09/12/2025 • 16 min read
Risky Business: Australian Firms in 2025
Risky Business: Australian Firms in 2025
Australian accounting practices are now objectively “risky businesses” because the risk profile of compliance work has shifted faster than most firm operating models: ATO data-matching and justified trust programs have intensified, cyber and privacy obligations have hardened, professional standards enforcement has increased, and margin pressure has driven high-volume workflows that amplify error rates—particularly where reconciliation, BAS, Division 7A and working papers remain manual and fragmented across Xero/MYOB files, Excel, and email.
What does “risky business” mean for an Australian accounting practice in 2025?
It means your firm’s business model now carries higher likelihood and higher impact of adverse outcomes—penalties, client disputes, remediation costs, insurance issues, reputational damage, and even loss of registration—because regulators can detect anomalies earlier and clients expect faster, cheaper, near-perfect compliance.
- Tax agent and BAS agent conduct risk (TPB investigations, sanctions, registration conditions)
- ATO audit and review flow-on risk to clients (objections, amended assessments, penalties, interest)
- Civil liability and professional indemnity risk (claims arising from errors, missed elections, late lodgments)
- Cyber, privacy and business interruption risk (ransomware, account takeover, data exfiltration)
- Staff burnout and quality failures (review bottlenecks, inconsistent files, undocumented judgments)
Why is ATO scrutiny increasing—and why does it raise your practice risk?
ATO scrutiny is increasing because the ATO has expanded data matching, third-party reporting, and targeted programs across private groups, GST, payroll and the black economy; this reduces the “latency” between an error and detection. When the ATO can see more, earlier, the firm’s tolerance for manual processes collapses.
- The ATO can cross-check BAS, income tax returns, STP, bank interest, property, crypto and more with greater precision.
- Small errors now trigger broader reviews (GST, income tax, FBT, Division 7A, trust distributions).
- “Reasonable care” expectations rise when the ATO views data as readily available and verifiable.
- ATO guidance on penalties and “reasonable care” (administrative penalty framework and safe harbour principles as published by the ATO)
- ATO data matching programs (annual ATO data-matching program protocols and related guidance)
- ATO “Justified Trust” approach for private groups and higher-risk populations (ATO program guidance and communications)
- A client’s GST claims appear inconsistent with industry benchmarks and third-party data.
- BAS prepared from bank transactions that were only partially coded, with “miscellaneous” GST classifications carried forward month-to-month.
- The ATO queries the BAS; the firm cannot evidence a controlled GST reconciliation process or consistent working papers.
- Outcome: time-cost blowout, remediation, potential penalties for the client, and a conduct complaint risk for the agent if documentation is poor.
How do TPB and professional standards make your workflow a liability?
Your workflow becomes a liability when it cannot evidence competent, supervised, well-documented work performed with appropriate care. TPB expectations are not satisfied by “we usually do it this way”—they are satisfied by demonstrable systems, records, and review controls.
- Tax Agent Services Act 2009 (TASA) and the Code of Professional Conduct (core statutory obligations for registered agents)
- TPB guidance on record keeping, supervision, and competence (published TPB guidance and information sheets)
- Inadequate documentation for positions taken (e.g., trust distributions, UPE treatment, Division 7A characterisation)
- Over-reliance on junior staff without structured review and sign-off trails
- Late lodgments caused by ad hoc chasing and spreadsheet-based job control
- Using multiple disconnected systems (Xero + Excel + email) without a single source of truth for reconciliations and working papers
Why are cyber and privacy risks now “practice-ending” risks?
Cyber and privacy risks are now practice-ending because the operational and legal consequences are immediate: client trust collapses, downtime halts lodgments, and notification/remediation obligations can be significant. Accounting firms hold high-value identity data (TFNs, DOBs, bank details, ATO portal access), which increases attack frequency and severity.
- Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme administered by the OAIC (mandatory notification in eligible data breaches)
- APRA CPS 234 is not directly applicable to most accounting firms, but its principles increasingly influence “reasonable security” expectations in supply chains and client procurement
- ATO portal and credential security expectations (ATO online services security guidance and Access Manager controls)
- A staff member’s email is compromised and used to request “updated bank details” from multiple clients.
- The firm suffers funds-redirection fraud, privacy exposure, and potential claims for failure to implement adequate controls (MFA, verification, secure sharing).
- Even if the firm is not legally liable for the bank’s payment processing, reputational damage and client churn can be existential.
Why do manual reconciliation and working papers create disproportionate risk?
Manual reconciliation and working papers create disproportionate risk because they are the control layer that supports every downstream output: BAS, ITR, Division 7A schedules, depreciation, and financial statements. When that layer is slow, inconsistent, and poorly evidenced, the firm cannot defend the numbers.
