6. Verification and compliance management

The audit, verification and investigation function assesses the accuracy and completeness of taxpayer reported information. This function employs on average thirty percent of tax administration staff to verify that tax obligations have been met. While this often happens through conducting desk or field based “tax audits”, there is an increased use of automated electronic checks, validations and matching of taxpayer information. The undertaking and visibility of these and other compliance actions is critical in supporting voluntary compliance, including through their impacts on perceptions of fairness in the tax system, as well as creating a ‘deterrent effect’. This chapter therefore looks at:

  • How tax administrations manage compliance risks, including the use of large and integrated data sets;

  • The delivery of compliance actions undertaken by tax administrations including moving field audit work into a virtual environment; and

  • The work on tax and crime.

The OECD report The Changing Tax Compliance Environment and the Role of Audit (OECD, 2017[1]) looked at the range of incremental changes occurring across tax administrations which, taken together, were changing the nature of the tax compliance environment, allowing for more targeted and managed compliance.

A significant part of this change is driven by the increased availability of data. As digital transformation continues, even more tax related data from taxpayers and third parties is becoming available (for example, data from e-invoicing, online cash registers and financial account information), which is contributing to a clearer understanding of tax gaps. Most tax administrations now apply data sciences techniques and use analytical tools as part of compliance processes (see Table 6.1.), and this is explored in more detail later in this chapter. Box 6.1. also contains some examples of the range of data exploration techniques being used by tax administrations, including the analysis of unstructured data.

Another growing trend is the combination of analytics with behavioural analysis to build a more holistic understanding of compliance risks, behavioural patterns and appropriate compliance interventions. Figure 6.1., shows the percent of tax administrations who are using behavioural insights in their work. This percentage has grown from 62 percent of administrations in 2018 to 76 percent in 2021 (see also Table A.89.).

As more and more data is stored electronically, and the transfer, storage and integration of data has become easier through the application of new techniques and processes, there has been a huge increase in the amount of data available to tax administrations for compliance purposes. Frequently used data sources include:

  • Data from devices: Data can be collected from devices that register transactions such as online cash registers and trip computers for taxis and trucks, and also gate registrations from barriers and weigh bridges.

  • Data from banks, merchants or payment intermediaries and service providers: This allows direct verification of income or assets reported by the taxpayer. Some jurisdictions already receive transaction details or transaction totals for taxpayers on a regular basis.

  • Data from suppliers: Collecting data from suppliers, either directly or through the taxpayer, allows a more complete picture to be drawn about the activities and income of the taxpayer. This is seen in the increasing use of e-invoicing systems which, as noted in Chapter 4, allows some tax administrations to prefill tax returns.

  • Data from the customer: This is easiest in cases where the number of customers is limited and known, but increasingly mechanisms to leverage customers in compliance are being used, for example in the verification of cash receipts.

  • Unstructured data concerning the taxpayer: Increasingly electronic traces relevant to business activities and transactions can be found on the internet and in social media.

  • Data from other government agencies: Data held by other government agencies for example for licencing, regulatory or social security purposes can be relevant in verifying tax returns or in risk assessments.

  • Data from international partners: New international exchanges of data commencing under the Common Reporting Standard and Country-by-Country Reporting is massively increasing the quantity of data available on international activity and providing useful information for audit and case selection processes and in some cases for prefilling of tax returns.

There are, though, some emerging risks to the availability of large data sets. In particular, it is increasingly possible for data relevant to the tax administration in one jurisdiction to be held within the territory of another jurisdiction. In these circumstances, it can be difficult to obtain the data on an automatic basis from the data holder located in another jurisdiction. This could make it more difficult to risk assess in some circumstances, as well as making it more difficult to prefill tax returns and to further develop compliance-by-design processes.

An example of this comes from the growth of the sharing and gig economy facilitated through online platforms which can operate across border. This may become an increasing risk as the online economy grows, particularly if it is accompanied by a shift from salaried employment (and the reporting of incomes by employers) to self-employment. This issue was considered in the OECD report The Sharing and Gig Economy: Effective Taxation of Platform Sellers (OECD, 2019[2]). That report looked at a number of strategies currently being adopted by tax administrations as well as their limitations and recommended the development of standardised reporting requirements to facilitate possible future automatic exchange of information between tax administrations. It also led to the development of:

  • A set of Model Rules that when used in legislation require digital platforms to collect information on the income realised by those offering accommodation, transport and personal services through platforms and to report the information to tax authorities (OECD, 2020[3]).

  • A Code of Conduct to facilitate a possible standard approach to co-operation between administrations and platforms on providing information and support to platform sellers on their tax obligations while minimising compliance burdens (OECD, 2020[4]).

