legislation

The Dutch law on turnover tax (VAT Act ‘68) has several articles that are of importance towards the scope of this study. Also the Dutch general tax act (Algemene wet inzake Rijksbelastingen, as of now “AWR”)20

is of importance for the perspective of the Dutch tax authority. Furthermore the VAT Directive (2006/12/EC) published by the European Commission has important articles.

Article 2 – VAT Act ‘68

Article 2 of the Dutch law on turnover tax states that a business is able to reclaim VAT that is incurred on costs that are made for delivering non-exempt goods or services. This means that a business is not able to reclaim input VAT on services or goods that are VAT exempt in accordance with article 11.

19

https://wetten.overheid.nl/BWBR0002629/2019-01-01

22 Article 11 – VAT Act ‘68

Article 11 of the Dutch law on turnover tax provides for an overview of exempt services. For hospitals article 11 (1 g 1⁰ a) is of relevance which states that health care services that are rendered by medical professionals that have followed certain education are VAT exempt. This is of importance since the main part of business of a hospital is providing health care services via medical professionals.

Table 1 - Lower VAT percentage – VAT act ‘68

Table 1 of the Dutch law on turnover tax mentions services and goods on which the lower VAT percentage of nine percent is applicable. Under Table 1 (a 6/8) medicines and bandages are mentioned. On these goods the lower VAT percentage is applicable. However there are some medicines for which the lower percentage is not applicable.21 This article is of importance since the control framework should work in such a way that the right percentage of VAT is applied to all transactions.

Article 173/174/175 of the VAT Directive (2006)

Article 173 through 175 describe the possibility to deduct input VAT pro rata on “general incurred” costs. This is defined as costs that are made for generating exempt as well as non-exempt turnover. The percentage of deduction is determined by dividing the non-non-exempt turnover through the total amount of turnover without tax. This percentage is rounded up to the next whole number. Deduction is possible for this percentage of VAT on all costs that are incurred for both exempt and non-exempt services. Given the decision made by the The Hague Council mentioned in the introduction of this research it is thus very important that costs are allocated in a correct manner.

Article 20 – AWR

Article 20 of the Dutch general tax act states the possibility of collecting taxes up until five years after the end of the calendar year in which an unjust tax return has been filed. This article thus gives the Dutch tax authority the possibility to investigate returns of the past five years and if deemed incorrect they are able to adjust these returns. This means that the risk that a business bares for noncompliance could fivefold.

21

https://www.belastingdienst.nl/wps/wcm/connect/bldcontentnl/belastingdienst/zakelijk/btw/tarieven_en_vrijste llingen/goederen_9_btw/geneesmiddelen_en_hulpmiddelen/geneesmiddelen_en_dergelijke/geneesmiddelen

23 Article 67f – AWR

Under article 67f the Dutch tax authority is granted the possibility to fine a business up to 100 percent of the amount of tax that has to be paid, but is not paid. Even though this is only possible if a business had the intent of not paying or filing an unjust return, this gives the tax authority some possibilities and could also bear risk on a business that is willing to operate in the grey field that is mentioned by Bakker and Kloosterhof (2010). The same term of five years applies for this article.

Risks concerning VAT

Bakker and Kloosterhof (2010) address a grey area in the tax playing field. This field is defined as a place where businesses may feel that they act within the law, while the tax authority believes otherwise. A sound example is mentioned in the introduction. The Dutch Council ruled that businesses should allocate their costs in a more structured manner.22 In this court case (BK-15/00321/) there was a clear dispute between the Dutch tax authority and the taxpayer, while the business thought they were acting within the law. This situation would categorize as compliance risk under the seven risk categories mentioned by Bakker and Kloosterhof (2010) as well as Wunder (2009). Wunder (2009) describes the possibility of weak controls, data integrity and legislative changes. For example controls should work in such a way that costs are securely allocated and sales are categorized under the corresponding amount of output VAT. For example a system that calculates the wrong amount of VAT could be a significant problem. When exempt and non-exempt services are performed this is the most significant risk when it comes to VAT within non-profit businesses, due to the complexity of operations. Van Loon (2015) describes these VAT risks and states that these technical process risks are significant. In case of non-compliance the Dutch tax authority is able to collect the adjusted amount of VAT for the last five years. Taken together with the possibility that this amount could be further increased by fines it might become a material cost for both the external auditor and the Dutch tax authority. The outcome of the EY (2018) tax survey underpins this risk since VAT compliance risk is acknowledged by both businesses as well as tax authorities.

