Tax Control Frameworks: From a TCF model to Tax Control disclosure in the firms’ annual report

(1)

Tax Control Frameworks:

From a TCF model to Tax Control disclosure in the firms’ annual report

Student number: S2752611

Student: Niels van der Meer

Institution: University of Groningen (RUG) Specialization: MSc Accountancy & Controlling Address: Bruntingerbrink 69

Postcode: 7812 VG Emmen Phone number: 06-31066099

Student mail: n.van.der.meer.4@student.rug.nl Course: Master Thesis

First reviewer: Prof. Dr. I.J.J. Burgers Second reviewer: Prof. Dr. H.J. ter Bogt

Date: 12-6-2016

(2)

1. Introduction

National and international developments in the tax dimension increase the focus on Tax Control Frameworks. The OECD called for an enhanced relationship between tax authorities and the tax administrations and intermediaries in 20041. Several countries followed the advice of the OECD and introduced monitoring frameworks in which the tax process instead of tax return is the main focus of the tax authorities. The Netherlands, for example, introduced horizontal monitoring in 2005. The society, including shareholders, puts also pressure on firms to pay fair taxes (FD, 29-10-2015) and applied pressure to these firms to be transparent about their contribution to the society through taxes among other through media pressure (Hoyng et al., 2015). These developments put pressure on the tax departments to get out of the “black boxes” and embed the tax department within the firm (Van Der Laan, 2009, p.4). Moreover taxes can be a material element in the results of the firm and could impact the firms’ reputation (Bakker and Kloosterhof, 2010; Van Der Laan, 2009). These developments demand transparency about tax information in annual reports and communicating significant tax risks with their stakeholders.

In the Netherlands, to control the tax risks and the accuracy and completeness of the tax information, firms have to implement a Tax Control Framework (TCF). Bakker and Kloosterhof (2010) described the TCF as follows: ‘A TCF should result in an effective, efficient and transparent tax function. In this tax function, risks that are not the counterpart of an opportunity are avoided to an efficient extent. All opportunities are made transparent as to risk and reward (taking into account the strategy of the organization) so that a reasoned decision can be made on which opportunities to pursue (and risk to take on) and which opportunities not to pursue. In a TCF for each process in an organization, the roles and responsibilities as to the tax aspects are set and procedures and tools are made available. The allocation of roles and responsibilities should be made in such a way that all opportunities and risks are spotted. Subsequently, in a TCF all of the above is properly documented and reported’ (p. 24). As Van Der Laan (2009) notices: ‘The right tax control framework can reassure investors and other stakeholders that the company’s tax affairs are under control and that tax risk is being taken seriously’ (p.5). This reassurance can be obtained by disclosing information about the TCF in the annual report.

1

In 2013, the OECD changed their policy about an enhanced relationship into a co-operative compliance relationship because “enhanced relationship” could give misunderstandings and could violate principles as equality. Co-operative compliance describes, in the opinion of the OECD, the concept the most accurately (OECD, 2013).

(4)

4 The Dutch Corporate Governance Code (2008) requires an annual report with discloses information about the Internal Control System (ICS); that significant risks are reported; shortcomings in the system are reported; significant modifications in the ICS are reported; planned modifications in the ICS are reported and that this all is discussed with the board of directors and audit committee (art. II 1.4). The International Financial Reporting Standards (IFRS) also require disclosed information about risks and how these risks are mitigated by the ICS. Furthermore, IFRS requires information about significant modifications in the ICS. The IFRS are mandatory for European listed firms since 2005. Finally, SOX Section 404 requires management to disclose information in the annual report about the adequacy of the ICS over financial reporting. Section 404.a requires a management statement in the annual report about the effectiveness about the ICS (Arping and Sautner, 2013). SOX applies to U.S. listed firms and foreign firms listed on the U.S. stock exchange. Because taxes do not only impact the financials of the firm but also areas such as corporate governance and corporate social responsibility, the TCF should be incorporated and therefore be in line with the overall ICS or Business Control Framework (Burgers and Van Der Meer-Kooistra, 2015; OECD, 2013; Van Der Laan, 2009). Therefore, based on the codes and rules described above, firms should disclose information about the TCF in the annual report.

At the moment of writing, June 2016, there are no special requirements to a TCF. But the OECD is working on principles for the TCF in cooperation with business and intermediaries (OECD, 2015). The Dutch Tax Authority discussed in their paper the COSO framework and Simons’ Levers of Control (Netherlands Tax and Customs Administration, 2008). The Dutch Corporate Governance Code (2008: p. 39) and the OECD (2013) used the COSO framework as an example for an internal control system. Finally, many scholars used the COSO framework in their papers related to the TCF (Colon and Swagerman, 2015; Graham and Bedard, 2015; Wunder, 2009; Bronzewska and Van Der Enden, 2014). For that reason the internal control literature view has been adopted in this thesis. The internal control literature states that an effective ICS consists of both hard controls and soft controls (Vaassen et al., 2009). Hard controls are written procedures and rules that guide and monitor the behavior of individuals in an organization and are output controls (Chtioui and Thiéry-Dubuisson, 2011; Vaassen et al., 2009). Examples of hard controls are segregation of duties, authorization procedures, reporting procedures, access controls and budgets. On the contrary, soft controls are related to controls of individuals’ attitudes and are process controls (Chtioui and Thiéry-Dubuisson, 2011; Vaassen et al., 2009). Examples of soft controls are unwritten traditions,

(5)

5 values, corporate culture and employee skills and training (Chtioui and Thiéry-Dubuisson, 2011; Falkenberg and Herremans, 1995; Vaassen et al., 2009).

Initiatives such as horizontal monitoring in the Netherlands changed the way of working into a co-operating way of working between the taxpayer and the tax authority (OECD, 2013). Therefore since 2013 the OECD refers to cooperative compliance instead of an enhanced relationship. This new way of working requires a change in attitude and behavior from both the tax authority and the taxpayer. The tax authorities are focusing on influencing the taxpayers behavior related to compliance. In the past the tax authorities had a looking backward focus. This focus resulted in time-intensive and monetary expensive procedures and an antitrust behavior between the two sides (Netherlands Tax and Customs Administration, 2008). The co-operating strategy is based on trust, behavior, willingness and communication and have a forward looking focus. The taxpayer is expected to disclose significant (uncertain) tax positions in its reports. In return the tax authority audits the TCF instead of the fiscal books of years ago. The tax authorities are also willing to help the taxpayer to resolute the uncertain tax positions (De Simone et al., 2013). This way of working will enhance the trust and co-operation between both sides. Transparency and disclosure are essential in this respect (OECD, 2013, p.54). Without a complete understanding of the case, the results of this new working are suboptimal. The good relationship with the tax authority (stakeholders), is not only based on complying with the law but also on adhering to its underlying spirit (Lanis and Richardson, 2012; OECD, 2013). Jackson and Hatfield (2005) described this issue as the tax perception of the taxpayer. They define the tax perception as ‘an internal psychological variable that reflects the manner in which taxpayers cognitively represent tax-related issues and experiences’ (p. 150). Van Der Laan (2009) notices: ‘In order to be successful it is imperative for companies to change the culture and attitude of the company towards the tax function. A key element is the development of a Tax Control Framework, which should be aligned with the business control framework’ (p. 5). First, this control system brings employees behavior into conformity with the organizational goals and values. Second, the TCF will result in more predictable behavior of employees (Weaver and Trevino, 1999). Finally, the TCF helps a firm to communicate clearly about tax issues with all its stakeholders (Peters et al., 2011). In this sense, the OECD (2010) notices: ‘The effectiveness of an Internal Control Framework starts with the moral and ethical values of the management of an organization and the way management ensures the implementation of these values in the day

