Embed Size (px)
Citation preview
Catalystfor Change
n by Abdul RAzAk RAhmAn
aC
Co
un
tab
ilit
y
The internal audit function in the public sector can spearhead higher standards and heightened governance
and trust, urged thought leaders at the annual MIA-IIAM-CIPFA Public Sector Internal Audit Conference 2017.
“Becoming a trusted advisor should be the key objective of an IA function.” - Mohamed Noh Kaderan, Head of Internal Audit, Cagamas Berhad.
Internal audit (IA) can be a force for good governance and accountability in the public sector. The question is: how can we unlock the
power of internal audit in the public sector?“In order to build a leading IA function,
it is important to have an effective governance framework with IA being
46 accountants today | July / Aug 2017
cATAlyST for cHAnGe
a key function within the framework,” stressed Wan Ahmad Ikram, Chief Internal Auditor, PIDM.
The key prerequisites for effective IA are: independence; appropriate authority and access to information; support and belief from the leadership; the relevant skills and competency; and the right mindset and behaviour.
diverse exPeCtations and roles
The key stakeholder for the public sector is ultimately the public at large and therefore, expectations vary. For example, regulators do not have financials as their top priority. Therefore, their expectations and objectives are different from a development agency which is working on a budget, where financials will be key, explained Wan Ahmad.
The state of the organisation also determines the roles of the internal auditors, and the IA function should align to organisational objectives and priorities to add value. In a mature organisation with robust IA and risk management capabilities, the IA will play more of a strategic and advisory role. On the other hand, if the organisation is at
Trust is earned, not bestowed. To gain the trust of senior management, the internal auditors must be able to demonstrate their capacity and capability to contribute to the organisation’s objectives. To manage risks and stakeholders’ expectations, the development of the internal audit plan must be aligned to the key risk areas identified in Enterprise Risk Management (ERM) as well as the business plan. Communicate with the Board, CFO and CRO to establish the areas of concern and close the expectation gaps.
Ensure sufficient and competent talent, and build these up. Outsource if there is no subject matter expert within the organisation, or if the subject is too technical, recommended Mohamed Noh. Job rotations could be useful to help internal auditors learn the nuances of the organisation and build relationships enroute to becoming trusted advisors.
To be truly effective, internal auditors must not only be subject matter experts, but must understand the organisation and its mandates and objectives within the broader landscape. In order to add value, IA must be able to relate to the organisation’s objectives, especially in the public sector where the scope is more than just financials.
trust is earned, not bestoWed. to Gain the trust of senior manaGement, the internal auditors must be able to demonstrate their CaPaCity and CaPability to Contribute to the orGanisation’s obJeCtives.
the initial stage where there are issues with controls and risk management, IA’s focus is more on assurance. When it comes to projects, IA should get involved at the development stage rather than raising issues during post-completion audit, recommended Wan.
deliverinG trust
Above all, internal auditors are the guardians of the public trust, and must earn the trust of their stakeholders in order to do their jobs effectively. “Becoming a trusted advisor should be the key objective of an IA function,” advised Mohamed Noh.
July / Aug 2017 | accountants today 47
cATAlyST for cHAnGe
aC
Co
un
tab
ilit
y
+Seniority CountsIn order to be effective, the
internal audit head must be
accorded a relatively senior
position in an organisation. For example,
Bank Negara’s IA head reports to the Audit
Committee and his performance is evaluated
by the Audit Committee.
+Streamline Audit ProcessesAudit processes in the public
sector must be streamlined
to ensure consistency in the approach,
performance and reporting timelines. The
Institute of Internal Audit Malaysia (IIAM) has
produced standards to govern and streamline
the internal audit processes but compliance is
not mandatory.
+Hire the Right Talent It is advisable to have
a combination of
career and performance auditors in an audit
team for consistency. Typically, performance
auditors have a faster turnover whereas
career auditors stay longer in an organisation.