24 2.6 Initial expectations

After the assessment of theory I have formed initial expectations as to how an external auditor could use a TCF for the (tax) audit of hospitals. First of all it is important to determine which parts of the TCF are most important for the external auditor/the Dutch tax authority concerning materiality since that forms the scope of this study. Ultimately the external auditor interferes with all parts of the COSO framework during the audit. For determining materiality however it is most important to identify, assess and control risks. Relating this to a tax control framework, it is of importance that the TCF works in a comprehensive way wherein it is able to force transactions to be allocated to the right places incorporating the right amount of VAT, whereby the handling of transaction within the grey area depends on the business’s risk appetite. The TCF hereby should be able to detect and mitigate risks to an acceptable level.

Furthermore it is of importance that risk appetite and general procedures are documented and communicated in a decent manner. However the core of this study focusses on the risks that are present and how these are dealt with in terms of materiality so I have chosen risk assessment and control activities as being the most important.

Figure 3: COSO integrated framework 201323

The external auditor determines materiality and depending on the working of the TCF it is possible to support on internal controls whereby the TCF thus is a facilitating device as mentioned by Bakker and Kloosterhof (2010). However as mentioned in the introduction of this research Dutch tax authority materiality has a completely different scope. The OECD (2016) for example mentions situations in which the external audit materiality is higher than the total amount of taxes paid. For the external audit and the tax audit a proper functioning

23 _{See COSO (2019) in references.}

25

TCF should be able to serve as an instrument on which supporting is possible so that the amount of substantive procedures becomes limited. Given the audit layer model the question is if it is possible for the Dutch tax authority to support on the work of the external auditor given that the Dutch tax authority only supports on work that is performed with the same scope and materiality (Belastingdienst, 2013).

The next section will elaborate on the research method that is used to answer the research question and subsequent questions at hand

26 3. METHOD

Some background information was given and a literature review was conducted in the theory section. However to gain a more in-depth understanding on how, amongst others, frameworks and ISA’s are used in practice and to be able to answer the research question and subsequent questions, more in-depth information is needed. Smith (2015) states that a qualitative study is suitable for acquiring more in-depth information on a phenomenon where the focus is more on meaning instead of numbers. To this end multiple semi-structured interviews were conducted. Semi-structured interviews are able to deliver rich data due to the possibility of probing (Barriball and While, 1994).

The next paragraphs explain the way the data was gathered and the way it was handled after collection.

Data collection

To be able to enlighten both perspectives that are of importance for this study, interviews were conducted with both external auditors as well as employees of the Dutch tax authority. Francis (2004) mentions that audit quality is usually higher for offices of a Big four firm that have industry expertise as well as for Big four firms in general. For the perspective of the external auditor persons with a sound background were interviewed which is of importance for obtaining high quality data (Barriball and White, 1994). The external auditors interviewed work at the same Big four accounting firm in a managing function and are specialized in the health care industry. For the Dutch tax authority perspective an auditor of the Dutch tax authority was interviewed who is trained as certified accountant and is working in the (very) large businesses segment. One of the tasks of this person is developing plans for the further development of cooperative compliance for all corporate taxpayers, including the (semi-)public sector. Furthermore an accountant of the Dutch tax authority was interviewed who is involved in the development of Tax Control Frameworks.

Concerning the sample size Francis et al. (2010) as well as Morse (1995, 2015) state that an adequate sample size is reached at the point of data saturation. This means that holding extra interviews would not lead to extra information (Morse, 1995). Morse (2015) also mentions the importance of appropriateness of the sample and given the background of those who were interviewed the sample is appropriate. This leads to more quickly saturation of data

27

(Morse, 1995). Combined with the richness of semi-structured interviews this should lead to saturated data.

Concerning the perspective of the Dutch tax authority a lot of data was also gathered by analyzing reports that were issued by the Dutch tax authority. Combined with the data obtained via two interviews with accountants of the Dutch tax authority this has led to sufficient data for answering questions out of the Dutch tax authority perspective. Concerning the external auditor perspective the same was performed, however instead of reports International Standards on Auditing were analyzed and interviews with two external auditors were conducted. Apart from this analysis all four interviewed are certified auditors, so data on this perspective is also sufficient. Furthermore, before the interviews were conducted, an internal auditor of a hospital was interviewed via mail and asked which risks he deemed most significant concerning VAT. This was done so that I was able to link the interview outcomes to these risks to determine if all areas of risk were covered during the interviews. Combined with the expertise of both external auditors and one of the employees of the Dutch tax authority on (VAT) risks during the audit of a hospital sufficient data was obtained. Lastly annual reports of major hospitals were analyzed to give insights into materiality levels.