(6)

6 to day operations’ (p. 8-9). This part of the control system is related to soft controls and especially tone at the top.

Studies related to TCF were conducted by Colon and Swagerman (2015), Erasmus (2009), Rabenort (2007), Bronzewska and Van Der Enden (2014), Kloosterhof (2009) and Peters et al. (2011). These papers have in common that they focused on hard controls in the TCF. For example the authors described the responsibilities related to tax processes within an organization. Peters et al. (2011) notice that ‘a TCF helps a company communicate clearly about tax issues with all its external and internal stakeholders’ (p. 32). Past research did not pay attention to the information that firms have to disclose in their annual reports about the TCF to inform the different stakeholders about the firms in control position related to taxes. Therefore the research question in the thesis is:

Which information should firms disclose in their annual reports about the TCF to inform their stakeholders about tax control?

Moreover, due to current developments in the interaction between tax authority and taxpayer, this thesis will answer the question whether this disclosed information has to be rule based or principle based (voluntary or mandatory).

This thesis contributes to the existing literature by investigating which information about the TCF has to be disclosed in the annual reports by the firm. Transparency is an important topic related to tax information. Past research used the word transparency to make clear that a TCF is important for firms and investigated the benefits of a TCF in the new way of working between tax authority and taxpayer (Bronzewska and Van Der Enden, 2014; Colon and Swagerman, 2015; Jacobs et al., 2015; Peters et al., 2011; Van Der Hel- Van Dijk and Poolen, 2013). But past research did not investigate which information should be disclosed to the firms’ stakeholders.

This thesis contributes also to the profession because it gives practitioners (controllers for example) concrete recommendations about which information to disclose to their stakeholders. Therefore this thesis can contribute to a further enhanced relationship between the firm and their stakeholders due to the enhanced transparency and disclosures of tax related items. Moreover, as PwC (2004) notices, tax risks and control is not just a tax department issue but it is relevant for the CEO, the board of directors, auditors and business unit managers. This thesis can contribute to their understanding of the TCF.

(7)

7 Further, this thesis contributes to the existence literature by analyzing the existing TCF models and presenting the including concepts in a clearer way by dividing them in hard controls and soft controls and the elements from the COSO IC Framework. In this thesis its is first investigated whether there is a common practice in the use of TCF’s. A TCF is required to achieve the necessary tax disclosure and transparency (OECD, 2013). The TCF is not optimal without soft controls (Vaassen et al., 2009). So if this research concludes that there is a lack of soft controls in the TCF models, policymakers and other stakeholders can conclude that the accuracy and completeness in tax disclosure and transparency is suboptimal. Therefore, this research paper can contribute to enhanced tax information in annual reports by enhancing the TCF as a side effect of the research aim.

This thesis is structured as follows. First, an overview of the relevant theory is presented. Second, the research methodology is described. Third, the current used TCF models are analyzed and compared to each other. Fourth, the information needs of stakeholders related to the TCF are analyzed and described. Finally, the conclusions and implications for future research are presented.

2. Theory

2.1 Legitimacy theory, stakeholders theory and institutional theory

Legitimacy theory

Legitimacy theory is a useful start to understand the recent developments of more tax transparency and disclosures in annual reports. Legitimacy theory states that there is a social contract between the firm and the society in which it operates. The firm should comply with the social expectations, norms and rules while they conduct their operations (An et al., 2011). An et al. (2011) states that it is not enough to operate within the social contract only. Firms get legitimacy only if the firms’ activities are congruent with societal expectations to those activities (Cho et al., 2012). Therefore, firms have to disclose information to the public. This information demonstrates the society that the firm operates within the bounds of the society (Cho et al., 2012), adhering to its underlying spirit and in the end retain legitimacy. Another advantage, which is in line with the tax authorities new way of working, is reducing potential regulatory costs. Firms face more exposure to social and political pressures to disclose more information (Cho et al., 2012). Being transparent will result in less in-depth investigations by the tax authorities.

(8)

8

Stakeholder theory

Transparent behavior may provide esteem and satisfaction to the firms stakeholders, as this behavior is seen as virtuous and desirable by stakeholders (Harrison and Wicks, 2013). This is also known as stakeholder management: ‘an organization behaving in such a way as to satisfy the needs and expectations of its stakeholders’ (Garvare and Johansson, 2010, p.737). Stakeholder theory states that ‘focusing on stakeholders, treating them well and managing for their interest, helps a firm create value along a number of dimensions and is therefore good for firm performance’ (Harrison and Wicks, 2013, p.101). Moreover stakeholder theory provides a platform for identifying key groups to whom a firm should direct its efforts (Shafiq et al., 2014). Foley (2005) defines stakeholders as ‘those entities and/or issues, which a business identifies from the universe of all who are interested in and/or affected by the activities of existence of that business, and are capable of causing the enterprise to fail, or could unacceptable levels of damage, if their needs are not met’ (p. 138). Stakeholders can be divided in primary stakeholders and secondary stakeholders. Primary stakeholders engage in direct economic transactions with the firm. They can directly affect firms’ performance and finally can be affected by the firms’ actions. Examples of these primary stakeholders are shareholders and financial institutions, employees, suppliers, customers and the government. Secondary stakeholders do not engage in direct economic transactions with the firm but can influence the firms actions and performance. Examples of secondary stakeholders are the community, media, academics, environmental pressure groups and fair trade bodies (Garvare and Johansson, 2010; Wu and Wokutch, 2015). These examples of stakeholders can vary over time due to the dependence on factors that determine the power balance among parties. Examples of these factors are the culture, type of market and the government system (Garvare and Johansson, 2010).