+Gather Insights and InformationTo deliver insights, the
internal auditors need to
collect insights, through tools
such as feedback from questionnaires and
surveys at the planning stage of an audit.
+Clarify DisclosureThe presentation of
the audit report is
important to ensure
that it reaches and is understood by
the target audience. Spell out the
roles of the internal auditors and the
scope of the audit clearly. Focus on the
closure of the audit and allocate ample
time for discussions and explanations
of the audit findings. Subsequently
offer assistance for improvement.
+Set the Right KPIsIt is important to establish
the processes for
determining the KPIs for
the IA function. KPIs should suit the need
of the organisation and be set by the Audit
Committee.
The KPIs will also depend on the
organisation’s development stage.
Organisations in their infancy will probably
require the IA to focus more on assurance
compared to matured entities. KPIs should
also include qualitative elements such as
Internal audit (IA) and enhanced accountability is a national
agenda for the public sector, but the approach to public sector
audits must be more systematic and consistent in order to
improve audit quality. Mohd Khaidzir
Shahari, Executive Director of KPMG
Management & Consulting Sdn Bhd, shares
some tips for improving the internal audit
function in public sector organisations.
identifying the root causes and providing
solutions, enabling the IA function to
remain relevant and add value to the
organisation.
+Protect IA’s IndependenceInternal auditors face their
biggest challenge when
their independence is being
influenced, especially in the public sector. To
mitigate this, engage the Audit Committee
or the Board and create a conducive
environment for an effective IA function.
Work with the Audit Committee and the
Board to inculcate the idea that IA function
is their strategic partner in an organisation. If
the Audit Committee is not conversant with
the latest developments in internal audit and
corporate governance, then these should be
incorporated in the ongoing programme of
Board education and training.
In the long-term, IA’s objective is to enhance
standards and good governance in an
organisation. IA can hence be a catalyst for
change and sustainability, and should not be
perceived as a necessary evil.
raising the bar
48 accountants today | July / Aug 2017
Public sector internal auditors are advised to keep up with data analytics, which has revolutionised audit processes and will enable the internal audit function to provide value-added services and maximise business value. The flipside? Data analytics pose a threat to legacy systems and business as usual as technology becomes more integrated into audit and assurance.
Data analytics involves analytical tests which identify issues, risk areas and process weaknesses. They include: red flag tests to identify policy and behaviour breaches, outlier tests for unusual transactions,
transaction distribution to identify unusual concentrations of transactions,
data evidence could be performed by a completely automated audit process, available to the client either on location or through the cloud.
• Continuousauditmonitoringmaybecome a reality through machine-enabled auditing, which would enable client to extract insights on an ongoing basis.
• Withthechangeinbusinessoperational costs, businesses could benefit from the economics of cognitive computing as it brings automation into the business processes.
• Regulatorychangescouldbeimplemented immediately without requiring a complete overhaul of the existing system.
Tech is Transforming The ia LanDscape…
Rohitalsohighlightedemergingtrends which are reshaping IA’s
cATAlyST for cHAnGe
aC
Co
un
tab
ilit
y
oPtimisinG ia With data analytiCs
data visualisation to interactively show trends and present large volumes of data, and
advanced data mining to identify anomalous behaviour patterns.
For example, data visualisation enables the user not only to aggregate the findings from the various tests, but also to have a better understanding and analysis of the transactional data. The more advanced data analytics can also be used to highlight irregularities, in procurement for example, by scrutinising the trends and correlations, explainedRohitKumar,DirectorandLeader,Data&Analytics,PwCMalaysia.
Rohitlistedseveralwaysinwhichdata analytics could transform the IA function as well as the overall business:• Identifying,examiningandtesting
50 accountants today | July / Aug 2017
environment. These include: • Datadiscoveryandpresentationor
‘audit by sight’ which is basically gaining effective insight through advances in visualisation capabilities.
• Agileanalyticswhichlooksatalternative modelling techniques.
