RRM Guidelines and Toolkit V2.1 Final

Implemented by
DT GLOBAL IDEV EUROPE S.L.

√
in consortium with
Revenue Risk Management

(RRM) Process
RRM Guidelines and Toolkit
June 2022
Technical Assistance to Support the

Implementation of the PFM Reform
Strategic Plan in Bangladesh
ACA/2020/417-214
Funded by
The European Union
1
This publication was produced with the financial support of the European Union. Its
contents are the sole responsibility of DT GLOBAL IDEV Europe S.L. and do not
necessarily reflect the views of the European Union.
Revenue Risk Management Guidelines and Toolkit
Sub-Activities: 1.2.1.1 and 1.2.1.2
Prepared by:
Revenue Risk Management Non-Key Expert: Aija Mackenzie-Frazer
June 2022
The European Union funded Technical

Assistance to Support the Implementation of
the PFM Reform Strategic Plan in Bangladesh
Submitted by:
In consortium with:
1. Table of Contents
1. TABLE OF CONTENTS...............................................................................................................4
2. ACRONYMS...................................................................................................................................6
3. INTRODUCTION..........................................................................................................................7
3.1. GUIDELINES AND TOOLKIT RELATIONSHIP TO APPROVED WORKPLAN............................7
3.2. SCOPE OF GUIDELINES AND TOOLKIT......................................................................................7
4. DEFINING AND COMPUTING RISK........................................................................................9
4.1. PURPOSE OF THE RISK MANAGEMENT FUNCTION.................................................................9
4.2. RISK ASSESSMENT AS A COMPLIANCE TOOL............................................................................9
4.3. WHAT IS RISK IN THE TAX CONTEXT.....................................................................................11
4.4. RISK CATEGORIES......................................................................................................................12
4.5. COMPUTING RISK......................................................................................................................12
4.5.1. DETERMINING RISK PROBABILITY (P)..................................................................................13
4.5.2. CONSIDERING WEIGHT IMPACT OF PREVIOUS AUDITS........................................................15
4.5.3. DETERMINING RISK SEVERITY (S).........................................................................................16
4.5.4. APPLYING PROBABILITY AND SEVERITY TO DETERMINE RISK (R)...................................16
4.5.5. SELECTING CASES ABOVE THE AUDIT THRESHOLD..............................................................16
4.5.6. FUTURE ENHANCEMENT..........................................................................................................16
5. THE AUDIT PLAN.....................................................................................................................18
5.1. THE PROCESS TO PREPARE FOR THE AUDIT.........................................................................18
5.2. DESCRIPTION OF AUDIT PLAN................................................................................................18
5.2.1. WHY DO WE NEED AUDIT PLAN.............................................................................................18
5.2.2. COMPILATION PROCESS............................................................................................................18
5.2.3. DETERMINE THE NUMBER OF CASES THAT CAN BE MANAGED.........................................18
5.3. OBTAINING THE DATA NEEDED FOR RISK ASSESSMENT.....................................................19
5.3.1. DATA COLLECTION FROM PAPER-BASED DATA SOURCES...................................................19
5.3.2. DATA SOURCED FROM AUTOMATED ENVIRONMENT: E-FILING AND FUTURE NBR
SYSTEMS......................................................................................................................................21
6. COMPUTING AND ALLOCATING RISK TO EACH TAXPAYER......................................22

6.1.1. DETERMINING RISK..................................................................................................................22
6.2. ASSIGNING CASES TO THE AUDIT PLAN.................................................................................23
6.2.1. SYSTEM ASSIGNED CASES.........................................................................................................24
6.2.2. CASES MANUALLY ASSIGNED TO THE AUDIT PLAN..............................................................24
6.2.3. ASSIGN SELECTED TAXPAYERS TO THE AUDIT PLAN...........................................................24
6.2.4. REVIEW OF THE AUDIT PLAN..................................................................................................25
6.2.5. MANAGING THE PLAN AND SELECTED CASES.......................................................................26
7. NBR TOOLKIT FOR RISK ANALYSIS AND RISK-BASED AUDIT.................................27
7.1. RISK CRITERIA...........................................................................................................................27
7.2. KNOWLEDGE TRANSFER: A KEY TOOLKIT ITEM..................................................................35
7.2.1. PART I: RISK BASED AUDIT PROCESS TRAINING..............................................................35
7.2.2. PART II: ADVANCED AUDIT TECHNIQUES TRAINING........................................................35
7.3. ADDITIONAL TOOLKIT ITEMS..................................................................................................36
7.3.1. AUDIT FREQUENCY MULTIPLIER.............................................................................................36
7.3.2. AUDIT PLAN COMPOSITION.....................................................................................................36
7.3.3. RECOMMENDED RISK CRITERIA SCORE RANGES.................................................................36
7.3.4. RECOMMENDED SEVERITY COMPUTATION...........................................................................36
7.3.5. RECOMMENDED SELECTION THRESHOLD..............................................................................36
7.4. WHERE TO GET THE DATA NEEDED FOR RISK ASSESSMENT.............................................37
7.5. DETERMINING THE AUDIT TYPE.............................................................................................37
704052653.docx Page 4 of 45
7.6. USING RISK AS AN AUDIT TOOL..............................................................................................38
7.6.1. TYPICAL AREAS OF SUSPICION FOR DIFFERENT TAX TYPES...............................................38
7.6.2. AREAS OF SUSPICION DOCUMENTS TO BE CHECKED DURING AUDIT................................39
7.7. STEP BY STEP GUIDE TO AUDIT PLANNING PROCESS.........................................................41
7.8. RECOMMENDED DATA MODEL FOR RISK DATA....................................................................43
8. CONCLUSION.............................................................................................................................44
1.1. Tables
Table 1: Example of selection criteria that can typically used for probability determination............13
Table 2: Last audit multiplier.............................................................................................................15
Table 3: Rang of probability...............................................................................................................23
Table 4: Example of risk criteria based on Bangladesh legislation.....................................................27
Table 5: Areas of suspicion for different tax types.............................................................................38
Table 6: Step-by-step guide as to implement this risk-based, automated selection process.............41
1.2. Figures
Figure 1: The Audit planning process................................................................................................18
Figure 2: Sources of data permitting data mining as well as potential areas where risk analysis can
be used in NBR.................................................................................................................................................................. 21
Figure 3: Risk based case selection and audit plan composition within NBR.............................................23
Figure 4: Proposed, risk-based audit plan compilation process within NBR..............................................25
Figure 5: Taxpayer risk related data derived from e-Filing as well as from DACON................................37
Figure 6: Data model needed to support these systems related toolkit items.........................................43
704052653.docx Page 5 of 45
2. Acronyms
AUD Audit
DACON Data Consolidation Application
ENF Enforcement and compliance
ETX Employee Tax (final tax deducted by employer)
EU European Union
EUD EU Delegation (Bangladesh)
GoB Government of Bangladesh
IT Information Technology
ITX Income Tax
KE Key Expert
MIS Management Information System
MoF Ministry of Finance
NBR National Board of Revenue
NKE Non-Key Expert
OGA Other Government Agencies
PFM Public Financial Management
RET Returns processing
RRM Revenue Risk Management
TA Technical Assistance
TDS Tax deducted at source
ToR Terms of Reference
VAT Value Added Tax
704052653.docx Page 6 of 45
3. Introduction
3.1. Guidelines and Toolkit relationship to Approved Workplan

This Guidelines and Toolkit has been compiled to address the requirements specified in
approved workplan sub-activity 1.2.1:
The project will assist NBR’s income tax wing in raising analytical capacity and
adopting effective risk management schemes. Planned activities aim at providing
NBR with operating guidelines for risk management and toolkits for risk analysis,
training staff on suitable risk planning approaches and risk analysis techniques,
supporting subscription to a reference database for transfer pricing, and providing
hands-on guidance to proactively develop a pilot risk management plan.
The Guidelines and Toolkit specifically addresses these two sub-activities:

 Sub-Activity 1.2.1.1: Develop a toolkit for risk analysis techniques: risk profiling
techniques; risk identification (datamining and research & intelligence), assessment and
prioritization (risk selection criteria); risk modelling; sectoral analysis; risk grids.
 Sub Activity 1.2.1.2: Develop operating guidelines for risk management (risk analysis
processes and procedures; risk-based audit programming; monitoring and evaluation;
functional requirements; data collection; organizational arrangements).
The purpose of this Guidelines and Toolkit is thus to provide guidance for staff responsible for
risk management activities within NBR. It sets out the operational guidelines for business
processes that need to be understood and followed, along with the toolkit for risk analyses to
assist in this process.
3.2. Scope of Guidelines and Toolkit

