Strengthening IRS Risk Management
Martin Ike-Muonso, a professor of economics with interest in subnational government IGR growth strategies, is managing director/CEO, ValueFronteira Ltd. He can be reached via email at martinoluba@gmail.com
State and local governments lose billions of naira every year because many taxpayers use illegal means to lower their tax obligations or avoid making appropriate returns. These losses widen the gap between subnational government revenue expectations, the attendant budgets built on the back of those expectations and the factual tax yield. Unfortunately, administrators have limited resources to thoroughly identify and successfully manage such risks arising from many taxpayers. Complex innovations in businesses, financial products and services equally aggravate these challenges. But these risks are also actively in operation within the institutions themselves. They often manifest as inefficient processes and challenges to accountability and trust. Therefore, tax administrations have many risks revolving around taxpayer compliance and institutional effectiveness and efficiency.
By logical extension, tax administrations’ risk exposures invariably cause subnational governments’ fiscal outcomes to deviate from expectations and forecasts. Therefore the higher the compliance and institutional risk exposures of tax administrations, the higher the fiscal vulnerability of the concerned subnational government. State and local governments can indirectly minimize these risk exposures by strengthening the environment of business and economic performance and improving the rule of law situation. For instance, a better business environment minimizes business costs and improves efficiency, competitiveness and the ability of taxpaying businesses to comply. The reverse is the case. Robust economic performance also improves employment conditions and perhaps minimizes corrupt means of livelihood, and reduces tax risks. Above all, an efficient justice system and the rule of law strengthen equity and tax laws and narrow the window for avoidance and evasion while improving its enforcement.
The number of risks that administrations face is huge but classifiable into two major headings: compliance and operational. The former focuses on taxpayers’ non-compliance and tax administrations’ revenue mobilization threats. The latter considers operational issues within the tax administration that threaten its capacity to mobilize tax revenue as expected. Taxpayer compliance requires meeting three primary obligations: registration in the relevant taxpayer database, filing tax returns in time and in full and providing accurate tax declarations and associated information. Adequate taxpayer database records enhance effective and consistent tax collection. But many non-conforming people and businesses know that inclusion in the database means being available to pay taxes. The situation described is quite typical of the informal sector and several other business types that are difficult to tax. Tax administrations face increasing risks of including more persons and businesses into the tax net and database. Large-scale taxpayer decisions not to comply have fiscal repercussions. But it is not enough merely to register as a taxpayer and not compliant. Fulfilment of tax obligations always requires that taxpayers pay both in full and on time. Many do not comply with both conditions and make returns of only small proportions of the supposed obligation.
On the other hand, several operational failures and unanticipated external events, such as fire outbreaks or system failures, potentially threaten tax administration’s revenue mobilization capabilities. Aside from unexpected external events, internal process inefficiencies constitute significant risks to effective revenue mobilization by the IRS. A few examples will suffice. The use of contractors provides an enormous revenue leakage window and facilitates the trust denting of the tax administrations, yet many cannot do without them. Often, sabotaging the system creates a corrupt enrichment opportunity for appeasing some government functionaries, politicians, and even administration staff members. Internally, sometimes deliberate administrative and information breaches make it challenging to understand the revenue condition better and, in the process, create avenues for fraud. But in general, beyond the risks of revenue losses are also the risk of losing public trust in the administration, which affects compliance levels.
The heightened interest in understanding the nature and dimensions of risks tax administrations face is their strategic importance regarding revenue generation and socio-economic development. Without a doubt, tax administrations will be interested in identifying existing and potential threats to its revenue mobilization function. The role of tax administrations in modern economies goes far beyond that. The implication is that such threats potentially affect all those areas where tax administrations play vital roles. Tax administrations would also like to find out the possibility that a hitherto compliant taxpayer could become non-compliant or how and the degree to which their processes affect the unwillingness of citizens to register as taxpayers. This kind of understanding will tremendously improve the design of compliance facilitating initiatives. Many businesses complained of multiple taxes and levies until recently, following state and local governments’ tax harmonization efforts. Such undue burden, of course, took a toll on the size of tax yields as taxpayers’ willingness decreased. Thus, proactive tax administrations would pay attention to the possible risks of killing the goose that lays the golden eggs. Understanding risks are also critical for optimizing the resources available to tax administrations in their pursuit of efficiency. This knowledge enables administrators to successfully adjust input-factor resource combinations to levels that mitigate identified risks. For instance, an internal process redesign and revamp of underlying process technology and management may become critical when the IRS fails to deliver efficiency, leading to poor service and a bad reputation.
