A New Australian Regulation for Electronic Tax Records.
Background of DTR 97/D4
Tax authorities throughout the world want organizations to maintain records, regardless of form or media, that are true and accurate, legible, accessible, and retained for as long as they are needed for tax purposes. However, electronic records pose certain risks not generally encountered with manual, paper-based recordkeeping. In DTR 97/D4, the ATO notes that electronic tax records (i.e., those required to compute a corporation's tax liability and to justify that liability to the government during tax audits) are subject to:
* Inadvertent destruction or corruption as is any digital information
* Unauthorized tampering, which may compromise their integrity as true and accurate records
* Obsolescence of the operating systems used to process them, due to the constant upgrading or changing of computer systems over time
DTR 97/D4 sets forth provisions prescribing the characteristics of electronic recordkeeping systems required to make computerized accounting systems sufficient for tax purposes. The regulation covers electronic records in all common formats, including fixed and removable hard disks, floppy diskettes, CD-ROM, optical disks, and magnetic tapes. The regulation also contains a separate section relating to tax records processed on Electronic Data Interchange (EDI) systems, but it does not address the maintenance and retention of electronic records created from business transactions carried out through the Internet.
The general provisions of DTR 97/D4 pertaining to the use of electronic recordkeeping systems for tax records are:
* Records processed and kept electronically must be in a form which ATO staff can access and understand in order to ascertain a company's tax liability.
* The information contained in a
record kept in a computerized accounting system, must be the same as would be contained in a manual accounting system.
* Businesses operating computerized accounting systems must have in place adequate controls to safeguard the security and integrity of the records processed and retained in such systems. These may include access controls, input and output controls, processing controls, and back-up controls. In any case, the level of controls must be sufficient to demonstrate that the records retained in the computer system are secure and accurate.
Electronic Document Imaging Systems
In promulgating DTR 97/D4, the ATO indicates that it will accept the use of electronic document imaging systems for tax records provided that the electronic copies are a "true and clear reproduction of the original paper records." However, the ruling provides that any tax records stored using this technology must be:
* Read only and must not in any way be altered or manipulated once inscribed
* Retained for the statutory period of five years
* Capable of being retrieved, read and printed upon request of the ATO staff
* Subject to adequate back-up control (i.e., a duplicate back-up copy of the stored records must be kept at all times at a safe location)
Where businesses elect to maintain computerized accounting systems for tax records, DTR 97/D4 requires that certain documents be retained to explain the system's basic aspects so that ATO officers can determine if the system does what it claims to do and whether the records processed in it are true and accurate. Systems documentation elements encompass:
* Operation of various system components
* Controls built into the system
* Data flow from input to output
* File organization and control details
* Record content and format details
* Program logic for computer programs developed in-house
* Audit trails or logs of records added, deleted, and amended which relate to the accounting system
Electronic Data Interchange
DTR 97/D4 defines electronic data interchange (EDI) as the transfer of data electronically from computer to computer by agreed message standards. The exchange of information can be document transfer only (i.e., a document is merely sent electronically to a receiver, like an invoice sent by mail) or by interactive mode (i.e., the document results from an actual exchange of information, like an interaction by telephone).
In the new tax ruling, ATO's position is that the general principles governing records processed and kept in an EDI environment are the same as those for a normal computerized accounting system. Businesses that operate in an EDI environment should have in place adequate controls (enumerated above) to safeguard the security and integrity of EDI transactions. Further, users of EDI systems should ensure that controls are in place to prevent unauthorized access to their EDI network by the use of access passwords or some other form of authentication (e.g., electronic signatures), together with a secure user profile. The profile defines the identities of trading partners, the transaction types that can be exchanged, the standards and versions used, and the direction of the exchange.
The profile would ordinarily be encrypted and secured against unlawful access by the use of user passwords, PIN numbers, or access keys. In addition, EDI messages should be protected against unauthorized reading by applying encryption techniques to the messages. Providing that these controls are in place, the ATO considers that the five-year retention requirement will apply equally in an EDI environment.
DTR 97/D4 requires retaining one copy of all original transmitted and received messages in their own interchanged image, as well as audit trails and logs of all EDI transactions. The audit trails allow a transaction to be traced forward to its ultimate destination and backward to its origin through relevant source transactions. Encrypted messages must permit encryption removal to allow authorized officers to understand the messages' contents.
Revenue Procedure 98-25
The U.S. counterpart to DTR 97/D4 is Revenue Procedure 98-25, first issued in 1991 and revised last year. The electronic recordkeeping "requirements" contained in 98-25 are actually in the form of procedures: as such they do not carry the force of law or regulation. Nevertheless, these procedures are significant as the official expression of federal intent regarding management of electronic tax documentation. Moreover, these procedures are binding on corporate taxpayers when companies enter into records retention agreements with the IRS.
