PKF Fasselt’s IT Advisory offers support in the implementation of compliance requirements in IT-supported processes combined with minimal invasive effects on business-relevant processes.
Our range of IT advisory services extends from mapping abstract legal requirements to your individual business interests, representing your interests in audits of your company conducted by tax or public auditors, as well as tax-compliant documentation of your business processes, right through to complete implementation of IT projects.
The following aspects are included in our advisory engagements:
- Our advisory service is tailored to your needs and the specific requirements of your company.
- We see ourselves as an interface between technical and legal requirements – in particular commercial and tax law – and your company. External regulations as well as your strategic considerations and findings from your operational business are considered in the solutions we develop with you.
- We communicate the requirements to be taken into account and the solutions to be applied to them at the various levels of the company in a manner that is appropriate for the target group.
- We help to overcome natural problems of understanding between business and IT departments.
We achieve this with our interdisciplinary approach – team building by auditors, tax consultants, lawyers and IT experts as well as multiple qualification of our employees – and our many years of project experience.
Implementation of legal requirements in your IT
The implementation of regulatory requirements in the organisation, management and control of IT is just as much part of our services as the proper design of efficient and effective IT-supported business processes.
Our services include explaining legal requirements as well as the specific characteristics of your IT environment, i.e. designing processes and necessary controls as well drafting binding guidelines and procedural instructions. Introduction and implementation are accompanied by targeted training and the involvement of bodies entitled to participate and receive information. In addition, we also prepare expert opinions on company-specific issues.
Cash Register Anti-Tampering Ordinance
Beginning 1 January 2020, no POS systems may be marketed, placed on the market, operated or used that do not meet the additional requirements of sec. 146a AO and the Cash Register Anti-Tampering Ordinance.
This, however, does not apply to cash registers that cannot be retrofitted due to their design, which were purchased between 25 November 2010 and 1 January 2020 and that meet the requirements of the letter entitled ‘Archiving of digital files for cash transactions’, IV A 4 - S 0316/08/10004-07, dated 26 November 2010.
As a result, almost all cash registers in Germany will have to be retrofitted. Further information can be found in our leaflet below.
Discussions are currently underway as to whether the implementation deadline will be extended to 30 September 2020. A corresponding letter by the Federal Ministry of Finance (BMF) is expected for autumn of this year (see among other things the press release by the German Trade Association dated 3 July 2019).
PKF leaflet – Cash Register Systems
- We ensure that your cash register process complies with the new tax requirements.
- If this cannot be achieved on time due to delayed availability of the technical security device (TSE), we will submit applications for approval of facilitation pursuant to sec. 148 AO.
- We will also adapt your cash register process documentation to the changed processes.
Compared to traditional invoices printed on paper, sending and receiving invoices in digital form saves money and boosts efficiency.
Switching to EDI enables automation and rationalisation of business processes. In the retail sector, up to 95% of invoices for goods are processed automatically. Security can also be boosted since any change in media is avoided. It is not only large companies, but also medium-sized businesses who can benefit from the potential offered by adapting internal processes and a technical solution that can be integrated into the existing IT landscape.
That’s why companies – as part of their digitalisation efforts – are increasingly relying on electronic invoices. Generally speaking, a distinction is made between different data formats:
- Structured data formats: XInvoice, EDI, XML
- Unstructured data formats: Invoices in .tif, .jpg or .pdf format (purely pictorial)
- Hybrid data formats: ZUGFeRD, PDF/A
Invoices can be sent by e-mail, DE-Mail, ePost, computer fax, fax server or as web forms.
What’s more, the public administration must be able to process electronic invoices by 2020 at the latest while the supreme federal authorities and some federal states must also be able to process electronic invoices by 2019. In the private sector, there is no legal requirement to use a particular data format. Public-sector customers are or will be obliged to be able to receive electronic invoices in formats in accordance with European requirements (e.g. XInvoice or ZUGFeRD). Beginning 27 November 2020, contractors awarded public contracts by the highest federal authorities must produce the aforementioned formats. Since Germany is a federalist state, the requirements for public contracts at municipal and federal-state level vary, particularly with regard to the transitional period, the obligation of contractors to issue invoices in electronic form as well as the handling of amounts of up to EUR 1,000.00.
