This document is a presentation by ISSI from October 2012 about corporate governance for exemption certificates. It discusses the regulatory challenges around governance, assembling a governance team, setting metrics and policies for electronic certificate management, and how technology can enable governance success. It provides an overview of best practices for exemption certificate governance through electronic certificate management.

1. Corporate Governance for
Exemption Certificates
Presentation by ISSI
October, 2012
ISSI provides industry-leading, Sarbanes
Oxley and SAS 70 Type II Compliant
Electronic Certificate (ECM) solutions that
give you control over your document
management governance and processes
cost-effectively.
1
Confidential and Proprietary - ISSI

2. Agenda for Presentation
 The Regulatory Challenge for Governance
 What is Exemption Certificate Governance
Policy?
 Assembling the best ”Governance Team”
 ECM Governance Metrics
 Setting the Mission and Strategy
 Best Practice Data Policies
 What are my Integration Points?
 Technology Enablement Success
 Conclusions and Q/A
2
Confidential and Proprietary - ISSI

3. The Governance Challenge
 Increasing Regulatory Scrutiny.
 Transaction Taxability Encompasses:
 Today: Sales and Use
 Tomorrow: VAT
 National and International
 Expand Compliance Efforts.
 Reduce compliance cost and effort.
3
Confidential and Proprietary - ISSI

4. Exemption Certificate Governance
Policy
 Cost Reduction
 Risk Reduction
 Effort Reduction
 Compliance Improvement
 Short Term Impact
 Long Term Results
4
Confidential and Proprietary - ISSI

5. Inhibitors - Certificate Governance
 Diffused compliance responsibility
 No central authority
 Many departments play a part
 The framework is crucial to success
 Lack of visibility
 Limited understanding of true risk
5
Confidential and Proprietary - ISSI

6. ECM Governance Metrics
 Reduction in
 Assessments, interest and penalties.
 Accruals.
 Resources spent
 Preparing for and defending audits.
 Acquiring and reviewing certificates.
 Researching and correcting errors.
6
Confidential and Proprietary - ISSI

7. Percentage of Revenue
 A Measure of Relative Impact.
 A Means for Audit Assessment.
 Statistical Sampling that can hurt
or help.
 Used as a means to proportionally
determine compliance.
7
Confidential and Proprietary - ISSI

8. More ECM Governance Metrics
 Number of valid exemption certificates
as a percentage of the total number of
exempt customers and as a percentage
of revenue.
 Number missing, incomplete or invalid
exemption certificates as a percentage
of the total number of exempt customers
and as a percentage of revenue.
8
Confidential and Proprietary - ISSI

9. Even More ECM Metrics
 Response time on certificate acquisition
campaigns.
 Response levels on certificate
acquisition campaigns.
 Tax accrual accuracy.
 Time spent preparing Tax accrual
calculations.
9
Confidential and Proprietary - ISSI

10. Data Policies
 Standardization
 Quality Control
 Compliance Rules
 Data Ownership
 Flow of Data
 Synchronization Rules
10
Confidential and Proprietary - ISSI

11. Data Policy Impact
Data Sources: Data Uses:
 Master Customer File  Exempt Status
 Master Vendor File Determination
 Order Entry  Sales Tax Calculation
 General Ledger  Tax Accruals
 Exemption Certificates  Contingent Reserves
Calculation
 Reverse Audits
 Audit Defense
11
Confidential and Proprietary - ISSI

12. Document Indexing
 Customer Name Certificate Type:
 FEIN  MTC Multi-State Resale
 Customer Bill To Address  SSTI Multi-State
 Customer Ship To Address(es)  State Issued
 Customer E-mail  Blanket Exemption
 Customer Phone  Single Purchase Exemption
 Customer Fax
 Direct Pay Permits
 Unique Customer ID
 Exempt Use
 Effective Date
 Non-Expiring
 Expiration Date
 State Registration Number  Limited Life
 Signature  Description of Purchase
 Current Certificate Status
12
Confidential and Proprietary - ISSI

13. Data Synchronization
 Which system’s data takes priority?
 How, when and at what interval data is
exchanged?
 How are data conflicts resolved?
 Where and when is new customer or
vendor data entered?
 What happens when customer or vendor
records are deleted?
13
Confidential and Proprietary - ISSI

14. The Sales Tax Process
 Determine tax-exempt status of the
customer placing an order.
 Calculate sales tax owed.
 Collect exemption certificate.
 Review certificate for sufficiency.
 Reverse audit to determine overall level
of compliance and determine specific
gaps and audit exposure.
 Respond to state audit documentation
requests and defend the audit.
14
Confidential and Proprietary - ISSI

15. The Use Tax Process
 Request determination that a purchase is use
tax exempt.
 Determine the taxability of said transaction.
 Prepare and deliver an exemption certificate to
the specific vendor.
 Document use tax-exempt transaction for
future reference.
 Perform periodic Use Tax accrual calculations.
 Reverse audit to determine overall level of
compliance and determine specific gaps and
audit exposure.
 Respond to state audit documentation requests
and defend the audit.
15
Confidential and Proprietary - ISSI

16. “Gotchas” for Additional Complexity
 Drop Shipments
 Streamlined Sales Tax Project
 Direct Pay Agreements
 What is and is not taxable?
16
Confidential and Proprietary - ISSI

17. Sufficiency Review
A minimum set of sufficiency rules
would include checking:
 That the proper form was used.
 That it was signed and dated.
And may also include:
 A specific seller’s name
 A description of purchase
 A valid certificate registration number (form
and format).
 Expiration Dates.
17
Confidential and Proprietary - ISSI

18. Forms and Statutory Compliance
 Each State has their own
 May be transaction specific
 SSTP
 May expire
 Change frequently
18
Confidential and Proprietary - ISSI

19. Certificate Workflow
 Transaction inception
 Sales taxability
 Sufficiency Reviewed
 Documented, Stored, Indexed
 Searchable
 Retrievable
 Audit Defense
19
Confidential and Proprietary - ISSI

20. Document Capture
 Paper Delivery
 Pot luck
 Needs scanning
 Easy for customers to fax or mail
 Electronic Delivery
 Improved document capture
 Better indexing
 Correct Forms first time
 Fewer errors
20
Confidential and Proprietary - ISSI

21. Technology Enablement
 Platform
 SaaS
 Traditional Self-hosted Delivery
 Hybrid Models
 Reliability
 Transparency
 Who has the staff?
 Who has the expertise?
 When do we need help?
21
Confidential and Proprietary - ISSI

22. Security
 At a minimum, SAS 70 Level II Certified
 Multi-tenant versus Single-tenant
 Commingling Data:
 Instances
 Customer Files
 Certificates
 Single Sign-on
 Offshore versus Onshore
 Hosting
 Services
22
Confidential and Proprietary - ISSI

23. Benefits of ECM Governance
 Reduce the cost to acquire and handle
exemption certificates.
 Eliminate errors and confusion.
 Increase ECM compliance.
 Minimize audit risk and exposure.
 Satisfy Customers and Staff.
23
Confidential and Proprietary - ISSI

24. Thank you for your time!
Larry Powers
Chief Strategy Officer, ISSI/TEAMS
http://www.teamscert.com
330.342.7760
24
Confidential and Proprietary - ISSI