International Journal of Government Auditing – January 2015
Although revenue audit is a significant domain of public sector auditing, limited guidance materials are available on this topic. When performing revenue audits the Office of the Auditor General in Nepal has used a combination of procedures, rather than a single approach, to produce well-informed conclusions. We offer our experiences as examples for other Supreme Audit Institutions (SAIs) interested in revenue audit.
Revenue consists of all kinds of government receipts, such as tax, duty, fees, levies, interest, dividends, and income from the sale of assets, investments, and the leasing of government property. It is the responsibility of revenue authorities to see that all revenue is correctly assessed, collected, and deposited to the government treasury– and it is the main objective of revenue auditors to ensure compliance with legal provisions in this assessment, collection, and deposit of revenue.
The Lima Declaration of Guidelines on Auditing Precepts (1977) states that SAIs shall be empowered to both audit the collection of taxes to the maximum possible extent and to examine individual tax files. The International Organization of Supreme Audit Institutions (INTOSAI) has developed International Standards for Supreme Audit Institutions (ISSAIs); these standards deal with financial, compliance, and performance audit.
These ISSAIS can also be used for revenue audit. However, INTOSAI has not developed any guidance notes for revenue audit. Research literature in this area is also lacking. This article is therefore based on the practical cases of SAI Nepal in using audit procedures for revenue audit.
During the revenue audit’s planning stage, in order to gain insights into the tax administration system, auditors reviewed operational processes, the information technology (IT) environment, policies, directives, legal provisions, roles and responsibilities, control procedures, and the monitoring mechanisms of the Inland Revenue Department (IRD) of Nepal. Auditors then identified inherent and control risks associated with compliance with laws and directives. At the end of this exercise, areas having the greatest likelihood of risk, and the greatest impact on revenue collection, were selected for audit.
Three audit procedures—test of control, substantive analytical procedures, and test of details—were designed for use in the revenue audit. Examples of combining audit procedures to collect sufficient and appropriate audit evidence are discussed below.
The IRD of Nepal has introduced a system inwhich taxpayers are required to upload purchase and sales transactions of more than 5,200 USD These taxpayers must specify their permanent account number (PAN) in IRD’s IT system. This arrangement ultimately contributes to the control of tax evasion.
While performing the test of control, auditors reviewed the effectiveness of the system. They noticed that IRD has also developed mismatch software which can be run in its IT system to identify discrepancies reported by taxpayers regarding purchase and sales transactions. Thousands of mismatched transactions were thus reported by the system.
However, IRD did not assess the tax implications of these events.
Auditors also discovered that some taxpayers were not uploading their transactions into the system. The return details were verified for taxpayers even when they did not upload their purchase and sale transactions. This indicated that the IRD’s internal control system was not consistently applied. In fact, the system was found to be ineffective in controlling tax evasion due to a lack of proper administration.
Auditors also performed a test of detail procedures by selecting 157 tax payers for which a transactional mismatch had been reported. Auditors compared the return details submitted to IRD with the purchase and sales ledgers of individual taxpayers, and found several cases of insufficient reporting.
For example, a report by taxpayer A regarding a purchase from taxpayer B was not reported as a sale by taxpayer B. Likewise, a sale reported by taxpayer X to taxpayer Y was not reported as a purchase by taxpayer Y.
While compiling such cases, auditors found that a sales transaction worth 16 million USD was underreported, resulting in a loss of about 8 million USD in value-added tax (VAT) and income tax revenue.
These cases of tax evasion were reported to the IRD, which has since initiated a tax liability assessment process.
As per the VAT Act, VAT paid in purchases can be credited to the amount of VAT collected from sales. A taxpayer submits a debit return to IRD if the amount of VAT collected is more than the amount of VAT paid during the purchase. Likewise, a taxpayer submits a credit return if the amount of VAT paid is higher than the VAT amount collected.
While performing the test of control of this process, auditors found that less than two percent of VAT returns filed in IRD were reviewed by the tax officer.
As significant weaknesses were found in internal control, the auditors extended audit procedures and performed substantive analytical procedures by collecting the information relating to 2012/13 on the ratio of debit and credit VAT returns.
They found that 22 percent of taxpayers registered in the VAT system had not submitted VAT returns to the IRD. Of the taxpayers who did submit returns, 32 percent had submitted zero rate returns, and 52 percent submitted credit returns. This indicates a serious problem in the implementation of VAT.
Auditors also noted that during 2012- 13, the amount of VAT debit returns submitted by taxpayers totaled only 252 million USD, compared to a credit return total of 1.8 billion USD. The VAT credit return amount was 7.2 times that of the debit return amount; taxpayers are clearly claiming many more VAT dollars from the government treasury than were paid into the system.
Auditors also used test of detail procedures, by selecting random taxpayers for review, to identify the cause of increasing VAT credits. This test revealed that increasing government exemptions on the VAT, and the submission of fake bills, were main causes of the discrepancies. This issue was reported to the IRD to investigate on a case-by-case basis.
"Our experiences show that any one audit procedure, on its own, cannot provide the quality of audit evidence that a combination of approaches can produce."
— Ramu Prasad Dotel
The Prevailing Income Tax Act of Nepal states that only the interest paid for loans used for business purposes, rather than personal or other loans, can be deducted.
While reviewing the control environment at internal revenue offices, auditors noted that tax returns submitted by taxpayers claiming interest expenses are substantiated only when IRD conducts a tax audit.
Normally, the IRD only selects two percent of all filed returns for follow-up audits. Auditors therefore determined that interest expense claims were a risk area for the 2012- 13 audit.
Auditors performed a test of details in order to identify the actual use of loans taken out by taxpayers. Loans and interest paid were verified, and the annual cash inflow and outflow of the randomly selected taxpayers was also reviewed.
Auditors found that loans were taken out by taxpayers on different dates and from different banks than those reported. However, the cash and bank balances of the loan recipients had been found sufficient by tax reviewers for the business requirement.
In reviewing the cash outflow, it was noted that taxpayers had given the available funds to the directors, or had advanced funds to other firms or people with whom they had no direct business relationship. Auditors pointed out these loans were not used for business purposes and so, as per legal provisions, the interest on such loans was not tax deductible.
The audit revealed that the claimed interest on loans not used for business purposes resulted in a revenue loss to the government of 500,000 USD.
Audit procedures conceptualize the activities performed to collect sufficient and appropriate audit evidence. In the process of the three revenue audits previously cited, auditors performed three audit procedures—test of control, substantive analytical procedures, and test of detail—to mitigate the risk of material misstatement. Our experiences show that any one audit procedure, on its own, cannot provide the quality of audit evidence that a combination of approaches can produce.