A3.1 This table has been reproduced from ATO Enterprise risk categories and enterprise risk owners CMPI 2003/02/03.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
1 Business
Continuity 1) Business Continuity Chief Operating Officer Failure to develop and maintain business continuity plans and the capability to respond to adverse contingencies.
2 Business Reporting
Services
Failure to maintain authoritative information to support business and government interactions, including streamlined registration, secure online authentication and effective reporting services. 1) Australian Business Register DC Business Reporting & Registration Failure to maintain a
comprehensive, updated and accessible business register for use across the government and business community.
2) Standard Business
Reporting DC Business Reporting & Registration
Failure to maintain and update SBR infrastructure and services to an agreed performance level and standard.
3) AUSkey DC Business
Reporting & Registration
Failure to provide an authentication service that enables government and the business community to reliably and securely fulfil information and reporting obligations.
3 Client Experience Failure to provide a client
centred, user friendly experience to the taxpayer (and
intermediaries) which
encourages willing participation. 1) Client Service Chief Operating
Officer Failure to provide and maintain client service which meets our minimum service standards and broader service promise, including complaints management. 2) Channel
Management Chief Operating Officer Failure to provide and maintain appropriate channels to deliver our services and engage with clients.
3) Cost of compliance (Exc Large Business)
Chief Operating Officer
Failure to manage and reduce the cost of compliance to taxpayers within agreed tolerances. 4) Cost of Compliance Large Business DC, Large Business & International
Failure to manage the cost of compliance for Large Business at appropriate levels.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
4 Community1
Engagement
Failure to drive appropriate engagement and participation by market segment in the Tax and Super systems through co-design and differentiated treatment and services.
1) Large DC, Large Business
& International
Failure to drive appropriate engagement and participation by Large business in the Tax and Super systems through co-design and differentiated treatment and services.
2) Small — Medium Enterprises
DC, Small & Medium Enterprises
Failure to drive appropriate engagement and participation by Small — Medium Enterprises in the Tax and Super systems through co-design and differentiated treatment and services.
3) Micro-enterprises DC, Micro Enterprises and Individuals
Failure to drive appropriate engagement and participation by Micro-enterprises in the Tax and Super systems through co-design and differentiated treatment and services.
4) Individuals DC, Micro
Enterprises and Individuals
Failure to drive appropriate engagement and participation by Individuals in the Tax and Super systems through co-design and differentiated treatment and services.
5) Government/Not For Profit
DC, Small & Medium Enterprises
Failure to drive appropriate engagement and participation by Govt and Not For Profit sector in the Tax and Super systems through co-design and differentiated treatment and services.
6) Tax and BAS
Agent Engagement DC, Tax Practitioner and Lodgment Strategy2
Failure to engage effectively with tax and BAS agents and develop effective relationships with their representative bodies.
5 Enterprise Change Failure to deliver major enterprise
change projects on budget, on time and with specified functionality and benefits.
1) Other Projects3 [TBD] Failure to deliver [major
enterprise change initiative] on budget, on time and with specified functionality and benefits.
6 Facilities Failure to maintain key facilities,
services to facilities and access to facilities at specified levels of service, cost and performance. 1) Accommodation Chief Finance Officer Failure to maintain appropriate
accommodation.
2) Maintenance Chief Finance Officer Failure to maintain facilities and assets.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
3) Environmental Management
Chief Finance Officer Failure to maintain our impact in the environment within specified levels.
7 Finance Failure to manage, control and
account for ATO finances, resources and assets.
1) Budget Chief Finance Officer Failure to manage the agency
budget for overspend and underspend within agreed tolerance.
2) Account Chief Finance Officer Failure to maintain appropriate processes and systems for determining the ATO’s financial position.
3) Transact Chief Finance Officer Failure to maintain appropriate processes and controls for managing financial transactions. 4) Procure Chief Finance Officer Failure to maintain appropriate
procurement practices in accordance with Government legislation and policy (including the Commonwealth Procurement Rules) and ATO policies. 5) Contract and
Outsourced Service Management
Chief Finance Officer Failure to maintain appropriate processes and systems for developing, negotiating and maintaining contractual arrangements with suppliers.
8 Governance Failure to effectively manage the
governance and direction of the ATO.
1) Corporate Policy
and Planning FAC, Corporate Relations Failure to adequately plan, identify appropriate priorities and allocate commensurate
resources.