This document is focused on risk analysis as one of the key elements to increase taxpayer
compliance, specific to the risk analysis systems in NBR. It offers recommendations on what
steps could be taken for improvement including:
 how risk management and risk analysis process could be built up;
 how risk analysis could be used for audit planning and to focus audits on prioritised areas;
 how and what kind of (internal, external) data could be used for risk analysis;
 what kind of risk criteria could be used?
Currently, Bangladesh taxpayers can submit their Income tax return in paper-based format or
use e-filing as an alternative at the same period. NBR plans to migrate most taxpayers to e-
Filing in the next five years. During that time NBR is planning to implement an interim system
called DACON to manage paper-based returns until all taxpayers have been migrated to e-
Filing.
This Guidelines and Toolkit also explains how the risk management process can be
implemented with DACON and how it can be used to:
 Start the data cleansing process via detection of:
704052653.docx Page 7 of 45
 deceased / liquidated / deregistered taxpayers,
 Identification of duplicate taxpayers (distinct TIN, but same name, address, telephone
address, etc),
 incorrect data (incorrect contact information, taxpayer that moved to a new location
and now should be in a different tax circle, etc),
 missing taxpayers (for example in the case of professionals, etc),
 Intensify risk management and case selection based on data.
 Detect non-filers.
 Associate payments to each assessment and identify submitted returns that do not have
associated payment challans.
It should be noted that this Guidelines and Toolkit deals with Risk Management as it applies to
Individual Taxpayers. The Risk Management approach applicable to businesses will be
addressed in a separate document or in a supplement to this Guidelines and Toolkit, as that
functionality has not yet been added to e-Filing and the detail of the fields to be captured in
DACON as interim measure have also not yet been finalized. The approach for corporate tax
will however have many similarities; but it is important to note that business risks have their
own unique approaches.
704052653.docx Page 8 of 45
4. Defining and computing risk
4.1. Purpose of the Risk Management function

Effective tax administration is about optimising revenue collection under the tax laws in ways
that sustain taxpayer confidence in NBR and in ways that demonstrate that the system is
operating efficiently. As a result, NBR requires a methodology for determining the most
rational allocation of their scarce audit resources. To achieve this, the best modern
methodology applied by tax authorities is based on a tax compliance risk management cycle.
A tax compliance risk management cycle is a structured process for the systematic
identification, assessment, ranking, and response to tax compliance risks (e.g., failure to
register, failure to properly report tax liabilities etc). As with risk management in general, it is a
constant process that consists of well-defined steps to support improved decision-making:
 Identification – obtaining a clear and detailed understanding of the relevant risks and how
those break down into different forms of non-compliance (such as registration risk, late
filing risk, under-filing of the correct amount of tax due, late or non-payment risk).
 Analysis – taking the risks identified at the previous stage and obtaining a clear and
detailed understanding of the scale and impact of each risk, the groups of taxpayers who
most contribute to this risk, and the sort of behaviours which lead to the risk materialising.
 Prioritisation – building on the risk assessment developed at the previous stages as well as
its overall compliance strategy, the tax authority will decide where to allocate its resources
and what types of intervention/ response to adopt.
 Response – deciding on the best and most appropriate tool to tackle non-compliance.
 Evaluation – in which the results of the cycle are evaluated, and lessons learned applied to
future cycles.
4.2. Risk assessment as a compliance tool

This document describes how to build a continuous change process that allows NBR to
increase voluntary compliance through an effective Risk Management programme. Risk
Management is the act of identifying risks to revenue. Audit and other enforcement
mechanisms are principally designed to maintain tax compliance levels after a taxpayer is in
fact inside the system.
Risk Management is designed to identify non-compliant behaviour and provide the taxpayer
with the motivation to join the tax system and comply with tax laws. Ideally, any such risk
management process should comply with the following requirements – and further in this
document, we will indicate how these requirements could be specifically tailored to fit NBR’s
processes, regulations and legislation. An effective risk-based compliance system should
contain the following characteristics:
 The system should identify cases that are created and allocated through pre-determined
risk assessment criteria and should provide a process for continuous risk
management/assessment, via the following steps:
 Risk identification,
 Risk assessment and prioritisation,
704052653.docx Page 9 of 45
 Analysis of compliance behaviour - causes and options for treatment,
 Determination of treatment strategies,
 Application of strategies,
 Evaluation of outcomes.
 The system should enable the development of predictive risk models to identify potential
risk (e.g. taxpayers who may not be completing their returns properly – reporting risk).
 The system should have the capability to develop analytic models enabling NBR to evaluate
the tax at risk for a potential audit, the tax risk from a missing return or declaration, in
addition to the tax at risk for balances owing or instalments not paid.
 These analytic models should use available information to build a given taxpayer’s risk
level. These models should assign overall scores to taxpayers based on:
 The taxpayer’s profile,
 The taxpayer’s tax history,
 The amount of tax revenue at risk,
 Third party information.
 The system should have the capability to recommend treatment strategies for risks
identified:
 Conduct risk analysis of returns and other data to automatically select cases for audit,
 Prioritise selected cases based on predetermined risk management criteria,
 Select cases based on random criteria (risk testing),
 Allocate cases for action via the case management system.
 The system may enable the management of risk at various levels including: tax compliance,
taxpayer segment, and compliance risk.
 The system may allow for the analysis of risk using data grouped in the following areas:
 Economic and tax data, for example industry indices and ratios concerning economic
growth of a business,
 Data supplied by taxpayers, for example the data from the tax return(s),
 Data supplied by a third party, for example a bank, Customs Dept., VAT Dept.
704052653.docx Page 10 of 45
Given this environment it would be inappropriate to recommend that the NBR develops fully-
fledged risk management at this stage. Indeed, with the weakness of the legacy system data to
be input into the e-system, it will be a while until the e-system has collected enough
information to enable such a system to be fully utilised. In the meantime, the Risk
Management system to be initially implemented should focus on a few basic risks so as to
introduce real “risk management” to the direct tax collection process (and NBR as a whole)
and build on this over time. DACON developers however need to be aware of the intended
end product that has been described above. It is also important to remember that DACON is
not an end, it is a means to an end – where all taxpayers submit returns via e-Filing and all risk
assessment is managed within the e-Filing applications.
The risk analysis system utilizes expert system technology to apply the knowledge and
experience of Revenue’s most experienced personnel (in the form of rules that make up the
knowledge base) to different parts of the available taxpayer information to develop a risk
profile of the taxpayer. This profiling technique establishes detailed observations and ranking
scores for each taxpayer. This step can be scheduled to take place at different times in the
year or it can be undertaken on an ad hoc basis.
An important feature of the system is auditor participation in the formulation of new rules,
amending existing rules and in identification of new data. The Audit Manager shall be
responsible for the local development, testing and revision of the rules before they are
submitted to the “live” system.
The system shall therefore facilitate the capture and incorporation of audit results, auditors’
experience and insights. It also shall allow for the evaluation of the rules and scoring against
the actual audit results.
4.3. What is risk in the tax context

This risk means:
“…the risk of non-compliance with law by a taxpayer, leading to loss of state

budget revenue.”
This risk can also be defined as:
“Anything negatives that can affect the organisation's ability to achieve its
objectives.”
Thus, to have risk, one must have both uncertainty and exposure to loss. Risk consists;
vulnerability, severity or significance and relative occurrence or frequency.
In theory, risk ranges anywhere from zero (0.0), where there is complete certainty of no
material misstatement, to one (1.0), where there is complete certainty of a material
misstatement. In practice, however, risk is always greater than zero. There is always some risk
of material misstatement as it is not possible, (except for the audit of the simplest of financial
statements), due to the limitations inherent in both accounting and auditing, to be absolutely
certain a material misstatement will not exist.
704052653.docx Page 11 of 45
4.4. Risk categories
We can categorise tax risk into the following1:
 Registration risk: Those that are on the register but have no entitlement to registration:
within this category the full range of taxpayers can be found, ranging from ‘Carousel’
fraudsters and classic repayment frauds through to potentially compliant taxpayers who by
act of error or omission have remained registered when entitlement ceases.
Also, those who fulfil the requirements to register but fail to do so: this encompasses the
informal economy, taxpayers who remain unregistered for some taxes and taxpayers who
use avoidance devices to remain unregistered. Incorrect information about a taxpayer
being held on the register: data quality will always be an issue, and there is also a danger of
carrying out inappropriate treatments based on incorrect information as well as the
potential for tax loss due to incorrect information being held.
 Filing Risk: risk that tax yield will be understated/reduced by taxpayers not filing their
returns by the due date. In order to provide the correct preventive and corrective
treatments there is a need to be able to target those taxpayers likely to file their returns
late, or not at all. There are many treatment options available to tax administrations to
cover this risk before an audit is considered.
 Declaration Risk: risk that tax yield will be affected where the amounts shown on the tax
return are incorrect by error or deliberate act. Traditionally, many tax administrations
concentrated on this risk area with the intention of determining which cases should be
selected for conducting audit activity. It is now being increasingly recognised that other
treatment options are available to verify that the declarations made by taxpayers are
correct and where error or fraud is discovered, to allow for corrective action to be taken.
Tax administrations also have the option now to carry out preventive programmes to help
and encourage taxpayers to get it right from the start.
 Payment Risk: risk that tax yield will be reduced by non-payment of amounts due on tax
returns and assessments.
Payment risk and filing risk could be closely related but it is important to analyse them
separately since the treatments may vary. In times of economic recession, it is especially
important to manage taxpayers’ debts and to avoid accumulation of debts. The risk that
concerns Revenue is the risk that taxpayers will not comply with the Tax Act, either
deliberately or inadvertently with the result that NBR suffers a loss.
4.5. Computing risk