Institutional theory

As Abraham and Shrives (2014) notice, disclosure is not a purely economic decision. Social and political aspects need to be considered also (p. 93). Legitimacy theory also mentioned the social aspects of doing business in a society. The social and political aspects mentioned by Abraham and Shrives (2014) have been earlier described by DiMaggio and Powell (1983) as institutional isomorphism. Isomorphism is defined as ‘a constraining process that force one unit in a population to resemble other units that face the same sets of environmental conditions’ (DiMaggio and Powell, 1983, p. 149). DiMaggio and Powell (1983) identified

(9)

9 three forms of institutional isomorphism: coercive isomorphism, mimetic isomorphism and normative isomorphism.

Coercive isomorphism results from formal pressures by actors in the field, for example the government. For example, if a taxpayer wants to participate in Horizontal Monitoring by the Dutch Tax Authority it should have a TCF and be transparent about tax issues. This requirement is an example of coercive isomorphism. Also expectations from the society force the company to change some aspects of the organization, or related to the context of this thesis: their tax disclosure policies. The stakeholders could force the company to disclose more information about the firms’ TCF. At worst the company could lose its legitimize position in the market as noticed by legitimacy theory, if the company decides not to disclose the required information.

Mimetic isomorphism as DiMaggio and Powell describe ‘is the result of the tend to model themselves’ (the firm) ‘after similar organizations in their field that they perceive to be more legitimate or successful’ (p. 152). Mimetic isomorphism results from the imitation of best practices in the field. Brandau et al. (2013) described mimetic isomorphism as ‘follow the leader principle’, imitate the most successful firm in the field. Related to this thesis, Abraham and Shrives (2014) described mimetic isomorphism as ‘mimicking other companies disclosures, particular companies with good reputations’ (p. 93). Mimetic isomorphism could also be the result of hiring consultancy firms (Brandau et al, 2013). Consultancy firms apply their model of tax control, for example, in multiple companies. These companies adopt the perceived best practices in the field and signal to their stakeholders that their TCF is equivalent to the industry standard (Abraham and Shrives, 2014; Brandau et al, 2013).

Normative isomorphism occurs through professionalization. For example, firms recruit students from universities. These students have some common knowledge about TCF’s and understandings about what to disclose in the annual report about the TCF and apply this knowledge in their work. In that sense, universities can play an important role in the transparency and disclosure debate. Universities teach students and therefore can influence the future managers through teaching students about what is transparency, what is a good citizen, what to disclose and why it is important to disclose sufficient information about tax control to their stakeholders. Overall institutional isomorphism could cause a convergence in tax control practices in the field. However, isomorphism is dependent on the power relations in the field and from the field itself, the environmental conditions (DiMaggio and Powell,

(10)

10 1983). A common practice (TCF) could exist in the tax control field, but locally these TCF’s could be adapted with the local contingencies in mind.

Based on the theories described above firms have to disclose information about their TCF in their annual report. The society and stakeholders coerce firms to disclose this information otherwise the firm may lose its legitimate position in the market. To disclose sufficient information firms can benchmark themselves against firms with a good disclosure reputation or hire consultancy firms which provide the ‘state of the art’ TCF’s which are seen as the ‘best practices’ by the field. Moreover the universities can contribute to the disclosure issue by teaching students about what and how to disclose TCF information in annual reports, which models to apply and so on. However, behind the common practices, firms have to identify their specific stakeholders and the information needs of these stakeholders. Abraham and Shrive (2014) notice: ‘If companies only provide disclosures similar to other companies, they are likely to be general and non-specific. These general disclosures will be of limited use to readers and, unlike analysts, they may find it difficult to obtain more information about the company in order to assess the risks faced, assess the risk profile and evaluate the risk appetite. In the longer term, disclosures will be ignored as they are seen as unhelpful’ (p. 93).

2.2 Internal control frameworks

According to a brochure of the Dutch Tax Administration the Tax Control Framework (TCF) has to be part of the management control system (2008). With respect to the TCF, there is no required system of controls. The Dutch Tax Authority discussed in their paper the COSO framework and Simons’ Levers of Control (Netherlands Tax and Customs Administration, 2008). The Dutch Corporate Governance Code (2008) and the OECD (2013) used the COSO framework as an example for an internal control system. Many scholars used the COSO framework in their papers related to the TCF and state that COSO is used as the best practices (Colon and Swagerman, 2015; Graham and Bedard, 2015; Wunder, 2009; Bronzewska and Van Der Enden, 2014). Therefore in this thesis the COSO framework is adopted. The COSO framework is helpful to analyze, compare and understand the existence TCF models because this framework gives an overview about which control elements have to be included in an effective internal control system. Understanding the TCF is helpful to decide which information have to be disclosed to the firms’ stakeholders. Without understanding the system, it is hard to decide which information has to be disclosed.

(11)

11

Contingency theory

Contingency theory states that there is no control system which is applicable to all firms in all circumstances (Otley, 1980). Explanatory factors for the differences in control systems are: organization structure, technology, size, strategy and the environment (Otley, 1980; Chenhall, 2003). Contingency theory argues that there is no universal internal control system. Therefore there is no such thing as a standard checklist which has to be used to investigate if the tax risks and information provision to stakeholders are managed in the right way. Concluding, the information need of stakeholders depends on their context and the context of the company. These contextual differences have to be taken into account before implementing a common practice model, for example due to the differences in tax law and practices. Moreover, contingency theory could limit the usefulness of the results of this thesis.

The COSO framework

COSO introduced two frameworks: the COSO Internal Control – Integrated Framework (IC) (1992) and the COSO Enterprise Risk Management – Integrated Framework (ERM) (2004). ERM is more comprehensive relative to IC. It provides the context for evaluating risk, looks at the risks of processes and examines controls with looking at the purpose of the controls (Romney and Steinbart, 2012). Although the ERM model is more comprehensive, the IC model is most popular in practice (Romney and Steinbart, 2012; Van Der Ven, 2015). In their annual reports Philips N.V.2, Heineken N.V.3, Randstad N.V.4 mentions that it uses the COSO IC model. Therefore the IC model is adopted in this thesis. Figure 1 and 2 shows the COSO IC and ERM model.

