Underground Economy Initiative Internal Audit

Final Report

Corporate Audit and Evaluation Branch
December 2008

Table of Contents

• Executive Summary
• Introduction
• Focus of the Audit
• Findings, Recommendations and Action Plans
  • 1.0  Identifying High Risk Sectors and Files
    • 1.1 Risk Assessment
      • 1.1.1 National Risk Assessment
      • 1.1.2 Regional Risk Assessment
      • 1.1.3 File Selection
      • 1.1.4 Audit Plans
    • 1.2 Research of Emerging Underground Economic Activity
  • 2.0 2004 UEI Strategy
    • 2.1 Internal/External Communication
    • 2.2 Information Management
  • 3.0  Audit Process
    • 3.1  Audit Techniques and Tools
• Conclusion

Executive Summary

Background: The Underground Economy Initiative (UEI) is a national compliance strategy launched by the Canada Revenue Agency (CRA) in 1993 to focus effort on concerns with the underground economy. In addition to identification, audit and enforcement programs addressing the underground economy, the CRA also works with provincial, territorial and other federal government departments, as well as industry associations. Furthermore, the CRA conducts books and records reviews, community visits as part of its outreach programs and has other communication and consumer awareness programs. Underground Economy (UE) can be defined as economic activity that would generally be taxable if it were reported to the tax authorities. It includes both unreported and underreported revenues.

Within CRA, UEI is managed by two sections within the High Risk Compliance Strategy Division of the Small and Medium Enterprises Directorate in the Compliance Programs Branch (CPB). These Headquarters (HQ) sections provide governance and work with branches, regions, and tax service offices (TSOs) to develop partnerships with other jurisdictions and industry groups, implement reporting mechanisms, develop education programs and deliver audit initiatives.

In 2004, the UEI strategy was updated to a multi-year plan that included 28 action items and pilot projects sponsored by HQ to direct the activities of the UE program over a three to four year period.

For the fiscal year ended March 31, 2008, CPB dedicated 1028 audit Full Time Equivalents (FTEs) to the UEI. A total of 11,394 underground economy cases, consisting of 17,273 audits, were completed in the period, resulting in approximately $575 million in unreported income and $150 million in taxes assessed.

Objective: The objectives of the Internal Audit of the UEI were to assess the implementation of the 2004 UEI strategy, assess the management controls in place to identify sectors, projects and taxpayers, and determine whether the audit process used by UEI is appropriate.

National in scope, the audit concentrated on UEI activities conducted during the 2004-2007 fiscal years. This audit did not cover the activities of the Non-filers/Non-registrant program, which is one of the elements of the UEI, as an internal audit was completed on this program in May 2007.

Furthermore, action items to enhance effective communications on the UEI, in order to leverage the impact of compliance activities, were removed from the scope of the examination phase due to the strength and commitment of outreach activities, such as community visits and education initiatives, performed by both HQ and Regions. Also, the UE Steering Committee, HQ Compliance Committee and the Federal Provincial Territorial Underground Economy Working Group have been in place for at least two years. These committees were reviewed during the planning phase and are achieving their mandates. No issues or concerns were identified to warrant including them in the scope of the examination phase.

The examination phase focused on UE audit activities and was conducted from September 2007 to March 2008. Methodology included audit tests, interviews with representatives from ten TSOs in four regions, and a review of a representative sample of 253 UE audit files from 13 TSOs.

The audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.

Conclusion: The CPB has made reasonable progress in the implementation of the 2004 UEI strategy. However, processes and controls can be improved to identify and select the highest risk files or to ensure an appropriate audit process exists to address the specific characteristics of taxpayers who engage in UE activities.

A tiered approach is in place to direct UE resources to sectors, projects and taxpayers through headquarters, regional, file selection and audit planning. However, Headquarters and TSO risk assessments have not been systematically carried out and a comparative method to evaluate sectors has not been established. Strategically, opportunities exist to create a knowledge base to improve future risk assessments or to better direct resources nationally to higher risk areas.

Eighteen of the 28 initiatives from the 2004 UEI Compliance strategy are completed or substantially completed, and progress continues on the other 10. There remains a need to more clearly connect program decisions with internal and external research, to better communicate and engage the TSOs before implementing projects, and to ensure TSO level Compliance Committees are operating as intended.

As a distinct sub-set of the Small and Medium Enterprises (SME) Program, the UEI requires a more focused approach that supports the unique nature of UE audits. The review of files revealed gaps in the guidance provided for UE file selection, UE audit plan preparation, the use of audit tools and techniques in UE audit files and the communication between UE auditors and collection officers. Clear guidelines should support the objectives of the UEI and recognize that the UE audit process differs from the regular SME program.

