ATO zeros in on cybersec, STP upgrades, and data migration in 2022-23 plan

ATO Corporate Plan 2022-23

The Australian Taxation Office (ATO) has elevated cybersecurity, data and digital investments as key priorities within its 2022-23 Corporate Plan, released today.

Penning the Corporate Plan foreword, Chris Jordan, Commissioner of Taxation, argued the ATO proved itself “much more than a revenue collection agency” during the Covid pandemic, with its key role in delivering “vital stimulus to millions”.

“We are at the cutting edge of government service delivery, and we are continuing to undertake significant programs of work. We are acknowledged as a world-leading taxation authority.”

Digital is thus at the forefront of the tax agency’s current program of work, with data and indeed the protection of data assets crucial to its current and future services.

Jordan stressed that, with “one of the largest data stores in Australia”, the ATO has an obligation to keep its data safe and secure.

“[It] is a driver for our focus on cybersecurity and the transition to the new data centre. Our data stores are growing every year, so keeping our systems safe and protecting the personal information entrusted to us by taxpayers is paramount,” Jordan said.

He added that the ATO will also seek to further expand the capabilities of the Single Touch Payroll (STP) system, initially rolled out in 2021, leveraging more data “to simplify employer reporting obligations and address superannuation guarantee non-compliance”.

“We are focusing on improving small business tax performance by collaborating with partners to enable seamless tax reporting from business source systems.”

Among ATO’s tech-focused priorities for the year ahead include:

Data centre migration

The ATO has confirmed it will continue its push to transition to a new data centre – a means of both “safeguard[ing] ATO-held data and deliver[ing] contemporary infrastructure platforms to support business systems.”

The tax agency said it would move to “deliver modern, secure IT infrastructure”, adding that it will continue to upgrade and migrate applications to the new data centre.

Data investments

The ATO stressed the criticality of data to its current and future operations.

“We use data, information and insights to deliver value for our clients and inform decision-making across everything we do.”

It added: “We are making better use of our data so we can engage earlier with our clients to help them get things right, as well as to identify and take action on those who are not complying.

“We also recognise the value to the community of sharing data to support and inform government initiatives and have strong safeguards through data ethics principles and legislative provisions to ensure data is only shared when appropriate to do so.”

A core focus for the ATO will be to improve how it collects, manages, shares and uses data.

“We are focusing on strengthening our data foundations, transforming the data and analytics experience for our staff, evolving how we use automation and artificial intelligence, and building and sustaining our data literacy and capability to ensure we unlock our full data potential.”

As part of this process, the tax agency said it will move to finalise its Digital Strategy “to provide the digital vision and objectives that will inform investment” in its digital programs, and continuously review its investments “to ensure they are directed towards a risk-based, data-driven future”.

Prioritising cybersecurity

The ATO stressed that an environment of increasing geopolitical unpredictability, coupled with the growth of data and new technologies, will require a new approach to cybersecurity – one that can adequately address vulnerabilities beyond its network perimeter, in external providers and extended supply chains.

“Our ability to protect our organisation, clients and other partners from cyber threats may be impacted by our ability to keep pace with the rapidly evolving digital ecosystem.”

It said it is currently working with stakeholders “to develop secure digital solutions to ensure safety and security of data”, and uplifting cybersecurity capabilities that will “increase its compliance” against whole-of-government requirements.

Among the ATO’s major cybersecurity priorities it said will be to identify and mitigate threats to the ATO ICT ecosystem and educate staff on cyber-safety practices. The ATO added that it will apply a ‘defence-in-depth’ approach – a multi-layered security framework that fortifies the organisation against cyber threats and safeguards its systems.

Expanded use of STP

The ATO said will move to expand the use of Single Touch Payroll (STP) data a system it introduced last year which effectively taps into businesses’ STP-enabled software to draw relevant payroll data including a new prefill function for “withholding fields in activity statements” to help employers meet their PAYG withholding obligations.

The ATO said it will introduce new services enabling employers to validate and adjust pay-as-you-go (PAYG) withholding amounts reported through STP from within their software, as well as create a single place to view employees’ superannuation guarantee for all funds and all employers, enabling the ATO to follow up on employer non‑compliance more proactively and provide more transparency in the process.

Innovating business registers

The Australian Business Register (ABR) serves as one of the major interaction points between governments and private businesses.

The current Modernising Business Registers (MBR) program, first unveiled back in 2017, will move to consolidate more than 30 ASIC registers (some of which are nearly three decades old) and the ABR on the modern ABRS [Australian Business Registry Services] registry system, with the ATO promising the end result will deliver “high levels of reliability, accessibility and security”.

“The ABRS is the custodian of trusted business information and will become a world-class provider of associated services used by businesses, governments and communities to unlock economic and social value for Australia.”

As part of its current objectives for the MBR, the ATO said it will move to “strengthen the integrity of the registry system by improving the quality and availability of registry and director identification number (director ID) data.”

Improve small business tax performance

Collaboration remains key for the tax agency’s digitalisation program. The ATO said it will move to collaborate with partners to build “a digital-first tax ecosystem” – one that can improve small business tax performance through better integration with business systems.

“We are focusing on improving small business tax performance by collaborating with partners to enable seamless tax reporting from business source systems,” Jordan said.

This will involve the implementation of “integrated prevention, detection and treatment strategies to assure and improve tax performance”.

To achieve this, the ATO will develop a Roadmap for the enhanced integration of tax and superannuation, as well as prototype concepts “to streamline the tax experience, in consultation and co-design with external stakeholders”.