Apple Business Consultancy November Ebrief

ATO - Tax Risk Management & Governance Guide

The ATO has developed a tax risk management and governance review guide for business. While aimed at large business, there are guidelines for small to medium businesses as well.

The ATO is encouraging businesses to adopt an internal control framework to self-assess tax and operational risks.

The full guide addresses responsibilities of both boards of directors and management personnel.

Small to medium entities may not have the formal documents of large entities, but nevertheless the same principles can apply.

  • Role of management in authorising suppliers, granting credit to customers, controlling bank accounts and so on

  • Levels of access and permissions granted to staff appropriate to their role

  • Staff, management and board roles and responsibilities should be clearly defined and documented, with appropriate segregation of duties and security processes

  • Adoption of documented policies and procedures

  • Controls are checked internally by existing staff and/or business owners rather than an external person or entity

  • Audit trail records

  • Code of conduct for staff and associates—this may be more formal in a large business, but may be informally adopted through the accepted culture of a small business

  • Chains of authority, communication and reporting should be clear

  • Directors should understand their legal liabilities, rights and obligations

  • Adoption of technology and information controls and security procedures

  • Record keeping policies and procedures

  • Accounting software and procedures.

ATO Lodgement Dates

These dates are from the ATO website and do not take into account possible extensions.

You remain responsible for ensuring that the necessary information is with us in time

BAS/IAS Monthly Lodgement – October Activity Statement:  21st November, 2015 final date for lodgement and payment.

BAS/IAS Monthly Lodgement – November Activity Statement:  21st December, 2015 final date for lodgement and payment.
BAS/IAS Monthly Lodgement – December Activity Statement:  21st January, 2016final date for lodgement and payment.

2nd Quarter of FY 2016: BAS Lodgement – DecemberQuarter 2015 (including PAYGI) 28th February, 2016 final date for lodgement & payment.

When a due date falls on a Saturday, Sunday or Public Holiday, you can lodge or pay on the next business day.

A public holiday is a day that is a public holiday for the whole of any state or territory in Australia.

Due date for super guarantee contributions, for 2nd Quarter of FY 2016, October to December 2015 - contributions to be made to the fund by 28th January, 2015.

The super guarantee charge is not a tax deduction if not paid by these dates.  

Refer to the ATO for details regarding any SGC charges applicable if not paid by due date.

Credit Card Security

Data from Australian Payments Clearing Association (APCA) in 2014 shows that 0.02% of all credit card and cheque transactions were fraudulent - total of $311 million.  Over the last ten years, the amount of fraud has increased significantly due to a rise in online transactions (where the physical card is not present), and sophistication of the technology used by the criminals.

Types of Credit Cards

  • Stored value cards - gift cards, phone cards, petrol cards and in-store cards
  • Debit cards - connected to a bank account
  • Credit cards - connected to a credit account with an agreement that funds will be paid to the provider at a later date.

Types of Credit Cards Fraud

  • Card not presented - making purchases over phone or internet; it is easy to provide another person’s card details
  • Counterfeit card - using fake credit cards, created by ‘skimming’ the data from legitimate cards
  • Card not received - cards stolen from mailbox before the recipient receives the card; the thief activates and uses the card before the correct owner realises it has not been received
  • Application fraud - using a false identity for a credit card application

Merchant Responsibilities

A business that uses credit card details must take care of security of credit card details.  As a merchant you will be bound by the institution that issues the credit card payment facility and their terms of use.  These institutions are in turn bound by the PCI Security Standards, (a global governing body), as well as local laws.

  • Do not store ANY sensitive cardholder details on computer or paper—this means you may not store any numbers, dates, security code or photocopy of the card.  The only detail you may store is the customer’s name.
  • Some online payment gateways do store the data in encrypted form, this may be acceptable - you will need to check the provider’s information about security and privacy.
  • Ensure card readers, point-of-sale systems and online payment systems are secure and limited to approved users only. Never allow staff members or customers to remove the device from the point-of-sale area. Consider locking the device in place.
  • Mark all devices and cables with an identification number or symbol to show that it is your device.
  • Record any serial numbers provided by the facility provider and check your device against the number provided - these must match.
  • Ensure access to sensitive information during the transaction is limited to approved users
  • Use approved merchant facilities only
  • Make sure all your computer and online systems are protected with firewall, passwords, user integrity, and backups
  • Change passwords regularly
  • Check any physical merchant devices for skimming devices
  • Check that receipts issued by the device have the exact and correct merchant name.