Risk Management process helps to determine the various steps in the decision-making process and allows the making of definite and more informed decisions in each stage of the process before moving on to the next one (European Commission Directorate-General Taxation and Customs Union). This is where Enterprise Risk Management (ERM) guides the governing board to devise holistic approaches in identifying and monitoring various risks that could potentially affect the organization’s business.

With the increase in globalization and cross-border transactions (including the ability of businesses to remotely participate in the economic life of a country without entity/ physical presence), understanding of tax law principles, comprehending effective tax cost, dealing with anti-abuse regulations, seeking certainty and knowing the implications on business have become some of the topics in the boardroom discussion of an enterprise. Companies are often seeking assurance on how they should benchmark relative to their peers in terms of managing their tax operations and risks. This enables them to better articulate their tax-risk profile to auditors and various stakeholders (BDO Global). The worldwide trend is focused on improved Tax Risk Management (TRM), enhanced transparency in tax compliances/ reporting, and increased accountability of company decision-makers (C. Lavermicocca. and J. Buchan 2015). Also, management wants a scenario of ‘no surprises when it comes to managing tax on a global basis, notwithstanding that tax administrations globally are differently placed in their areas of focus and levels of maturity. Rightly said (Terry Hayes), ‘Every business owner should get their head around the very real benefits of tax risk management’.

So, what exactly is TRM? In simple terms, it is the process of ensuring that the businesses comply with the domestic/ international tax laws, i.e., meeting their tax obligations and making sure it is aware of and comfortable with the tax positions it takes (Smart Company, 2021).


The current tax environment coupled with global value chains brings greater uncertainty to tax policies, thereby resulting in significant risk on this count to businesses.  Tax laws vary globally and give rise to interpretation and administration issues such as reporting and compliance obligations; hence it is essential to be up to date with the legislation and administrations of various countries where the business is carried out. Many global enterprises are finding their current approaches to managing tax risks unable to keep pace with the global developments such as changes arising from Base Erosion and Profit Shifting (BEPS) project; Foreign Account Tax Compliance Act (FATCA) reporting, Country-by-Country reporting (CbCr), among others. Increasing pressure on top management (because of regulatory control framework – for example, Sarbanes Oxley Act (SOX) compliance for US-listed companies, FASB Interpretation No. (FIN) 48 analysis, Directive on Administrative Control (DAC) 6 in European Union (EU) for reporting of tax positions) are driving to adopt increased internal controls and sound reporting processes to satisfy tax authorities, regulators and other stakeholders. Also, tax authorities worldwide are looking to bring a greater degree of conformity among taxpayers through tax laws (e.g., anti-abuse laws, indirect transfer laws, etc.) considering the trends of developments at the international level (PwC 2021).

For MNCs, and more particularly SMEs, it calls for them to play a catch-up game, anticipate country-by-country tax legislation, and then cope with such legislation’s compliance, followed by having to handle reporting and audits that follow. At the same time; the entire debate of fair allocation of taxable profits to various jurisdictions (Pillar 1 reflects how the portion of profits can be allocated to market jurisdictions) and the new-age unilateral digital taxes (such as Digital Services Taxes/ Equalisation levy/ Advertisement tax etc.) adds to the existing complexities.

However, since taxes involves the outflow of cash and impacts the working capital of the company along with operational, strategic, and reputational risks, it is crucial to ensure TRM for various organizations (especially for Small-Medium Enterprises and micro companies, where the capital background is not sufficiently strong, and an eventuality such as Covid-19 could likely lead to an interruption in operational activities, financial loss, and bankruptcy).  Tax cost is a major deciding factor for strategic initiatives as it is an ingredient of enterprise metrics (even if below-the-line), and an appropriate tax control framework can be set in place for regular monitoring purposes.  This is particularly true for enterprises that can sky-rocket to unicorn valuations owing to venture capital investment while remaining small in absolute size (i.e., people, plant, property, and equipment) due to remote presence.  The entry of venture capitalists and forthcoming rounds of funding are preceded by due diligence and succeeded by ongoing monitoring by independent directors that look at tax exposures from a magnifying lens. 

An ideal approach to TRM would ensure that risk management and tax functions are devised to: 

  • Articulate tax lifecycle and evaluate potential implications of the tax law changes on business decisions.
  • Determine major tax risks that can arise in this lifecycle
  • Lay down risk management strategies with sufficient resources to handle situations and whose provisioning does not lead to volatile earnings variations.
  • Communicate the overall tax-risk profile to top management, business unit leaders, and board or risk committee members to assess and oversee those risks. This includes a regular discussion with the top management of the material risk areas to guide future decisions.

In the process of determination of an appropriate TRM framework, a few guiding questions on measures that can be considered are:

Technical measures:

  • Is there a commitment to expand on digital technologies for real-time information collation, sharing, and transparency?
  • Is there a need for increased automation and use of tax technology solutions (e.g., Global Transfer pricing documentation, withholding tools, tax compliance, controversy monitor, Bolt-on Goods, and services tax)?
  • Which ERP tools will manage tax data and synchronize with other functions?
  • Which digital knowledge tools can be used for updates/case laws and predictive analysis of outcomes?