2) Oversight FAC, Corporate
Relations
Failure to establish and maintain adequate accountability and oversight arrangements including governance, approval and review processes.
3) Reputation
Management FAC, Corporate Relations Failure to maintain and protect the integrity of our reputation from high impact risk events, including issues escalation. 4) Risk Management Chief Knowledge
Officer Failure to maintain adequate standards and processes for risk management.
5) Regulatory Compliance
FAC, Law & Practice Failure of the ATO to comply with all the legislation and regulations under which it has obligations.
6) Assurance FAC, Corporate
Relations
Failure to provide and maintain ongoing assurance processes. 7) Internal Fraud FAC Corporate
Relations
Failure to minimise internal fraud and corruption through timely and effective detection, prevention and investigative activities
Level 0
Level 1
Enterprise risk
owner
Risk description guide
9 Government
Engagement
Failure to engage effectively with government stakeholders, in Australia and internationally on matters of shared policy interest and delivery against government objectives and priorities. 1) Ministers &
Parliament
FAC, Corporate Relations
Failure to engage effectively with the Treasurer, Assistant
Treasurer and other Ministers assisting with ATO
responsibilities, and Parliamentary committees.
2) Treasury FAC, Corporate
Relations
Failure to engage effectively with the Treasury.
3) States DC, Indirect Tax Failure to engage effectively with State Governments/Treasuries. 4) External
Scrutineers FAC, Corporate Relations Failure to engage effectively with the External Scrutineers. 5) Other Australian
Agencies FAC, Corporate Relations Failure to engage effectively with other Australian agencies. 6) International DC, Large Business
& International
Failure to engage effectively with key tax authorities internationally on matters requiring
cross-jurisdictional collaboration and intelligence gathering.
10 Knowledge Failure to manage knowledge
and information capability at agreed standards.
1) Information Management
Chief Knowledge Officer
Failure to manage information through the information lifecycle to agreed standards4.
2) Knowledge Sharing
Chief Knowledge Officer
Failure to track and make sense of changes in the external environment, learn from
experience and share knowledge appropriately between staff, partners and taxpayers.
11 Law Interpretation Failure to provide reasonable
certainty to the community (assist taxpayers understand their obligations) in the operation of laws administered by the Commissioner.
1) Certainty through Advice
Chief Tax Counsel Failure to provide reasonable certainty, through rulings and advice to the community, in the operation of the laws
administered by the Commissioner. 2) Certainty through
Litigation
Chief Tax Counsel Failure to manage law interpretation issues in the litigation process and
consequential issues arising from court/tribunal decisions.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
12 Legal Support Failure to provide appropriate
legal advice and litigation support to support administration of the tax law and the ATO as an agency (excludes test cases and major precedential cases which form part of the ‘Law
Interpretation’ risk.
1) Advise FAC, Law & Practice Failure to provide appropriate legal advice.
2) Defend FAC, Law & Practice Failure to prepare appropriate defence of a matter.
3) Litigate FAC Law & Practice Failure to litigate a matter to an appropriate resolution point. 13 Major Tax Integrity
Threats Failure to identify and respond effectively to major complex
threats to the integrity of Australia’s Tax and Superannuation systems.
1) Tax crime DC, Serious
Non-Compliance
Failure to adequately identify and respond to major criminal threats to Australia’s tax and
superannuation systems which have the potential to undermine community confidence in the integrity of the system. 2) Aggressive Tax
Planning DC, Aggressive Tax Planning Failure to identify and respond in a timely manner to the promotion of, and participation in, tax avoidance arrangements of a nature and at levels which may undermine community
confidence in the integrity of the tax and superannuation system. 3) Cash Economy DC, Tax Practitioner
and Lodgment Strategy 5
Failure to identify and respond to major threats posed by the cash economy which have the potential to undermine community confidence in the integrity of the system.
14 People Failure to manage people
capability to meet projected business needs.
1) Retain FAC, ATO People Failure to recruit and retain staff to meet projected capability need in defined work streams.
2) Develop FAC, ATO People Failure to train and develop staff
to meet defined competency levels within projected capability requirements.
3) Engage FAC, ATO People Failure to improve and maintain
engagement and capability of staff to achieve increased productivity.
4) Working
Environment FAC, ATO People Failure to maintain a safe, healthy and harmonious workplace that considers the environment.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
5) Ethics/Values FAC, ATO People Failure to maintain a high standard of conduct and values amongst staff.