Performance measurements for the UEI should be broadened to emphasize and encourage quality throughout the workload development, file preparation and file review processes to increase the likelihood of detecting the unreported/underreported revenue associated with UE activity.

Action Plans: Compliance Programs Branch has agreed to changes that address Internal Audit's findings. The action plans include:

CPB will form a working group to identify the stakeholders/partners and determine the resources, time and amount of work required to develop a process to identify and evaluate the risks of non-compliance in the sub-sectors of HQ's targeted industries PROTECTED .

CPB will develop policies and procedures on systematically assessing sectors/sub-sectors risks in the regions. Policies will also provide for monitoring in this regard to ensure completeness and consistency in approach across regions.

CPB commits to better document and track the analysis and application of research findings for UE programs and strategies, to indicate clear linkages between research findings and program delivery decisions.

CPB commenced development of a general screening manual for UE and other SME audit files. CPB will recommend and implement changes on how to improve the effectiveness and efficiency of the Indirect Verification of Income (IVI) techniques, including application of tests by auditors to each UE file based on the upcoming results of a study titled Effectiveness of Indirect Verification of Income.

CPB is currently undertaking several studies that will provide helpful information in establishing performance measures for UE audit files. CPB will evaluate the results to determine whether they have driven the desired behaviour (e.g. quality audits) and will implement the relevant changes.

In 2002 CPB launched Compliance System Redesign (CSR), which is a major business transformation initiative designed to improve and expand the capacity to manage and deliver compliance programs more effectively throughout the CRA. Key components of the CSR Performance Measurement Strategy and Business Case link to improving research, risk assessment and workload selection. There are some early deliverables in production that will contribute to the work on the UE.

Introduction

The Canada Revenue Agency (CRA) defines the underground economy (UE) as economic activity that would generally be taxable if it were reported to the tax authorities. It includes both unreported and underreported revenues. For example, the UE may involve mischaracterization of employment income as income from self-employment, failure to file or register, or failure to report a business activity (“moonlighting”), part of a business activity (“skimming”), or employment income (tips and gratuities). The UE undermines the fairness and integrity of tax laws.

The Underground Economy Initiative (UEI) is an Agency initiative launched in 1993 to address concerns about the growing underground economy. In addition to identification, audit and enforcement programs addressing the UE, the CRA works in partnership with others to address the UE (provincial, territorial, and other federal government departments, as well as industry associations) and conducts books and records reviews, community visits and various communications and consumer awareness programs.

In Headquarters (HQ), two sections within the High Risk Compliance Strategy Division of the Small and Medium Enterprises Directorate in the Compliance Programs Branch (CPB) were established to manage the UEI strategic direction, identify high risk non-compliant sectors, and deter UE activities. The HQ sections work with branches, regions and tax services offices (TSOs) to develop partnerships with the provinces and industry groups, implement reporting mechanisms, develop education programs and coordinate audit initiatives. In the TSOs, the UEI is a distinct component of the SME audit program.

In 2004, after an agency-wide review of all compliance issues, CRA identified the UE as one of four key risk priority areas. The UEI strategy was, therefore, updated to focus on the following five strategic objectives:

• strengthening Agency-wide capacity;
• effectively directing compliance work;
• effective communications to leverage the impact of compliance activities;
• broadening the engagement of stakeholders; and
• increasing research capacity.

The updated strategy included a multi-year plan with 28 action items and pilot projects sponsored by HQ to direct the activities of the UE program over a three to four year period. The plan clearly described the initiative, the objective, branch responsibilities and timeframes by which the action items were to be completed. An inventory of regional and local initiatives was subsequently developed and has continued to evolve in response to changes in the business environment and economy. To effectively battle the UE, it is imperative that CRA efforts be focused on current high risk sectors both nationally and locally. As a result, effective file selection is a key success factor.

Funding for the UEI was $59.8 million for fiscal 2007-2008, representing 8% of the CPB budget. For the fiscal year ended March 31, 2008, the CPB dedicated 1028 audit Full Time Equivalents (FTEs) to the UEI. A total of 11,394 underground economy cases, consisting of 17,273 audits, were completed in the period, resulting in approximately $575 million in unreported income and $150 million in taxes assessed. Cases with gross negligence penalties totalled 2628 and referrals to Enforcement and Disclosures Directorate numbered 415. There were 81 criminal convictions resulting from UE audits files in 2007-2008. Outreach was also a focus, with CRA contacting over 10,000 taxpayers, conducting 149 community or wharf visits, and participating in 22 home shows.

The investment of over 1000 audit resources, which represents 17.5% of SME programs, is a significant investment both in terms of administrative and opportunity costs. The nature of the UE makes conducting compliance work inherently complex, so effective identification of the industry sectors with the highest risk of unreported income is vital to the success of the UEI.