Figure 1: COSO IC Framework cube Figure 2: COSO ERM Framework cube

2 https://www.annualreport.philips.com/#!/our-approach-to-risk-management-and-business-control/pagenr=1 3 file:///C:/Users/Acer/Downloads/Heineken%20NV%20Full%20Annual%20ReportInteractiveD.pdf 4 http://www.ir.randstad.com/~/media/Files/R/Randstad-IR/annual-reports/annual_report_randstad_2015.pdf

(12)

12 The IC model consist of five components: control environment, risk assessment, control activities, information and communication and monitoring. These components have to ensure the achievement of the three main objectives of the IC: effectiveness and efficiency of operations, reliability of financial reporting and compliance with applicable laws and regulations. Without discussing the components in detail (read contingency theory), the components are described based on the presence of hard controls and soft controls. As mentioned in the introduction section, an effective internal control system consists of both hard controls and soft controls. The importance of soft control increased due to the new way of working between tax authority and taxpayer (cooperative compliance). Before discussing the five components of the COSO IC framework, the concepts of hard control and soft control are clarified first.

To mitigate risks, organizations need both hard controls (formal controls) and soft controls (informal controls) in their internal control framework (Chtioui and Thiéry-Dubuisson, 2011; Vaassen et al., 2009). Soft controls create a climate of trust and confidence. Hard controls cannot mitigate all the risks the firm faced because of different contingencies (Chtioui and Thiéry-Dubuisson, 2011; Falkenberg and Herremans, 1995). Finally, a control system which is too formal would leave little room for initiatives in case of uncertain developments (Chtioui and Thiéry-Dubuisson, 2011). Chtioui and Thiéry-Dubuisson (2011) stated: ‘informal controls enables the control of the attitudes of the actors of the company through values, beliefs and unwritten traditions’ (p. 293). However, Chitoui and Thiéry-Dubuisson (2011) stated that in the literature there is no common content for soft controls. In their literature review corporate culture (beliefs and values), training and recruitment are frequently used words. A code of ethics is another soft control having two purposes: control of behavior like other formal controls and an adherence to the goals of the organization and the development or reinforcement of ethical behavior (Chitoui and Thiéry-Dubuisson, 2011; Barraquier, 2011). Most common terms in the literature on soft controls are: tone at the top, training, recruitment/competence, ethical values, culture, trust and mission statements (Annukka and Eklund, 2016; Anthony et al., 2014; Buhariwalla, 2006; Chtioui and Thiéry-Dubuisson, 2011; Falkenberg and Herremand, 1995; Kyriazoglou, 2012; Romney and Steinbart, 2012). On the contrary hard controls are written procedures and rules that guide employees’ behavior towards the firms’ objectives (Chtioui and Thiéry-Dubuisson, 2011). These formal controls constraints employees’ behavior by setting boundaries (Henri, 2006). Moreover, formal controls are used for planning purposes (Chenhall, 2003). Examples of hard controls are

(13)

13 segregation of duties, reporting procedures, authorizing, access controls, written monitoring, superiors closely observing employees’ work and budgets, (Chenhall et al., 2011; Chtioui and Thiéry-Dubuisson, 2011; Snavely and Snavely, 1990). The remainder of this section consists of the five components of the COSO IC framework.

The control environment is related to the corporate culture. This culture consists of the following elements (Romney and Steinbart, 2012; Vaassen et al., 2009):

- Management operating style and risk appetite; - The board of directors and their behavior;

- Commitment to integrity, ethical values and competence; - Organizational structure;

- Human resource standards; - External influences.

These elements are strongly related to soft controls. Romney and Steinbart (2012) notice: ‘if management has little concern for internal control and risk management, then employees are less diligent in achieving control objectives’ (p. 209). Van Der Ven (2015) notice: ‘are decisions taken opportunistically or do ethical values and integrity prevail in situations where stakes are really high? And how is the tone at the top?’ (p. 13). Related to the tax context, if the top management team states in their annual reports the importance of paying a fair tax or ethics related to corporate social responsibility, then it can be concluded that the TCF contains soft controls and the corporate culture is positive to transparency and disclosures.

The second element is risk assessment. This element of the control system identifies risks, analyzes those risks and determines ways to mitigate those risks with the aim to accomplish the firms objectives. This process is not directly related to hard or soft controls. Related to the tax and transparency context, firms have to disclose their tax related risk. The Dutch Tax Authority and other stakeholders could analyze whether this element of the control system is sufficient and moreover could analyze whether the control system is aligned with the risks and whether the identified risk is mitigated with the right controls. In line with the T3M model5 of PwC, firms have to identify the different types of tax risks they face. Firms can face transactional risk, operational risk, compliance risk, financial accounting risk, portfolio risk, management risk, reputational risk and legislative risk (Bakker and Kloosterhof, 2010; PwC, 2004). Transactional risk concerns the risks and exposure associated with specific transactions

5

(14)

14 undertaken by the firm. For example mergers and acquisitions or restructuring the firm. In these transactions there may be uncertainty about how to deal with and apply the relevant tax law, especially when judgment is needed. In routine transactions such as daily sales, the firms could implement procedures and systems to manage these transactions. PwC (2004) mentioned that ‘the highest risk transactions are those that are happening for specifically tax purposes e.g. a tax driven reorganization. Some parts of a transaction may be carried out to achieve a particular tax result’ (p. 4). Transactional tax risk may also result due to the absence of the tax department in the transaction or there is no TCF to decide which level of risk is acceptable. Operational risk as defined by PwC (2004) ‘concerns the underlying risks of applying the tax laws, regulations and decisions to the routine every day operations of the company. Different types of operation will have different level of tax risk associated with them’ (p. 5). For example transactions with third parties versus intra-group transactions. The risk related to the intra-group transaction are greater relative to the third party transaction due to transfer pricing issues. Compliance risk deals with the preparation, completion and review of the firms’ tax returns, so the technical aspects of tax law. Moreover in the current timeframe of technology, compliance risk deals with the risks in information systems. For example an up to date system related to the tax law and the controls in the system which have to ensure the integrity of the system (e.g. unauthorized people which have access to tax related information have to be eliminated). Financial accounting risk is related to the accuracy and completeness of tax accountants in de annual report. The aim of controlling this risk is avoiding a material misstatement in the annual report (Wesdorp, 2015). But a complex factor here is the uncertainty, PwC (2004) notices that the financial accounts related to taxes are based on estimates (p. 6). Internal controls and processes have to be implemented to mitigating this risk. Portfolio risk deals with the aggregate level of risk of operational, transactional and compliance risk and it considers the interaction between these forms of risks. Separately each of the risk is under control and below the acceptable threshold, but together they exceeds the threshold. This could have unacceptable financial and resource implications (e.g. man power) (PwC, 2004). Management risks involves tax risks due to the lack of skills from managers and other employees related to the tax function or relevant tax control knowledge and skills leaves the firm. Due to the lack of skilled people, lack of sufficient resources and so on, the firm could miss tax related opportunities or face unexpected risks with financial and resource implications. Without skilled and trained managers and sufficient recourses tax risks cannot effectively be managed (PwC, 2004; EY, 2014). Reputational risk as defined by PwC (2004) ‘concerns the wider impact on the