  • A report that explored the practical issues raised by real-time connections between tax administrations and sharing and gig economy platforms (OECD, 2022[5]).

Another risk that has been identified is that posed by digital financial assets (DFAs), such as cryptocurrencies. The owners of DFAs can be very difficult to trace even though they may be linked to the creation of a specific digital wallet (which is somewhat similar to a bank account). Tracking down the individuals or entities behind particular wallet addresses is at best very difficult and resource intensive. In August 2022, the OECD approved the Crypto-Asset Reporting Framework which provides for the reporting of tax information on transactions in Crypto-Assets in a standardised manner, with a view to automatically exchanging such information. (OECD, 2022[6])

While not a risk as such, it should also be noted that data protection requirements could limit the circumstances in which data can be kept, processed or shared. This is a key consideration for administrations in designing systems which rely on large data sets and the retention of data.

Over recent years, the application of advanced analytics to risk management and risk targeting is becoming increasingly common:

  • Figure 6.3. shows 80% of tax administrations reporting using big data in their work, and of those that use big data nearly all are using it to improve their compliance work.

  • Of the 58 tax administrations covered by this report, 55 report using data science / analytical tools with the remaining administrations in the process of preparing the use of such tools going forward (see Table 6.1.).

  • Similarly, the use of artificial intelligence, including machine learning, for risk assessments and detecting fraud is already undertaken or in the process of being implemented by the majority of administrations covered in this publication (see Table 6.1. and Figure 6.4.).

This increasingly sophisticated use of analytics on expanded data sets is leading to a sharpening of risk management and the development of a range of intervention actions, including through automated processes. A selection of examples is included in Box 6.3. Additionally, the OECD report Advanced Analytics for Tax Administration: Putting data to work (OECD, 2016[7]) provides practical guidance on how tax administrations can use analytics to support compliance and service delivery.

With the use of analytics increasingly becoming a common and integrated part of tax administrations across the world, in developed and developing countries alike, being used in strategic as well as operative usage areas, the OECD’s Forum on Tax Administration developed the Analytics Maturity Model (OECD, 2022[8]). The model allows tax administrations to self-assess their current level of maturity in their analytics usage and capability, providing insight into current status and identifying areas of weaknesses as well as strengths. As Figure 6.2. shows, it has been completed by over 40 tax administrations, and the results of this are guiding and supporting administrations in their analytics strategies.

Another approach for targeted risk management is the creation of units looking into the tax affairs of specific taxpayer segments. Two specific areas where tax administrations have found it advantageous to manage specific groups of taxpayers on a segmented basis are business taxpayers, and high net wealth individuals (HNWIs). The rationale for focusing administration resources on managing these groups revolves around the:

  • Significance of tax compliance risks: due to the nature and type of transactions, offshore activities, opportunity and strategies to minimise tax liabilities; and in the case of large business, the differences between financial accounting profits and the profits computed for tax purposes.

  • Complexity of business and tax dealings: particularly the breadth of their business interests and in the case of HNWI, the mix of private and tax affairs.

  • Integrity of the tax system: the importance of being able to assure stakeholders about the work undertaken with these high-profile groups of taxpayers.

Additionally, in the case of large taxpayers, while being a small number of taxpayers they are typically responsible for a disproportionate share of tax revenue collected. The data indicates that for most jurisdictions between 30% and 60% of their total net revenue, including withholding payments on behalf of employees, was received from taxpayers covered by their large taxpayer programmes (see Figure 6.5.). On average, 2.4% of corporate taxpayers covered by those programmes account for 44% of all revenue collected (see Table 6.2.).

While the management of these groups of taxpayers is often undertaken as a programme, in a large number of jurisdictions these programmes are also structural involving a Large Taxpayer Office or HNWI unit. The scope of the work of these units varies considerably, ranging from undertaking traditional audit activity, through to “full service” approaches (see Figure 6.6.). However, on average close to two-thirds of tax administration staff in large taxpayer offices or programmes are working on audit, investigation and other verification related issues (see Table 6.2.).

While it is key for tax administrations to understand current compliance risks and prepare appropriate response strategies, it is equally important to understand and prevent risks which may arise in the future. The increasing availability of data along with the enhanced capacity of tax administrations to handle and analyse that data allows tax administrations to more robustly assess future tax risks. Figure 6.3. highlights the large number of tax administrations who engage in forecasting, which is putting them in a position to assess where new compliance risks may arise and develop in time the necessary mitigation strategies as the ability to identify, understand and manage risks in a rapidly changing environment is a critical element of successful and resilient tax administration.