CPB Quality Assurance reviews have identified audit planning and audit tests as areas of concern in their review of files completed in the SME programs, which includes UE audits.

The UEI was audited by the Office of the Auditor General of Canada (OAG), Revenue Canada – Underground Economy Initiative (April 1999 – Chapter 2 and subsequent follow-up 2001 – Chapter 12). The OAG recommended improvements in performance indicators, audit selection, and reporting of results, which were included in the scope of planning phase of the audit.

A CRA Internal Audit of Risk Management in the Underground Economy Initiative in the Atlantic Region was completed in 2005. The audit recommended improvements in terms of risk assessment, research, workload development, the development of performance indicators and improvements in functional guidance from Headquarters, which were included in the scope of the planning phase of the audit.

FOCUS OF THE AUDIT

The objectives of the audit were to assess the implementation of the 2004 UEI strategy, assess the management controls in place to identify sectors, projects and taxpayers, and determine whether the audit process used by the UEI is appropriate. This audit was included in the approved Corporate Audit and Evaluation Branch Business Plan for 2006-2009.

National in scope, the planning phase of the audit included HQ / TSO interviews and the review and analysis of documents associated with the key activities of the Underground Economy Sections for the 2004-2007 fiscal years. This audit did not cover the activities of the Non-filers/Non-registrant program as an internal audit was completed on this program in May 2007.

Action items within the UEI third strategic objective, effective communications to leverage the impact of compliance activities, were removed from the scope of the examination phase due to the strength and commitment of outreach activities, such as community visits and education initiatives, performed by both HQ and Regions. Also, the UE Steering Committee, HQ Compliance Committee and Federal Provincial Territorial Underground Economy Working Group have been in place for at least two years. These committees, reviewed during the planning phase, are achieving their mandates and no issues or concerns were identified to include them in the scope of the examination phase.

Compliance System Redesign (CSR), formerly Business Integration Systems Support Infrastructure (BISSI), was created in 2002.  It is a major business transformation initiative designed to improve and expand the capacity to manage and deliver compliance programs more effectively throughout the CRA. Key components of the CSR Performance Measurement Strategy and Business Case link to improving research, risk assessment and workload selection. CSR is not yet finished and is not in production. Therefore, as it relates to the UE program, CSR was not included in the scope of this audit. However, an internal audit of CSR is planned to commence in 2009-2010.

The examination phase focused on UE audit activities and was conducted from September 2007 to March 2008. Methodology included audit tests, interviews with representatives from 10 TSOs in 4 regions based on results of the planning stage, and a review of a representative sample of 253 UE audit files from 13 TSOs.

The audit was conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.

FINDINGS, RECOMMENDATIONS AND ACTION PLANS

1.0 Identifying High Risk Sectors and Files

1.1 Risk Assessment

The application of risk assessment techniques is key to aligning UE efforts to meet program objectives. The control process for UEI investments, decision making and priorities occur at four levels:

• national strategy set by Headquarters;
• Regional/TSO approach and focus set by Compliance Committees;
• file selection decisions made by workload development and team leaders; and
• audit plans established by individual auditors and team leaders.

1.1.1   National Risk Assessment

A key role of Headquarters is the identification of high risk and non-compliant areas. This involves looking at industry sectors suspected of dealing in the underground economy, to determine the appropriate level of audit coverage and compiling information needed to prioritize the allocation of resources in the regions and individual TSOs.

PROTECTED

Recommendations

CPB should develop comparative risk assessments for all sectors where there is evidence of UE activity and ensure these are updated regularly.

CPB should develop a systematic approach to identifying and evaluating the risks of non-compliance in the sub-sectors of HQ's targeted industries.

Action Plans

In 2004-2005, the Agency undertook a comprehensive assessment of the risks facing tax administration in Canada. This Compliance Review resulted in the identification of four key risk priorities, including the underground economy, and the development of attendant multi-year strategies and work plans. The Agency is currently undertaking Compliance Review II which will examine existing and emerging compliance risks, including the UE. CPB will use a similar approach for sectors and sub-sectors where there is evidence of UE activity. Expected date of completion 2010-2011. 

Compliance Programs Branch has also launched a major business transformation initiative to enhance CPB's capacity to manage compliance programs. Launched in 2002, CSR will provide a comprehensive business solution that will modernize current processes, systems and technologies, which are outdated, labour-intensive, inflexible, and can no longer support program delivery needs. Key CSR components include the following:

• Research, Risk Assessment and Workload Selection – focused on supporting the delivery of research, risk assessment and workload selection for all CPB business lines, including the underground economy. This will improve the ability to target non-compliance and select the appropriate files for audit.
• Work Management – this will improve management of CPB workload through the introduction of one case management system to support compliance programs. 
• Audit and Investigative Tools – this will support auditors in executing their work by providing tools to support their analysis, communication with taxpayers, and reporting requirements.