Flyer E-Rechnung öffentliche Hand
In order for you too to benefit from the advantages of electronic invoices, we can support you during the design, development and introduction of suitable solutions, both as an invoice issuer and invoice recipient.
Many companies are currently pursuing various outsourcing projects and some of these include outsourcing to a cloud environment. The potential cost savings are enormous.
In order to prevent non-compliance, the following information sheet describes typical risks and requirements associated with cloud procedures that must be taken into account when designing and implementing cloud projects.
PKF-Merkblatt zu Cloud-Projekten
- For service providers and outsourcing companies: Advice on the legal requirements and the framework to be taken into account when outsourcing
- Advice on the expansion of the service provider’s internal control system and its description in the run up to certification according to ISAE 3402 or IDW PS 951
- Advice on setting up the remaining internal control system at the outsourcing company
- Certification of the service provider’s internal control system in accordance with ISAE 3402 or IDW PS 951 (not possible if previously advised on this matter)
The EU General Data Protection Regulation (EU-GDPR) has been in force since 25 May 2018 and is additionally supplemented, specified and modified by the new Federal Data Protection Act (BDSG-neu, Bundesdatenschutzgesetz) and the corresponding federal-state laws.
With the PKF Privacy Management System, we systematically guide companies through nine areas that are relevant for achieving compliance with regard to EU-GDPR and BDSG-neu.
PKF Privacy Management System
You can find our phase model for implementing the new EU General Data Protection Regulation along with other information and contact details under the following link:
Compliance with GoBD
The publication of the ‘Generally accepted principles for keeping and storing accounts, records and documents in electronic form and for data access’ (GoBD) is the tax authorities’ response to advancing digital development and leads to extended requirements for IT-supported accounting.
In addition to proper financial accounts, tax audits now increasingly focus on auditing the upstream systems with regard to security and regularity as well as the archiving and automatic evaluation of tax-relevant data. In addition to meeting the aforementioned requirements, proof of their fulfilment in the form of so-called procedural documentation is becoming increasingly decisive. The tax authorities also check tax-relevant data from financial accounting and upstream systems.
Adherence to GoBD is imperative when it comes to fulfilling the tax authorities’ requirements for valid tax compliance management.
GoBD can be broken down into four main areas:
A formal violation of GoBD can lead to complete rejection of the bookkeeping system as incorrect and to the tax base being determined on the basis of estimates. In addition, the tax office can opt to set a delay penalty of between €2,500 and €250,000 if a company fails to comply with its obligation to co-operate within the framework of the external audit and/or to make the requested data available in an appropriate manner and within the set period.
However, the degree to which the requirements of GoBD have to be fulfilled by the systems and procedures used by the company is often unclear. We are happy to provide you with the experience and expertise regarding GoBD that we have been able to build up over the past 15 years in consulting projects for well-known retail groups and medium-sized companies.
- With our comprehensive consulting approach, we can help you to ensure GoBD conformity at your company.
- By comparing the current situation of your company with relevant tax law requirements, we help you to identify any regulatory gaps at your company and initiate countermeasures.
- This specifically means that by assessing your business processes and your internal control system, we can check your IT’s compliance with GoBD and, if necessary, support you in implementing additional regulations, measures or controls.
- We can identify tax-relevant documents at your company and check that such documents are available and archived as required by law.
- We can check and optimise data access options and the possibility to evaluate your systems’ tax-relevant data. Our services here range from taking stock of evaluation possibilities, testing them and then designing tax auditor roles. We test data import into the audit software used by the tax auditor and analyse the data before the tax audit begins.
- If data cannot be imported by the auditor in its original format, we will convert the data for you into a format that conforms to the Federal Ministry of Finance’s description standard.
- We will support you in taking stock of and updating existing or creating new procedural documentation in order to avoid formal errors during the tax audit.
- We can establish standard processes for managing documentation at your company.
Data analyses within the scope of tax audits
Automated and statistical data analysis methods are now part of tax audits. They enable the tax authorities to detect irregularities in the shortest possible time. This increases the requirements for companies when preparing for a tax audit. With the introduction of IDEA audit software, the tax authorities now have a flexible tool at their disposal that can quickly evaluate large amounts of data. In view of the increasing demand for data from tax authorities, entrepreneurs should ask themselves two key questions: What information can the tax authorities derive from the data? Which irregularities and possible weak points are present in the company’s own data? The motto here is: Know your data!
