Often when you access legislation, there is a certain amount of vagueness or confusion involved. So, while it is good to be able to locate and read the required changes, it is just as important to be able to interpret what they mean accurately.
Questioning Technique
As you analyse a new act, legislation or statutory requirement, the following questions may assist in ensuring that you have correctly interpreted the requirements:
- What are the current requirements? – Hopefully, you are aware of what you currently have to do.
- What are the new requirements? - Have these changed? What are the exact points of difference?
- Who does this affect?
- What are the current processes? - How do you currently meet statutory requirements?
- What needs to be changed? - What processes need to be changed? Specifics here!
- What needs to be done? - What are the exact changes that need to be made?
- When does this have to be done? - One very important aspect of any change to statutory requirements is knowing when the required changes must be implemented by.
- What are the penalties for non-compliance?
Let’s have a look at the first real-life example regarding PI insurance for BAS agents.
On 1 January 2021, the TPB updated TPB(EP)3/2010 to:
- provide additional information in relation to the minimum requirements relating to the amount of cover and recommended additional features of fidelity cover and run-off cover
- include the TASA changes for PI insurance requirements at registration renewal.34
Explanatory Paper TPB 01/2010 |
---|
Code of Professional Conduct |
This is a Tax Practitioners Board (TPB) Explanatory Paper (TPB(EP)). It is intended for information only. It provides a provides a detailed explanation of the TPB’s interpretation of the Code of Professional Conduct (Code) contained in Division 30 of the Tax Agent Services Act 2009 (TASA), translating the provisions into practical principles that can be applied by the profession. This TPB (EP) is designed to assist registered tax practitioners, the relevant institutions, professional associations, potential registrants and the wider community to understand the factors that provide the basis for the TPB’s approach to the application of the TASA. The principles, explanations and examples in this paper do not constitute legal advice and do not create additional legal obligations beyond those that are contained in the TASA. |
Document history |
The TPB released this TPB (EP) in the form of an information sheet as an exposure draft on 7 April 2010. The TPB invited comments and submissions in relation to the information contained in it. The closing date for submissions was 6 June 2010. The TPB considered the submissions made and published the TPB(EP). On 13 July 2017 the TPB updated this TPB(EP) to incorporate a reference to tax (financial) advisers, and to update currency and clarity. On 18 October 2021, the TPB updated this TPB(EP) to include an additional factor that may be considered in determining if a tax practitioner has complied with taxation laws in the conduct of their personal affairs. On 1 April 2022, the TPB updated this TPB(EP) to remove references to tax (financial) advisers and replace references from the repealed Tax Agent Services Regulations 2009 to Tax Agent Services Regulations 2022. Issued: 16 December 2010 Last modified: 1 April 2022 |
Professional Indemnity (PI) insurance
Professional Indemnity (PI) insurance protects a professional from financial loss, injury, or damage arising from a mistake or failure by the professional to exercise the required level of skill. Also, a professional may be held liable for a mistake even though there was no negligence, and this may result in a disruption to general business or even loss of income. Therefore, if a professional hold themselves out as having a special skill, which can be relied upon by others, they should consider Professional Indemnity Insurance is crucial.
Professional Indemnity Insurance, other than just being logical, is required for many professional associations as well as BAS agents who are in the business of providing bookkeeping services. A professional bookkeeper is assisted in establishing their credibility by being able to prove that they are insured.
PI insurance is not just about you protecting your client but also yourself in the case of error.
There are three reasons why practising bookkeepers should hold PI insurance:
- To cover against financial (civil law) claims made against a company’s work. These would usually be made by a client and could be directed at any party involved in a project for which the company might be responsible. (Examples of claims could be for input error, consumer loss etc.)
- Under the Tax Services Act 2009, all bookkeepers who are registered BAS agents are required to hold current PI insurance.
- Some clients, especially many government bodies, insist on this cover being in place before contracts are signed. This is to provide recourse in the event of the above.35
Statutory time frames
The statutory requirement for BAS agents is to have a PI insurance policy that meets the needs of the BAS agent and the TPB requirements. Whenever a change to an act of legislation is being investigated, it is critical that any time frames for action are identified and managed. Failure to update compliance requirements by the required time limit can have serious consequences for the agent and their workplace. In this example, the required level of cover needs to be adjusted in line with business turnover, and a BAS agent needs to notify the TPB of their PI insurance details when they first register within 14 days of receiving notification of your registration or when renewing the BAS agent must demonstrate they have PI insurance that meets the TPB requirements at the time of applying for renewal.