CSR is currently in the pilot phase. Release 1, outlined below, is expected to be completed in 2009:

• content management capability to support Business Intelligence in all areas dealing with Risk Assessment, Workload Selection, Audit and Reporting;
• data supply to the “Lab” including third party sources; this is key for supporting risk assessment work in the underground economy;
• national leads data base to support workload selection activities;
• replace Computer Assisted Audit Selection (CAAS) to improve our capabilities and support the identification of issues of non-compliance and to estimate the risk of revenue loss associated with those issues;
• deploy Sybase IQ in the “Lab” to facilitate preparation of data for analysis work on a number of initiatives including UE; and
• enhance Compliance, Measurement, Profiling and Assessment System (COMPASS), which is the primary tool for selecting workload to support workload selection tasks for all components of CPB including SME and UE.

Additional components will be released in 2010 and 2011.

CPB will form a working group to identify the stakeholders/partners and determine the resources, time and amount of work required to develop a process to identify and evaluate the risks of non-compliance in the sub-sectors of HQ's targeted industries PROTECTED.  Expected date of completion June 2009. 

1.1.2   Regional Risk Assessment

At the regional level, systematic risk assessments are not performed by TSOs when choosing their sectors and HQ has not developed policies and procedures related to sector risk assessment to assist TSOs in this process. While local knowledge and experience of TSO staff are valuable input to risk assessments, the audit found that most TSOs rely mainly on informal approaches. Mechanisms which incorporate comparisons and data to more systematically assess relative risk between sectors are required. Moreover, to refine risk assessment over time and share intelligence between offices, risk assessments need to be documented and communicated. Systematic risk assessment enables comparison between industry sectors which can be used to substantiate the targeting of a specific sector. This concern was previously identified in the 2005 CRA Internal Audit of Risk Management in the Underground Economy Initiative in the Atlantic Region.

In the semi annual regional reports to HQ, TSOs are requested to summarize the risk assessment tools used to select sectors. TSOs could not provide Internal Audit with documents to substantiate the risk assessment activities detailed and HQ does not verify the validity of the qualitative sections of the report. Ensuring TSOs perform systematic risk assessments would provide a comparative method to evaluate sectors, create a knowledge base for future risk assessments and direct resources to the higher risk areas.

There is no established communication network for sharing of knowledge between TSOs and regions. Currently, best practices, results and experiences are exchanged during regional conferences. Due to staff turnover, this knowledge is lost as there is no library where new UE coordinators and other employees can access this information. Keeping historical documents could strengthen future risk assessments and lessen the learning curves of new employees.

Recommendations

CPB should provide policies and procedures to the TSOs on systematically assessing sector risks and monitor their work to ensure completeness and consistency between Regions.

CPB should develop a communication mechanism for sharing of industry knowledge, best practices and audit issues between regions and TSOs to assist with current risk assessment practices and retention of corporate knowledge.

Action Plans

Recognizing the significance of risk assessment and workload development for enhancing compliance in the SME sector, and as a result of a Functional Activity Review, CPB created a specialized Division within the SME Directorate in order to strengthen the audit selection process. The Workload Development and Business Analysis Division is committed to the following action plan:

• develop policies and procedures for risk assessment in the regions;
• set up a working group to develop and recommend options in order to determine a TSO structure that is the best delivery model for implementing Workload Development;
• improve communication between the regions by having one national repository for projects, best practices etc. with the intent of creating better documentation and communication;
• use the intranet for communicating best practices and other information with the regions;
• institute a national workload committee where representatives from regional workload committees could share best practices and knowledge;
• provide COMPASS training to the workload development personnel in the regions;
• provide guidelines/criteria for ad-hoc workload selection; and
• monitor workload development in the regions to ensure that policies and procedures are respected.

Expected date of completion 2009-2010. 

CPB has undertaken an Intranet Renewal Project to improve its InfoZone site as a work and communication tool for all employees. Improvements made will allow for increased and better accessibility to program information and reports such as the Regional/TSO semi-annual Consolidated UE reports. This report was first published in the “UE Beat,” an internal UE newsletter to staff, in February 2008. In 2008, CPB began work to establish a shared G:/drive that will be made accessible to the regions and TSOs. The drive will provide additional, more detailed information specific to the UE, such as best practices, industry knowledge, and audit issues. For example, a “Projects Catalogue” will be made available on the new G:/drive. Expected date of completion March 2009.