(15)

15 organization that might arise from an organizations actions if they become a matter of public knowledge’ (p. 8). As Bakker and Kloosterhof (2010) notice: ‘Being seen as a crook by your clients is generally not helpful if you want to generate business’ (p. 15). Therefore in line with legitimacy theory a firm could lose its legitimate position in the market by broken the social contract due its unacceptable behavior. An example of this reputational risk is the publication of the Panama Papers in April 2016. Due to his damaged reputation as Prime Minister, the Prime Minister of Iceland resigned (FD, 5-4-2016). He broke the social contract with his people and therefore they want a new prime minister. Finally the legislative risk. Legislative risk means the risk related to new or changed tax law and practices by the government or, for example, regulations by the OECD (EY, 2014). This could impact the firms’ financials, for example due to a change in the tax loss carry forward rule. A shortened time frame for the carry forward means less opportunity to forward the incurred losses and therefore, ceteris paribus, if the company makes a profit, paying more taxes in the future.

The third element is control activities. The control activities are the responses on the identified risk. The aim of the control activities are reasonable assuring that the identified risks are mitigated (Romney and Steinbart, 2012; Vaassen et al., 2009; Van Der Ven, 2015). Vaassen et al. (2009) notice that the control activities encompass all control measures discussed in the internal control and management control literature (p. 34). PwC (2004) and Van der Ven (2015) notice that control activities should be selected in order to mitigate the risks effectively (p. 21; p. 13). Therefore it can be concluded that the control activities element could consist of both hard controls and soft controls. To get a complete understanding of their TCF and its effectiveness, firms have to disclose information about the control activities specified by the identified risk.

The fourth element is information and communication. Information and communication is related to gathering, recording, processing, storing, summarizing and communicating information about the functioning of the first three components of internal control system (Romney and Steinbart, 2012; Van Der Ven, 2015). This element is not clearly related to the concept of hard and soft control. The reporting process is more related to the fifth element of the IC framework: monitoring. Therefore this process is discussed in the monitoring element. The last and fifth element of the IC is monitoring. The OECD (2013) notice: ‘Effective internal control systems supply business management with reasonable assurance on the achievement of the objectives of the organization. Monitoring is the component in the ICF

(16)

16 that delivers this assurance’ (p. 62). Both the internal and external environment (could) change over time. The purpose of monitoring is to assess and improve the internal control system. The internal control system has to be adapted to the new (changed) environment to be an effective response to the new (changed) set of risks. Therefore the internal control system has to be monitored by an internal auditor, controller or related function (Romney and Steinbart, 2012). Internal control deficiencies have to be reported to the top management and the internal control system has to be modified. So, the monitoring element is a continuous process within the internal control system. Based on Romney and Steinbart (2012) the monitoring process can be divided in different activities:

- Perform internal control evaluations: internal control effectiveness is measured using a formal evaluation/audit;

- Implement effective supervision: involves training, assisting employees, monitoring their performance, correcting errors and overseeing workers who have access to assets;

- Use responsibility accounting system: involves budgets, quotas, schedules and quality reports;

- Conduct periodic audits: both internal and external audits can asses and monitor risks and detect errors in the internal control system;

- Monitor system activities: involves detecting illegal access, test for weaknesses and vulnerabilities in the internal control system, report weaknesses found and suggest improvements.

The activities described above consist of hard control elements as well as soft control elements. Training and assisting workers are soft controls. The other activities/examples are hard controls. In the context of the annual report, firms should disclose information about reported internal control deficiencies and their follow-up actions. This information gives insight in the effectiveness of the TCF and in the learning process of the TCF as well as the process of optimizing the TCF. If, based on the disclosed information, the tax authority concludes that the TCF is effective, the tax authority can rely on the information (returns submitted) provided by the firm (OECD, 2013). This will reduce the audit activities conducted by the tax authority and therefore the compliance costs for firms.

Concluding, both hard controls and soft controls are included in the COSO Internal Control framework (IC). Therefore a proper implementation of the IC framework, depending on contingencies as mentioned by contingency theory, should result in an effective internal control system for the firm. This effective internal control system should be able to help the

(17)

17 firm to manage and control its tax risk but also disclosing relevant information to their stakeholders.

3. Research design

3.1 Research questions

To investigate the research question: Which information should firms disclose in their annual reports about the TCF to inform their stakeholders about tax control? this thesis consists of four sub questions:

1. Why do firms have to disclose information about their TCF in the annual report?; 2. What do Dutch Stock Listed firms disclose in their annual report about their TCF?; 3. What says the law, the OECD and the literature about the content of the TCF?;

4. How do TCF models look like in practice and which elements are of interest for

stakeholders?

Sub question 1 shapes the context for the need to disclose information about the TCF by firms. Moreover it gives indications about which information stakeholders demand. Sub question 2 provides us with knowledge about the current state of TCF disclosure in annual reports.

The third sub question provides a direct answer to the research question because if the law requires some characteristics, they have to be disclosed in the annual report. The disclosure of these characteristics shows the stakeholders that the firm is in control related to tax law. This thesis is limited to the Dutch legislation. During the research process, the UK approach has been noted. Therefore, without being legally complete, the UK approach is described in this thesis and compared to the Dutch law. The OECD statements about the TCF are relevant because initiatives by the OECD often will result in adaptations in policies in the local political environment (Colon and Swagerman, 2015).

Finally, comparing and analyzing existing TCF models has the aim to investigate whether there is a common practice related to TCF. If the answer can be positively answered, the answer to the research question will be more relevant to practice because the results of this research are published in the context of conditions in which practitioners live and interact with stakeholders (Tucker and Lowe, 2014). Also, analyzing and comparing the existent TCF

(18)

18 models provide us with understanding about the TCF. Without understanding the existing TCF models, answering the research question is not possible.

3.2 Research Method

The first sub question is investigated by a literature review and related to the legal component limited to the Dutch context. The second sub question is analyzed by a content analysis. The 2015 annual reports of nine firms are analyzed. The risk management section in the annual reports is analyzed on tax related items. Therefore the word tax is the main searching term in this section. The nine companies have been chosen based on the VBDO Tax Transparency Benchmark 2015. Only nine companies scored 50% or above on the benchmark and are therefore qualified as appropriate (VBDO, 2015). Moreover due to the time constrain of this research, it was not possible to analyze more or all annual reports of Dutch Stock Listed firms.