15 Policy Advice &
Design Failure to effectively shape tax and related law changes and the
design and implementation of new or changed products/services. 1) Assist Law Development FAC, Corporate Relations
Failure to assist development and design of law changes consistent with government policy objectives and the role of the ATO.
2) Admin Design & Implementation
FAC, Corporate Relations
Failure to effectively co-design new or changed ATO products and services and implement those changes with clients and stakeholders in line with the Government’s policy intent. 16 Product & Payment
Processing
Failure to manage workloads for product and payment processing and client register to specified levels of performance and integrity.
1) Work Allocation DC Client Account
Services Failure to triage, manage and allocate work flows efficiently into relevant work areas.
2) Account and product administration
DC, Client Account Services
Failure to receive and remit payments (including refunds), maintain client accounts, manage account updates and administer products to agreed levels of performance and integrity.
3) Debt Management DC, Debt Failure to manage debt collection
processes to agreed levels of performance and integrity.
4) Call Centres DC, Customer
Service & Solutions
Failure to manage call centres to agreed levels of performance and integrity.
5) Client
Registrations DC, Client Account Services Failure to manage Commissioner of Taxation registrations and maintain client registers to specified levels of performance and integrity.
17 Security & Privacy Failure to effectively maintain the
security of ATO assets and the privacy of personal information.
1) People FAC, ATO People Failure to protect ATO staff from
physical threats or harm including unauthorised access.
2) Physical Chief Finance Officer Failure to protect ATO assets from physical threats or harm including unauthorised access.
3) Technology Chief Information
Officer Failure to protect technology from unauthorised access, damage or loss.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
Officer classified information from
damage, disclosure or loss. 5) Privacy FAC, Law & Practice Failure to maintain the privacy of
taxpayers. 18 Tax & Super
Compliance
Failure of the ATO to ensure taxpayers and other clients can understand and meet their tax, super and related obligations and receive appropriate concessions associated with these obligations.
1) Income Tax DC, Large Business
& International Failure to ensure taxpayers understand and meet their obligations under the Income Tax product and receive appropriate entitlements.
2) GST DC, Indirect Tax Failure to ensure taxpayers
understand and meet their obligations under the GST product and receive appropriate entitlements.
3) Superannuation DC, Superannuation Failure to ensure taxpayers understand and meet their obligations under the Superannuation product and receive appropriate entitlements.
4) Excise DC, Indirect Tax Failure to ensure clients
understand and meet their obligations under the Excise product and receive appropriate entitlements.
19 Tax Revenue Failure of the ATO to maintain
appropriate levels of tax revenue and collections, supported by appropriate forecasting and monitoring advice.
1) Revenue Tracking FAC, Corporate
Relations Failure to provide appropriate advice, guidance and monitoring with respect to current budget year forecasts.
2) Liabilities Raised DC, Compliance Support and Capability (coordination)
Failure to meet budgeted tax revenue targets through liabilities raised.
3) Payment Compliance
DC, Debt Failure to maintain payment
compliance at acceptable tolerance levels.
20 Technology Failure to change or sustain key
IT systems to meet business requirements.
1) Invest Chief Information
Officer
Failure to shape and direct a balanced comprehensive investment portfolio for IT systems.
2) Change Chief Information
Officer Failure to deliver replacement and enhancement projects on time, on budget and with the specified functionality and benefits.
Level 0
Level 1
Enterprise risk
owner
Risk description guide
3) Sustain Chief Information
Officer
Failure to maintain existing systems to the level of availability and performance to meet business needs.
21 Transfers
Compliance
Failure of the ATO to ensure citizens understand their entitlements and receive appropriate grants, benefits and related payments under the law.
1) Grants DC, Micro
Enterprises & Individuals
Failure of the ATO to ensure eligible citizens understand their grant entitlements and receive appropriate grants under the law.
2) Benefits DC, Micro
Enterprises & Individuals
Failure of the ATO to ensure eligible citizens understand their benefit entitlements and receive appropriate benefit payments under the law.
3) Offsets DC, Micro
Enterprises & Individuals
Failure of the ATO to ensure eligible citizens understand their offsets entitlements and receive appropriate consideration under the law.
22 Valuation Services 1) Valuation Services General Manager, (Australian Valuation Office)
The failure to maintain the sustainability of the AVO as a viable and successful business operation.