• Unstructureddataintegrationwhichbrings unstructured data into the analysis
• Enhancedauditmanagementwhichis collaborative project management technology integrated into audit planning, execution and reporting.
changing ia’s roLesIA is no longer simply protecting
valuebutenhancingit,saidRohit.Thetraditional role of IA is Value Protection and focuses on systems, processes and controls. Now, IA’s role has evolved to ValueEnhancementasexpectationsfrom stakeholders increase. The emphasis is now on value-added services such as improving business performance and identifying areas for simplification, providing insight and eventually strategic advisory.
The annual Public Sector Internal Audit Conference 2017 is jointly organised by MIA, the Institute of Internal Auditors Malaysia (IIAM) and the Chartered Institute of Public Finance and Accountancy (CIPFA) as a platform to spearhead mindset change and enhanced performance among internal auditors in government and the public sector. This is aligned with MIA’s overarching vision of building public trust and upholding accountability. n
cATAlyST for cHAnGe
new skiLLs requireDSkillsets in auditing are expected to evolve in line with tech
advancements. In addition to the basic core skills in fundamentals of accounting, accounting standards and regulatory and statutory requirements, auditors must be equipped to embrace data analytics.
The anaLyTics DifferenTiaTorBy integrating analytics into their internal audit functions, companies
can achieve impactful results. From the audit, risk and compliance standpoint, companies can enhance process assurance, risk management and good governance. From the business improvement perspective, anticipate improvement in tactical business insights and margin analysis and guidance.
But don’t expect overnight success. “Building data analytics is a continuous journey. It is not just about acquiring technology and software but to leverage on these capabilities to transform the organisation,” concludedRohit.
skills needed include
Knowledgeonhowtoresearchandidentify anomalies and risk factors in underlying data.
The ability to mine new sources of data and use insights to bring new value to the business.
Being able to understand statistics such as inferential and multivariate statistics.
Proficiency in analytics tools such as visualisation and predictive analysis.
Knowledgeinprocess-miningusingnew data analysis techniques and algorithms to isolate and investigate specific processes that might have led to changes of data and accounting records.
July / Aug 2017 | accountants today 51
CultivatinG Good Gst
ComPlianCe Culture via
Cbos 3.01
n by s. sARAvAnAn kumAR And Annie ThomAs
aC
Co
un
tab
ilit
y
the royal malaysian customs Department recently launcheD the customs Blue ocean
strategy (cBos) operation 3.0, not just to Detect issues for further gst auDit
or investigation, But to also encourage taxpayers to comply with the law.
it comes to errors in GST returns. This phenomenon is not peculiar in Malaysia as it is also prevalent in other advanced economies. Not only is there a prevalence of incorrect returns, the RMCD has also noticed that the non-compliance by small businesses commonly spans all spectrum of GST obligations. Some small businesses are completely outside the GST system, some only register to illicitly claim a refund; many have a poor recordkeeping culture, which then leads to poor filing and payment compliance. This is compounded further by businesses that are ignorant of deadlines. 94 per cent of the GST-registered persons in Malaysia are
When referring to compliance in goods and services tax (GST), what ordinarily strikes our minds is the filing of GST returns and settling the GST due within the stipulated taxable period.
It has been more than two years now since the implementation of GST in Malaysia. The compliance rate for GST filing thus far has been high, with an average rating of above 95 per cent2. However, when it comes to the settlement of GST dues, the compliance rate is not as high as the GST filing rate.
It has been reported that about one-third of the companies audited by the Royal Malaysian Customs Department (RMCD) submitted incorrect returns by omitting information, understating output tax or overstating input
tax3. This kind of non-compliance undermines the government’s revenue, distorts competition as it gives the non-compliant business an advantage in the form of cash flow and compromises equity as this may encourage further non-compliance in other aspects of GST. This article4 aims to highlight the other aspects of compliance requirement under the GST Act 2014 and the sanctions that the RMCD may impose in such circumstances.