The third sub question is investigated by analyzing the Dutch Law related to the annual report, documents from the Dutch Tax authority related to the TCF, documents from the OECD related to the TCF and a literature review. The literature review provides clearness about concepts from the law and the OECD. Due to the accounting background of the researcher, concepts in law could be hard to understand and read. The literature could mitigate this misunderstanding. Moreover the literature could give insights in opinions from professionals. If these professionals are, for example, working for a consultancy firm it is likely that their opinion could be working practice in the future (mimetic isomorphism). Finally, the method used to analyze and compare the TCF models is analytical. As Nørreklit (2000) notices: ‘the analytical approach is aimed at increasing the level of clarity and precision in the meaning of the concepts used in the model’ (p. 69). Thus, through the use of soft controls and hard controls concepts as well as the control elements as described by the COSO IC framework, the published frameworks can be analyzed and compared to each other in a clear way. These central concepts are helpful in making clarifications in the used concepts of the published models. In this analysis published TCF models of the BIG 4 accountancy and consultancy firms are used. The chosen firms are appropriate because they are one of the four main consultancy firms around the world (PwC, EY, KPMG and Deloitte) and therefore could be argued to be the best available knowledge applied in the TCF models. Further, the analysis of TCF models published by the selected consultancy firms is appropriate for two reasons. First, the top three firms awarded by the VBDO (2015) for their

(19)

19 transparency about tax issues do not report about their TCF in their 2015 annual report. Therefore, due to the lack of published TCF models in annual reports, it is not possible to analyze in practice used TCF models. The second reason why the consultancy models are appropriate is that these models could be a proxy for the practically operating models. As described in the theory section, due to institutional (mimetic) isomorphism firms adopt a TCF model by hiring a consultancy firm. Moreover an interview with a BIG 4 consultant was conducted. This interview gives a practical view on the TCF and its elements. Moreover the interview is used to validate the research results. This research design is a desk field research, the interview results provide insights in the practice of the TCF. Appendix A contains the interview questions and answers. The interview was conducted face to face and had a duration of about two hours. The answers were directly written on paper. To mitigate the risk of inaccurate notes, the notes were sent to the consultant for a validation check. The second part of this sub question is related to the information needs about the TCF by stakeholders. This thesis is limited to the shareholders. The annual report has, related to agency theory, the primary purpose of accountability by the management team to the shareholders (Morris, 1987). Moreover, related to stakeholder theory, shareholders are primary stakeholders (Garvare and Johansson, 2010; Wu and Wokutch, 2015). This analysis was conducted by reviewing the literature on the interest by shareholders. The literature review is helpful in analyzing which information about tax control and especially the TCF the shareholder needs. Finally, the literature was reviewed on rule based and principle based disclosures. This literature review has the aim of providing a scientific advice about how to implement (rule based or principle based) the recommendations to tax control disclosures in the firms’ annual report.

4. Results

4.1 Why disclosing information?

In this section, the first sub question is answered: Why do firms have to disclose information about their TCF in the annual report? The answer to this question is divided into two parts: a

(20)

20 4.1.1 The Dutch law

The Dutch law requires risk disclosures in the annual report (Art. 2:391.1 BW)6. The law is not specific about which risks have to be disclosed but states ‘the main risks and uncertainties’. Tax risks could be a main risk to the firm because it could have a material effect to the financial statements (Bakker and Kloosterhof, 2010; Van Der Laan, 2009). Therefore firms have to disclose information about tax risks and how they controlled these risks in their annual report. But the content of this disclosure is not clear and depends on the specific circumstances of the firm and their risk. Moreover the risk appetite of the management team could influence the tax risks disclosure because the word ‘main’ implicitly notices that the management team needs their professional judgement to decide which risk is a main risk.

An interesting section is Art. 2:391.5 BW. This section states that a governmental decree could impose additional requirements related to the annual report. A code of conduct or Corporate Governance statement is explicitly stated as example of an additional requirement. A governmental decree in 2009 noticed that the code of conduct in Art. 2:391.5 BW means the Dutch Corporate Governance Code7. This code (2008) states that the top management team is responsible for the internal control and risk management and discuss these issues with the board of directors and the audit committee. Moreover Art. II. 1.4 states that the firm have to disclose their main risk related to the strategy and business; a description about the Internal Control Framework (ICF) and their effectiveness; shortcomings in the ICF and planned modifications to the ICF. The TCF is part of the overall ICF (Burgers and Van Der Meer-Kooistra, 2015; OECD, 2013; Van Der Laan, 2009). Therefore, the Dutch Corporate Governance Code is also applicable to the tax context and especially to the TCF. Finally, Art. II. 1.5. This article states that the top management team of the firm have to declare in the annual report that the firms’ ICF assures financial statements without material weaknesses. Moreover the top management team have to provide a clear and comprehensive underpinnings of their statements.

4.1.2 The increasing pressure from stakeholders to disclose information

The 2008 financial crisis causes an increased attention to internal control and risk disclosure in annual reports due to different accounting scandals like Enron, WorldCom and Ahold (Hooghiemstra et al., 2015; Peters et al. 2009). This financial crisis has also led to a fiscal

6

Art. 2:391 BW is not applicable to small firms (Art. 2:396.7 BW). Small firms are firms with assets of less than € 4.4 million; less than 8.8 million revenues and less than 50 employees.

7

(21)

21 crisis. In that sense that the media published articles about aggressive tax planning activities of multinationals, which causes moral outrage in the society (Happé, 2015). This fiscal crisis led to an increasing attention to internal control disclosures in annual reports by stakeholders because internal control disclosures provides information to stakeholders about the reliability and timeliness of the financial information (Hooghiemstra et al., 2015; Peters et al., 2009). This information, for example, may be used to scrutinize the top management team for paying a fair tax. As Stevens (2015) noticed: ‘The society as a cooperative community based on the obligation to pay a fair tax’ (WFR 2015/1060). The society, including firms, is build on a citizenship contract which is based on a mutual belief in good intentions: paying a fair tax (Happé, 2015). Therefore firms must not only act out of self-interest but should also take into account the interest of society as a whole. Firms have to show the society that they act within the boundaries of the citizenship contract by disclosing information about their taxes paid, tax risks and TCF to retain their citizenship contract. In this sense it can be stated that it is, sometimes, better for firms to stay well within the boundary of the tax law and disclose sufficient information because the society could punish firms by negative publicity. In the current information and internet society, firms have to take into account that confidential information could be leaked. This development increases the risk of reputational damage for firms (Happé, 2015). The public opinion developed a norm to such extent that a firm is forced to meet this norm, although not meeting this norm is not in conflict with the law (Stevens, 2015). This norm is a form of coercive isomorphism. Also, related to the internal control theory, this norm is a form of extrinsic motivation and hard control, because the firm discloses information for preventing itself for reputational damage. Moreover the firm could check if it disclosed sufficient information to stakeholders by observing their reaction to the disclosed information. Besides the coercive isomorphism, Happé (2015) described in his article a form of mimetic isomorphism. He quoted a PwC international tax director on the question if tax advisory has a moral dimension: ‘I think it does […]. It’s not only what companies could do but what they should do’ (WFR 2015/938). The tax director notices further: ‘Professional services firms have a role to play in helping think about what’s acceptable and appropriate’ (FT, 7-10-2014). From this statement it can be derived that tax advisors see the importance of moral tax behavior and in the extent be transparent about tax issues in the annual report. These tax advisors advise firms in their tax policies and strategies and therefore could influence the tax disclosures in the annual report.