Concerning acquiring appropriate data out of the interviews Kallio et al. (2016) describe a five step approach for the semi-structured interview. Amongst others a test-interview was conducted to determine whether or not the test-interview guide and test-interview technique worked properly for obtaining the necessary data. During the interview phase the interview guide was adjusted depending on who was interviewed. The interview guide is attached to this research in appendix 1. Where possible the interviews were conducted by more than one interviewer for obtaining more objective data. The interviews were conducted in Dutch so that there was no language barrier between interviewer and interviewee. Matters of confidentiality and anonymity were discussed beforehand.

Data analysis

The interviews were recorded and turned into a transcript manually. For purpose of validity a reviewer has analyzed parts of the recordings to determine whether or not the transcripts reflect what was said during the interviews. These transcripts were written in Dutch and translated into English when used for quotation. The possibility exists that some information was lost during translation. To be able to draw conclusions the transcripts were analyzed by

28

means of coding. For obtaining more sound conclusions the transcripts were coded two times. Firstly manual and a week later via NVivo software. By linking these codes to the research question and subsequent question it was possible to give answers and insights towards these questions. This was done to overcome bias, which is a threat for validity (Roulston and Shelton, 2015). This is of importance since for qualitative research it is necessary to have a rigorous approach for ensuring reliability and validity of data (Morse et al, 2002).

Table 1 provides technical data on each interview. TABLE 1 Interview information

Function Perspective Duration Date

Sr. Manager Audit External auditor 62 minutes 30-4-2019 Manager Audit External auditor 56 minutes 22-5-2019 Accountant DTA Dutch tax authority 45 minutes 18-4-2019 Accountant DTA Dutch tax authority 43 minutes 13-5-2019

Internal Auditor Internal hospital n.a. 26-2-2019

In the next section the interview outcomes are presented. To be able to draw conclusions later on these outcomes are presented in the same sequence as the theory section is presented in.

29 4. RESULTS

To be able to draw conclusions later on I will now first list the results that were found during reviewing literature and analyzing the interviews.

4.1 Frameworks

In the theory section Horizontal Monitoring as well as the Audit Layer Model, COSO (ERM) and the TCF were mentioned as relevant frameworks for this study. These frameworks are analyzed as part of answering the sub-question “What is a Tax Control Framework?”

Horizontal Monitoring

Horizontal Monitoring is a collaboration with the Dutch tax authority. A prerequisite for entering into Horizontal Monitoring is a proper functioning TCF. During the interviews the following results were found.

[“Around two/third of the hospitals I have in my portfolio have entered into a

Horizontal Monitoring agreement, for very large businesses in general the number is one out of six” – Accountant Dutch tax authority]

In both interviews with external auditors it was mentioned that the external auditor supports on the Horizontal Monitoring agreements when determining risks. If there is no Horizontal Monitoring agreement they are also able to fall back on communication between the Dutch tax authority and a business.

[“If a client has entered into Horizontal Monitoring we know that they have a properly

functioning TCF since that is a prerequisite. If that client then has fiscal issues we are able to fall back on the agreements in the Horizontal Monitoring agreement” – Senior Manager Audit]

[“We look at what is discussed with the Dutch tax authority.. Which flows of turnover

and transactions are discussed.. ..This way we are able to determine if there are risks concerning the financial statements” – Manager Audit]

30 Audit Layer Model

The Audit Layer Model depicts how the Dutch tax authority wishes to support on others. Concerning the Audit Layer Model the following results were found.

[“If the accountant has determined that VAT rates are applied properly, or if the

organization has monitored that process as part of their TCF, then we perform less work in that area..” – Accountant Dutch tax authority]

[“Everything that we see as necessary work for a tax audit, which is already

performed by a third party, whether that is the accountant, the organization, or an external advisor, will not be performed by us again..” – Accountant Dutch tax authority]

This supporting on others is not only represented visually via the audit layer model, but as mentioned in the theory section it leads to a sample reduction. Concerning the role of the TCF in this reduction the following was found:

[“The Tax Control Framework is your fiscal control instrument. It is thus the

instrument to lead to sample reduction” – Accountant Dutch tax authority]

This sample reduction is also mentioned by the Dutch tax authority in their report on their control method (Belastingdienst, 2013). During the interviews it came forward that full reduction is also possible when supporting only on the business itself, it is then not necessary to support on the work of the external auditor.

[“It is also possible to support fully on a business to come to a 100 percent reduction”

– Accountant Dutch tax authority]

COSO (ERM) and Tax Control Frameworks

During the interviews a lot of information was found on the contents of the TCF and whether or not business make use of COSO as a basis for internal control and/or their TCF. To be able to give a more concise depiction of this information I have put the mentioned parts of a TCF in table form (table 2). During the interviews some additional building blocks were found.

