Rethinking risk: The strategic value of group-wide tax compliance
As tax authorities become more data driven, organisations need a consistent, centralised approach that treats compliance as a strategic tool for managing risk.
Deloitte tax consultants Sabine Boone and Rhianne Cox explain why.
Highlights
- Authorities scrutinize businesses through both a global and country-by-country lens.
- Late filings, inconsistent data, and last-minute fixes raise risk fast, driving audits, penalties, delays, and management distraction.
- Centralised, group-wide compliance gives tax leaders better visibility, fewer errors, and more time to focus on strategic opportunities.
Tax functions are being pushed into a new reality: get it right first time. That’s the new reality facing multinational businesses as tax authorities around the globe improve their oversight.
“The risk landscape is becoming more and more global,” explains Deloitte’s Sabine. “There used to be an opportunity to correct your tax return, but now you need to have everything ready from day one.”
Tax authorities now can share more information with each other, meaning more is known about a company’s tax affairs outside the countries in which it operates.
“In the past it was often on a country-by-country basis,” explains Sabine. “Now, tax authorities put pressure on businesses because they look at it from a global perspective as well as a country one.”
Rhianne adds: “For companies to be able to manage this, they need a robust tax compliance methodology. Things like late filings and errors in tax returns really increase their risk profile. “This is particularly the case for indirect tax, where you're perhaps filing every month. If you're getting lots of errors, this can quickly escalate to issues with the tax authorities.”
Good quality data drives high-quality tax returns, leading to a good relationship with the tax authorities.
Rhianne Cox, Deloitte Tax and Legal Director
Why traditional models fall short
Historically, tax compliance has sometimes sat outside formal risk management frameworks. In some organisations responsibility was often devolved to local finance teams, with limited central oversight and little visibility beyond statutory deadlines.
That separation meant tax teams focused attention on tax strategy and planning, while compliance was treated as an operational necessity rather than a risk signal. In that environment, inconsistencies between jurisdictions were more likely to surface.
But decentralisation brings risk rather than flexibility, says Rhianne, and companies now need to focus on getting the basics right.
“A lack of centralisation means different information was sent to different tax authorities,” she explains. “That wasn’t as apparent in the past, when authorities weren’t joining things up, but now they are, so companies need their data to be consistent.”
Even where organisations have a group tax strategy, implementation can be uneven. Rhianne sees this most often when local teams make autonomous decisions rather than following the group approach.
A more global approach for greater control
“We see some companies making autonomous decisions in-country rather than following the group’s tax strategy,” Rhianne adds. “That inconsistency creates risk. And it’s not decentralisation alone – it’s individual approaches to errors spotted during the reporting cycle, fixed at the last minute with little communication between teams.”
The lack of coordination between indirect tax, transfer pricing and direct tax teams can quickly escalate.
“One team adjusts something, another doesn’t, and that’s how companies create internal risk,” Sabine explains. “Transfer pricing is a common example. Adjustments are made but not pushed back to other workstreams, creating potential liabilities that are no longer acceptable.”
Identical information often appears in several filings, multiplying exposure.
“You can have the same data going into a corporate tax return and a related party transaction form,” says Rhianne. “If those don’t match, you already have a problem. When you globalise that across both sides of a transaction, the risks escalate quickly.”
The consequences are rarely limited to technical corrections and can include penalties, interest payments, locked tax refunds and often tax audits. This means more management hours, adviser fees and distraction, which is all time and money that could have been spent managing risk proactively.
The benefits of embedding compliance into risk management
When compliance is integrated into risk management, the shift is both cultural and operational. Rhianne sees improved confidence, reduced mistakes, and fewer audits, while Sabine points to efficiency gains from fixing issues at the source.
“Companies should be fixing problems at source, not trying to understand what happened months later,” Sabine says. “They may say they have no budget, no time, or that IT is overloaded, but it creates a big opportunity. Centralised control and clearer connections between workstreams make risk far easier to manage.”
Rhianne sees the impact most clearly at leadership level. She explains: “It gives confidence to heads of tax. If compliance is managed, source data is reliable and it flows through to all returns, they know the business is in a good place.”
That confidence translates into fewer audits, fewer errors, and greater capacity to focus on strategic opportunities.
In one example, Deloitte worked with a multinational organisation where the tax function had evolved organically and become highly fragmented. Finance teams in-country were making autonomous decisions, with no global tax compliance oversight. The company’s new tax leader needed a more coordinated approach.
“We gave them visibility they simply didn’t have before,” Rhianne says.
With the Head of Tax able to see all tax returns before they’re filed, the new process has uncovered inefficiencies that were creating unnecessary costs.
“They’re now in a much better position. They have global oversight, know what’s going on in-country, and there’s a better relationship with finance teams too,” Rhianne adds.
"Risk management is about having it right first time…it s just inefficient and almost impossible these days to say, we'll fix it later.”
Sabine Boone, Deloitte Tax and Legal Partner
Practical steps to take
For Sabine, winning local approval is essential when attempting to weave compliance into risk management.
“It’s about communication and treating people as people,” she says. “When we show that centralisation adds support rather than removing autonomy, resistance tends to ease. It becomes a shared effort, not something imposed.”
Whether internal or outsourced, a fully integrated tax compliance programme should be led centrally. It also needs to be supported by technology and good-quality data.
And if companies want to get ahead, a clear tax operating model or control framework is critical. Without that structure, teams waste time correcting immaterial issues.
People don’t know where the boundaries are,” Sabine adds. “Clear guidance prevents unnecessary work.”
Change management remains the biggest hurdle, as resistance is often tied to restructuring and perceived loss of control. But this shift works with senior sponsorship and a clear owner.
Navigating the road ahead
With tax authorities becoming more global and more technology led, organisations without a global tax strategy risk falling behind.
“New reporting requirements and follow-up questions from authorities are expensive,” Sabine says. “Responding to queries costs far more than filing returns. Tax strategies need to be global and forward-thinking. They need to account for technology and future scrutiny.
“For us it’s about helping organisations build what they need, then stepping back when they’re ready. Because fixing things after the event is no longer acceptable.”
When compliance is reduced to box ticking, organisations face rising costs, heightened exposure and constrained strategic capacity. By integrating it into risk management, they unlock insight, resilience and control, strengthening their ability to navigate this evolving landscape with confidence.