Questioning technique example
The BAS Agent PI Insurance - Interpreting Compliance Requirements document36 is an example of how to interpret legislative changes in PI Insurance requirements for BAS agents by using the questioning technique.
Policies and procedures
Policies and procedures are living documents that should grow and adapt with a company. While the core elements of policy may stay the same, the details should change with the industry and the organisation. Policy reviews and revision is a crucial part of an effective policy and procedure management plan.37
Why is it important to review policies and procedures?
Outdated policies can leave your organisation at risk. Old policies may fail to comply with new laws and regulations. They may not address new systems or technology, which can result in inconsistent practices.38 Regularly reviewing policies and procedures keeps your organisation up to date with regulations, technology, and industry best practices. Policy review ensures that your policies are consistent and effective. Reviewing policies and procedures is especially important for high-risk or highly regulated industries such as healthcare, public safety, banking, and more. But organisations in every industry should regularly review and revise their company policies.39
When to Review Policies and Procedures
With all the pressing daily tasks in the workplace, it’s easy for a policy review to fall through the cracks. Administrators may know that it’s important to review policies and procedures, but other tasks take precedence. However, policy review is best when it's done regularly and proactively. Company leaders shouldn’t wait for an incident to occur before they review and update company policies.
Regular policy and procedure review
The best way to proactively tackle policy and procedure review is just to build it into the corporate calendar. As a general rule, every policy should be reviewed every one to three years. But most experts recommend reviewing policies annually. Policy review doesn’t have to be as daunting a task as it sounds. A good policy management software will let you set up workflows to collaborate with your policy review committee, gather feedback, and track approvals.
Organisational changes
When your organization goes through large-scale changes, it’s a good idea to review relevant policies. Policies should line up with the company’s mission, vision, and values. So if you have a change in strategic direction or a reorganization, it’s important to review policies to make sure they align with the changes. These kinds of changes won't affect every policy. For example, a new structure probably won’t impact a vacation policy. But it may change other day-to-day policies and processes.
Changes to laws or regulations
Corporate laws and regulations change constantly. Compliance teams need to be aware of the changes and know which policies they impact. If there is a big regulatory change, you may need to gather your policy review committee for a special meeting instead of waiting until the regularly scheduled review time.
Adopting the changes to your policies as soon as possible helps you start to adjust your workplace to the new regulations. If you build them into your policies early on, you’ll have a smooth transition into compliance when the new laws go into effect.
An incident or policy violation
As mentioned before, you shouldn’t wait until an incident occurs to review your company policies. However, an incident or policy violation can indicate the need for a change. After an incident, it’s a good idea to do a debrief to make sure the policy had the intended effect. Examine the details of the incident to see if employees carried out the procedures properly. And look to see if there were any gaps in training or employee understanding of the policy.
This will help you determine whether you need to revise the policy in question.
Not every policy violation should result in sweeping policy changes. Sometimes it’s an isolated incident, calling for additional training or remediation for the employees involved. But in some cases, especially if there are many incidents in the same area, the issue may be that the policy is outdated, confusing, or requires increased training.
Identifying Policies and Procedures that need to be updated
Policy review doesn’t always result in policy revision. Sometimes, you may need to make big changes to address new regulations or gaps in policy. Other times, you may just make a few small tweaks.
And sometimes, the policy works as-is, with no revisions.
You’re not going to change or rewrite your policy manual every year. So how do you know which policies need to be updated?
Is the policy being implemented as intended?
It shouldn’t take an incident or high-profile issue to do an analysis of whether employees are complying with a policy and procedure.
If they are not, you need to determine why. Is the policy outdated?
Are the procedures difficult to follow? Have you introduced a new technology or process that the policy doesn’t address? Is it a training issue?
Gather feedback from line-level employees to help determine how you can improve the policy.
Does the policy have the desired effect?
Sometimes, employees are following the policy and procedure, but it’s not having the desired impact. Every policy should have a clear goal or objective. Over time, this will help you measure whether the policy is effective.
For example, perhaps a policy was put in place to improve employee safety. If employees are following the policy but accidents are still occurring at the same rate, it’s time to examine how you can change the policy to be more effective.