Like DTR 97/D4, the main purpose of Revenue Procedure 98-25 is to ensure that corporate taxpayers retain, in usable form, all electronically maintained tax documentation for as long as the corporation's tax liability continues (i.e., until tax audits are complete). Audits for a given tax year and the process of adjudicating tax disputes resulting from those audits, can sometimes take five to 10 years (or even longer) to resolve. The life span of the computer systems on which tax documentation resides, however, can be considerably shorter than a corporation's tax liability. In fact, corporations often upgrade the hardware and software supporting their financial recordkeeping systems two to three times during that five- or 10-year period.
The key issue addressed by 98-25 is the same as in DTR 97/D4: the revenue authorities want to be certain that corporate taxpayers maintain their electronic tax documentation in a fully auditable form. More specifically, the IRS wants taxpayers to maintain computer systems for tax documentation that provide a complete audit trail, allowing all recorded financial transactions to be traced to their origin. This requires corporate taxpayers to retain computer software and other systems documentation for the full period of tax liability for a given tax year; in other words, to preserve the software and other documentation of superseded systems for extended periods of time for possible use in tax audits.
To summarize the main provisions of Revenue Procedure 98-25:
* Electronic tax records must be retained "until their contents are no longer material to the administration of the [Internal Revenue] Code." Materiality continues "until the expiration of the statute of limitations, including extensions, for each tax year."
* The retained records must be in a retrievable format that provides information necessary to determine correct tax liability.
* The requirements for migrating electronic tax documentation to new hardware and software environments state that records (for a given tax year) must be converted to a compatible format when the data processing system that created them is replaced by a new system.
* The requirements for technical documentation of superseded computer systems stipulates that documentation describing the accounting system, including all subsystems and files that feed into the accounting system, shall be retained. Required systems documentation includes "record formats, flowcharts, label descriptions, source program listings, and charts of accounts.
* For tax documentation maintained on DBMS systems, taxpayers must retain "sequential files containing the details necessary to identify the underlying source documents," as well as systems documentation sufficient to support audit requirements and demonstrate the integrity of the records.
The procedure's other provisions pertain to protecting electronic tax documentation from loss due to disaster or other causes, and other measure designed to ensure the integrity of these records during their retention life.
Note that Revenue Procedure 98-25 pertains specifically to electronic tax documentation; it does not relieve the taxpayer of the responsibility to retain hard copy records which are or may be subject to tax audits.
Information managers of multinational companies having major business interests in both Australia and the United States should become thoroughly conversant with these issuances, discuss them with their tax managers, and work to ensure full compliance with them by implementing appropriate procedures and controls in all affected recordkeeping systems.
Comparison of Rules for Electronic Tax Records in Australian and United States
ISSUE DTR 97/D4 (AUSTRALIA) Maintenance of electronic tax records Yes in auditable form for period of tax liability Recognition of practical difficulties Yes in maintaining electronic records given the short service lives of computer systems Detailed requirements for systems Yes controls to ensure integrity and Preservation of systems documentation Yes Specific technologies addressed Yes; Electronic document imaging and electronic data interchange Integrity and auditability issues for Not addressed business transactions over the Internet Specific retention period 5 years ISSUE IRS REVENUE PROCEDURE 98-25 (UNITED STATES) Maintenance of electronic tax records Yes in auditable form for period of tax liability Recognition of practical difficulties Yes in maintaining electronic records given the short service lives of computer systems Detailed requirements for systems Yes controls to ensure integrity and Preservation of systems documentation Yes, includes provisions for keeping documentation on superceded systems. Specific technologies addressed No specific areas of technology per se Integrity and auditability issues for Not addressed business transactions over the Internet Specific retention period None specified
For additional readings concerning electronic tax records in an international context, see the following:
Stephens, David O. "Records Retention Provisions of International Tax Laws." Records Management Quarterly. October 1996.
--. "Electronic Recordkeeping Provisions in International Laws." Records Management Quarterly. April 1997.
Stephens, David O. and Wallace, Roderick C. Electronic Records Retention: An Introduction. 1997.
David O. Stephens, CRM, CMC, is Vice President of the Records Management Consulting Division at Zasio Enterprises Inc. He has been a consultant in the field of records management for more than 18 years. He is an accomplished author of books and articles about records management in the United States and abroad. The author may be reached at firstname.lastname@example.org.
|Printer friendly Cite/link Email Feedback|
|Author:||STEPHENS, DAVID O.|
|Publication:||Information Management Journal|
|Date:||Apr 1, 1999|
|Previous Article:||Searching for Relevance in the Virtual Files of the Future.|
|Next Article:||The Convergence of INFORMATION TECHNOLOGY & INFORMATION MANAGEMENT.|