CPB is building reporting and analysis capabilities into the Research, Risk Assessment and Workload Selection component of Compliance Systems Redesign, to allow for feedback from screeners and auditors. This also includes support by creating a work environment for the virtual network of researchers working on risk assessment and the workload selection research agenda to improve the selection of files. Expected date of completion October 2009.

1.1.3   File Selection

Guidance for the selection of UE files falls under the SME guidelines that are outlined in the CPB Audit Manual. Although not centralized in one area, various references in the manual suggest that the audit file screening comments prepared by Workload Development should provide analysis and direction that:

• documents the reason why the taxpayer has been selected as high risk or why that file has been chosen for audit;
• identifies issues of concern;
• provides guidance to aid the auditor in performing a quality file; and
• provides team leaders with criteria for audit plan review.

In the case of a UE file, screener comments should identify specific UE issues. In 58% of the 253 UE files reviewed (146 files) screener's comments did not identify any UE issues that would substantiate their selection as a high risk UE file. Only 5% (14 files) were considered to have high-quality comments that included analysis and direction to aid auditors and team leaders in completing an effective audit with a UE focus. HQ has not developed any specific guidance for Workload Development to select high risk UE files and a standard to document screener comments for a UE file.

Screener's comments are important in providing direction. Based on our file review of the 253 UE files, the audit identified that the majority of auditors (73%) ensured that addressing screener's comments was part of the completed audits.

Recommendation

CPB should set standards and provide specific guidance that would improve the quality of screening comments for UE audit files.

Action Plan

Earlier in 2008, CPB commenced development of a general screening manual for UE and other SME audit files. The manual will outline the process for screening, and will detail requirements for appropriate screener comments. This should assist in improving the quality of screening comments for UE and other SME audit files. Expected completion of the manual is March 2009.

1.1.4   Audit Plans

Indirect Verification of Income (IVI) techniques, initial interviews and audit plan review are important parts of the planning stage of a UE audit.

By definition, files chosen to be audited under the UEI are expected to have unreported or underreported income. An analysis that determines whether income reported is sufficient to support the taxpayer's lifestyle will give the auditor an estimation of the unreported revenue. The CPB IVI module training course introduces the use of a rough net worth (asset/liability approach) or rough source and application of funds (cash flow/expenditure approach). These indirect supporting techniques can be used to analyze the taxpayer's lifestyle and indicate to the auditor the scope of audit procedures needed to identify income from UE activity. During our review of 253 audit files, 68% (172 files) did not have a lifestyle analysis performed using a rough source and application of funds or rough net worth.

PROTECTED

Moreover, of 58 files where the taxpayer could not reasonably live on the income reported, 69% of those files had no documentation or procedures performed to explain how the family unit could fund basic living expenses. An analysis and conclusion on the ability of a taxpayer to support their lifestyle is not currently mandatory in the planning of a UE audit.

The initial interview with taxpayers is the first step in understanding what type of accounting records may exist. In the file review, it was found that 30% (76 files) had no documented initial interview. Twenty-three percent (58 files) had limited information documented in their initial interview with no evidence of follow-up questions. These interviews were not sufficiently in-depth to direct the auditor in selecting effective revenue detecting procedures or to provide a reviewer with the information required to evaluate the audit program.

A key responsibility of the team leader is to review audit files in order to monitor quality. In the audit planning phase, a team leader is to ensure the procedures the auditor proposes address the issues documented in the screener's comments as well as the concerns identified in the initial interview of the taxpayer. Of the 253 files reviewed, 39% (98 files) had no evidence that the team leader was involved in the audit plan or the approval process of an audit file. Only 19% (48 files) documented any additional involvement by the team leader. There is no electronic review process in the audit preparation software; thereby making it difficult to determine the extent of team leader supervision during the audit. In our audit sample, those files that had evidence of team leader involvement resulted in identifying higher amounts of unreported income.

Recommendations

CPB should make it mandatory to apply either a rough source and application of funds or a rough net worth to analyze the taxpayer's lifestyle vs. income reported in all UE files.

CPB should strengthen the audit file review process and team leader's accountability to ensure that guidance and supervision is provided at all stages of the audit. This review process should be embedded into the audit preparation software, WINdows Audit Laptop System (WINALS).

Action Plans

CPB recently began four major studies of its Small Business Audit Program in order to improve efficiency and effectiveness. These studies are exploring team leader involvement, quality standards, performance measurement, and audit tools and techniques, including the use of IVI and the combined audit approach. We will also be looking at risk assessment, auditor training and tools, and improved communication between HQ and the TSOs.