An effective compliance risk management process would typically involve six interactive stages: risk identification, risk assessment and prioritization, determination of causes and treatment options for identified risks, delineation of the most potent treatment strategy, strategy implementation, and the monitoring and evaluation of the compliance risk mitigation efforts. The first three stages, namely risk identification, assessment, and ranking, require significant data gathering, analysis and sundry research efforts. Formalized processes for intelligence gathering and analysis of compliance risks in subnational IRS are at the very lowest levels based on experience. Although many subnational tax administrations have risk departments, most do not have robust risk identification and assessment process. Basic expectations from these risk and intelligence departments would be a periodic review and publication [which can be for internal consumption only] of risk identification and assessment on each of the areas of compliance obligations. There is no need to go further on whether these units provide risk ranking and quantifying magnitudes of likely impacts. But part of the problem is that most tax administrations subnational level do not consider risk management a priority. This oversight is either because of bureaucratic ineptitude or outright ignorance. It is a correct guess that less than 20% of the heads of risk and intelligence departments in many state and local government IRS in Nigeria possess the requisite capacity for meaningful data analysis. And therefore, they will always find it unattractive to pursue and deliver on such demanding job descriptions.
The tax administration diagnostic assessment tool [TADAT] suggests adopting a compliance improvement plan [CIP] for risk mitigation. Effective CIP requires riveted attention in areas where prior risk-focused research shows high non-compliance levels. Such efforts boost the tax system’s fairness and trust in the tax administration, mainly when the emphasis is on self-assessment and voluntary compliance, requiring taxpayers’ honesty in determining the size of obligations and accuracy of returns. Based on previously conducted compliance risk assessments, some tax administrations could provide a range of support to taxpayers as part of their CIP. Such support would include fulfilling income tax obligations, targeted registration programs for specific sectors, specific interventions to mitigate the adverse effects of some unforeseen events, etc. The critical point here is that such required CIP essentially takes back tax administrations to those basics of identifying and treating compliance risks to achieve the best possible outcomes and measuring the impact of such treatments on target compliance levels. Therefore, progressive subnational tax administrations in Nigeria must prioritize their context-driven CIPs to address the risks they face in this regard comprehensively.
A two-pronged approach, namely risk reduction and risk covering, is deployable in managing the process risks within tax administrations. Risk reduction essentially requires conscious limiting of risk opportunities and reducing intentional and unintentional errors. Zero tolerance for mistakes within the organization’s internal process will drastically reduce the chances for deliberate and accidental errors that present risks to the administration. Strengthening policies and designing appropriate sanctions and rewards attending to infractions will minimize such institutional risks considerably. Digitalizing these processes and the constitution of proper authorization protocols can be an excellent way to start. To a considerable extent, these steps also curb intentional and unintentional mistakes. Above all, consistent workforce capacity building, robust employee engagement and alignment must receive priority attention.
The structured monitoring and evaluation of risk mitigation activities hardly exist in 90% of the IRS in Nigeria. However, this is understandable as many IRS does not have a clearly defined risk management plan for tax administration. But monitoring and evaluation efforts remain critical in determining the extent of reduction in the current and potential risks and their impacts. What mainly obtains among Nigerian tax administrations is responding to potential revenue mobilization threats, ad hoc and highly uncoordinated. Some such threats receive consideration as part of general initiatives to improve the size of the collectable yield. One would also expect that some of the tax policy recommendations from tax administrations are part of their response to identified risks or laws that may expose the system to such.
In general, tax administration, like every other endeavour, faces numerous risks. The prevalence and intensity of these risks determine how they effectively deliver on citizens’ and government expectations. Successful tax administrations provide fiscal power for good governance. They accomplish this through their revenue mobilization effectiveness. Indirectly they support good governance with excellent reputation building, enhanced trust and effective policymaking. However, risks – compliance and process – stand in the way of these desirables. Therefore, forward-looking tax administrations consciously put suitable risk management structures and strategies. Unfortunately, more than 80% of subnational governments’ tax administrations fail woefully in this regard. Worse still, the human capacity to drive such is also not in place.