Navigate Up
Sign In

Risk Management in Tax Administrations and the importance of IT Collaboration

Publication Date: Dec 12, 2019

Written by Keith Cortis 

keith cortis.jpgNowadays all Tax Administrations and other Public Administrations rely heavily on Information Technology (IT) systems to carry out their main functions and operations. Even though such digitisation provides several benefits, it brings about different and various risks towards the respective administration. Technology advancement in emerging technologies, such as chatbots, virtual assistants, smart devices and cloud services, together with Machine Learning, Natural Language Processing, Internet-of-Things, and Quantum Computing, are constantly increasing complexity in the challenges with respect to information security and risk management. Therefore, the security and risk landscape of information systems in Tax Administrations is constantly changing. Besides risks related to information security, Tax Administrations also face operational, strategic, financial, compliance, personnel and environmental risks. It is important to note that in most of the cases, there is a direct link between these various risks mentioned and information security risks.

The European Commission encourages co-operation and collaboration in the fields of Enterprise Risk Management (ERM), IT Risk Management (ITRM) and Cybersecurity. This collaboration shall help in achieving the following objectives:

·       Secure Taxation information systems through the appropriate identification, reduction and management of risks;

·       Support the fight against tax fraud, tax evasion and aggressive tax planning; and

·       Implementation of Union law in the field of Taxation by securing the exchange of information.

EU Workshop on Enterprise and IT Risk Management in Tax Administrations


The Directorate-General for Taxation and Customs Union (DG TAXUD) promotes IT Collaboration among European Tax Administrations in Member States and Candidate Countries, to share their knowledge and actively work together on this challenge. In November 2019, MITA and the Ministry for Finance hosted a workshop, funded by the EU Commission, on ERM and ITRM in Tax Administrations. In total, 52 representatives from 22 European Tax Administrations and consultants within the European Commission participated in this workshop, which was supported by DG TAXUD. This workshop was aimed at managers and experts involved and responsible for ERM, ITRM and IT Security in the Taxation domain. It gave participants the opportunity to share such knowledge and good practices amongst them. Moreover, the participants identified several opportunities for further collaboration to improve their IT risk management processes.

photo article 1 - 11-12-19.jpg

Mr Pierre Vella, Head of the Programme Management Department at Malta Information Technology Agency (MITA) welcomed all the participants to the workshop. His key takeaways on the importance of Cybersecurity were to consider security in the design of applications at par with application performance and user experience. Furthermore, he encouraged attendees to actively collaborate given the positive experience of past initiatives. Moreover, the importance of sharing experiences in Cybersecurity in the current threat environment is critical to support one another in safeguarding the confidentiality and integrity within information systems.


The workshop was structured around plenary talks, with Finland, Latvia, Sweden, Lithuania, Italy and Malta presenting aspects of their risk management processes. The Directorate-General for Informatics (DG DIGIT) also presented the European Commission’s IT Security Risk Management Methodology (ITSRM2), with a specific focus on embedding Cybersecurity into digital transformation projects. On the other hand, DG TAXUD’s Local Informatics Security Officer presented Risk Management in Trans-European Systems, where the “Trans-European High-Level Security Policy” was introduced as a potential baseline for further development of security policies.

photo article 2 -11-12-19.jpgThe core team (including Malta) behind the workshop, carried out a survey focusing on the ERM and ITRM culture of each participating country, which results were also presented. The main results indicated that most countries conform to the ISO/IEC 27000-27005 information security standards. Moreover, the majority of countries have IT security and business continuity already integrated in their management systems, whereas poor communication and a lack of risk concept are the key barriers present within their organisation that can result in poor ITRM, which is typically standard in similar organisations. 

Several breakout sessions also took place during the workshop, where the participants were split into four focus groups that focused on a) Business Understanding of ERM and ITRM; b) Understanding risks and security issues in Tax Administrations; c) IT risks and Cybersecurity; and d) Collaboration possibilities in ERM, Governance, Risk Management and Compliance (GRC), ITRM and Cybersecurity.

The discussions and findings of the different breakout sessions resulted in a number of collaboration project ideas, which were presented at the end of the workshop. These potential projects target several areas, with the most popular ones with the participating countries focusing on ERM benchmarking, increasing the use of Advanced Analytics to improve Cybersecurity, and identification of common security and risk management frameworks for Trans-European Systems.

During the workshop, Ms. Katalin Gyetvaine Kaszás, a Programme manager for IT Collaboration - Customs and Fiscal Co-operation Programmes, under the European Commission’s DG TAXUD, was interviewed on the role of DG TAXUD in promoting IT Collaboration on Enterprise and IT Risk Management in Tax Administrations. Ms. Gyetvaine Kaszás stated that DG TAXUD is supporting and maintaining collaborative events through the Fiscalis programme in the field of Taxation. All the progressive ideas and advanced topics are subject to the IT Collaboration framework which is one the interfaces when working together with the Member States.

Malta’s role in IT Security and Cybersecurity

MITA oversees the IT Security and Cybersecurity of the Government’s infrastructure and establishes government strategies and policies in the Information Security and Cybersecurity spaces. Mr Jonathan Cassar, Chief Technology Officer at MITA, provided an insight into how the IT Security of Malta’s Taxation Systems (and Government Systems at MITA) is managed. He also discussed how the Maltese taxation systems are currently being modernised through cloud-based applications and infrastructure based on the Government of Malta Hybrid Cloud environment (public and on-premise cloud)[1]. Moreover, he explained the role Advanced Analytics is playing in Cybersecurity technologies, using Artificial Intelligence (AI) techniques, such as machine learning and statistical analysis.

photo article 3 11-12-19.jpgThis falls in line with the Ecosystem Infrastructure strategic enabler of Malta’s Strategy and Vision for AI in Malta[2], which is entrusted with the identification of best practises for securing national AI solutions, among other factors. It is important to note that such an intersection between Advanced Analytics and Cybersecurity poses various technical, ethical and governance challenges and risks. Therefore, the Government is constantly undertaking the relevant risk assessment of national AI solutions and ensuring that the appropriate security requirements are in place. These requirements cater for both the physical and cyber aspects to ensure that the national and public security is safeguarded against inherent threads, hazards and vulnerabilities.