The purpose of risk analysis is to estimate the probability and impact of risk factors and to
develop risk scores based on these factors. Generally, experience has shown that smaller
entities which have weak internal controls or owner managed businesses have a greater
likelihood of risks occurring. It is also commonly found that cash businesses have a high
probability of undisclosed sales and untaxed wages.
Taxpayers with a history of non-compliance are regarded as having a higher probability of a

risk occurring than those who are generally compliant.
1 EC Risk Management Guide for Tax Administrations 2006
704052653.docx Page 12 of 45
Generally, the larger the case, the greater the impact or consequence of a risk. Case size is a
function of turnover, no. of employees, size of balance sheet or a combination of two or more
of these criteria.
There are however exceptions to this rule, the impact of a risk in sectors with a high profit:
turnover ratio (e.g. professionals, services) may be just as great as in sectors such as a high
turnover retail business with a low profit: turnover ratio (e.g. supermarkets, petrol stations).
The combined of the probability and severity allow the manager to rank risks in order of
priority. This allows to focus attention on those risks that have the greatest impact. The
manager must then decide which risks receive treatment and which are acceptable given the
resources available.
4.51. Determining risk probability (P)
Risk Probability is the determination of the likelihood of a risk occurring.
The likelihood can be expressed in both a qualitative and quantitative manner. When
discussing probability in a qualitative manner, terms such as frequent, possible, rare etc. are
used. It is also possible to describe the probability in a numerical manner. This can be done
using scores. As mentioned in the above section, we elect to use a scale of 0 to 1. Assign a
score of 0 when a risk is extremely unlikely to occur and use a score of 1 when the risk is
certain to occur. Using this approach, we can estimate the impact on the tax compliance if the
risk occurs.
We use weights based on the importance of a criteria. A risk-criteria is a statement of

measure, that we ask of the taxpayer’s affairs. For example, a criteria could be “did taxpayer
revenue decrease by more than 10% from previous year to current year?” If YES, score 10 risk
points if NO, score zero. We can build a set of criteria that cover multiple aspects of the
taxpayer affairs as reported in the tax return and as derived from taxpayer behaviour. A
behavioural criterion could be “did taxpayer submit return on time?” If YES, score zero, if NO,
score 50.
We can then sum the possible score if all criteria were present – this is the highest score a
taxpayer could ever achieve, and this becomes the denominator in our probability equation.
The taxpayer actual score – is the numerator. The probability ratio can this be expressed as
follows:
Probability=
∑ of actual weight scored
∑ of highest possible weight score
Where the Probability score “P” will always be 0 > P < 1
Table 1: Example of selection criteria that can typically used for probability determination
Ref. Criteria Name Purpose Criteria Standard Weight2
Individual Company
1. Tax return not To identify cases where Income Tax return not 100 200
submitted a taxpayer has not submitted
submitted a return
2. Tax return submitted To identify cases where Income Tax return 100 200
2 Note that these are illustrative weights
704052653.docx Page 13 of 45
Ref. Criteria Name Purpose Criteria Standard Weight
Individual Company
late a taxpayer has submitted late;

submitted a late return
3. Type of taxpayer Add emphasis to the Allocate score if 100 200

need to audit Individual “Taxpayer Type” field in
taxpayers rather than Registration =
Salaried individuals Individual taxpayer
4. The taxpayer's To identify cases where Allocate score if “Tax 100 200
declaration of a loss a taxpayer has payable’’ field in Tax
for X consecutive submitted returns with return = 0
years not declared tax
payable.
5. Timeliness of Assessment of the Allocate score if “Actual 100 200

payment of taxes taxpayer for the paid” field for Year n=0
timeliness and
completeness of
payment of ITX
6. Submission of Assessment of the Allocate score if “Tax 100 200

amended returns taxpayer claiming a payable’’ field in Tax
decrease in ITX during a return for Year n <
previous period original Tax return for
Year n
7. Profitability Change Identifies taxpayers Allocate score if Total 100 200

whose profitability income for Year n
levels have declined <Total income for Year
year on year n-1 in taxpayer
segment
8. The taxpayer’s Identifies taxpayers Allocate score if Gross 100 200

declaration of gross whose gross tax levels tax % for Year n < Gross
tax based on income have declined in tax % for Year n-1 in
is less then X% in taxpayer segment taxpayer segment
taxpayer segment
9. The taxpayer’s Identifies taxpayers Allocate score if Total 100 200

declaration total whose total payable payable % for Year n <
payable as % of gross levels have declined in Total payable % for
tax is less then X% in taxpayer segment Year n-1 in taxpayer
taxpayer segment segment
10. The taxpayer’s Identifies taxpayers Allocate score if Actual 100 200
declaration Actual whose Actual paid levels paid % for Year n <
paid as % of Actual have declined in Actual paid % for Year
paid is less then X% in taxpayer segment n-1 in taxpayer
taxpayer segment segment
11. Earlier violations Identifies taxpayers 1) If more than 20% of 100 200
(assessment of the whose has previous ITX was assessed to be
degree of violations violations under declared during
found in previous
704052653.docx Page 14 of 45
Ref. Criteria Name Purpose Criteria Standard Weight
Individual Company
audits) the previous audit

2) If the amount of
additional charges were
between 10% and 20%
of the amount of tax in
the declaration,
3) If the amount of
additional charges were
less than 10% of the
amount of tax in the
declaration
12. The taxpayer has not Identifies taxpayers Score if taxpayer has 100 200
been audited for an whose have not been not been audited in the
extended period audited recently previous five years.
Total Sum of highest possible weight score (Probability Denominator) 1,200 2,400
We have included a proposed set of actual criteria in the toolset – that can readily be used by
NBR against the respective tax return forms used. Please see section 7.1.
4.52. Considering weight impact of previous audits
The frequency of previous audits should be considered when computing the assessed risk. To
do this, NBR may create a selection criterion that considers the value and frequency of
previous audits. A score can be assigned if there was no previous audit, and the score may be
adjusted based on the time passed between current date and the date of last audit. Audit
manager may add a probability criterion for this domain based on:
Criteria score = value x last audit multiplier
The following multiplier may be used:

Table 2: Last audit multiplier
Last Audit Multiplier

Audited in previous year (PY) 1
Audited in PY + 1 2
Audited in PY + 2 3
Audited in PY + 3 or greater 5
704052653.docx Page 15 of 45
4.53. Determining risk severity (S)
While the probability defines the likelihood of default by taxpayer, the severity is an indicator
of the loss that could be incurred by the Revenue Authority in the event of default. A high
probability score (P) – does not necessarily mean high risk – the absolute risk is a product of
both probability AND severity.
Severity is a measure of the financial exposure of NBR. The most readily accessible indicator is
the total tax owed by the taxpayer. This is normally read from the Debtor’s Ledger. In cases
where we do not have access to an automated debtor’s ledger, we recommend NBR to use
the tax due, as declared on the latest submitted tax return.
Assuming ACME Taxpayer Ltd. declared tax payable of BDT 100,000, - this would be an
indicator of the Severity of exposure by him. The actual value used depends on NBR policy
decision – declared taxable income on the return form is a common choice, total liability is a
better choice – but requires an accurate, accrual-based accounting system with individual
taxpayer accounts. Regardless of the financial measure used – the severity factor should be
applied consistently for all taxpayers and then forms the basis for computing overall risk.
4.54. Applying probability and severity to determine risk (R)
From our examples above – we can compute the total risk score for the taxpayer concerned
as:
Risk=Probability x Severity
or
Risk = P x S
Adding example values for ACME Taxpayer Ltd, risk is:

Risk = 0.75 x 100,000
This implies a total risk score of 75,000. If ACME Taxpayer Ltd had a Severity score, or tax
exposure of BDT 25,000 – their risk score would be significantly reduced to 18,750.
4.55. Selecting cases above the audit threshold
Once we have allocated a risk score to each taxpayer, we sort these scores from highest to
lowest score. This forms the basis of case selection. NBR needs to define a given threshold
above which cases are selected for audit, and below which – they are ignored from a risk
assessment approach – primarily due to the limitation imposed by a finite number of auditors
and audit time capacity.
Going back to example of taxpayer ACME Taxpayer Ltd – if the selection threshold was set at
50,000 – taxpayer ACME Taxpayer Ltd would have been selected for audit. This ties in to the
audit capacity which will be addressed below under “Audit Plan.”
4.56. Future enhancement
For Income tax taxpayers, the audit selection will be based on the tax returns and the annual
balance sheet. The risk assessment will be influenced by the income tax findings on risk
probability and severity against norms and falling income trends. A comparison will be made
704052653.docx Page 16 of 45
of the profitability of individual taxpayers matched up against the average for the industry,
(which can be either calculated or locally assessed) and where the declared profit exhibits a
falling trend. The size of the taxpayer will determine how many audit days will be spent on
examining the taxpayer’s records.
Audit selection for Income tax audit should be of the taxpayers showing (1) lower than
average profits for the industry of the taxpayer, (2) showing losses, or (3) exhibiting a falling
profit trend. The number of taxpayers selected will be limited to those taxpayers that can be
audited by the available auditors.
These factors should be used to create trend-based risk criteria.
704052653.docx Page 17 of 45
5. The Audit Plan
5.1. The process to prepare for the audit
Figure 1: The Audit planning process
5.2. Description of Audit Plan