Institutional measures:

  • How to ascertain positions that have material impacts, i.e., whether to go for Advance Pricing Agreements, private rulings, safe harbors, etc.?

Diagnostic measures:

  • What are the potential dispute assessment and resolution mechanisms (including strategies for the choice of dispute resolution forum such as mediation, Mutual Agreement Procedures, etc.) that can be used?

Strategic measures:

  • Is there a need for due diligence, e.g., for transaction purposes/ corporate action, organization outlook (philosophy of an organization – fight/litigation or flight/prevention), tax reporting at the board level?


Managing taxpayer risks is best supported by processes that are designed for this purpose. The Organisation for Economic Cooperation and Development (OECD), European Union (EU), and United Nations (UN) had released in the past guidance notes covering several tax policy aspects, all for tax compliance risks. Some of these reports highlight ways of managing and improving taxpayer compliance, which lays down systematized processes for managing compliance risks/ maximizing taxpayers’ voluntary compliance (OECD,2004).

The OECD recent report on Enterprise Risk Management Maturity Model (ERMM) aims to allow tax administrations to (i) self-assess through internal discussions as to how they see their current level of maturity in enterprise risk management, (ii) provide staff and senior leadership of the with a good overview on maturity level based on input stakeholders’ inputs and (iii) allow tax administrations to compare themselves, vis-à-vis peers.

This shows that these global bodies are helping governments to streamline their activities to manage the tax department effectively while also providing a cue to multinationals to comply/ manage risk at the same time. To this end, while the OECD ERMM model is oriented towards tax administrations, it would also be useful for corporations to take a leaf out of the attributes and, by way of a spider-web (diagram below), evaluate where they stand on self-defined attributes.

Source: OECD Enterprise Risk Management Maturity Model report

Risk can also be addressed by way of sustained and proactive engagement with the Revenue authorities, based on an atmosphere of disclosure and dialogue.  To this end, there is increased focus for more cooperative compliance (OECD have issued several documents on co-operative compliance framework). Under cooperative compliance programs, firms and tax administrations agree on a framework of cooperation instead of adopting adversarial positions.


A tax control framework intends to cohesively integrate stakeholders, processes, and outcomes for governance purposes.  Its goal should be to ensure regular monitoring of the system in place and anticipate and mitigate tax risk. It must work effectively with all functions and business units to determine that all tax risks are identified, monitored, reported, mitigated, and managed.

Any framework that needs to be designed should keep in mind various stakeholders, as highlighted in the diagram below.

The self-assessment tool (see below diagram) with which Multi-National Enterprises conduct a preliminary self-assessment of whether each entity of the corporation has the essential elements in place for managing and controlling tax risk (PwC), and can be custom-built to respond to each Treat Customer Fairly (TCF) and the specific needs of the organizations.

Source: Author’s modified diagram; original source: [1]De-fa Cai et al, Big Enterprise TRM: Warning, Simulation and Application,

For this, some of the points an organization needs to consider are the availability of adequate tax competencies within, assurance of the tax department’s continuity, reliability, and availability of the external expertise, considering tax as one of the pieces of the dynamic organization jigsaw and availability of enough budget to reach tax goals.


The building blocks are, (i) an established tax strategy that comprehensively covers all the transactions that could affect the tax position of the enterprise; (ii) clear and adequate assignment of responsibility for implementation of TCF within the enterprise; (iii) sufficient governance documents to ensure adequate checks; (iv) regular testing and monitoring of the framework; (v) ability of the framework to assure all stakeholders including the tax administration that there is adequate internal control to manage tax risks and compliances/ disclosures are reliable.

Source: https://www.bdo.global/en-gb/services/tax/global-tax-assurance-and-risk-management

A point to note in the context of TRM regarding the above diagrammatic representation is that organizations are in a constant state of evolution.   An entity that is performing marketing support activities may become a distributor, a shared services entity may be established to take on various high-value and routine activities for the group, or the organization may adopt a decentralized model in place of an integrated principal structure in certain jurisdictions.  This calls for a proactive assessment of incremental tax risk that may arise due to business changes.


Many SMEs rarely undertake a detailed tax risk assessment and management strategies. This may be because of budget and resource constraints, which are limited. In any case, they are in a constant battle for resource allocations, fund-raising, product-market fit, talent retention, and growth. In the face of these challenges, tax risk management is prone to slide to the lower-rungs of priority. However, this could prove to be their undoing because the uncertainty of tax liability due to ambulatory interpretations, coupled with dynamic tax administration behavior, could result in unduly high demands of tax, interest, and penalty, that could be wholly unexpected.

Hence, through analysis of effort – risk/reward and long-term benefits should be kept in mind. Focus and implementation are essential even at the early stages of the organization so that Tax ERMM becomes a genetic part of the organization as today’s SMEs are tomorrow’s large corporations.


The current tax environment gives virtually every organizational function a stake in managing taxes, tax risks, and related processes. Hence, integration of TRM into the broader risk management framework shall enable an organization to generate efficiencies, upgrade tax management and compliance processes, and enhance financial results while efficiently managing tax implications.

However, there is no ‘one size fits all’ model, and every organization must frame its tax risk management depending on various operational and other factors.