As part of these major studies, we are undertaking a review of the Indirect Verification of Income (IVI) initiative to determine whether it has achieved its objectives, and to make recommendations to improve its effectiveness. There are currently several tests, analysis and assessing techniques available to auditors. Flexibility in applying these tools is necessary to determine the appropriate action for each file. Nonetheless, CPB expected that by 2007-2008, the percentage of full compliance audits completed using an IVI technique would increase to 75%, and this has not occurred. As a result, CPB commenced a study in April 2008, “Effectiveness of Indirect Verification of Income,” to determine, among other things, the reasons why IVI is not used by auditors as often as projected. Based on the results of this study, CPB will recommend changes on how to improve the effectiveness and efficiency of IVI techniques, including the application of tests by auditors during each Small Business Audit file. The report is expected to be finalized by the end of fiscal 2009-2010.

Another part of these major studies is our review of quality and to analyze those factors which ensure quality audits are produced, including team leader involvement and accountability at all stages of the audit process. This project also includes the creation of a quality assurance template that will clarify expectations, and provide national direction and coordination. Based on the results of the report, CPB will make and implement recommendations as to the best way to address identified quality and team leader involvement issues. Expected date of completion is the end of fiscal 2009-2010.

CSR is incorporating the capability for screeners to add comments and feedback to the Risk Assessment area. As well, CSR is building a case management system into the Workload Management component that will include business rules to ensure best practices as well as team leader/supervisor review and approval. Expected date of completion October 2010.

1.2 Research of Emerging Underground Economic Activity

One of the five major strategic objectives of the 2004 UE compliance strategy was the strengthening of Agency research capacity. Conducting more research, analysis and risk assessment in order to better understand the targeted areas was considered by CPB to be vital for combating the UE. Accordingly, 5 of the 28 action items were linked to the strengthening of research capacity:

1) establish a dedicated research and analysis unit;
2) improve linkages with academic community;
3) conduct research audits in suspected areas;
4) develop cross program profiles; and
5) conduct studies to measure the impacts of UE strategies.

In January 2006, the Specialty Compliance Research Section, which focuses on UE research, was formed in the Compliance Research and Risk Assessment Division. The section was partially staffed in November 2006. Six research projects are currently being conducted or in the approval stage.

There were Agency research projects completed prior to the formation of the Specialty Compliance Research Section. In addition, external research papers from tax authorities and research institutions that dealt directly or indirectly with UE related issues were available. Significant opportunities exist for the UE program to increase the use of research to better support program delivery decisions.

Recommendation

CPB should fully integrate the analysis and application of research findings to support the decision-making of UE programs and strategies.

Action Plan

CPB will continue to improve integration of research findings to support the decision‑making of UE programs and strategies.

In addition, CPB commits to better document and track the analysis and application of research findings for UE programs and strategies, to indicate clear linkages between research findings and program delivery decisions. Immediate implementation.

Compliance Systems Redesign will be supporting the Virtual Network of Researchers and Analysts for Risk Assessment by creating an analytical environment. This analytical environment is comprised of analytical tools and data, and supplemented by additional access to data that will generate the feedback capabilities that CSR is providing to screeners and auditors. Expected date of completion October 2010.

2.0 2004 UEI Strategy

The UEI Strategy of the 2004 Compliance Review provided a focused approach to advance UE program activities.

A review was completed on the business cases and/or terms of reference of the 28 action items and the supplementary documentation used in the planning and executing of the initiatives and pilots. Eighteen of the 28 initiatives from the 2004 UEI Compliance strategy are completed or substantially completed, and progress continues on the others. Not withstanding this effort, gaps remain in key areas: risk assessment, research, as well as other concerns outlined below.

2.1 Internal/External Communication

The UEI Strategy of the 2004 Compliance Review recognized that continual communication, education and collaboration, internal and external, are essential elements in establishing a teamwork approach to effectively combat UE activity.

There has been a lack of communication with the field offices during the planning stages of pilot projects. Pilots have been suspended, or progress delayed, due to lack of TSO understanding and commitment. Collaboration with TSOs during the development of pilots will help HQ identify potential barriers before implementation, as well as encourage TSO commitment.

To encourage horizontal communication, an initiative of the UE Strategy was to create Compliance Committees in HQ and the TSOs. However, Compliance Committees have not been implemented in all TSOs. These committees encourage a continual dialogue of compliance issues, including UE, between all areas in TSOs. Six of the 10 TSOs contacted have formal compliance committees, only 4 have direct UE representation. Of the three TSOs that record minutes, only two reflected discussion of UE issues regularly. The four TSOs who do not have formal committees indicate that there are other informal information sharing processes, or that open lines of communication exist among divisions. Informal information sharing is important in a good communication structure; however, the movement of personnel may break down this exchange. A formal structure would ensure continued interaction when the participants change.