Customs’ exPerienCe
The RMCD’s recent experiences show that the non-compliance culture is prevalent among smaller businesses as this segment has a rate of 40% when
52 accountants today | July / Aug 2017
cUlTIVATInG GooD GST coMPlIAnce cUlTUre VIA cBoS 3.0
from the small and medium-size enterprise (SME) segment and inevitably, GST compliance cost is a challenge for many SMEs. Meeting their GST obligations means additional costs for them, especially in obtaining proper professional advice, employing competent finance staff and investing in reliable GST software and ensuring proper GST compliance return.
Why Cbos 3.0?
Some businesses regard the compliance costs as high and, in some instances, these even outweigh the net amount input credit remitted, which potentially leads to the failure to
comply or register, thus allowing the vicious shadow economy to prosper. This needs to be addressed as tax laws and their implementation must be fair. This sense of awareness had led the RMCD to recently launch the Customs Blue Ocean Strategy (CBOS) Operation 3.0. The objective of this operation is not merely to detect issues for further GST audit or investigation, but to also encourage taxpayers to comply with the law. The approach for this operation is “Informed Compliance” rather than “Enforced Compliance” with the aim of assisting taxpayers, especially SMEs. Informed compliance focuses on educating taxpayers by making
some small businesses are
ComPletely outside the Gst
system, some only reGister to illiCitly Claim a
refund; many have a Poor reCord-
keePinG Culture, WhiCh then leads
to Poor filinG and Payment ComPlianCe.
July / Aug 2017 | accountants today 53
cUlTIVATInG GooD GST coMPlIAnce cUlTUre VIA cBoS 3.0
aC
Co
un
tab
ilit
y
friendly visits to traders to explain and assist them in complying with GST obligations and provides channels for taxpayers to share their grievances and enable them to provide feedback. The RMCD conducts handholding programmes and consultation sessions to achieve this. On the other hand, the enforced compliance focuses on litigation where errant taxpayers will be prosecuted.
The core principle of the GST compliance model is to make compliance as easy as possible. Having said that, taxpayers found to be wilfully abusing or seeking to abuse the system will incur the wrath of the full force of the law. In this context, the ongoing CBOS operation has three levels:
• Verification;• 30daystocomply;• Enforcementaction.Via the verification exercise, the
RMCD will examine the GST treatment adopted by businesses and the corresponding business documentations. If any non-compliance is detected, then the affected taxpayer will be advised to amend the GST-03 return and settle the amount of GST due within 30 days. If the taxpayer fails to amend the GST-03 return and/or settle the amount due within 30 days, then a full GST audit will be conducted and enforcement actions such as prosecution, civil proceedings to
recover the amount due, garnishing of assets, imposition of travel restriction and recovery proceedings against directors will be employed. Hence, the RMCD encourages voluntary compliance with taxpayers coming forward to correct their previous mistakes. From the RMCD’s past experience, voluntary compliance can only be encouraged when taxpayers are aware that non-compliance would be detected and sanctioned accordingly.
It is notable from past experiences that CBOS operations not only collect additional GST revenue from non-compliant taxpayers, but also lead to a higher declaration from taxpayers who are not audited.
areas of risk deteCted in Cbos oPeration
Based on the RMCD’s experience from previous CBOS operations, these are the key issues that are usually detected:• Incorrect treatment of standard-
rated supplies as zero-rated
RMCD’sGoal:Move
taxpayersup
Garnishing
VoluntaryCompliance
Litigation/Prosecution TravelBan
Criminal Civil
via the verifiCation exerCise, the rmCd Will examine the Gst treatment adoPted by businesses and the CorresPondinG business doCumentations.