This is leading to the creation of sophisticated risk management programmes, that can embed risk management across the organisation rather than leaving it in silos across the organisation. It also helps building a risk culture within tax administrations, as Box 6.5. illustrates.

Planning for future risks is particularly important as jurisdictions consider the ongoing impacts of global challenges and how they influence taxpayer’s compliance behaviour. This is likely to be challenging as jurisdictions emerge from the pandemic when most administrations reduced or suspended compliance activities, impacting the data available to accurately assess risk. The sophisticated modelling analytics and modelling skills that tax administrations built up before the pandemic have been used to respond to these challenges, and to take account of any changes in taxpayer behaviour.

An interesting development within tax administrations is the recognition that the power of data analysis needs to be decentralised and spread more widely across the organisation. Through this, tax administrations can be ready to identify emerging risks more quickly and identify possible early interventions. As a result, tax administrations are now also exploring how artificial intelligence can be incorporated into compliance processes across the organisation, and it is likely that this will be central to the digital transformation of compliance management, and risk management in the future. Examples of this can be seen in Box 6.6.

“Compliance actions” undertaken by tax administrations to determine whether taxpayers have properly reported their tax liability are changing. As set out earlier, the increasing availability of data and the introduction of sophisticated analytical models are allowing administrations to better identify returns and claims or transactions which might require further review or be fraudulent. Furthermore, these models, many of which can operate in real-time, are allowing administrations to conduct automated electronic checks on all returns or on transactions of a particular type.

While traditional audits (including comprehensive, issue or desk audits) are often the primary verification activities, the use of automated electronic checks or using rules-based approaches to treat some defined risks (for example, automatically denying a claim, issuing a letter or matching a transaction) is providing administrations with more effective and efficient ways to undertake some of this work. Box 6.6. sets out examples of this.

These approaches do, however, raise the question of how to reflect those automated electronic checks in the performance information that administrations report in ISORA data. To include all checking may distort coverage, adjustment and yield rates. However, where it replaces previously undertaken manual actions it would seem appropriate to reflect what administrations are now doing in this area.

In this respect, administrations completing the ISORA survey were invited to break down the total value of additional assessments raised from audit and verification actions into (i) audits and (ii) electronic compliance checks (defined as electronic checks, validation and matching of taxpayer information). Only a few administrations were able to provide information on electronic compliance checks. However, for some of those administrations, electronic compliance checks make-up an important part of the additional assessments raised through all audits and verification actions. (See Table D.39.)

Thanks to the growth in data and more powerful technology resources there is an increasing trend being the development of ‘real-time’ compliance checks, helping catch errors earlier in the process as Box 6.7. illustrates.

On average, audit adjustment rates have remained stable over the period 2018 to 2021 (see Table 6.3). However, as shown in Figure 6.8., the rates vary significantly across the administrations covered by this report. The high adjustment rates can of course result from highly targeted audits, particularly during the COVID-19 pandemic where some administrations focused audit activities on high-risk cases such as fraudulent activities (OECD, 2021[9]).

The importance of audits can also be seen when looking at the additional assessments raised. On average, the additional assessments raised from audits correspond to around 4% of total revenue collections. This has been relatively flat over the years 2018 to 2021 (see Table 6.3). Looking at the jurisdiction level data, it can be seen that there are significant differences across the 52 administrations that were able to provide data (see Figure 6.9.).

Breaking this down by tax type, it shows that the ratio of additional assessments raised to tax collected is the greatest for corporate income tax (CIT). On average, CIT additional assessment raised as a percentage of CIT collected is 8.8%, more than double the percentage for value added tax (3.6%) and more than three times the percentage for personal income tax (2.4%). (See Figure 6.10.)

In many jurisdictions, the additional assessments raised through large taxpayer offices or programmes (LTO/P) make-up a significant share of the total additional assessments raised from audits (see Figure 6.11.). On average, LTO/Ps contribute around 30% of the total additional assessments raised from audits (see Table 6.2.).

Traditionally, administrations apply a variety of different audit types including comprehensive audits, issue-oriented audits, inspections of books and records, and in-depth investigations of suspected tax fraud. Often those audits require the administration to visit the taxpayer’s premises (so called field audits).

Advances in technology have led administrations to consider new ways of engaging with taxpayers during the audit process including the electronic submission of audit related documentation. This trend was accelerated as a result of the COVID-19 crisis as the closure of tax offices and the move to remote working for large numbers of tax officials changed how they approached audits.

The 2021 OECD report Tax Administration: Digital Resilience in the COVID-19 Environment (OECD, 2021[9]) observed this as well and noted that of the 32 administrations covered by that report, close to ninety percent shifted parts of their field audit work to a virtual / digital environment. Moreover, 76% of those administrations plan to continue moving field audit work to a virtual/digital environment going forward. This is supported by an increased use of technology in audits which is helping drive efficiency. Box 6.8. highlights some leading practices in that space.

