The concept of ‘tax governance’ has generated an overwhelming amount of ATO guidance in recent years, outlining how Australia’s different taxpayer populations should be applying this.
Contents
Terms such as ‘Top 100’, ‘Top 1000’, ‘Top 500’ and ‘Next 5000’ refer to large, multinational public or privately-owned taxpayers, further subdivided based on annual turnover or net asset thresholds.
Cutting through all this terminology, its important you know exactly what rules and frameworks your organisation should consider when it comes to tax governance. This ensures you have the practical tools to take action, managing real-life tax risks as they arise for you and simultaneously satisfy ATO expectations.
We’ve summarised the key ATO tax governance frameworks and guidance based on the ATO’s different taxpayer categories below:
Key Characteristics
Public and multinational businesses including superfunds
Total business income greater than $5 billion
The ATO’s tax risk management and governance frameworks you should apply
Australian resident individuals and their associates who control a combined wealth of less than $50 million but more than $5 million; or
Australian owned businesses, who are privately owned with an annual turnover of more than $10 million and are not linked with a high wealth private group
The ATO’s tax risk management and governance frameworks you should apply
‘Tax governance’ is the umbrella term for the different documented steps and processes an organisation should have in place to ensure tax risks are appropriately identified and managed, at the operational, senior management and Board levels. This documentation is crucial so any new employees can understand and comply with the overall approach to tax risk from the start. This should also outline all taxes relevant to the organisation, based on its ownership structure, industry, or activities.
The public, multinational and privately-owned taxpayer populations are expected to apply tax risk frameworks tailored to each group’s profile. Public and large multinational groups have prescriptive Board and Management level controls; private groups have seven principles of effective tax governance. Underpinning both these frameworks is the common theme of detailing issues that taxpayers should think about when managing its tax risks.
In the first instance, taxpayers are expected to address every control and principle outlined in the published tax governance frameworks most relevant to them. However, the ATO’s current priority is obtaining documented evidence that taxpayers have addressed the following specific principles within those frameworks:
Public and multinational groups
Privately held groups and high net worth individuals
The Board is appropriately informed (BLC3)
There are periodic controls testing procedures in place (BLC4)
Management’s roles and responsibilities are clearly understood (MLC1)
Significant transactions are identified (MLC3)
Controls in place for data (particularly for GST purposes) (MLC4)
The tax governance framework is thoroughly documented (MLC6)
Procedures are in place to explain significant variances (MLC7)
Accountable management and oversight
Recognising tax risks
Seeking advice
Integrity in reporting
What does this mean for you?
Irrespective of which taxpayer population you belong to, there are three key actions everyone should take when addressing tax governance:
Undertake a gap analysis – compare what you currently do to tax risk against the expectations outlined in your applicable ATO tax risk framework.
Address the gaps identified e.g. improve existing policy/process documentation, introduce new processes or controls, or document why your approach differs from ATO’s expectations.
Test these tax controls regularly once implemented, to ensure they remain well-designed and operate as intended. This testing should be performed by independent parties (of your tax function) and thoroughly documented.
Key documentation areas you should focus on:
The organisation’s Tax Risk and Governance Policy
Operational and financial reporting processes with tax implications
Maintain a tax risk register and a tax issues register
Tax training register
Income tax return preparation process document
Differences in tax positions or balances between the financial statements and the lodged income tax return
Process for seeking external advice
Controls in place over IT systems (particularly as they affect the data collection relevant for tax lodgements and GST)
Periodic tax controls testing, to ensure operational effectiveness of the designed controls
With the 30 April 2026 registration deadline approaching, companies that performed R&D activities in the year ended 30 June 2025 should be reviewing eligibility, documentation and governance now to preserve their entitlement under the RDTI.
Subscribe now to be kept up-to-date with timely and relevant insights, unique to the nature of your business, your areas of interest and the industry in which you operate.
