Substantial homework needed before GST rollout
The GST reform brings substantial value for all participating stakeholders – corporates, governments and consumers. While corporates benefit from the simplified framework, GST gives central and state governments better control on tax leak and helps reduce the overall cost of tax collection.
To fully realise the envisaged benefits, all stakeholders need to develop a holistic understanding of the underlying solution architecture, the change in processes and the nature of information exchange. Enabling the tax credit system, which is the key component of GST, requires restructuring processes and IT systems, and sharing of aggregated data with GSTN via application service providers (ASPs) and GST Suvidha Providers (GSPs). From the corporates’ standpoint, internal invoicing and transaction processing systems require upgrading to adhere to the new accounting rules and standards.
The introduction of intermediaries create unique security risks for all stakeholders in the ecosystem. As a result of the increase in number of interfaces with external systems, there are risks related to data leak and unauthorised changes to data are bound to increase, and will require better third party information risk management. As GST requires bi-directional information flow over the internet as a result of periodic reconciliation, strict monitoring of the enterprise perimeter and encryption of information will be required.
There will be frequent changes to the source system as well as connecting enterprise systems which, if not managed securely, may result in potential cyber risks. There are extensive changes required to existing systems and an effective process is needed to ensure no loopholes are left in systems.
Enterprises need to consider the reform holistically and assess which sections of current systems would be exposed, even if they do not choose to use the services of ASPs or GSPs. Security controls need to be embedded to translate into both operational efficiencies & strategic financial gains. Operationally, security needs to be aligned to business objectives for a seamless GST transformation.
There is a need for finance, business and tech stakeholders to tackle changes necessary to enable a smooth go-live. Enterprises need to answer a number of questions around system integration, adoption of off-the-shelf or developing home-grown solutions, and effectiveness proposed security controls. By addressing these, they can effectively mitigate risks emerging from the new tax regime.