5.21. Why do we need audit plan
We need an audit plan for three primary reasons:

 To determine how many cases to allocate for audit for each Tax Circle (and thus for every
Tax Zone and thus for NBR as a whole).
 To ensure we have a capacity of 20% of audit cases reserved for auditors and audit
managers to manually assign cases based in information which comes to light and was not
identified via the risk assessment process.
 To evaluate the efficiency of the auditors from year to year per Circle and Zone.
5.22. Compilation process
The planning process normally follows three main steps: (1.) Prioritisation and audit planning;
(2.) case selection and (3.) feedback collection.
5.23. Determine the number of cases that can be managed
704052653.docx Page 18 of 45
The Audit Plan should be achievable and promote the efficient and effective use of resources.
The audit plan provides:
 a basis for the assessment of resource requirements;
 authority to act once approved by senior managers;
 something against which actual performance can be measured.
The Audit Plan sets the scope of audit work of those officers given “audit” responsibilities for a
time period of 12 (or 6) months. The Audit Plan should be updated every 12 (or 6) months
taking into account audit results, resources, unplanned audits and other factors influencing
audit work.
When developing an Audit Plan, a decision should be taken on the number of days necessary
for conducting audits, according to the risk assessment, existing resources allocated for audits,
skills and experience of staff conducting audits, as well as taking into account the specific
requirements of the NBR. The actual number of days needed for audit performance should
only comprise the time required by staff involved in audit work, and the time needed for their
supervisors to carry out their functions. This will determine the number of audit cases that
can be managed within the audit year.
Once the audit capacity has been, we can assign taxpayer cases to the audit plan.
5.3. Obtaining the data needed for risk assessment

5.31. Data collection from paper-based data sources
To start with data analysis, there has to be data to analyse and the system or person doing the
analysis needs access to the data. This analysis itself can be either a rule-based approach or
using data mining techniques.
The recommended NBR a rule-based approach may be more applicable as a starting point
because it does not require specific statistician or data scientist skills. Basically, it means that
using tax auditors’ knowledge, NBR has to set parameter driven rules that he/she wants the
machine to do with data to find something from data or rearrange the data – different kinds of
calculations, groupings, calculating facts, etc. The standard of the tax auditor (analyst)
depends on her/his ability to create different relevant views of the data.
For effective data analysis, it is necessary to play with data, try different approaches, different
angles, link different tables, and look for correlations and deflections between variables. There
is no one ever lasting good solution, but a permanent search for better model. One of the key
issues is to focus on the following relations:
 changes of variables during time period;
 mutual relation of two or more variables;
 changes in relations during time period.
It is easy if it is known what kind of relations or changes in time would be interpreted as risky.
It means risk criteria already exist and may just be planted onto data. If the risky behaviour or
risk profile is not described, then data would need to be observed to detect illogical patterns.
What to look for?
 Deflection from expected business logic behaviour.
704052653.docx Page 19 of 45
 Unusual deflection from previous common behaviour.
 Deflection from comparable taxpayers’ behaviour.
There is a need to keep in mind to estimate the deflection in context of taxes. If the strange
behaviour does not bring any tax benefits, then it does not need much more attention. If it
does, there is need to analyse further if the deflection could be occasional or deliberate.
It is advisable to approach the data also from the risk point of view, what is planned to detect
from the data. For detection of different risks or for testing different criteria about the same
risk, distinct variables would be required. The proposed risk analysis model for paper-based
return regime could be described as follows:
 defining what risk to detect (advisable to involve auditors’ representative also);
 figuring out what kind of data pattern could refer to that (requires provisional business side
analysis, what noncompliant taxpayer has to do to evade the tax);
 during analysis, it quite often comes out that some additional data is needed, which mean
repetitive turns to IT, but that is the price that has to be paid if there is not direct access to
initial data source;
 after analysis is completed overview of risk’s nature and spread, and list of possible audit
cases;
 analysis results should be discussed with the representative of auditors to have common
understanding about the risk, and agreement that selected risk criteria really helped to
reach the right objects
For the “raw” database (under paper-based return regime) we should built an analytical store,
where there are already some aggregations, quality checks, merging of different tables, etc.
basically making data more understandable. This should be the data source that can be re-
used and built on, for other applications (e-Filing).
It can be said that analysis of these that are in NBR’s possession is the only way to see and
understand the situation in the surrounding environment. Without proper data analysis, tax
auditors are aware only of things they have heard, seen, read or been in contact with, but
nobody has been in contact with the whole spectrum of taxpayers and their behaviour. Tax
auditors usually try to formulate the whole picture from different pieces they have received
through different channels. It is very common to approach through cognition but usually these
pieces of information are of a different size, from different time periods and may not match
with each other at all.
The dislocate the mass data analysis from paper-based analysis to within e-filing the amount
of manual work to be executed by NBR officers - both at the tax circle and central level. It will
help to both: record in a system return data, while also allowing to act on the taxpayers with
computer generated reports, clearing the way for more taxpayers to file electronically. As
such, DACON should expected to provide:
 A database of taxpayer data obtained from the captured returns;
 Along with these captured data, a set of outcomes of the risk criteria – for each taxpayer,
indicating their arithmetic score to the probability criteria;
 Corresponding severity data, based on the determination methodology chosen by NBR;
 Risk score per taxpayer;
704052653.docx Page 20 of 45
From these collected and computed data, NBR will be able to derive:
 Reports ready for the use of tax officers on suspect cases.
 An iterative tool that can be used to refine and update the e-TIN tax database.
 A simplified risk management solution, which can be used to select and prioritize cases for
both audit and collections.
 Increased overall capacity of tax officers to deal with complex cases in an automated
environment.
5.32. Data sourced from automated environment: e-Filing and future NBR systems
Data mining is a process used by governments and organisations to turn raw data from
multiple sources into useful information using software to look for patterns in these large
batches of data.
Figure 2: Sources of data permitting data mining as well as potential areas where risk analysis can be used in
NBR
For a revenue authority, it means sorting through data that comes from internal tax-based
data stores as well as using data from other tax regimes (VAT and Customs in this case) as well
as data from other government agencies. Private sector data, much of are open source – also
provides a vast pool of invaluable information. Data mining is closely related to applied
statistics and using its related algorithms, tax officers have the ability to identify key attributes
of tax processes and target opportunities.
The main logic of data mining is that it enables estimation; what is the probability that in a
given period something will happen that has happened many times before – this is the
foundation of the estimation of probability of taxpayer default, and the cornerstone of tax risk
assessment! There is a need to have enough historical data about the taxpayer related data-
set and a lot of different variables, from which some could predict the expected outcome-
data mining is however not a tax department’s crystal ball.
704052653.docx Page 21 of 45
6. Computing and allocating risk to each taxpayer
Compliance risks should need to be identified at a level of taxpayer segmentation that will
allows the NBR to treated risks. Because taxpayer populations are not homogeneous, the NBR
may turn to segmenting the taxpayer population into groups with similar characteristics and
identify compliance risks at these segment levels.
Risk can be analysed from a number of perspectives. Most commonly, it is analysed from the
perspective of the individual taxpayer. However, it can also be analysed from the perspective
of an industry grouping.
In a taxation context, the NBR may segmented they taxpayers from the perspective of
business as ‘small’ businesses, ‘medium-sized’ businesses, and ‘large’ businesses and these
may be defined on the basis of turnover or gross revenues, but may also be defined on the
basis of assets or number of employees.
Other segments what may be used the NBR based on industry type (farming, professional, and
business) and the type of tax (income tax, withholding tax) or the type of risk (declaration risk,
filing risk, payment risk).
6.11. Determining Risk
It is envisaged that in Risk Management, the level of risk of taxpayers will be calculated
through a points system. For each criterion, the score can be expressed by assigning scores
from 1 to X (or as decided by the NBR based on needs). The overall score for the risk level of
taxpayers is calculated through an algorithm by adding up the scores assigned for each risk.
The NBR based on their strategy, may revise the risk and scores.
Below is an example of a set of criteria to identify potential tax risks across different Income
tax types and income tax returns for individual taxpayer. All numeric figures given in the
criteria are informative and included only for the purpose of better understanding. The exact
limits and coefficients need to be adjusted after analysis of individuals actual behaviour in
Bangladesh. This analysis must also answer the question, whether the relevant indicators
differ in size, region or activity of the individuals. In case of divergence, the risk shall be
adjusted accordingly for each of the groups under consideration.
Some of this risk will not be able to be applied until NBR has enough tax periods of data to be
able to apply them.
From the sample table, we see the natural person denominator as being 1,200. This is the
highest possible score a natural person taxpayer could score – and if that was the allocated
score, the risk probability would be P=1 (i.e. 1,200/1,200)
As an example, and using the above table, we allocate sample taxpayer ACME Taxpayer Ltd, a
weighted score of 900. Knowing the denominator is 1,200. We thus compute probability as:
900
Risk=
1200
In this example, P is 0.75. This is the probability of default by ACME Taxpayer Ltd. This range
of probability may be expressed in relative terms as per the below table (Note that a
704052653.docx Page 22 of 45
probability score of zero implies that there is no probability of the event occurring, and a
probability score of 1 implies certainty that there will be default):
Table 3: Rang of probability
Probability of default
Relative Numerical Description