(22)

22 4.1.3 Conclusion

In this section the sub question: Why do firms have to disclose information about their TCF in the annual report? is answered. Firms have three reasons to disclose information about the

TCF in the annual report. First, the Dutch law (coercive isomorphism) forces firms to disclose information about their TCF in the annual report. This disclosure have to be clear and comprehensive. The law does not specify the content of this disclosure. This disclosure provides the stakeholder with information about which tax risks the firm faced and if this risk assessment is comparable with their risk assessment. A possible gap in identified risk could mean that the risk assessment element in the TCF is suboptimal. Also, the stakeholders could analyze or the firm is in control related to their tax risk.

Second, the “immoral” behavior of large firms in tax aggressive strategies led to moral outrage in the society. This society, stakeholders, forced (coercive isomorphism) the company to disclose sufficient tax information in their annual report on penalty of reputational damage and losing their legitimate position in the society.

Finally, the mimetic isomorphism is driven by the tax advisors. As they recognize the moral aspects of tax behavior and disclosure, they influence the firms’ TCF disclosure policy by their advice.

4.2 The disclosure in annual reports of Dutch Stock listed firms

In this section the second sub question is answered: What do Dutch Stock Listed firms

disclose in their annual report about their TCF? The annual reports of nine Dutch Stock

Listed firms were analyzed. These firms are: Unilever, KPN, DSM, Shell, ING Group, Heineken, Kendrion, Philips and Rabobank. The risk management section in the annual reports was analyzed on tax related items, therefore the word tax is the main searching term in this section. First, the tax transparency reports of the BIG 4 firms were analyzed to produce a framework which is helpful to categorize the TCF disclosure in annual reports. Also, these reports are helpful in concluding whether the current disclosure is sufficient related to these reports. The second part of this section shows the results of the annual report analysis.

4.2.1 BIG 4 transparency reports

The BIG 4 firms (Deloitte, EY, KPMG, PwC) published on their websites reports about transparency and which information firms should disclose about taxes. In these reports (Deloitte, 2014; 2015; EY, 2013; KPMG, 2015; PwC, 2015a) the firms discussed disclosures related to tax control. In addition to the financial information about taxes, the firms discussed

(23)

23 financial information about taxes and especially tax governance information. The non-financial tax disclosure recommendations are summarized per firm in table 1, because this thesis focuses on these non-financial information. Table 1 is compiled on the basis of the order of advices in the reports. Table 1 shows similarities in their recommendations across the firms. Based on these similarities the following categorization is made for the analysis of the annual reports: Tax strategy and policy; Tax risk identification and assessment; Relationship with tax authorities; Tax risk management; The firms’ operating environment; Compliance statement and Responsibility for taxes.

Table 1: Tax control disclosure items in annual report per BIG 4 firm

Deloitte EY KPMG PwC

Tax

policy/principles/strategy

Tax policy/principle Tax policy/strategy Tax strategy

Tax risk identification Tax governance Attitude toward tax

and tax risk

Tax objectives

Tax risk evaluation Company’s risk

profile and whether the firm engages in disputes with tax authorities

How the firm identifies tax risk, documents risk and monitor risk

Material tax risks

Tax risk management Relationship with tax

authorities

Relationship with tax authorities

Policies in key areas for business

Communicating in which environment the company operates.

A compliance statement

How the tax strategy and function are managed

Who has

responsibility for taxes

(24)

24 4.2.2 Tax control disclosure in annual reports

The disclosure in the annual reports were analyzed on the following items (see section 4.2.1): Tax strategy and policy; tax risk identification and assessment; relationship with tax authorities; tax risk management; the firms’ operating environment; compliance statement; responsibility for taxes. Table 2 shows the results from the annual report analysis per firm. The results shows that no firm meets the recommendations by the BIG 4 firms. However, the first three firms (also indentified as number 1,2,3 by the VBDO 2015 tax transparency index) are the most comprehensive and complete in their tax control disclosure. The firms which did not disclose their tax strategy in the annual report published this strategy on their website. Therefore not disclosing information in the annual report does not automatically imply that the firm did not provide the information to the stakeholders. Related to the tax risk identification and assessment and the compliance statement, most firms disclose some information in their annual report. But about the other issues there is no common practice in disclosure. Therefore, based on the BIG 4 firms tax transparency reports, the current tax control disclosure of Dutch Stock Listed firms is suboptimal. A result from the analysis is that some firms hire their audit firm (BIG 4 firm) to advise the firm about tax risk and tax risk management. These advisors have some influence about the firms’ tax policy. Therefore it is surprising that these firms are not optimal in their disclosure, measured by the tax transparency reports of the tax consultants. It has to be noticed that three firms explicitly notices in their annual report that they use tax consultants for advice about tax control and that two of these firms are within the three most tax transparent firms in the Netherlands. This result supports the idea of mimetic isomorphism as discussed earlier.

(25)

25

Table 2: Tax Control disclosure in the 2015 annual report by Dutch Stock Listed firms

Unilever KPN DSM Shell ING

Group

Heineken Kendrion Philips Raboban

k Tax strategy/policy/princip les Global Tax principles (p.57) P. 30, reference to the website. On p. 28 DSM published their tax policy. No disclosur e Tax principles (p. 6, 18). No disclosure Tax policy (p. 26). No disclosure Tax governanc e (p. 131)

Tax risk identification and assessment Using a Tax Risk Framework to assess direct and indirect tax (p. 57) Reputationa l risk is always part of the consideratio n (p. 63). Using a Tax Control Framework the Group taxation is aware of the world wide tax risks for the firm and adequately In the risk factor section (p. 8) Shell discusse d the risks they faced includin g tax In the risk and capital managemen t (p. 50) section, ING discussed their tax risk. In their risk managemen t section (p.22), Heineken discussed their risk including tax risk. In collaboratio n with tax consultants Kendrion assessed whether fiscal developmen ts could have an effect on the firms’ In the overall risk assessment Philips described the different tax risk they face (p. 66) No disclosure. Rabobank noticed legal, reputation al and complianc e risk (p. 87,100)

(26)

26 manage

these risks (p. 29).

risks. subsidiary

Relationship with tax authorities No disclosure KPN participates in the Dutch Co-operative compliance program (p. 30). DSM works closely with the tax authorities (p. 28). No disclosur e No disclosure No disclosure No disclosure No disclosure No disclosure

Tax risk management Tax Risk Framework : identify, assess, control, monitor and evaluate. Moreover they Tax Control Framework: design of key controls for corporate income tax. Continuousl y monitoring Tax Control Framework to achieve an effective, efficient and transparent tax No disclosur e No specific disclosure about tax risk managemen t. No disclosure about tax risk managemen t. Tax compliance audit programme: review and assess of the operating subsidiary compliance with the No disclosure No disclosure

(27)

27 explicit notice that they hire PwC for tax advice (p. 57). and optimizing the Framework (p. 30). function, it is a control system (p. 29). regulations, rules and disclosure requirement (p. 39).