Are the policies and procedures current and relevant?
Make sure your policies and procedures line up with how your current systems and structures actually work. If policies and procedures refer back to old structures or technology, employees are more likely to ignore them or think that they don’t matter.
For example, perhaps your company has adopted flexible work arrangements, but your attendance and tardiness policy still revolves around old standard hours. You will need to update that to reflect the current system and make the new expectations clear.38
Keeping up with change: An ongoing process
As change is constant, you should have a process for continuous improvement of your controls and compliance efforts. Having a defined and documented improvement process will show good 'due diligence' to your auditors.
Here are some steps and suggestions on how to keep up with changes and ensure your compliance efforts don't get lost in the daily change shuffle.
I. Monitor new or potential legislation and regulatory pronouncements
New legislation and regulatory rules are always in the works for information security, privacy and other related business controls. Some are refinements and new interpretations of existing laws. As a security or compliance professional, it is incumbent on you to keep up on the latest legislative and regulatory actions and to interpret the new rulings in regards to how they may affect your company. Here are some tips for keeping up on regulations:
- Identify and subscribe to services that monitor and alert you to new and upcoming regulatory rulings for your specific industry.
- Inventory current and upcoming (potential) regulations.
- Include local, state, federal, and international governing bodies in your research.
- Identify upcoming or potential new laws and determine the potential impact and risk to your organization.
- Keep business management, Compliance Officer and Legal Counsel updated on new legislation.
II. Define requirements to meet new compliance requirements
For new legislation or regulatory requirements, you will need to analyse and determine the steps needed to bring your organization into compliance. Here are a few steps to follow:
- Perform a risk assessment and gap analysis, if not already done
- Get business management involvement
- Identify business and IT processes affected
- Define business requirements
- Create/update policies that support new or changed compliance needs
- Define technical and system requirements
- Implement changes
III. Integrate with change control processes
Make use of your change control process to help ensure controls and compliance are maintained over time. Modify your change management practices to include a check and verification for controls and compliance requirements. Any changes to applications and systems should include a review and update to the control processes before being allowed into production. Controls processes, like other system functions, should be tested. The Information Security Officer or appropriate IT compliance manager should sign off on all changes to ensure controls were properly addressed and updated and meet regulatory requirements. Also, for tax-related applications, changes should be scheduled and timed so as not to cause issues during a quarter or year-end audit controls testing. If new controls are implemented too close to the end of a year, then auditors may not be able to test the effectiveness of the control, creating issues in their audit findings.
IV. Integrate with the project management process
Modify your project management methodology to include meeting regulatory requirements as a deliverable success factor for each project. This will help ensure all new systems and applications meet regulatory requirements. When defining business and technical requirements for a new system, including identifying and defining the regulatory and controls requirements. These should be considered upfront and integrated into the system requirements and functions. The controls should be tested along with the other functional and system testing. The final approval to move a system into production should include a review and approval of the control processes. If you can, get your Internal Auditor to review the controls design for new systems during design and before implementation. If there are issues, then you can resolve them at less cost than having to redo something after the system goes into production and creates an out of compliance issue.
The following document explains the process for writing policies and procedures.
The term compliance describes the ability to act according to an order, set of rules or request. In the context of financial services, businesses compliance operates at two levels.
- Compliance with the external rules that are imposed upon an organisation as a whole
- Compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.
The most effective way to assist in ensuring compliance is to create and maintain policies and procedures that encourage the desired practice.
Writing instructions and procedures
Procedures should be designed to communicate the information that a reader needs to know. In your procedure, you may also like to add a description of why they should do this or specific times when they should use this procedure. Within the procedure should be areas on what to do if things go wrong and where to go for help on the subject.
Some questions to consider when writing a procedure to ensure it has the correct amount of detail:
- Do users have enough information to complete the action?
- Is there enough information to guide users in using good professional judgment?
- Is the level of detail appropriate for the subject?
- Is the level of detail appropriate for readers?
- How comfortable are readers with the subject?
Gather Information
Before you start writing, you will first need to gather detailed information on the process or policy you want to make into a procedure.
When gathering information, you should talk with content experts as well as others who hold key information, such as:
- Long-time staff members
- Stakeholders
- Legal professionals
- Industry professionals
- People who will use the procedure
When gathering information from experts, ensure that you take notes. Once you have gathered the information you need, you will then need to analyse it in order to gain a clear understanding of the content you have gathered.
