ATO releases Guide to Independent Data Testing by Third Party Advisors

15 October 2021

In brief

The Australian Taxation Office (ATO) has released its Guide to Independent Data Testing by Third Party Advisors (the Guide) for the top 100 and top 1,000 taxpayer goods and services tax (GST) assurance programs. The purpose of the Guide is to explain the ATO’s expectations and conditions for top 100 and top 1,000 taxpayers when engaging a third-party advisor to undertake the independent data testing that can be relied upon by the ATO in a GST assurance review. The Guide follows on from the ATO’s GST Governance and Data Testing Guide released in July 2020 (see PwC’s previous Tax Alert discussing the earlier guidance).

Generally, as part of the ATO’s GST assurance reviews in the top 100 and top 1,000 markets, the ATO will test a taxpayer’s data and transactions to assess whether their business systems are capable of correctly calculating and reporting GST. This may involve either the ATO undertaking the data and transaction testing directly, or the ATO reviewing and verifying the independent data testing by a third-party advisor engaged by the taxpayer. For the ATO to rely on the results of the independent data testing, taxpayers and their advisors will need to agree the scope of the testing with the ATO. The Guide provides a detailed framework for a uniform, consistent and transparent approach by the ATO to independent data testing undertaken by a third-party advisor. 

In detail

The ATO’s Guide addresses the following five key topics:

1. When independent data testing is appropriate
2. Independence of the third-party advisor
3. The ATO’s approach to independent data testing
4. Information required in the report of factual findings 
5. Data testing scope 

When independent data testing is appropriate

The ATO considers that independent data testing may be appropriate where various conditions are met, including that:

1. The taxpayer requests that data testing be undertaken by a third-party advisor. 
2. The third-party advisor is independent and has the requisite system capability and GST expertise to undertake the data testing.  
3. The scope, methodology and the data testing plan, including the full details of the procedures for each test, to be agreed with the ATO before the commencement of any data testing.

It is expected that a taxpayer and their advisor will collaboratively engage with the ATO as part of the review process.

Where the conditions above cannot be satisfied or if the taxpayer has chosen not to engage a third-party advisor, the ATO will conduct the data testing. 

Independence of the third-party advisor

The third-party advisor must attest that it is independent from the day to day operations of the taxpayer’s business and has not been involved in any aspect of the underlying data to be tested. This includes the data input/Business Activity Statement (BAS) preparation exception reporting process or responsibility or accountability for controls in place for data and BAS preparation. 

The ATO includes a number of scenarios to provide practical guidance on independence, as follows:

Where there is uncertainty as to the independence of the advisor, this should be raised with the ATO at the earliest opportunity. 

The ATO’s approach to working with the taxpayer and third-party advisor

The ATO acknowledges that a tailored approach will be taken to data testing for each taxpayer, but that the third-party advisor’s scope must reflect the requirements set out in the Guide, including the following:

• For a Top 100 taxpayer, the ATO will confirm the scope, methodology and tests to be performed after the walkthrough of the taxpayer’s business systems. For a Top 1,000 taxpayer, the ATO will seek to engage with the taxpayer during the notification period before the commencement of the assurance review to discuss its data testing requirements.
• The ATO will request full details of the third-party advisor’s testing and procedures for each test to ensure the data testing meets the ATO’s requirements. The taxpayer will provide to the ATO the third-party advisor’s full report of factual findings. The taxpayer will retain the full data and provide it to the ATO if requested.
• The report of factual findings will not be binding on the ATO or preclude the ATO from undertaking further verification and validation of the findings or conducting its own testing. Where errors or exceptions are unable to be validated or reconciled by the taxpayer, the ATO may request the taxpayer to provide the full data set or request secondary testing to re-run the tests. The ATO may select a sample of transactions for transaction testing either by the third-party advisor or the ATO.
• The ATO will make an assessment of whether or not the taxpayer’s GST systems are capable of recording and reporting the right amount of GST as part of the GST assurance review. The assessment will be based on all of the objective evidence provided by the taxpayer including underlying source documentation, the results of the data and transaction testing undertaken and the factual findings report.

Where a taxpayer is undertaking preparation work prior to the notification of a GST assurance review, including data testing, the ATO will leverage, where possible, the data testing undertaken prior to the commencement of the review where the scope, methodology and tests performed align with the review. 

Information required in a report of factual findings

The ATO set out a detailed and extensive list of requirements for matters to be included in the report of factual findings resulting from the data testing. Some of the key requirements are:

• The scope of the data testing engagement and the data tests performed, including details of bespoke testing undertaken and the basis of those bespoke tests. 
• A listing of the specific procedures performed, detailing the nature, timing and extent of each procedure and a statement that the procedures performed were those agreed with the ATO (or  identification of any of the procedures agreed in the terms of the engagement which could not be performed and the reasons why).
• A statement attesting to the independence and the GST expertise of the third-party advisor. 
• A description of factual findings in relation to each test/procedure performed, including:
  • Step by step details of any formatting/manipulation or adding to the raw data;
  • The control checks / reconciliations of raw data confirming the data integrity and reliability of the test outputs;
  • the full criteria of each test/procedure and the transaction (line-by-line) results for each test; and
  • full details of all errors and exceptions identified, including:
    • Total number of transaction in the data set
    • Total number of transactions covered by each test and the total number of errors and exceptions for each test
    • transaction listing of exceptions (including false positives) and errors identified and the aggregated value and the GST amounts for each test
    • full details of transaction testing undertaken in relation to any errors or exceptions found
• reconciliation of the raw data to the general ledger and the BAS for the data testing period. 