The firms’ operating environment Unilever is subject to national and regional laws and regulations in taxes (p. 41). No disclosure The environme nt is not explicit noticed. DSM noticed that it is transparent towards tax authorities in all countries in which it Shell operates in more than 70 countries that have differing degrees of political, legal and fiscal stability (p. 9) No disclosure Heineken disclosed information about the markets in which it operates but not specific related to taxes. No disclosure, just that they operate in countries. Phillips described the markets in which it operates but not tax related. Rabobank disclosed informatio n about the market in which it operates, but not related to taxes.

(28)

28 operates

(p.28)

Compliance statement Not specific, the aim Tax Risk Manageme nt is to be compliant (p. 57). KPN provides an internal Tax in-control statement (p. 30). Not specific but the aim is to ensure compliance (p. 29). No disclosur e Not specific, but they have the intention to comply with relevant law (p. 51). Not specific, but the audit committee have to monitor the firms’ tax planning activities (p. 40). Not specific, but the aim is to comply with all applicable rules and regulations. No aggressive tax structures are employed (p. 39). No disclosure, but the audit committee review tax issues (p. 88). Not specific, but the auditor discussed in his section that he hires fiscal consultant s to assure the fiscal processes and position (p. 252). Responsibility for taxes

(29)

29 regulatory specialists and PwC consultants (p. 57). corporate tax department. Also, they hired EY for advice (p. 30, 167). level, Group taxation (p. 100). disclosur e

disclosure disclosure subsidiaries, but the headquarter s monitors using Tax consultants. disclosure disclosure

(30)

30 4.2.3 Conclusion

In this section the sub question: What do Dutch Stock Listed firms disclose in their annual

report about their TCF? is answered. The Dutch Stock Listed firms disclose information in

their annual report about tax control. Four (out of nine) firms explicitly noticed that they use a TCF. As part of the control environment or tone at the top, all firms developed a tax policy. Six firms explicitly mentioned in their annual report that they have a tax policy. The other three do not but they published a tax policy on their website. All nine firms disclosed information about how they identify and asses risk or disclosed the risk they face. Related to tax risk management and therefore to control activities and monitoring, just four companies disclosed information in their annual report. Moreover these four firms disclosed information about the responsibility for these activities in their annual report. Two firms disclosed information about the information and communicating part of their TCF. Both firms (KPN and DSM) explicitly noticed that they communicate with the tax authorities. Moreover KPN provided internally a tax in-control statement. Concluding, based on the BIG 4 firms tax transparency reports, the disclosure in annual reports about the TCF is suboptimal.

4.3 The content of a TCF

In this section the third sub question is answered: What says the law, the OECD and the

literature about the content of the TCF?

4.3.1 The Dutch Law

Based on the literature review the Dutch General Administrative Tax Law8 (AWR) is analyzed, especially art. 47 and art. 52 AWR (Oenema and Van Der Enden, 2013; De Blieck and Van Elk, 2015; Van Der Enden and De Groot, 2015). Art. 52 AWR notice that firms have an accounting duty. The accounting function must work effectively, in that sense that at any time the rights and obligations of the firm are known. The last sentences of Art. 52.1 AWR, “and other information which is important for the levy of taxes”, could mean that beside the financial administration also the internal control system and therefore the TCF is part of the administration duty of the firm. De Blieck and Van Elk (2015) confirms this analysis. Art. 52.6 AWR indirectly referred to the internal control system. This article notices that the firm has to provide the necessary cooperation to the tax authority with the aim to get an understanding in the design and functioning of the accounting function. Concluding, Art. 52

8

(31)

31 AWR does not explicitly rule that a firm should have a TCF. Neither does Art. 52 AWR prescribe how to build a TCF.

Second, Art. 47 AWR. This article notices that firms have to provide the necessary information, asked by the tax authority, for the levy of taxes to the tax authority. This means that the tax authority has the power to ask the firm for information about their TCF design and functioning. But the law is not specific about which information. So far, there are no legal requirements to the content of a TCF.

As the Dutch tax law does not provide any information about the content of the TCF, a memorandum of the Dutch Tax Authority9 (2008) about horizontal monitoring was analyzed. The memorandum states that the firm has to implement a TCF if the firm wants to cooperate with the tax authority in the horizontal monitoring regime. The Dutch Tax Authority does not mention any requirement to the TCF but they refer to the COSO framework and Simons’ Levers of Control Framework as starting point for the development of a TCF. The Levers of Control Framework is used as a framework for interviewing the taxpayer about his TCF. The COSO Framework is the most “logical” framework for developing a TCF because this framework is the most used framework in practice for the overall Internal Control System and the framework is used in publications by the BIG 4 firms (p. 21). Every TCF is tailored to the business in question. Therefore the COSO framework is a good starting point. But knowledge of the business, its processes and the firms’ tax policy is important to develop a TCF. So far, no requirements to the TCF are provided neither in hard law nor in administrative guidelines. The Dutch Tax Authority only noticed that the TCF scope has to be broad. A TCF encompasses all taxes and not just, for example corporate income taxes (2008, p. 22). In chapter 8 of the 2008 memorandum, the Dutch Tax Authority presented examples of TCF implementations. These examples could be an indication of good practices and therefore implicit requirements for a good TCF. The described TCF is based on the COSO Framework. Within the TCF, given as example by the Dutch Tax Authorities, the starting point is the identification of material processes related to tax. These processes are described and documented. Based on the process description a risk identification and assessment is conducted. Next, the identified risks are covered with key controls. Finally, the operation of these key controls are periodically tested. A missing link in this TCF is the monitoring element that is included in the COSO framework. The key controls are tested but nothing is

9

Tax Control Frameworks: From a TCF model to Tax Control disclosure in the firms’ annual report