Very Low 0 – 0.1 Highly unlikely to occur
Low 0.11 - 0.3 Will most likely not occur
Moderate 0.31 - 0.5 Possible to occur
High 0.51 - 0.7 Likely to occur
Very High 0.71 - 0.99 Highly likely to occur
6.2. Assigning cases to the audit plan

Once one has a total risk score, these are sorted from highest to lowest. Assuming we have an
audit capacity of 1,000 cases – 800 are selected based on risk using the 80% rule. The highest
800 cases are then assigned to the audit plan. The respective audit managers can select the
remaining 200 during the course of the audit year.
704052653.docx Page 23 of 45
Figure 3: Risk based case selection and audit plan composition within NBR
6.21. System assigned cases
All generated cases that have a risk score above the selection threshold should be assigned a
unique case number and case generation date. Every case should have information about:
 taxpayer (name, tax number)
 tax period
 tax type (Income tax, withholding tax)
 risk score
 refund amount (if it is refund case, where is refund decision is not made)
 audit type (verification, comprehensive, etc)
 audit duration (in case it can be set automatically)
The ideal system should also be able to send all automatically generated cases to the audit
manager (audit coordinator, supervisor or other manager), who is responsible for these types
of cases. For example: large taxpayer cases, must be sent to the manager, who is responsible
for large taxpayer audits etc. The Manager should have possibility to add the audit duration (if
audit duration is not set by system), tax periods and tax types, before assign case to auditor. In
704052653.docx Page 24 of 45
case duration it is set by the system, then manager can extend this duration only if into system
is attached extension decision.
6.22. Cases manually assigned to the audit plan
The Audit Manager should also be able to generate manual cases. In such case the manager
must choose taxpayer, tax period, confirm that he/she want to proceed with creating a new
case. To all manually created cases, system shall add case number and flag or other
identification that this case is manually created.
6.23. Assign selected taxpayers to the audit plan
As part of the Audit Planning process, all taxpayers are placed into a specific audit segment
within their zones. This segment defines if they are Individual assessments or Salaried
individuals for audit purposes (audit segment for Individual taxpayers.).
Using the audit selection methodology (IT or manual) the plan should include the taxpayers to
be audited as well as the number of days to be spent for each tax audit. Each Tax circle or Tax
zone can change the selected taxpayers; but it cannot change more than 20% of the total
number of taxpayers selected by the audit section, neither can it change the taxpayers that
have been selected by the IT system, if such system is in use. Each Tax circle or Tax zone can
add other taxpayers for audit and they should be part of the 20% of manually selected
taxpayers together with the selections made by the selection system.
Audit plans should closely relate to the human, material and financial resources needed to
conduct the audits. This includes the forecast number of days and people spent for each
audited taxpayer. After calculating the necessary time based on the number of people
available, it is compared with the necessary time required for fulfilling the audit plan and
identify the risks which might have a negative impact on the fulfilment of the audit plan, such
as: financial and human resources available, sick leave and failure to substitute audit in due
time for various reasons, etc.
704052653.docx Page 25 of 45
Figure 4: Proposed, risk-based audit plan compilation process within NBR

6.24. Review of the audit plan
Draft audit plan should be prepare depending on the results to the NBR would like to achieve
and to be established for each of the risk in order of priority.
Each risk needs to be managed and must have the appropriate measures or set of different
control measures. The type of control activities should not be limited to regular audits or desk
audits; the NBR should apply all their available administrative measures to control risks –
monitoring, inspecting, letters, special cross-checking, cooperation with the public,
cooperation with other Government authorities, changes in laws and so on.
The action plan for audit should correspond to the annual plan of the NBR.
The draft action plan for audits should be agreed with other departments of NBR to evaluate
of human resources. Human resources should be allocated for the implementation of the
planned audit measures
The draft audit plan should be present to the NBR Bord for approval. The draft audit should
contain an action plan for monitoring and a list of criteria for the assessment.
If the NBR board does not approve the audit plan, then they should give their comments and it
should be revised and updated.
704052653.docx Page 26 of 45
From the audit results the manager need to know whether the risk(s) existed or not. There is a
necessity to differentiate between audit results and feedback collection. It is possible that
during the audit, noncompliant behaviour was discovered and proved. It could be the same
risk that taxpayer had brought out, but it could also be something totally different, something
that manager could not or did not see. It is also possible that auditors have agreed with
manager about the existence of risk, but legally are just not able to prove it. In this case, risk
exists but the audit has been completed without conclusive findings.
The Tax zones and HQ monitor on-going performance through periodic reports, reviews of
case work and work plan accomplishments, to identify any problems, including training needs
or work plan changes that may be required.
6.25. Managing the plan and selected cases
The manager should also have the possibility to change the audit start date. Manager shall
have possibility to add/extend deadline (extend deadline is possible only if into system is
attached extension decision), tax periods and tax types, before assign case to auditor.
At the level of the NBR HQ, the list of taxpayers is distributed and sent to the Tax Zones for
rechecking and confirmation of the violations detected. In addition, an analysis is made of the
workload of the auditors for each section of taxpayers to be included in the audit plan.
The Tax Zones check the validity of the assignment of points and form a preliminary plan of
audits. The distribution of taxpayers included in the tax audit plan is carried out in accordance
with an internal order.
If taxpayers are given the same score, the taxpayer with the largest amount of aggregate
annual income is selected for audit. In the event that taxpayers are given the same score and
they also have the same amount of aggregate annual income, the taxpayer with the largest
unaudited tax period is included in the audit plan.
As a result of the work done, a preliminary plan for taxpayers to be audited is sent to the
Direct Tax Audit head-office in NBR for ratification. This HQ then sends the final plan of
selected cases back down to the Zones and Circles, once the overall plan has been approved
by Chairman and executed.
704052653.docx Page 27 of 45
7. NBR Toolkit for risk analysis and risk-based audit
7.1. Risk criteria
Table 4: Example of risk criteria based on Bangladesh legislation
Criteria Label of risk

Classification Description
ID assessment
Event Based Return late filling The criteria checks whether there are any “late filing” violations
related to the taxpayer:
- If yes, the taxpayer is flagged
- Otherwise, the criteria exit
Event Based Return non filing The criteria checks whether there are any “non filing” violations
related to the taxpayer:
- If yes, the taxpayer is flagged
Otherwise, the criteria exit
Event Based Over-due liabilities The criteria check in DACON module, that the taxpayer has no
outstanding, over-due liabilities ("value date" > "current date"),
whether originating from a repayment plan, a payable tax
amount, or the result of an audit that led to pay extra amount.
In case of any over-due amount, the taxpayer is flagged
Note: “Outstanding” infers that the liabilities are not covered,
by payments or other credits re-allocation
Event Based Concealing income The criteria then checks if the taxpayer has been audited at
least once - In the advent of a positive answer, the criteria
assess the last year N where the taxpayer had been audited.
For that year N, the criteria gathers’:
(*) X1 = "Declared income"

(*) X2 = "Total Sales"
(*) Y1 = "Audited income"
(*) Y2 = "Audited total sales"
Finally, the criteria checks if Y1 > X1 is true, or, if Y2 > X2 is true.

In the advent, one condition is true, the taxpayer will be flagged
Event Based Taxpayer not being For each taxpayer, the criteria gathers’ the registration year. If
tax audited for last Y is the year of registration, the criteria computes' the
X years following:
Y = Registration Year
D = Year of last audit
If (Current Year - Y > X) AND (Current Year - D > X) then the

taxpayer is flagged
704052653.docx Page 28 of 45
ID assessment
Event Based Subject to an The criteria assesses if a taxpayer has been subject to any
enforcement enforcement measure – if true, taxpayer is flagged. If the
procedure taxpayer has not been subject to any enforcement measure,
the criteria exits
Deviation in On submission of Form IT-11GA2016 the criteria gathers:
Trend declared tax
comparing to last (*) X as the amount of declared tax for the current fiscal year
year value for (*) Y as the amount of declared tax for the previous year if
same tax type applicable
(Form IT-
11GA2016) If both X and Y can be defined, then the criteria computes |(X-
Y) / Y| - If the value of the ratio is greater than 15% the
taxpayer is flagged
Deviation in On submission of Form IT-11GHA2016 the criteria gathers:
Trend declared tax
same tax type applicable
(Form IT-
11GHA2016) If both X and Y can be defined, then the criteria computes |(X-
taxpayer is flagged
Deviation in On submission of Form IT-11CHA2016 the criteria gathers:
Trend declared tax
same tax type (IT- applicable
11CHA2016)
If both X and Y can be defined, then the criteria computes |(X-
taxpayer is flagged
Deviation in On submission of Form IT-11GAGA the criteria gather:
Trend declared tax
same tax type (IT- applicable
11GAGA)
If both X and Y can be defined, then the criteria computes |(X-
taxpayer is flagged
Comparative Discrepancy On submission of Form IT-11GA2016 the criteria gathers:
between Gross tax
and tax payable X = "Gross tax"
(Form IT- Y = "Total amount payable " minus "Advance tax paid"
11GA2016)
If |(X - Y) / Y| is greater than 15%, the taxpayer is flagged
Comparative Discrepancy On submission of Form IT-11CHA2016 the criteria gathers:
704052653.docx Page 29 of 45
ID assessment
between total
income and X = "Total income"
taxable income Y = " Taxable income"
(Form IT-
11CHA2016) If |(X - Y) / Y| is greater than 15%, the taxpayer is flagged
Comparative Ratio of sale On submission of Form IT-11CHA2016 the criteria gathers:
output/income
(Form IT- X = "Gross Profit"
11CHA2016)) Y = "Sales" or "Income"
Z = industry index (for the ratio X over Y) related to main
activity code of taxpayer (provided by NBR within the Section
Criteria Rule)
R=X/Y
If |(R - Z) / Z| > 30%, the taxpayer is flagged

