I need help with documenting and testing our taxation department. We are an insurance firm which has decided to implement Sox internal controls. Has anyone done any sox documentation on Income Taxes, Federal and State at corporate level. Can you share your findings? what controls did you put in place? all/any help is much appreciated.
E-and-Y has a good resource document, ‘Navigating the Perfect Storm, Tax and 404 1’. The slides from the Webcast include some leading thoughts on tax and Sarbanes-Oxley Section 404. Also included are lessons learned and guidance for Year 2, and a brief summary on complex issues such as ‘uncertain tax positions’.
Hope this helps,
John_Maleckar_CPA last edited by
The Key Controls that you are going to document must be broken out into specific processes. First, determine the processes within the ‘tax department’. Off the top of my head, there will be the income tax return preparation processes, the GAAP/tax adjustments and tax accounting processes, and, depending on these processes and how they are defined, an insurance comapny has the added tax issues for ‘insurance reserves’ under IRC Subchapter H.
In addition, there may be real estate taxes, personal property taxes, and sales/use taxes, and (potentially) payroll taxes, although these are usually covered in the HR/Payroll cycle–each of which would have its own accounting processes.
Once you had a comrehensive list of all potential processes, you could focus on the processes that relate to significant accounts and disclosures in the financial statements.
Depending on the specific process steps, you can identify current steps that are control activities, and analyze as any other (non-tax) process and key control.
Also, you probably have very specific software (outside the General Ledger) that youn use to compute the taxes–these must be documented and tested as well for application controls. There is a current thread in re ‘speadsheet controls’ that would be helpful. The folks that have commented have made some interesting/inciteful observations and reading the posts would be very helpful.
Hope this helps.
Thanks for the insight. the problem is that folks here want to focus only in testing the spreasheet and not the surronding control. Taxation is run by one person who solely relies in external auditing firm (they sign the taxes return) thus the mentally it that they are not liable. Controller and CFO are not really involved and thus there is very little review process in place. the system used in FAS but reliance is on excel spreasheet. I am at loss as to how to approach this. I have done sox over the 3 years but find this to be very cumbersome process.
Thanks to all…
Yes, I agree that testing spreadsheet controls is inadequate to assess the controls over the tax function. Since you use the services af an external tax consultant to develop the tax estimates, provide tax advisory services, etc., you might consider approaching the documentation and testing for SOX purposes similar to that when an external service provider or processor is used.
In this situation, one normally obtains a SAS-70 Type II Report. I am not suggesting that you request such a report from your tax advisor. However, the approach for SOX purposes is somewhat similar.
For example, the tax advisor relies on information that your Accounting or Finance staff provide to them to develop the tax estimates. Although they derive the amounts and estimated provision for taxes, they rely on the information that you provide them to develop an accurate estimate.
Thus, controls exist both at your company and with the tax advisor to ensure that the tax financial information is accurately reported and satisfied the basic FS assertions…rights and obligations, existence and occurrence, valuation and accuracy, and presentation and disclosure.
In short, you will need to peform limited tests of controls since some of the controls are not within your company. However, to the extent that you have adequate internal controls over the information that you furnish them and accurate processing and reporting of the tax information that they furnish to you, these controls should be documented and tested for operating effectiveness.
Hope this further helps and good luck,
should i requested from the external auditors copy of findings from the audit? During the interveiw process with the tax manager I was informed they had issue in the past. Fixed assets is an area of concern for both the external audit and the tax manager although not much detail has been provided…
AuditorSox last edited by
I am not so far involved in Taxation related SOX Compliance;
But try to visit the website of Organisation for Economic Co-operation and Development
Search for : Guidance on tax Compliance
Yes, it is a good idea to discuss previous concerns noted by the External Auditor. Some of the issues previously addressed might be formally documented in the Management Letter Comments.
Obtaining and reviewing the Management Letter Comments would enable you to more effectively determine the sub-processes in the tax process for development of SOX Business Process Documentation.
Additionally, a good understanding of the Management Letter Comments and issues previously noted by the External Auditor will enable you to identify areas that should be considered for testing purposes and identification of key controls.
Some typical tax processes and sub-processes for consideration:
Calculate provision for income tax expense (current, deferred; federal, state and local) (non-routine transaction)
Calculate balance of valuation allowance (management estimate)
Calculate reserves for tax contingencies (management estimate)
Tax payments (part of company cash disbursements process)
Tax disclosures (part of the financial statement close process)
Some example questions for consideration:
How does the tax function ensure that tax calculations in non-tax systems are maintained and properly applied ? (fixed assets)
What controls ensure that changes in the financial information systems that impact tax accounts or returns are identified and addressed by the tax function?
What controls are in place to ensure that appropriate electronic and hard copy supporting documentation is available if the company is audited by the tax authority?
What would prevent errors in system-generated tax information from detection by the responsible parties?
Tax Types for Consideration:
Federal Income Tax Provision
*Sales and Use
- items having fixed asset relevance
Hope this further helps,
- items having fixed asset relevance
Thanks to all who took the time to reply to my question, with these insightful comments I will be able to move forward. Thanks again to all