54 accountants today | July / Aug 2017
C
M
Y
CM
MY
CY
CMY
K
HELPUni_AT.pdf 1 28/04/2017 2:41 PM
supplies• FailuretoaccountforGSTonnon-tradeincome
and fixed asset disposals (sale or trade-in)• Reimbursement/disbursement• Deemedsupplies,e.g.provisionofgifts• Fringebenefits• Claimingofinputtaxon“blocked”expenses• IncorrectuseofGSTcodes• Incorrectdecisionsinsettingupcodese.g.zero-
rating based on billing address• Incorrectenteringofdata• Transpositionorformulaerrors• Failuretoidentifyandtakeaccountoflegislative
or policy changes• Poor communication of business changes (e.g.
restructuring) to the RMCD audit team.The above results in the RMCD assessing each
audit case on a case-to-case basis in evaluating the type of action and sanction to be taken. The common provisions of the GST Act 2014 usually applied by the RMCD in charting its course of action are:
SeCTIoN 9Determine whether there is a supply of goods or services in Malaysia, including deemed supply and any importation of goods into Malaysia.
SeCTIoN 33Ensure that a proper tax invoice is issued by all suppliers.
SeCTIoN 36Duty to keep full and true records in respect of all goods and services supplied, all goods imported and any other records required under the GST Act 2014.
SeCTIoN 41Furnishing the return in the manner prescribed by law according to the timeframe prescribed.
SeCTIoN 88Imposition of penalty for incorrect return which carries a fine not exceeding RM50,000, imprisonment not exceeding three years or both. There is also a penalty equal to the amount of GST undercharged.
SeCTIoN 89Imposition of penalty for GST evasion and fraud which
July / Aug 2017 | accountants today 55
cUlTIVATInG GooD GST coMPlIAnce cUlTUre VIA cBoS 3.0
aC
Co
un
tab
ilit
y
carries for the first offence, a fine not less than 10 times and not more than 20 times of the GST amount evaded or defrauded, imprisonment not exceeding five years or both. For the second and subsequent offences, a fine not less than 20 times and not more than 40 times of the GST amount evaded or defrauded, imprisonment not exceeding seven years or both.
SeCTIoN 90Imposition of penalty for causing improper GST refund or entitlement to relief which carries a fine not exceeding RM50,000, imprisonment not exceeding three years or both. There is also a penalty equal to two times the amount improperly refunded or entitled as a relief.
reCovery meChanisms
Despite best efforts, there will be a segment of taxpayers who will continue to flout the law. While the RMCD may not be able to immediately detect all non-compliant behaviours, sooner or later, with the concerted GST audit initiatives, the long arm of the law will catch up. The following are some recovery mechanisms that the RMCD may apply on recalcitrant taxpayers:
oFFSeTTINg uNpAID TAx AgAINST ReFuND5 In cases where a taxpayer has failed to pay any amount of GST due and payable, the Director General of the RMCD may offset against the unpaid GST any amount GST refundable. The amount offset will be treated as payment or part payment for the GST due.
ReCoVeRy oF gST AS A CIVIl DeBT6 Notwithstanding any appeal before the GST Appeal Tribunal, the Minister of Finance may recover the unpaid GST as a civil debt due to the government. In this type of proceedings, the production of a certificate signed by the Director General of the RMCD for the sum due shall be conclusive evidence and authority for the court to give judgement for that amount.
SeIzuRe oF gooDS FoR The ReCoVeRy oF TAx7
Any goods in excise control or customs control or at the taxpayer’s place of business may be seized until the GST due is settled. The Director General is also empowered to seize or sell any goods belonging to the person liable.
poWeR To ColleCT TAx FRoM peRSoN oWINg MoNey To TAxABle peRSoN8
In instances where GST is due, the Director General may, by notice in writing, require any person by whom any money is due, accruing or may become due and payable
to a taxable person who owes the GST, to pay the
said money which will be used to pay the GST due.
This power can also be used on any person who
holds or may subsequently hold money for or on
account of the person who owes GST.
TRAVel ReSTRICTIoN9
Where the Director General has reason to believe that a
person is about or is likely to leave Malaysia without paying
the GST due, that person can be prevented from leaving unless and
until the sum owed is settled.
poWeR To RequIRe SeCuRITy10 For the due compliance of the law and protection of revenue, the Director General may require any person to give security for the payment of any GST which may become due and payable from him.