Comparative Ratio of sale On submission of Form IT-11GHA2016 the criteria gathers:
output/income
(Form IT- X = "Gross Profit"
11GHA2016) Y = "Sales" or "Income"
activity code of taxpayer (provided by NBR within the Selection
Criteria Rule)
R=X/Y
If |(R - Z) / Z| > 30%, the taxpayer is flagged

Decrease in On submission of Form IT-11GA2016 the criteria gathers:
Trend "current year
declared income" X = "Declared income"
compared to the Y = "Declared income for the previous year" (Provided the value
last year (Form IT- can be retrieved)
11GA2016)
In case X and Y can be retrieved, and if |(X - Y) / Y| is greater
than 15%, the taxpayer is flagged
Decrease in On submission of Form IT-11DHA2016 the criteria gathers:
Trend "current year
11GHA2016)
Comparative Decrease in On submission of Form IT-11CHA2016 the criteria gathers:
"current year
11CHA2016)
704052653.docx Page 30 of 45
ID assessment
Comparative Decrease in On submission of Form IT-11GAGA the criteria gathers:
"current year
11GAGA)
Closing balance of On submission of Form IT-11GHA2016 the criteria gathers:
Trend produced goods
declared value X = "Closing balance of inventories (Current Year)"
comparing to last Y = "Closing balance of inventories (Previous Year)"
year (Form IT-
11GHA2016) In case X and Y can be retrieved, and if |(X - Y) / Y| >30 %, the
taxpayer is flagged
Closing balance of On submission of Form IT- 11CHA2016 the criteria gathers:
Trend produced goods
declared value X = "Closing balance of inventories (Current Year)"
comparing to last Y = "Closing balance of inventories (Previous Year)"
year (Form IT-
11CHA2016) In case X and Y can be retrieved, and if |(X - Y) / Y| >30 %, the
taxpayer is flagged
Change in ratio On submission of Form IT- 11GHA2016 the criteria gathers:
Trend between Revenue
and Number of N1 = "Number of employees of previous year"
employees (Form N2 = "Number of employees of current year"
IT-11GHA2016) P1 = "Previous year declared income"
P2 = "Current year declared income"
The criteria applies only if N2 > N1, then, if all values, can be
retrieved, and, if (P2 - P1)/P1 <= 40% * (N2 - N1) / N1 then the
taxpayer is flagged
Change in ratio On submission of Form IT- 11cHA2016 the criteria gathers:
Trend between Revenue
and Number of N1 = "Number of employees of previous year"
employees (Form N2 = "Number of employees of current year"
IT-11CHA2016) P1 = "Previous year declared income"
P2 = "Current year declared income"
The criteria applies only if N2 > N1, then, if all values, can be
retrieved, and, if (P2 - P1)/P1 <= 40% * (N2 - N1) / N1 then the
taxpayer is flagged
Comparative Net profit margin On submission of Form IT-11GHA2016 the criteria gather:
comparison to
industry (Form IT- X = "Net Profit"
704052653.docx Page 31 of 45
ID assessment
11GHA2016) Y = "Net Sales" + "Other operating income"
activity code of taxpayer, and provided by NBR
R=X/Y
If R < Z * 0.7 then the taxpayer is flagged

Comparative Net profit margin On submission of Form IT-11CHA2016 the criteria gathers:
comparison to
industry (Form IT- X = "Net Profit"
11CHA2016) Y = "Net Sales" + " Other operating income "
activity code of taxpayer, and computed based on the data-
warehouse data
R=X/Y
If R < Z * 0.7 then the taxpayer is flagged

Net margin trend On submission of Form IT-11GHA2016 the criteria gathers:
Trend (Form IT-
11GHA2016) X1 = "Net profit (Current Year)"
Y1 = "Net Sales (Current Year)" + " Other operating income
(Current Year)"
R1 = X1 / Y1
X2 = "Net profit (Previous Year)"

Y2 = "Net Sales (Previous Year)" + " Other operating income
(Previous Year)"
R2 = X2 / Y2
If all values (X1, Y1, X2, Y2) can be retrieved and if R1 < R2 *
0.85 then the taxpayer is flagged
Net margin trend On submission of Form IT- 11CHA2016 the criteria gathers:
Trend (Form IT-
11CHA2016) X1 = "Net profit (Current Year)"
Y1 = "Net Sales (Current Year)" + " Other operating income
(Current Year)"
R1 = X1 / Y1
X2 = "Net profit (Previous Year)"

Y2 = "Net Sales (Previous Year)" + " Other operating income
(Previous Year)"
R2 = X2 / Y2
If all values (X1, Y1, X2, Y2) can be retrieved and if R1 < R2 *
0.85 then the taxpayer is flagged
Comparative Discrepancy of The items to be compared must be specified! The expression
declared income "info received from other sources" must be made more explicit
as we can only compare quantitative values. The one or more
data sources must be precised, and for each the field from
704052653.docx Page 32 of 45
ID assessment
where data is fetched! For now, this criteria cannot be taken
into consideration
Comparative Discrepancy in the On submission of Form 11-ITGA2016 the criteria gathers:
tax withheld from
TP (Form 11- X = "Withholding payments" (From the "Tax Computation and
ITGA2016) Payment" table)
Then the criteria checks in DACON, based on the taxpayer TIN,

if there are entries relevant to withholding payments. if yes, the
criteria then sum as Y all those figures.
If X <> Y then the taxpayer is flagged
Note: this criteria needs more refinement.

Comparative Discrepancy in the On submission of Form IT-11CHA2016 the criteria gathers:
tax withheld from
TP (Form IT- X = "Withholding payments" (From the " Tax Computation and
11CHA2016) Payment " table)
Then the criteria checks in DACON, based on the taxpayer TIN,

if there are entries relevant to withholding payments. if yes, the
criteria then sums as Y all those figures.
If X <> Y then the taxpayer is flagged
Note: this criteria needs more refinement.

Comparative Discrepancy in the On submission of Form Schedule 24B the criteria gathers for
amount of paid each rented property the value of the paid rent
rent (Form
Schedule 24B) For each rented asset, the criteria retrieves the TIN of the
owner from the "Description of house property" table. Then
based on the TIN of the owner, the criteria assesses if the
owner has submitted Form IT-11GA2016 in case of being a
natural person or Form IT-11CHA2016 in case of being a legal
person. Based on the form submitted by the owner, the criteria
retrieves the value the owner declared as "received amount for
the rent"
In case, for a given asset, there is a discrepancy between the

amount declared as rent by the original taxpayer and the
amount declared as "received rent" by the owner, the taxpayer
is flagged
Note: to implement this criteria, Form IT-11GA2016 and Form

IT-11CHA2016 needs to keep track of the monthly paid amount
as rent for a given real estate landlord, besides, the data source
for gathering the paid rent information must be made clearer.
This criteria cannot be implemented in it’s current time.
704052653.docx Page 33 of 45
ID assessment
Comparative Discrepancy of On submission of Form IT-11GHA2016 the criteria gathers:
declared sales with
VAT return (Form X = "Declared Sales"
IT-11GHA2016)
Then, based on the TIN of taxpayer, the criteria, gathers all
submitted VAT forms for the period covered by the fiscal year.
It sums the "Sales amount" values found in the VAT forms as Y.
If X<>Y the taxpayer is flagged
Note: for each TIN, the "Sales amount" values found in the VAT
forms will be computed in the data warehouse
Comparative Discrepancy of On submission of Form IT- 11CHA2016 the criteria gathers:
declared sales with
VAT return (Form X = "Declared Sales"
IT-11CHA2016)
Then, based on the TIN of taxpayer, the criteria, gathers all
Comparative Discrepancy of On submission of Form IT-11GHA2016 the criteria gathers:
declared purchases
with VAT return X = "Declared Purchases"
(Form IT-
11GHA2016) Then, based on the TIN of taxpayer, the criteria, gathers all
Comparative Discrepancy of On submission of Form IT-11CHA2016 the criteria gathers:
declared purchases
with VAT return X = "Declared Purchases"
(Form IT-
11CHA2016) Then, based on the TIN of taxpayer, the criteria, gathers all
forms will be stored and computed in the data warehouse
TP size Taxpayer Segment The criteria flags taxpayers belonging to the Audit "Large
Taxpayer" segment
TP size Taxpayer Objection Criteria will compute value of objections as a ratio of total
704052653.docx Page 34 of 45
ID assessment
ratio by value liabilities for given TIN:
n = Number of years to be considered