The next step from there will be to trim the information you have and organise the information into what the user needs to know when using the procedure.
Start Writing
The main purpose of your first draft is to include the information you need and to get it all on paper. From there, you can edit and organise the information into a useable format. Some helpful steps to follow when writing a procedure are as follows:
- Write actions out in the order, from the first step to last
- Be specific enough to communicate clearly but do not go overboard on words
- Make your procedures as if you were instructing the person next to you how to do them. Make the procedure step by step
- Use lists and bullets
- Do not assume knowledge when writing instructions
- Use terms that all staff can understand, avoid jargon
- Write at an appropriate reading level
Design Elements
In many cases, a set of instructions, especially for complex tasks, are not enough to explain a procedure. You may find that a flow chart, Q&A or script may be necessary. An example of each of these can be found below:
Flowchart – This shows a process as a diagram. Using a series of symbols and arrows to indicate flow and action, you can outline a process and make it easy to follow.
Playscript – a play script, when talking about writing a procedure, will be a list of the staff within the procedure and the responsibilities each will hold. If multiple people are involved in the procedure, then a script could help the procedure.
Person responsible | Action |
---|---|
Writer | Gather information. Write procedure. Show draft to stakeholders. |
Stakeholders | Review draft. Submit corrections and comments. |
Writer | Create a final draft. |
Department manager | Approve the final version. |
Question and answer – FAQs on the procedure and answers to them are often a good way to ensure understanding when writing a procedure. It also helps address "what if" issues.40
Effective Procedures
Well-written procedures can help your organisation to improve its quality of work. It can help your organisation to reduce the number of errors and omissions and ensure that new and old staff will be able to perform complex tasks quickly and effectively.
To ensure that you are as effective as possible, make sure that they are necessary and that they are written in a way that is easily understood – using simple and clear instructions to communicate as effectively as possible.
Example: Mel’s Makeup Policy and Procedure Manual Request Purchases Extract
Procedures:
Request for purchase
All purchases for business items must be requested through a purchase order.
All items over the value of $50.00 must be supplied by authorised suppliers - refer to the New Suppliers Policy where the suppler is not an existing supplier.
For items over the value of $500.00 three quotations must be provided.
A request for purchase must address the following criteria:
- purchasing that promotes environmental sustainability
- value for money
- preference to Australian/locally produced
Guidance: consider including not-for-profit, social enterprises and Aboriginal enterprises in your purchasing policy as they can provide value for money and increase social good.
All purchase orders must be authorised within the following guidelines:
Items purchased | Persons authorised | Second authorisation |
---|---|---|
Retail stock | Financial manager of Mel's Makeup Pty Ltd | Financial manager of Mel's Makeup Pty Ltd |
Example: Mel’s Makeup Policy and Procedure Manual- Accounts Receivable Procedure extract
Accounts receivable procedure
Purpose
The purpose of this procedure is to set out the processes for managing Mel's Makeup Pty Ltd receivable debtors. To ensure that all monies owed to Mel's Makeup is collected in a timely manner and in accordance with legislative requirements to maintain cashflows and to minimise bad debts.
Procedures
Accurate records are to be maintained on all accounts receivable. The records to be maintained for each customer must include the complete name, address, contact details and Australian Business Number (ABN) when necessary.
At the time of sale, an invoice is to be provided to the customer. The sale is to be entered into an accounts receivable ledger for the customer and the total sales for the day are entered into a control ledger. The accounts receivable ledger is to be maintained for each account showing all the charges and payments. The control ledger is to equal the receivable ledgers for all customers. A monthly reconciliation is to be completed between the receivable records for the customers and the control ledger to ensure accuracy.
Statements are to be sent at least monthly to all customers who have an outstanding balance due. The statement should indicate the total balance due and identify a payment due date. I f ufll payment is not received the procedures outlines in the Customer Credit Limit Policy are to be followed.
Report accounts receivables
Monthly - The accounts department must generate an Accounts Receivable Aging Report at the end of the month. A copy of the Accounts Receivable Aging Report is to be submitted to the Managing Director within 5 working days of the end of the month.