If the tax auditor finds any irregularities, the consequences can be devastating. The tax authority increasingly rejects bookkeeping – in part or even completely – due to formal errors and then obtains authorisation to make an estimate.
The findings made by the tax auditor on the basis of data analyses can only be invalidated by the company performing its own digital audit.
- We can help you to ensure that the tax auditor can evaluate your data. This means reviewing or creating documentation of data structures, assistance in exporting the data from your IT systems and testing the importability of the data exported by you to the IDEA analysis tool used by the tax authorities.
- If necessary, we will convert your data into a format that complies with the description standard for data archiving media provided by the Federal Ministry of Finance.
- We analyse your data in advance of the audit.
- We assist you in analysing the causes of irregularities and in explaining the processes in preparation for the audit.
- In addition, we can develop solutions to avoid the causes of future irregularities.
- If findings are made during the tax audit, these must be disproved within a set time limit. PKF can help you to draft statements with sound counter-arguments.
- Working with your organisation, we clarify procedures that are not immediately comprehensible for the tax audit and prepare procedural documentation.
- A formal non-conformity can only justify an estimate by the tax authorities in as far as it has a material effect. In this respect, we can advise you to differentiate the causality between formal and material non-conformities in order to reduce the authorisation to make an estimate.
- Furthermore, we can participate in meetings with your tax auditor.
Internal tax control system within the scope of IT-supported tax-relevant processes (sec. 153 AO)
In the Fiscal Code Application Decree on sec. 153, the Federal Ministry of Finance states that in the case of non-conformities in tax returns, an internal control system (ICS) can justify exempting a taxpayer/company from the accusation of careless tax reduction or tax evasion. The existence of an intact ICS can therefore protect against the personal prosecution of the company’s employees responsible for tax.
The tax ICS consists of process-integrated and process-independent management and control measures. Process-integrated controls are part of the company's operational processes, tax adjustments to the annual financial statements and the preparation of tax returns. Process-independent controls are, on the one hand, control actions that are performed at the downstream end of the processes and which primarily detect errors. On the other hand, these controls also include measures for the proper establishment and maintenance of the ICS, e.g. staff training and compliance with tax requirements in the event of process changes. The internal control system must be permanently adapted to procedural and legal changes.
In addition to manual checks and automated process-integrated controls (e.g. mandatory field checks, checking the completeness of a transferred file, etc.), regular data analyses should be integrated into a state-of-the-art internal tax control system, e.g. reconciliation of secondary and general ledgers and sales, sales tax liabilities and input tax postings against sales tax returns. These can be triggered permanently or periodically using robotic process automation (RPA) without the need for manual input.
- First of all, the tax-relevant operational processes and the processes of the tax department must be identified. We will also analyse the tax risks arising from the company's business activities. The management and control measures of your tax control system are determined on the basis of the process documentation available or interviews as well as by tracking business transactions and data analyses. The results of the surveys are documented in a risk control matrix.
- We then analyse whether the internal measures implemented by the ICS are appropriate, whether the risks identified can be sufficiently reduced or eliminated and whether the tax ICS can be kept in working order. If this is not the case, we will propose additional measures and support their implementation by drafting work instructions or, in the case of IT adjustments, by creating concepts and tests as well as by creating RPA robots.
- We will set up a standard process to ensure the necessary maintenance and permanent improvement of the tax ICS beyond the duration of the project.
- We will ensure that the tax ICS is documented in a form that is understandable for external experts.
Best practices in accounting-relevant processes (sec. 153 AO)
Growing pressure on margins is forcing companies to make better use of resources already available. In many cases, this can be achieved by converting processes. In the case of processes relevant to accounting, however, particular attention must be paid to commercial and tax law requirements.
Examples include converting from upstream/downstream key-date inventories to a permanent inventory or supporting invoice verification processes through the so-called three-way-match.
[H3] Our services:
- We can contribute our knowledge of best practices of the respective processes to your design.
- With our expertise, we can ensure that you comply with all relevant commercial and tax law requirements when making changes to the process and implementing them in IT.
- If additional IT applications are required to implement the process change, we will help you to select the solution that best fits your needs.
- When it comes to leading IT applications, we offer the implementation of processes in the required company-specific customizing.