O = Value of the sum of all liabilities which taxpayer has
objected to over n years;
L = Value of the sum of all liabilities for taxpayer over n years
R = O/R
If R > V% then flag taxpayer

TP size Number of Based on registration data, the criteria gathers as X the value of
branches "Number of branches". If X is greater than a threshold value set
as parameter, the taxpayer is flagged
Special List Type of activity The criteria checks for a given taxpayer, if the economic activity
code falls within the "special list". In case of a positive answer,
the taxpayer is flagged
This criteria is dependent on the development of the Special
List functionality.
General Using tax rebates On submission of Form 16A the criteria gathers:
criteria (Form 16A)
X = "Rebates"
In case X can be retrieved, and if X >0, the taxpayer is flagged

General Using tax benefits On submission of Form IT-11GHA2016 the criteria gathers:
criteria (Form IT-
11GHA2016) X = "Tax benefits “+ “Rebates"
In case X can be retrieved, and if X >0, the taxpayer is flagged

041 General Declaration of On submission of Form IT-11GA2016 the criteria checks that
criteria adjustment of tax the " Adjustment of tax refund" row is valid - If this is the case,
refund (Form IT- the taxpayer is flagged!
11GA2016)
042 General Declaration of On submission of Form IT-11GHA2016 the criteria checks that
11GHA2016)
043 General Declaration of On submission of Form IT-11CHA2016 the criteria checks that
11CHA2016)
044 General If in a return the On submission of a return the criteria checks if there is a
criteria balanced tax due is negative tax liability (TAXLB), and in this case, the taxpayer is
negative flagged
045 General Declaration of tax On submission of Form IT-11CHA2016 - In case of a positive
criteria exemption (Form answer (taxpayer has submitted it), the criteria gathers the
IT-11CHA2016) value of X as following:
704052653.docx Page 35 of 45
ID assessment
X = "Total Exemptions"
In case X can be retrieved, and if X >0, the taxpayer is flagged!

046 General It is the first year of The criteria checks, for a given taxpayer if "Current Year" =
criteria TP's business "Registration Year" + 1; if yes, then the taxpayer is flagged!
activity or
establishment
7.2. Knowledge transfer: A key toolkit item

We believe that training and knowledge transfer makes up an important component of the
toolkit. The following will be covered in advanced risk based- and auditor training. These
subjects are dealt with in a separate document related to the advance auditor training
process:
7.21. Part I: Risk Based Audit Process Training

 Defining the future for e-Returns: defining a clear vision for (a.) the expansion of services
on taxpayer-facing applications, (b.) enhancing the back-office services supporting tax
officers within NBR, (c.) management information and reporting.
 Formulating clear strategies of how e-Returns needs to be applied to: (a.) increase
registered e-Return users, (b.) improve ease of use for taxpayers in using the system, (c.)
expanding e-Return use into other tax types.
 Based on the above expansion roadmap, develop a clear understanding of the technology
needs to host and support these expanded services and defining a procurement strategy to
close the technology gap.
 Determine logistical and operational procedures needed within NBR for future operations
to maximise the benefits of using the expanded e-Return architecture.
7.22. Part II: Advanced Audit Techniques Training

 The Establishment of an understanding of the audit techniques for system-based audits.
 The Establishment of an understanding of the audit techniques for system-based audits.
 The Establishment of an understanding of the audit approach for auditing different
complex taxpayer entities within specific industries.
 To enhance the capacity of Income tax administrative professionals.
 Understand and be able to interpret the financial statements of companies.
 An introduction to Transfer Pricing: To understand what is transfer pricing and to be able
to identify transactions between associated enterprises and related party payments.
7.3. Additional toolkit items

7.31. Audit frequency multiplier
704052653.docx Page 36 of 45
For information on using this toolkit item refer to section 4.52.
7.32. Audit plan composition
For information on using this toolkit item refer to section 5.
7.33. Recommended Risk Criteria score ranges
7.34. Recommended severity computation
For information on using this toolkit item refer to section Error: Reference source not found.
7.35. Recommended selection threshold
704052653.docx Page 37 of 45
7.4. Where to get the data needed for risk assessment
NBR is able to harvest taxpayer data from both the paper-based returns using DACON as well
as from electronically submitted returns by using e-Filing. The following diagram provides a
representation of how this data may be obtained and used:
Figure 5: Taxpayer risk related data derived from e-Filing as well as from DACON
7.5. Determining the audit type

The main rules that govern the selection of audit type are universally:
 Large taxpayers are normally the only type to be subject to Field Audit and
 Small Taxpayers are normally the only type to be selected for Desk / Office audit.
Based on the above logic, only medium taxpayers should be evaluated to define if they are
subject of field, e-Audit, paper audit or office audit – other decisions should be system based,
due to the given rules.
NBR may further define a set of rules that governs the allocation of audit types, based on
taxpayer size, turnover economic activity or in the final instance, the decision of the audit
manager.
704052653.docx Page 38 of 45
7.6. Using risk as an audit tool
Risk presents an important tool for use while an audit is being conducted. There is usually a
direct relationship between risk criteria score that has been found to be true – and areas of
suspicion within the taxpayers return and financials.
These areas of suspicion are good indicators to the auditor as to where to start the audit
investigation. The following tables provide an indication of the link between Risk Criteria and
potential areas of suspicion:
7.61. Typical areas of suspicion for different tax types

Table 5: Areas of suspicion for different tax types
Tax type Areas of suspicions

Legal entities  Sale of sale of goods or income gained from service provision
 Goods purchase & orders
 Cost of goods manufactured
 Raw material or manufactured goods warehouse
 Incurred overhead expenses
 Financial & administrative expenses
 Sale & distribution expenses
 Wage & salary expenses
 Cash flow
 Assets under completion & assets
 Payable & receivable accounts
 Associated persons and those of the same group
 Advance payments
Business  Sale of goods or income gained from service provision
 Goods purchase & orders
 Cost of goods manufactured
 Raw material or manufactured goods warehouse
 Incurred overhead expenses
 Financial & administrative expenses
 Sale & distribution expenses
 Wage & salary expenses
 Cash flow
 Assets under completion & assets
 Payable & receivable accounts
 Associated persons and those of the same group
 Advance payments
Withholding taxes  Paid wage & salary
 Exemption amount
 Paid fees, paid expenses for service purchased from foreign persons
Real-estate income tax  Real-estate geographical location & physical dimensions
(Schedule 24B)  Real-estate owners
 Self-assessed leasehold
704052653.docx Page 39 of 45
7.62. Areas of suspicion documents to be checked during audit
Area of Suspicion Documents to Check

Selling goods or  Documents and books of sale Individuals’ account
services  The accounts of cash funds including bank accounts (Taka and
foreign currency) in legal books and matching with bank statements
and accounts of revolving fund in legal books
 Receivable documents
 The documents of goods warehouse including warehouse,
accounting card and draft slip, and customs documents for goods
export
 Statement of services provided in contractual activities, contractual
agreements, technical reports regarding the level of contract’s
progress
 Enquiry from taxpayers’ employers for confirmation of TP’s self-
assessed income
 Contracts of selling goods and services together with the related
statements, partners’ current accounts
Orders and purchase of  Documents and books of purchase
goods or services  Individuals’ account
 The accounts of cash funds including bank accounts (Taka and
foreign currency) in legal books and in accordance with bank
statements and accounts of revolving fund in legal books
 Payable accounts
 The documents of goods warehouse, including warehouse,
accounting card and draft slip, the documents of captured orders
for goods import and customs documents
 Enquiry from TP’s corresponding individuals if needed
Produced goods flat  Turnover statement of goods, materials and under-production
costs goods, flat cost of one unit of manufactured goods
 Analysis of raw materials consumed per unit goods
 Overhead costs and the bases of sharing overhead cost
 The documents needed for purchase of materials
 Documents of entry and exit of materials and goods from and to the
warehouse
Materials and goods  The account of warehouse in legal books
warehouse  The documents of goods warehouse including warehouse
accounting card and draft slip
Overhead expenses  Documents of expenses
 Documents for paying flat costs of incurred expenses
 Checking legal books for being in accordance with documents of
expenses
 Checking the account of individuals’ overhead expenses in legal
books
 Documents related to the bases of sharing overhead expenses
Administrative and  Documents of expenses
financial expenses  Documents of paying incurred expenses
expenses
704052653.docx Page 40 of 45
books
Distribution and sale  Documents of expenses
expenses  Documents of paying incurred expenses
expenses
books
Wage and salary  Personnel employment files
expenses  Personnel presence and absence list
Cash flow  Cash accounts in legal books
 Financial security documents
 Documents of TP liabilities’ payment,
 Receivable and payable accounts
 The account of property acquisition and sale in legal books and
matching them with legal books
 Profit sharing account
 The level of self-assessed profit or loss
Assets and under-  Documents of acquisition or sale of TP’s fixed assets and matching
completion assets them with TP’s legal books
Associated persons and  Documents of all cash and non-cash transactions among associated
those of the same persons and companies of the same group and matching them with
group TP’s legal books
 Calculation of depreciation expenses
Reservoirs  Documents of expenses related to received reservoirs and their
modifications
Advance payments  Documents of advance payments and their clearance
Paid salaries and wages  A list of salaries and allowances submitted to tax offices and the
amount of paid tax and matching them with TP legal books and
comparing with list of the salaried submitted to the NBR
 Personnel employment files
 Personnel’s hours of presence and absence
 Employers’ employment regulations
Paid fee, paid expenses  Documents and lists of paid fees along with taxes paid for these
for purchase of services fees and their related contracts
from foreign persons  Contracts concluded with foreign persons and the documents of
paying funds to them and documents related to the paid taxes
Real estate physical  Real-estate ownership documents
dimensions of the  Lease documents
property owners  Contracts of real-estate disposal or rights arising from it
 Identity documents of the owner, purchasers or leasers
Sale of liable or exempt  Documents of goods and services sale & purchase
goods and services  Legal books
Tax and duties received  Documents related to goods/services import and export
from customers
704052653.docx Page 41 of 45
Sale of liable or exempt  Documents related to tax payment along with return
goods and services
7.7. Step by Step Guide to Audit planning process