Data testing scope

The Guide sets out a four step process for determining the scope of data testing, as follows:

1. Selecting the entity

For top 100 taxpayers, the data testing should provide greater than 75 per cent coverage of the GST throughput of the economic group under review. GST throughput refers to the total value of GST transactions that the taxpayer manages, which is the sum of GST on sales (BAS Label 1A), GST on purchases (BAS Label 1B), and deferred GST on imports (BAS Label 7A)). This may comprise a single GST reporting entity, multiple GST reporting entities or business divisions of those entities. It should also include entities or business divisions with unique or complex transactions and those that may present potential GST risks, including new IT systems, changed business operations models, outsourced functions and special purpose vehicles.

For top 1,000 taxpayers, the ATO will review the largest GST reporter in the economic group and may include other entities which may present potential GST risks (i.e. those with complex transactions or recent business system changes)

2. Selecting the data test period 

The ATO considers a data set of at least three consecutive months (approximately 25 per cent of all transactions - the ‘testing period’) within the 12-month period that aligns to the most recent income tax return lodged is generally appropriate for the data testing. However, consideration should also be given to certain risk factors (for example, changes in business systems, changes in the business model, mergers and acquisitions, etc) in nominating the proposed data test period.

3. Selecting the test data

The data set should contain sufficient detail to ensure the correctness and completeness of the data to be tested, including data from accounting systems and source systems such as point of sale (POS) systems, billing systems and employee expense systems. The data set should include certain specified data fields from various reports, including  general ledger transactions, general journal transactions, purchase transactions, sales transactions, GST codes master data, supplier master data, chart of accounts.

4. Developing the data testing plan 

The ATO expects the testing plan to include the list of ATO e-Audit tests and any additional specific tests relevant to the taxpayer, including specific to the taxpayer’s industry. For example, the ATO has issued ‘GST data tests for banks’ that it expects financial services businesses to apply where relevant.  For Top 100 taxpayers, a more bespoke in depth approach will need to be used to determine what additional specific tests will be required based on the unique attributes of the taxpayer’s business and risks identified in ATO public or private rulings and guidance documents.

The takeaway

The data testing undertaken by the ATO is extensive and substantial. The ATO’s acceptance of data testing undertaken by an independent advisor provides useful flexibility for taxpayers in responding to a review. The Guide sets out detailed and thorough guidance for taxpayers and their advisors for undertaking the testing, providing welcome transparency on the ATO’s expectations for testing. Whilst the requirements are substantial, taxpayers and advisors familiar with the Guide should have a clear understanding of the ATO’s expectations and what is required of them.

A few key takeaways: 

Value in undertaking independent data testing – Whilst the ATO has specified various tests, they are general in nature and are not sensitised to your particular GST systems set ups, transaction accounting processes and controls. Therefore, the ATO testing process often identifies numerous exceptions which you are expected to investigate and extract accounting entries and source documentation to verify correct or incorrect treatment. This results in a very significant commitment of effort and resources across tax, finance and commercial functions.

PwC’s approach is to work closely with you to develop a deep understanding of your business and GST systems, processes and controls. We use this to customise the application of the ATO’s tests to your specific circumstances resulting in more accurate identification of potential errors. This saves substantial time and effort for you to verify results by narrowing down raw data testing results, providing better information to perform verification and resulting in more accurate findings of any actual errors. 

A comprehensive approach to testing reduces overall time and effort - The Guide sets out detailed guidance on all aspects of the ATO’s expectations for independent data testing. Understanding and applying this guidance is important in ensuring the ATO is able to obtain sufficient comfort over your correct reporting of GST from the testing and avoid the ATO having to undertake additional testing itself or seek substantial additional evidence to support the testing results. 

We recommend taking a comprehensive approach to independent data testing. This includes agreeing a thorough testing plan up-front with the ATO, to ensure all parties are clear that the testing will meet the ATO’s expectations, and ensuring the findings report includes detailed information in relation to the testing undertaken, the detailed testing results and objective evidence of the sample transaction testing undertaken to verify the results. We use PwC’s GST automation and data analytics solution Comply First Time to undertake the testing. Comply First Time is well known to the ATO and enables us to apply and customise all of the ATO’s tests, provide transparency on how the tests have been undertaken and provide complete and detailed results of the testing at a transaction level. 

Undertaking testing prior to a review commencing - Undertaking data testing in preparation for a review is useful in gaining comfort in the robustness of your GST controls and correct GST reporting. It also enables you to correct any errors identified by making unprompted voluntary disclosures, providing the full benefit of penalty and interest remission concessions, and take action to improve controls where necessary.  

In our experience, the ATO is willing to accept data testing undertaken prior to a review but only where the approach aligns with the Guide.  This is unlikely to be the case where a review is limited in scope, for example, focussed primarily on underclaimed GST input tax credits, or undertaken on a success fee basis. Where appropriate, notifying the ATO and providing the scope and plan can assist in obtaining agreement that the data testing will be accepted by the ATO in a future review.