Auditor interactions with Debt Management are important as UE clients present distinct challenges. The audit found that auditor communication with Debt Management for UE audits was limited. HQ has given TSOs the responsibility to devise their own local policy on when the auditor is required to communicate audit results and information with Debt Management.

PROTECTED

The TSO semi annual reports to HQ document how the UEI is seizing new outreach opportunities to focus on education. The reports reflect a good balance between enforcement and education efforts.

CRA pursues external partnerships with municipalities, provinces, and foreign tax authorities. Along with an increased knowledge base, the partnerships allow for, at times, exchange of information. Information exchanges that identify ownership of assets are a key tool in detecting taxpayers whose lifestyle is beyond their reported income. From the file review, information access and usage of provincial data are more established in Pacific, Quebec and the Atlantic regions. This appears to be due to the Agency's ability to negotiate effective sharing agreements with these jurisdictions and the field office's commitment to use them. In our audit sample, those files that utilized external databases (provincial and municipal) during the course of the audit yielded significant improvement in the amount of unreported income identified.

2.2 Information Management

In auditing the 28 action plans, the audit team noted a lack of information management practices and inconsistencies in the maintenance of HQ records by the UE sections. There was also high staff turnover in this area, creating a significant risk that corporate knowledge related to UE is not readily available to support effective decision making.

Recommendations

CPB should collaborate with the TSOs during the planning stage of pilot projects.

CPB should emphasize the benefits of TSO Compliance Committees, provide clear accountability for their implementation to TSO Directors, and monitor their effectiveness.

CPB and Taxpayer Services and Debt Management Branch should examine their current communication policy to ensure that the policy encourages effective horizontal communication between Audit and Debt Management.

The High Risk Compliance Strategy Division should follow the CRA's information management policy to safeguard UE corporate knowledge.

Action Plans

CPB already has a process in place for collaborating with the TSOs during the planning stage of pilot projects. For 2008-2009, a call letter was issued on September 11, 2007, inviting regional offices and TSOs to submit project proposals. Following the call letter, 93 submissions were received and assessed against pre-established criteria. CPB then selected several of the business cases and regrouped them under 11 different projects. These pilot projects were on the agenda of several Regional Operations Committee (ROC) meetings and were discussed with regions/TSOs fully at these meetings. The Regions were informed of projects that were selected, based on the pre‑established criteria, in a letter dated November 27, 2007

CPB will continue to work with Headquarters Compliance Committee (HQCC), the other functions and local and regional management teams in support of compliance committees. Local/regional compliance committees are not accountable to the HQCC or CPB nor is that contemplated. Monitoring of the local or regional compliance committee effectiveness is the responsibility of the local office or region where the committee exists.

CPB and Taxpayer Services and Debt Management Branch have an effective communication policy currently in place. Both areas will continue to encourage horizontal and cross functional interaction between Audit and Debt Management, and will continue to work closely on existing high level committees such as the UE AC Steering Committee.

The High Risk Compliance Strategy Division agrees and has taken steps to improve documentation further to the CRA's information management policy to safeguard UE corporate knowledge.

3.0 Audit Process

3.1 Audit Techniques and Tools

PROTECTED

Taxpayers engaged in UE activity will not have a records management system that can be relied on. These taxpayers conceal the transactions that they intend not to report as income. In order for an auditor to identify these transactions, the audit procedures performed should include examining documents outside of the taxpayer's accounting records. Third party confirmation is a reliable technique in confirming business activity. In the review files, there was a significant increase of unreported income detected in the files when third party confirmations were used. The internal audit further noted that the use of third party confirmations was very limited:

• 3% of the files (9 files) requested third party supplier confirmations;
• 9% of the files (24 files) requested third party revenue confirmations; and
• 15% of the files (39 files) requested bank confirmations.

In interviews, most UE auditors cited slow response time as a reason for not using third party confirmations. The auditors believe this delay would increase the length of time an audit is outstanding which in turn would be reflected negatively on their performance appraisal. No evidence was found to indicate that team leaders encourage auditors to use third party information requests when the taxpayer's business involves substantial cash transactions or when other reporting concerns are identified. Further, there is no evidence that third party confirmations are tracked and reported consistent with other IVI techniques. This measure would help encourage auditors to use this IVI technique.