Table 6: Step-by-step guide as to implement this risk-based, automated selection process.
Step Role Step name Description/ System Requirements
1. Tax zone Start process The process must be run every 12 or 6 months, as decided by
NBR.
2. Tax zone Collect data Information on Income tax taxpayers should come from different
sources in to DACON data warehouse based on TIN, and can be
grouped as follows:
a. Database (declarations);
b. Information from external sources i.e. banks,
informants etc.
c. Information from internal sources i.e. audits, customs,
VAT etc.
d. Collected data will be aggregated based on the Risk
Assessment process & DACON.
e. A record will be created for every Income tax return as
a result of data collection and aggregation. This record
will contain:
o Initial (raw) data that was used for calculation;
o Aggregated data (attributes);
f. Date & time stamp of data collection procedure
3. Tax zone Data analysis/ Assessment consists of two steps:

assessment
a. Data gathering
b. Risk calculation
Collected data is used by the NBR for risk calculation according
to the description (loading rules) in the Risk Assessment process
& DACON.
Loading rules should be flexible and configurable.
The list of taxpayers selected for audit is generated based on the
Risk Assessment process & DACON.
4. Tax zone Create list of The list of tax returns to be audited is created based on
taxpayers for identified risk criteria. Only data identified through the TIN in
audit DACON data warehouse can be used for the risk assessment
calculation for:
a. Specific taxpayers
b. Specific sets of risks.
5. NBR Decision on the The output of audit planning consists of a list of taxpayers sorted
list of taxpayers by risk value calculated for every selected taxpayer. (Risk
704052653.docx Page 42 of 45
for audit Assessment process & DACON).

The number of taxpayers to be included on the audit list is
decided based on human resource availability.
6. NBR Create plan for It is necessary to develop a draft version of the Audit Plan. In this
national/ plan, the following should be defined:
regional audits
a. The taxpayer3 segment to be audited
b. Fiscal risks4, arranged in order of priority
c. Taxpayers scheduled for audit
The Audit Plan should be determined as follows:
 Risks, arranged in order of priority
 Nature of risk
 The segments which need to be controlled
 Events control
 Type of audit measures
 Period of audit measures
7. Plan approved? Before submission of the Audit Plan to the Chairman of the NBR
for approval, the Member (ITX Operations) should ensure the
plan has been prepared in accordance with instructions,
explanations contained in the audit strategy and explanations of
the plan development process, (what, why etc.)
8. NBR Release the plan The Audit Plan needs to be approved by an internal order of the
NBR and should clearly identify:
 The person or unit responsible for their delivery
Measurable standards by which performance can be assessed
and ideally, measures of the quantity, quality and timeliness of
delivery
9. Tax zone Analysis and The collection of the data must be organized for evaluation of
evaluation of the control measures and will be based on the approved
the results evaluation criteria. For analysis and evaluation of the results, the
following reports are needed:
a. Performance dashboard by Tax Zone;
b. Performance dashboard by Tax zone staff
responsible for audits;
c. Back log analysis by Tax zone staff responsible for
audits;
d. Audit performance and financial efficiency by Tax
3 Segment taxpayers into groups based on size and type of business

4 Fiscal risks are risks that may lead to deviations in fiscal forecasts
704052653.docx Page 43 of 45
zone and by Tax zone staff responsible for audits;

10. Adjust the Audit Depending on the analysis and evaluation of results, it may be
Plan? decided to adjust the Audit Plan.
7.8. Recommended data model for risk data

We have provided a number of systems-based solutions in this toolkit. These are “ready-to-
go” solutions (i.e. the probability computational risk criteria and the areas of suspicion) and
may be readily implemented within DACON and or e-Filing. For these toolkit solutions to be
implemented, we recommend that NBR consider the below data-model to accomplish this.
Data entities in white are within e-TIN whilst those in blue belong within DACON and/or e-
Filing:
Figure 6: Data model needed to support these systems related toolkit items
704052653.docx Page 44 of 45
8. Conclusion
We have provided NBR with the foundations for risk related audit management in this
Guidelines and Toolkit. The foundations of how to compute risk, as well as the method of
assigning risk to taxpayers is well known and used as a standard practice throughout the
world. The first part of this document this focusses on these approaches and methods. We
covered risk as a concept, where to find the data needed to compute risk, how to compute
risk and once we have a risk score for a taxpayer – how to use that score to do case selection
and allocation. We trust this may add to the knowledge pool within NBR.
In the second part of this Guidelines and Toolkit – we have provided NBR with hands-on
toolkit items, methods and approaches that can readily be implemented “as is” within DACON
and e-Filing. The case selection criteria as well as the audit areas of suspicion provide a strong
basis to rapidly advance digital case selection and audit processing within direct taxes. These
procedurals, as well as systems related recommendations have been specifically tailored to
the NBR circumstances based on our existing knowledge.
All of these toolkit items will be further expanded by the advanced risk assessment- and
advanced tax audit training, which provides yet another important toolkit item – that of
knowledge!
704052653.docx Page 45 of 45

RRM Guidelines and Toolkit V2.1 Final

Uploaded by

Copyright:

Available Formats

You might also like

RRM Guidelines and Toolkit V2.1 Final

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RRM Guidelines and Toolkit V2.1 Final

Uploaded by

Copyright:

Available Formats

Implemented by

DT GLOBAL IDEV EUROPE S.L.

Revenue Risk Management

Technical Assistance to Support the

The European Union funded Technical

6. COMPUTING AND ALLOCATING RISK TO EACH TAXPAYER......................................22

3.1. Guidelines and Toolkit relationship to Approved Workplan

The Guidelines and Toolkit specifically addresses these two sub-activities:

3.2. Scope of Guidelines and Toolkit

4.1. Purpose of the Risk Management function

4.2. Risk assessment as a compliance tool

4.3. What is risk in the tax context

“…the risk of non-compliance with law by a taxpayer, leading to loss of state

This risk can also be defined as:

4.5. Computing risk

Taxpayers with a history of non-compliance are regarded as having a higher probability of a

1 EC Risk Management Guide for Tax Administrations 2006

4.51. Determining risk probability (P)

Risk Probability is the determination of the likelihood of a risk occurring.

We use weights based on the importance of a criteria. A risk-criteria is a statement of

Ref. Criteria Name Purpose Criteria Standard Weight2

late a taxpayer has submitted late;

3. Type of taxpayer Add emphasis to the Allocate score if 100 200

5. Timeliness of Assessment of the Allocate score if “Actual 100 200

6. Submission of Assessment of the Allocate score if “Tax 100 200

7. Profitability Change Identifies taxpayers Allocate score if Total 100 200

8. The taxpayer’s Identifies taxpayers Allocate score if Gross 100 200

9. The taxpayer’s Identifies taxpayers Allocate score if Total 100 200

audits) the previous audit

4.52. Considering weight impact of previous audits

The following multiplier may be used:

Last Audit Multiplier

4.54. Applying probability and severity to determine risk (R)

Adding example values for ACME Taxpayer Ltd, risk is:

4.55. Selecting cases above the audit threshold

4.56. Future enhancement

These factors should be used to create trend-based risk criteria.

5.1. The process to prepare for the audit

Figure 1: The Audit planning process

5.2. Description of Audit Plan

We need an audit plan for three primary reasons:

5.22. Compilation process

5.23. Determine the number of cases that can be managed

5.3. Obtaining the data needed for risk assessment

6.11. Determining Risk

Relative Numerical Description

6.2. Assigning cases to the audit plan

6.21. System assigned cases

6.22. Cases manually assigned to the audit plan

6.23. Assign selected taxpayers to the audit plan

Figure 4: Proposed, risk-based audit plan compilation process within NBR

6.25. Managing the plan and selected cases

7.1. Risk criteria

Table 4: Example of risk criteria based on Bangladesh legislation

Criteria Label of risk

For that year N, the criteria gathers’:

(*) X1 = "Declared income"

Finally, the criteria checks if Y1 > X1 is true, or, if Y2 > X2 is true.