Legislators considering bills to reduce “trigger audits”

Hands of business people working with documents

Multiple medium- to large-sized companies say that they’ve been targeted for audits over and over by groups of a dozen or more municipalities in recent years, typically at the behest of a third-party auditing firm contracted by smaller cities to investigate potential tax scofflaws.

It’s not the general concept of the audits that bothers tax professionals and business leaders so much the frequency and number of these audits, as well as the fear that an unregulated company is sharing information from the investigations to spur more audits. The primary company contracting with Colorado cities to perform these audits says it does not share such information, but critics note that the firm — Revenue Recovery Group of Baton Rouge, Louisiana — refuses also to sign nondisclosure agreements.

Now, after months of discussions, business leaders are pushing for new laws that will guarantee the confidentiality of any information found in audits, will limit the frequency of these audits or do both. And an interim legislative committee, the Sales and Use Tax Simplification Task Force, is set to consider two bills next week that take different approaches to tackling this issue.

Needed or overregulation?

Some officials have raised questions about the need for legislation. And others, particularly municipal auditors, worry that barring previously audited companies from undergoing scrutiny again for a defined number of years offers a license to be noncompliant.

But proponents say that protections are needed for deeper-pocketed companies that are increasingly being viewed as cash cows by contract auditors and the cities that hire them and are having to spend too many resources answering the same queries from many cities.

“The audits are hugely expensive, and they’re hugely burdensome and time-consuming,” said Jenn Penn, who leads the organization Simplify Colorado’s Sales Tax. “That is the bigger issue for lot of our companies — the sheer number of audits.”

How do trigger audits work?

Proponents agree that these “trigger audits,” in which a third-party firm contracts with multiple cities to investigate an agreed-upon firm, are not overly common. But the firms that get caught in a cycle could face audits from a significant number of cities — Penn identified one client that dealt with 22 simultaneous municipal investigations of their books, though she asked they not be named for fear of retribution — every three years.

Cities contract with firms like Revenue Recovery Group when they don’t have the resources to staff their own auditing departments, and the frequency with which they use such firms varies. At a June 24 SUTS Simplification Task Force meeting, Golden Finance Director Jeff Hansen said he’s used RRG for 40 audits in the past four years, while Arvada Revenue Manager Ezequiel Vasquez said he only uses third-party contractors occasionally.

King Woolf, president and founder of RRG, said at that June 24 meeting that his firm has conducted 11,200 audits in Colorado in the past 28 years.

Woolf said that while some client cities offer names of companies they want audited, his staff also uses public records to find businesses, typically headquartered outside the area, that may be selling and shipping products into a city but may not be paying taxes to it. If RRG finds a client that may be selling into multiple cities, it may contact a host of cities and ask them if they would all like to contract for an audit of that firm.

Why local officials contract for such audits

Legislators approved such coordinated audits back in the 1980s as business groups led by the Colorado Association of Commerce and Industry — the former moniker of the Colorado Chamber of Commerce — argued that was more efficient for auditees, Vasquez said. That creates a single point of entry for multiple audits and time frames that are consistent with each other, he said.

“The impact on the taxpayer is that while they are not thrilled to be audited … the amount of work needed is far less with a coordinated audit,” Woolf said.

Penn and Judy Vorndran, the state and local tax partner for TaxOps LLC, disagree. Having to produce documentation for a dozen cities with proof of taxes paid on transactions into each of their boundaries significantly increases the amount of work needed by companies, they said.

What’s more, being involved in one of these trigger audits virtually guarantees that they will have to go through the same process again in the coming years. Hansen acknowledged that his city seeks reauditing of companies found to be out of compliance with Golden’s tax laws every three years until they are compliant, and Woolf said his firm focuses often on companies and industries with a history of noncompliance.

Are certain companies being targeted by audits?

Hansen also told the SUTS task force that his city looks mostly at larger businesses whose errors could lead to Golden generating a significant amount more in taxes. That means some firms are getting into a seemingly endless loop of audits if the cities and third-party firms view them as an opportunity to boost revenue, Penn and Vorndran argued.

But what bothered them and several members of the SUTS task force most is the question of whether audited companies that end up owing a lot of money to certain cities are then marketed by third-party contractors to other cities.

Hansen and Vasquez said they are not allowed under their city codes to share confidential information found in an audit with any city or outside firm. Woolf also told the task force that once his firm seeks confidential information in an audit, he does not bring any more cities into that coordinated audit beyond those that already have contracted with him.

Cities defended their practice, saying it is an efficient way to enforce their laws.

“We are trying to collect from businesses what is rightfully due to us,” Hansen said. “And what is most important to us is future compliance.”

The question of confidentiality

But Woolf also acknowledged that his firm will not sign nondisclosure agreements with the companies it audits, arguing that he doesn’t see anything in law that allows taxpayers to place conditions on his business for it to do its work. Instead of signing NDAs, he told the SUTS task force, RRG sends letters to local jurisdictions noticing their laws and the firm’s policy banning the use of information it acquires for business purposes.

Several task force members questioned whether the current provisions are enough to protect audit targets, however.

“It sounds to me like you really are a sitting duck,” Jefferson County Commissioner Tracy Kraft-Tharp commented. “If you have a bad audit, your name is going to be shared with other entities.”

So, when the task force convenes at 10 a.m. on Sept. 25, it plans to consider forwarding to the Legislature two bills that could address the situation.

Two bills on audits under consideration

One — suggested by task force member Rachel Quintana, a partner with EY — would require the same confidentiality provisions from all auditors operating within the state that the state and many local governments now require. That would represent a simple way to ensure that information gleaned from audits is not shared by anyone, even the third-party contractors that are not regulated by the state.

The other, suggested by Simplify Colorado, is a more far-ranging bill that attempts to regulate these third-party auditors. It would require contractors to sign NDAs for audits, would provide a private right of action for companies in the event the NDA is broken and would bar companies from being subject to further audits from cities for five years if they are found to be in compliance with an audit.

The five-year provision is needed to ban city governments from returning to the same sources repeatedly, Vorndran argued.

“It ends up being inordinately punitive to certain businesses — once caught, always caught,” she said. “We want to stop that because certain taxpayers are quite honestly being beat up upon … because there is a cycle every 36 months.”

And while RRG and cities say they don’t currently share information from audits, the confidentiality provisions — and the hammer of the lawsuit threats — will ensure that is the case, Penn said.

Municipal leaders push back

“Municipalities that do their own audits already are bound by confidentiality. They don’t seem to be the problem,” Penn said. “These third-party auditors are not bound by confidentiality. We’re trying to require some confidentiality, whether that is done through NDAs or through statute.”

The end goal, Penn said, would be to reduce these trigger audits to a reasonable number and solidify that they are not being used to generate even more business for the third-party contractors that perform them.

But Colorado Municipal League Executive Director Kevin Bommer told the task force that he worries the more far-reaching Simplify Colorado effort intrudes on local control by dictating when and who cities can audit.

And Don Korte, director of tax compliance for the city of Denver, called the five-year audit ban “dangerous” for the signal it could send to firms that passed muster just once.

“If I knew I wasn’t going to be audited for five years, what’s that going to do to my compliance effort?” Korte asked at the Aug. 14 SUTS task force meeting. “I’ve been doing this a long time, and I don’t know of any city that’s in the business of repeatedly doing audits on companies that are compliant.”