When an organisation needs review of its business risk and controls?

In following circumstances, the management of an organisation should implement an oversight role over their business processes that can identify risks and associated controls for mitigating those risks to an organisation’s risk appetite level:

• Ensure timely compliance on provisions of law & regulations related to business transactions, including CT Return filing, documentation requirements and other routine matters pertinent to business.
• Conduct a comprehensive tax plan to save tax legitimately.
• Maintain liaison with Federal Tax Authority to coordinate on internal matters giving rise to tax implication or notices served on an entity from the Authority.
• Train relevant employees of a company to maintain compliance with CT law & regulations.
• Provide detailed understanding on specific complicated areas including Group Entities located in Free Zones and Branches located outside UAE. Conduct internal reviews on regular intervals to monitor compliance with internal procedures and controls developed for adherence with law and regulations.
• Advice on business operations that have tax implications, updates in law and regulation relevant for a company, and other allied matters. Report on specific matters to translate provisions of law and regulations in easily understandable manner for business entrepreneurs and provide recommendations that is best suitable under given circumstances.

In order to prevent, detect and manage the above mentioned circumstances, the management should review and evaluate their business risks and associated controls at periodic intervals by setting key performance indicators (KPIs) in each of the business function.

An organisation should have in place a proper system for Management Information/Alert through policies and Standard Operating Procedure (SOPs) that could assist in good governance, management of risk and seamless operations of control processes.