External Stakeholders and Networks
A major tool in the process of keeping updated about changes to industry regulations is professional networking. Professional networks can assist if a Financial Services Industry professional encounters tasks outside their defined role and responsibilities or beyond their skill set.
The network of professionals that members of the Financial Services Industry can build relationships with may include, but is not limited to:
Network Type | Can assist with |
---|---|
Fellow bookkeepers | Processes, industry updates, software assistance |
Colleagues / staff | Company policies, procedures, and information |
Accountants | Legislation and tax information |
Lawyers | Laws and legislation |
Registered tax agents | Legislation and tax information |
Auditors | Adherence to company policies, legislation, and tax information |
Banks, building societies, credit unions | Banking and financial tools |
Suppliers | Software upgrades and advances |
Mentors | Processes, industry updates, software assistance, ethical behaviours, professional development |
Software consultants | Software upgrades and advances |
Information technology (IT) team | Software upgrades and advances |
Australian Taxation Office (ATO) | Legislation and tax information |
Professional associations | Processes, industry updates, software assistance, ethical behaviours, professional development |
Business or financial advisor | Processes, industry updates, software assistance, ethical behaviours, professional development |
Debt collection agencies | Adherence to company policies, legislation and tax information adherence |
What are statutory reporting requirements?
Statutory reporting is a core regulatory requirement, often with significant attention from investors, auditors and management. Therefore the accuracy and timely completion of reporting are imperative.41
Deadlines
In order to comply with all requirements and statutory deadlines, you will need to create a timetable. This timetable should list the times at which certain events and deadlines occur. A timetable should hold the deadlines of requirements such as:
- Financial reporting – all entities must lodge a financial statement and report within three months of the end of the financial year as described by the Corporations Act
- Income tax lodgment – the lodgment program each year focuses on providing details of when documents need to be lodged with the tax office
- ATO and GST compliance – there are three returns and lodgments that are required when complying with the ATO. These are as follows:
- BAS – will be reported on a monthly, quarterly or yearly basis depending on the organisational preferences
- IAS – will be reported on a monthly, quarterly or yearly basis depending on the organisational preferences
- PAYG – generally paid quarterly. In some cases, it may be two times per year or even annually
- Annual statements – every company listed with ASIC will have an annual review and must lodge a statement annually
- Managed investment schemes – must lodge a financial statement and report within three months of the end of the financial year.
You should ensure that you create a timetable of when each of your compliance requirements is due. This will help ensure that your organisation remains compliant and will help your organisation avoid any fines or punishments involved in non-compliance.
Real-life example- ASIC
Each year, ASIC will send your company an annual statement shortly after the annual review date (which in most cases is the date you registered the company).
Your annual statement will contain:
- a statement of your company's current details,
- an invoice for your company annual review fee, and
- your company's corporate key
To keep your company registered, you must complete the following steps.42
- Step 1: Pay your annual company review fee
- Step 2: Check and update your company details
- Step 3: Pass a solvency resolution
ASIC Company’s annual statement
It is now time to test your understanding of the module using the Burleigh Financial Services Case Study below.
Burleigh Financial Services Case Study
Burleigh Financial Services is a company of accountants. The company is just about to launch a new arm of the business which is financial planning services.
You are the new Accounts Officer for Burleigh Financial Services. Part of your role is to ensure that all compliance standards are met within the organisation. This includes identifying all of the regulatory obligations that apply to the organisation, as well as monitoring any changes.
As a new employee, the General Manager has asked you to prepare a report to assist in understanding compliance requirements in relation to your own role.
The CEO has also advised you that he would like you to investigate new qualification requirements for financial planners and the impact that this will have in relation to the new services.
Furthermore, he would like to know what restrictions there are in relation to advertising and promoting financial services if any.
Part A
Using the attached Legislation Report Template develop a report to discuss with the General Manager at a meeting.
Your report should include a review of:
- Sources of information that can be used to identify information about compliance requirements relevant to the company. You should identify at least three sources of information,
- Legislation and regulations that impact on advertising and promoting the business.
- Implications of the legislation and regulations you have identified for advertising and promoting the business.
- Compliance requirements that relate to your role as an Account Officer
- Analysis of the impact of the new qualification requirements for financial planners.
Part B
The General Manager has asked you to update the Human Resources Policies and Procedures to ensure compliance with the requirements for financial planners.
Review the existing Human Resources Policy and Procedures and update