IMpoRTeD gooDS NoT To Be ReleASeD uNTIl TAx pAID11 Any imported goods can be withheld in the customs control until the GST on those goods has been paid in full.
lIABIlITy oF DIReCToRS12
In relation to a company that is being wound up, where any GST is due, the directors shall together with the company be jointly and severally liable for the sum due. The directors shall only be liable where the assets of the company are insufficient to meet the amount due.
ConClusion
Hence, it is essential that businesses invest in their workforce by ensuring
56 accountants today | July / Aug 2017
cUlTIVATInG GooD GST coMPlIAnce cUlTUre VIA cBoS 3.0
their employees are provided regular training, which in turn will enable the employees to familiarise themselves with the GST law and the updates. There should also be internal training or knowledge sharing sessions to enable the transfer of GST knowledge and awareness within the business.
Good training is hoped to result in good recordkeeping culture. Businesses have been reminded on many occasions to maintain complete records and documents supporting GST documents. Transactions must also be recorded on a timely basis and GST worksheets/computations should be kept. This must be supplemented with a reliable accounting system.
Businesses must also adopt effective internal practices that allow the management to identify exceptional transactions and identify the appropriate GST treatment. It is good practice to implement a second level of review and a periodic review of the above.
As much as the RMCD is committed via the Informed Compliance initiative to provide further assistance to businesses to
ensure GST compliance, leniency will not be extended to GST evaders13. An estimated RM3 billion in GST arrears will be collected from the CBOS 3.0 operation by ensuring businesses achieve greater compliance. In the previous year, about RM1.5 billion was collected through the CBOS 2.0 operation. The RMCD aims to inspect about 200,000 of the 433,000 GST registered companies in the CBOS 3.0 operation this year. As much as taxpayers who practise good GST compliance culture should not face any concerns, taxpayers who have been dodging GST or not complying with the timeline prescribed by law should come clean and make a voluntary disclosure to the RMCD in order to avoid hefty sanction. n
S. Saravana kumar ([email protected]) is a partner with the Tax, GST & Customs Practice at Lee Hishammuddin Allen & Gledhill.
annie Thomas is a Senior Assistant Director of Customs with the GST Fraud Investigation Unit, Royal Malaysian Customs Department.
1 This article was first published in the April issue of Tax Guardian, a publication of the Chartered Tax Institute of Malaysia
2 Statistic from RMC based on the GST-03 return submission
3 Kong See Hoh, “Press Digest — One-third of GST-registered firms have problems with new tax regime”, theSun daily (13 September 2016) <http://www.thesundaily.my/news/1969371>
4 Based on the recently conducted GST & Customs Health Check from Legal & Operational Perspective workshops by the authors for CTIM
5 GST Act 2014, s 456 Ibid, s 467 Ibid, s 478 Ibid, s 489 Ibid, s 4910 Ibid, s 5011 Ibid, s 5212 Ibid, s 5313 “Customs Dept issues 37,556 GST-
related compounds”, The Star Online (8 March 2017) <http://www.thestar.com.my/business/business-news/2017/03/08/customs-dept-issues-37556-gst-related-compounds/>
DeCISIoN oF The DISCIplINARy CoMMITTee oF The MAlAySIAN INSTITuTe oF ACCouNTANTS (INSTITuTe) AgAINST MeMBeR puRSuANT To Rule 18(1) oF The MAlAySIAN
INSTITuTe oF ACCouNTANTS (DISCIplINARy) RuleS 2002
MIA NoTICe
Regina Anak Saliman (8500) as the sole proprietor of saliman & co. (‘the firm’) had been punished and imposed a fine of rM3000-00, costs of rM2000-00 and ordered to attend a course conducted by the institute on audit Quality enhancement Programme by the
disciplinary committee of the institute on 12 april 2017 after the firm has been rated as ‘unsatisfactory’ as indicated in the follow-up review report dated 29 March 2016 which detailed the weak-nesses in the audit work performed.
July / Aug 2017 | accountants today 57