- Partial bank coverage (missing accounts, stale statements, un-reconciled periods)
- Inconsistent GST treatment (mis-coded GST free/input taxed/taxable, mixed supplies)
- Uncontrolled adjustments (journals without clear basis, no snapshot/version control)
- Spreadsheet drift (multiple versions, no audit trail, formulas overwritten)
- Division 7A misclassification (loans, repayments and interest not correctly evidenced)
- GST law framework under A New Tax System (Goods and Services Tax) Act 1999 (GST classification, input tax credits, adjustments)
- Division 7A in the Income Tax Assessment Act 1936 (private company loan/debt rules)
- ATO guidance on Division 7A benchmark interest rates and complying loan requirements (ATO Division 7A guidance and annual benchmark rate publications)
- A private company client has shareholder drawings coded to “loan to shareholder” but repayments are inconsistently posted.
- The firm prepares year-end accounts without a robust Division 7A schedule and without linking transactions to a controlled repayment computation.
- Outcome: elevated risk of deemed dividend, amended assessments and penalties; professional liability exposure if documentation is weak.
Is your pricing model and software stack increasing professional risk?
Yes—where pricing pressure forces throughput, and software per-client costs drive fragmented client stacks, professional risk rises because the firm becomes structurally dependent on manual shortcuts.
- Multiple ledgers across Xero, MYOB and QuickBooks with inconsistent charts, GST settings and coding conventions
- Working papers outside the ledger (Excel, PDFs, email) with minimal version control
- Reconciliation treated as “data entry” rather than a control function
- Limited ATO integration in day-to-day workflow, forcing manual checking of client balances, due dates, and statements
- Standardises reconciliations
- Produces consistent working papers
- Maintains an audit trail
- Reduces hand-keying and spreadsheet manipulation
- Connects to ATO data where permissible and appropriate
How does MyLedger reduce practice risk compared with Xero, MYOB and QuickBooks?
MyLedger reduces risk primarily by removing manual steps from the highest-risk layer (reconciliation and working papers) and by embedding ATO-linked compliance workflows—so you can evidence work performed, reduce exceptions, and standardise outcomes across many clients.
Key comparisons (practice perspective, not small business marketing):
- Reconciliation speed and control:
- Automation level (AI-powered reconciliation):
- Working papers automation:
- ATO integration accounting software capability:
- Pricing model and risk externalities:
- Target market fit:
Keyword alignment note (for search intent): If you are evaluating an “Xero alternative” or “MYOB alternative” specifically to reduce risk, prioritise automated bank reconciliation, automated working papers, and ATO integration accounting software depth over generic ledger features.
What are the biggest “hidden risks” most firms miss?
The biggest hidden risks are process risks that do not show up in a tax technical review until it is too late.
- Uncontrolled client-provided data: PDFs, screenshots, partial exports and manually edited CSVs
- Lack of evidence trails: no snapshot of what was reconciled, when, by whom, and what changed
- Key-person dependency: “only one senior knows how the trust distribution worksheet works”
- Division 7A drift: loans rolled forward without a controlled schedule and benchmark interest application
- BAS/IAS due date visibility: deadlines managed in spreadsheets without live ATO-linked status
- Security by convenience: sharing files and reconciliations by email without secure access controls
What should you do now to reduce risk without slowing down?
You should treat reconciliation and working papers as your firm’s internal control system and redesign workflow around standardisation, automation, and evidencing—then train to it.
- Standardise your chart of accounts and GST treatment across clients where feasible, and document exceptions.
- Implement automated bank reconciliation with mapping rules and bulk operations to reduce manual coding.
- Embed working papers into the workflow (Division 7A schedules, depreciation, BAS reconciliations) rather than leaving them to Excel.
- Adopt ATO-linked due date and statement checks to reduce missed obligations and surprises.
- Harden cyber controls:
- Create an evidence pack standard per job:
- Measure exceptions, not hours:
How Fedix can help (Next Steps)
Fedix helps Australian accounting practices reduce operational and compliance risk by automating the highest-risk layer of the workflow—reconciliation and working papers—using MyLedger.
- Reduce reconciliation time from 3–4 hours to 10–15 minutes per client (90% faster) with MyLedger AutoRecon
- Standardise GST and BAS reconciliation with automated outputs rather than spreadsheet drift
- Automate Division 7A schedules and MYR calculations using ATO benchmark rate logic
- Use ATO portal integration to reduce manual checking of statements, transactions and due dates
Learn more at home.fedix.ai and request a walkthrough of MyLedger for your practice workflows, including automated bank reconciliation, ATO integration accounting software capability, and automated working papers.
Conclusion: why this risk shift is permanent
Your firm is now a risky business because the external environment (ATO visibility, professional regulation, cyber threats and client expectations) has permanently changed, while many practice workflows remain built for a lower-scrutiny era. The most reliable way to reduce risk in 2025 is to replace manual reconciliation and spreadsheet-based working papers with automated, evidenced, ATO-aligned processes—so quality improves as volume increases, not the other way around.
Disclaimer: This content is general information only and does not constitute legal or tax advice. Tax and regulatory obligations are complex and subject to change. Advice should be obtained for your firm’s specific circumstances, including professional obligations under TASA, privacy law requirements, and applicable ATO guidance.