Auditors rarely use the audit tools and techniques required to address the unique characteristics of taxpayers participating in the UE. Some of the IVI procedures to identify unreported revenue are comprehensive and hence time consuming. CPB uses the number of completed audit files as one of the measurement tools to determine the success of the UE sector audit initiative, similar to the regular SME audits. This discourages the auditor from using procedures that may take longer to complete yet would be more effective in identifying unreported revenue. Performance measures that focus on the number of files completed have an impact on the quality of an audit and the amount of unreported income detected. In our audit sample, those files that utilized more extensive IVI tests during the course of the audit yielded significant improvement in the amount of unreported income identified. Performance measurement was previously identified as a concern in the 2004 OAG Report of the Audits of Small and Medium Enterprises.

Recommendations

CPB should enhance guidelines for team leaders and auditors to ensure that IVI techniques, including third party confirmations, are used. In accordance with the other IVI techniques, CPB should track and report on third party requests.

CPB should establish performance measures for UE audit files that encourage auditors to perform quality revenue procedures needed to detect unreported/underreported income.

Action Plan

As discussed in the Action Plan in section 1.1.4 “Audit Plan,” CPB recently began four major studies of its Small Business Audit Program in order to improve efficiency and effectiveness. These studies are exploring team leader involvement, quality standards, performance measurement, and audit tools and techniques, including the use of IVI and the combined audit approach. We will also be looking at risk assessment, auditor training and tools, and improved communication between HQ and the TSOs.

CPB has in place guidelines which include an IVI decision tree. This is to be used for all Small Business Audits, including UE audits, and requires auditors to determine in all files whether IVI techniques are required, and if so which to use. However, as mentioned earlier, CPB commenced a study in April 2008, Effectiveness of Indirect Verification of Income, to determine, among other things, reasons why IVI is not used by auditors as often as projected. Based on the results of this study, CPB will recommend and implement any necessary changes to the guidelines on how to improve the effectiveness and efficiency of IVI techniques, including the application of third party verification during audits of small enterprises, and improvements in coding. The report is expected to be finalized by the first quarter of 2009-2010.

As part of our significant review of the Small Business Audit Program, we are undertaking an analysis in relation to those factors which ensure quality audits are produced. It is anticipated that this study will clarify expectations, and provide national direction and coordination. Expected date of completion is the end of fiscal 2009-2010. Once this study is completed, CPB will evaluate the results to determine whether they have driven the desired behaviour (e.g. quality audits) and will implement the relevant changes.

Establishing performance measures that focus on outcomes rather than outputs continues to be a challenge not only for the CRA, but for other tax jurisdictions. CPB continues to work internally and with other tax administrations to study the issue. In addition to our study of quality, we are initiating a pilot project in the Pacific Region in 2009-2010, which is based on three SMED programs: Small Enterprises, Medium Enterprises and GST Prepayment. The underlying notion is to use indicators that go beyond the traditional performance measures, i.e. production and recoveries. Instead, performance will be evaluated based on the effectiveness, efficiency and quality of our auditors in performing audits. The expectation is that using resources to do quality audits on high-risk files will result in the delivery of a stronger program with minimal variances in the traditional measures of outputs and outcomes. Phase I is to be completed in 2010.

Compliance Systems Redesign is expanding the analytical, reporting, and information management capabilities of CPB by introducing content management functionality, which will enable the management of best practices. As well, CSR is building a case management system into the Workload Management component that will include business rules to ensure best practices as well as team leader/supervisor review and approval.

Conclusion

The Compliance Programs Branch (CPB) has made reasonable progress in the implementation of the 2004 UEI strategy. However, processes and controls can be improved to identify and select the highest risk files or to ensure an appropriate audit process exists to address the specific characteristics of taxpayers who engage in UE activities.

A tiered approach is in place to direct UE resources to sectors, projects and taxpayers through headquarters, regional, file selection and audit planning. However, Headquarters and TSO risk assessments have not been systematically carried out and a comparative method to evaluate sectors has not been established. Strategically, opportunities exist to create a knowledge base to improve future risk assessments or to better direct resources nationally to higher risk areas.

Eighteen of the 28 initiatives from the 2004 UEI Compliance strategy are completed or substantially completed, and progress continues on the others. There remains a need to more clearly connect program decisions with internal and external research, to better communicate and engage the TSOs before implementing projects, and to ensure TSO level Compliance Committees are operating as intended.

As a distinct sub-set of the Small and Medium Enterprises Program (SME) the UEI requires a more focused approach that supports the unique nature of UE audits. The review of files revealed gaps in the guidance provided for UE file selection, UE audit plan preparation, the use of audit tools and techniques in UE audit files and the communication between UE auditors and collection officers. Clear guidelines should support the objectives of the UEI and recognize that the UE audit process differs from the regular SME program.

Performance measurements for the UEI should be broadened to emphasize and encourage quality throughout the workload development, file preparation and file review processes to increase the likelihood of detecting the unreported/underreported revenue associated with UE activity.