Tax crime refers to a conduct that violates a tax law and can be investigated, prosecuted and sentenced under criminal procedures within the criminal justice system. There is a range of organisational approaches for conducting tax crime investigations and the ISORA 2022 survey looked at the responsibility for directing and conducting those investigations.

The information gathered through the survey shows that 55% of the tax administrations covered in this publication are involved in conducting tax crime investigations (Table A.69.). The majority of those administrations have responsibility for both conducting and directing tax crime investigations, while the others have responsibility for solely conducting investigations, under the direction or authority of another agency, such as the police or public prosecutor (see Figure 6.12.).

In the cases of administrations that do not have any responsibility for conducting tax crime investigations, this work is done by another agency, such as the police or public prosecutor. This could also be a specialist tax agency, established outside the tax administration.

Table 6.4. shows the total number of cases referred for prosecution during the fiscal year for the 32 administrations that have responsibility for conducting tax crime investigations. While the number of cases referred for prosecution was similar in 2018 and 2019, there was a significant reduction in the number of cases referred for prosecution during 2020 and 2021.

This is also reflected in the jurisdiction level data, which shows that around 70% of administrations that have responsibility for conducting tax crime investigations referred fewer cases for prosecution in 2021 (see Table A.69.).

There could be many reasons for this reduction. This could include a genuine decline in cases, administrations reducing staff in this area as part of a wider reallocation of resources due to the pandemic, or the pandemic may have imposed constraints on the ability to refer cases for prosecution. Future editions of this series will be able to identify if the reduction this year was a ‘blip’ caused by the pandemic or the start of a long-term trend.

Finding better ways to fight tax crime is a high priority as money laundering, corruption, terrorist financing, and other financial crimes can threaten the strategic, political and economic interests of jurisdictions. Tax administrations, as gatekeepers to a sound financial system, play a critical role in countering these activities and are in possession of information that could be crucial for a successful criminal tax investigation.


[8] OECD (2022), Analytics Maturity Model, OECD, Paris, https://www.oecd.org/tax/forum-on-tax-administration/publications-and-products/analytics-maturity-model.htm (accessed on 22 May 2023).

[6] OECD (2022), Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard, OECD, Paris, https://www.oecd.org/tax/exchange-of-tax-information/crypto-asset-reporting-framework-and-amendments-to-the-common-reporting-standard.htm (accessed on 22 May 2023).

[10] OECD (2022), Recommendation of the Council on the Ten Global Principles for Fighting Tax Crime, OECD/LEGAL/0469.

[5] OECD (2022), Tax Administration 3.0 and Connecting with Natural Systems: Initial Findings, OECD Forum on Tax Administration, OECD Publishing, Paris, https://doi.org/10.1787/53b8dade-en.

[9] OECD (2021), “Tax Administration: Digital Resilience in the COVID-19 Environment”, OECD Policy Responses to Coronavirus (COVID-19), OECD Publishing, Paris, https://doi.org/10.1787/2f3cf2fb-en.

[4] OECD (2020), Code of Conduct: Co-operation between tax administrations and sharing and gig economy platforms, OECD, Paris, http://www.oecd.org/tax/forum-on-tax-administration/publications-and-products/code-of-conduct-co-operation-between-tax-administrations-and-sharing-and-gig-economy-platforms.pdf (accessed on 22 May 2023).

[3] OECD (2020), Model Rules for Reporting by Platform Operators with respect to Sellers in the Sharing and Gig Economy, OECD, Paris, http://www.oecd.org/tax/exchange-of-tax-information/model-rules-for-reporting-by-platform-operators-with-respect-to-sellers-in-the-sharing-and-gig-economy.htm (accessed on 22 May 2023).

[11] OECD (2020), Tax Crime Investigation Maturity Model, OECD, Paris, https://www.oecd.org/tax/crime/tax-crime-investigation-maturity-model.htm (accessed on 22 May 2023).

[2] OECD (2019), The Sharing and Gig Economy: Effective Taxation of Platform Sellers : Forum on Tax Administration, OECD Publishing, Paris, https://doi.org/10.1787/574b61f8-en.

[1] OECD (2017), The Changing Tax Compliance Environment and the Role of Audit, OECD Publishing, Paris, https://doi.org/10.1787/9789264282186-en.

[7] OECD (2016), Advanced Analytics for Better Tax Administration: Putting Data to Work, OECD Publishing, Paris, https://doi.org/10.1787/9789264256453-en.

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2023

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.