31 TABLE 2

Components of a Tax Control Framework

Mentioned by: Theory Dutch tax authority External auditor

Based on COSO (ERM) m m m

Tax strategy established m m n.m.

Applied comprehensively m m m Responsibilities assigned m m m Governance documented m m n.m. Testing performed m m m Assurance provided m m m Role of IT n.m. m m

Role of tax advisor n.m. m n.m.

( m = mentioned, n.m. = not mentioned)

During the interviews IT is mentioned as a crucial part of the Tax Control Framework.

[“IT is an essential part of the TCF that is found in all other steps that form the

TCF..”- Accountant Dutch tax authority]

[“Part of a TCF is your IT environment. The TCF could be used to explain how the

process of applying the correct percentages of VAT is guaranteed in the IT systems. In such a way that logical access management prevents others from changing the system. That could be part of your TCF” – Senior Manager audit]

Concerning the role of a Tax Control Framework, that is seen as an extension to the business control framework the following was found.

[“As a business I would want a more broad control framework, so not only taxes, but

reporting on all sorts of issues over which you want to be in control” – Manager Audit]

4.2 Audit of tax

To answer the sub-question “How does an external auditor use a TCF?” I have investigated the process of auditing for VAT in hospitals. An important aspect of an audit is determining materiality. Concerning the audit of hospitals the following was found on determining materiality.

32

[“Materiality for hospitals is determined on basis of who are the users of the financial

statements and therefore turnover is used as a benchmark... ..Since a few years we have deemed hospitals as a non-regulated industry which means materiality usually is two percent of the turnover.. ..Depending on specific situations, this could be lower, based on professional judgement.. ..However usually it is two percent.” – Senior Manager Audit]

[“I have seen some other Big 4 firms that sometimes use one percent” – Manager

Audit]

This two percent is for the statements as a whole. As was mentioned in the theory section there is also performance materiality which depends on the risks involved in an account or class of transactions. SAD is an amount to assure auditing differences Concerning this the following was found.

[“Depending on some factors performance materiality is set at 50 or 75 percent of

materiality” – Manager Audit]

[“For auditing differences we have a specified amount above which we are

willing/steering management to correct. This amount usually is five percent of materiality. Differences above this amount are reported to management” – Senior Manager Audit]

The results of the risks that are perceived when it comes to VAT and how a TCF is or is not used for the external audit is presented later on.

4.3 Tax audit

In the theory section the role of the TCF is described as a tool that is able to reduce the amount of work that the Dutch tax authority performs during their audit. Furthermore materiality is described as a monetary amount that determines the amount of work that the Dutch tax authority needs to perform. This leads us to the following question: “What is

materiality to the Dutch tax authority?” The Dutch tax authority published a table of

materiality levels in a report on how they fulfill their audit (Belastingdienst, 2013). The interviews confirmed the amounts mentioned in this table.

33

[“Under a certain amount our materiality is five percent. For higher amounts the

materiality is determined on basis of turnover categories. Above 140 million the materiality is always three million euro’s.” – Accountant Dutch tax authority]

When it comes to the zero-fault expectancy that was mentioned in the theory section, the following was found.

[“If you find mistakes that are above the correction limit, you correct them, it does not

matter if this mistake is above or under materiality. The costs we make for correcting are usually very low, say 100-200 euros.” – Accountant Dutch tax authority]

Concerning the findings in a sample, of which the size is determined based on the level of materiality and factors that lead to sample reduction, the following was found.

[“If you find a mistake in a sample you have to calculate whether or not the mistake

for the interval your sample represents is above materiality. If so, we correct for the entire interval. In theory it is possible that one invoice of 100 euros stands for an auditing interval of one million euros. If the mistake is under materiality we only correct the mistakes themselves.” – Accountant Dutch tax authority]

[“In theory it is possible that you find four invoices of 200 euro that are completely

wrong. It is then possible that you correct an interval of four million euros on the basis of 800 euros. The discussion with businesses are not easy in that case.” – Accountant Dutch tax authority]

Not only is it possible that a correction takes place for a sample, it is also possible that the Dutch tax authority undoes the reduction.

[“If there are mistakes in the sample, you cancel the reduction and will look at the full

books” – Accountant Dutch tax authority]

This means that the Dutch tax authority is able to correct for the full sample. If this sample is reduced, for example due to a proper functioning TCF, they will first undo this reduction and audit the unreduced audit sample, before determining whether or not to correct the complete population.