Disclosure LibraryPractitioner guidance for every reporting disclosure
GRI 207: Tax 2019 · Topic Standard · Cross-sectoral
Disclosure GRI 207-2

Tax governance, control, and risk management

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
Disclosure focus

This disclosure asks an organisation to explain how it oversees tax matters in practice. The focus is on the systems, controls and responsibilities that shape tax decision-making, including who is accountable, how tax risks are identified and managed, and how tax governance is embedded in the organisation’s wider control environment.

In practical terms, the report should describe the approach across the organisation as a whole, not just a few well-known sites or a single business unit. The useful question is whether the tax governance framework applies consistently across operations, and how it helps the organisation manage tax-related risk in a structured way.

* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation
Key datapoints to prepare
DatapointWhat to captureEvidence hintOwner
Tax control frameworkA plain summary of how tax is governed and controlled across the organisation, covering the main rules, oversight lines and control points that shape tax decisions.Tax policy, governance map, control framework document, committee terms of reference, internal control descriptions.Tax / Finance / Legal / Governance
Tax accountability leadThe board-level body or senior executive role that carries responsibility for compliance with the tax strategy, named clearly and consistently with internal governance records.Board charter, committee papers, role descriptions, delegated authority matrix, governance register.Tax / Company Secretariat / Legal
Tax embedded in businessHow tax responsibilities and considerations are built into day-to-day business processes, decision-making and oversight, rather than treated as a standalone topic.Process maps, policy manuals, training records, approval workflows, operating procedures, internal communications.Tax / Finance / Operations / HR
Tax risk managementHow tax risks are spotted, assessed, tracked and reviewed, including the practical controls and monitoring routines used to keep them under watch.Risk register, control testing results, monitoring reports, issue logs, committee packs, escalation procedures.Tax / Risk / Internal Control / Internal Audit
Tax control reviewHow the organisation checks whether its tax governance and control arrangements are working as intended, including the review methods and who performs them.Control testing plans, internal audit reports, compliance reviews, management assurance papers, remediation trackers.Tax / Internal Audit / Risk / Finance
Tax concern channelsThe routes people can use to raise concerns about business conduct or integrity issues linked to tax, including internal reporting channels and any escalation route.Speak-up policy, whistleblowing procedure, ethics hotline materials, intranet pages, investigation process documents.Legal / Compliance / HR / Ethics / Tax
Tax assurance processHow the tax disclosures were checked by an external or internal assurance process, and where relevant the reference details for the related assurance report or statement.Assurance engagement letter, assurance statement, external report, auditor correspondence, disclosure sign-off pack.Finance / Tax / External Assurance / Internal Audit
Show GRI 207-2 sub-elements (LRA working checklist)
  • Set out how you check whether the tax governance and control framework is being followed.
  • Explain how the organisation’s tax approach is built into day-to-day operations.
  • Describe how tax risks are spotted, handled and kept under review.
  • Explain the assurance process for tax-related disclosures, and include a link or reference to any external assurance report or statement where relevant.
  • Describe the channels people can use to raise concerns about the organisation’s conduct or integrity in relation to tax.
  • Set out the tax governance and control framework in plain terms.
  • Identify which board-level body or senior executive is responsible for making sure the tax strategy is complied with.

LRA working checklist - paraphrased; see official source

How to prepare
  1. Set the reporting boundary first: decide which parts of the business, and which control arrangements, you will describe for tax governance. Make sure the scope matches the organisation you are reporting on, and keep that boundary consistent across the whole disclosure.
  2. List the core elements you need to cover in plain business language. Include who is responsible for tax compliance, how tax is built into day-to-day operations, how tax risks are spotted and handled, and how the organisation checks that the framework is working.
  3. Gather support for each part of the narrative. Pull together policy documents, committee papers, role descriptions, risk logs, monitoring records, review notes, whistleblowing or speak-up routes, and any other internal material that shows the process in practice.
  4. Draft the disclosure as a clear narrative, or a mix of narrative and figures where relevant, using the evidence you have collected. Cover the accountability line, the way tax is embedded in the organisation, the risk management approach, the evaluation method, the concern-raising channels, and the assurance process.
  5. Record any exclusions, assumptions, or changes in approach. If something is not covered, or if the reporting basis has changed from the prior period, explain that clearly so readers can understand the limits of the information provided.
  6. Check the final wording against the official source and your underlying evidence. Confirm that each required element is present, the descriptions are consistent with the documents, and any external assurance reference is included where applicable.
Want to do this on a real report? Practise GRI social disclosures live with Dr. Kurinko — GRI Standards Certified Training. Explore →
Request the tax governance and control evidence

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

Who owns tax oversight, how is tax handled in day-to-day processes, how are tax risks tracked and checked, how can concerns be raised, and what external assurance exists for tax disclosures?

Use your organisation’s own labels first (for example, tax policy, control map, risk register, speak-up route, assurance pack), then map them to the disclosure wording during drafting. Keep the request in the language your tax, finance, legal, and governance teams already use.

Weak request

Please provide the GRI 207-2 evidence for tax governance, control, risk management, concerns mechanisms, and assurance.

Why it fails: It uses framework language only, so the owner has to translate the ask before they can act. It also does not say which internal records, systems, or named roles to pull, so the response is likely to be incomplete or inconsistent.
Better request

Please send the current tax policy or equivalent, the named person or committee that oversees tax, the way tax is built into business processes, the tax risk log and review cadence, the check used to confirm controls are working, the route for raising tax-related concerns, and any external assurance note for tax disclosures. Use your team’s own terms and include document name, version/date, owner, and file link.

Formal email template
Subject: Request for tax governance, control, risk, and assurance evidence for [reporting period]\n\nHello [name/team],\n\nWe are preparing the sustainability reporting pack and need a short evidence set covering how tax is governed, controlled, monitored, and reviewed across [group boundary].\n\nPlease share, for [reporting period]:\n- the current tax policy or equivalent summary\n- who has oversight responsibility for tax matters\n- how tax is built into day-to-day processes and decision-making\n- how tax risks are identified, tracked, and reviewed\n- how compliance with the control approach is checked\n- how colleagues can raise concerns about tax-related conduct or integrity\n- any external assurance material linked to tax disclosures, if available\n\nPlease include the source document name, version/date, owner, and any link or file reference. If the wording in your team differs from the terms above, please use your own internal labels and note the mapping for us.\n\nA possible LRA training template only — please adapt this to your organisation and check the official source before sign-off.\n\nMany thanks,\n[preparer name]
Short Teams / Slack version
Hi [name/team] — could you send the tax governance / control / risk evidence for [period] across [boundary]? We need: owner for tax oversight, how tax is embedded in the business, how risks are tracked, how controls are checked, speak-up route for tax concerns, and any assurance note/report. Please use your team’s own labels and add the source/version/date. Thanks.
Industry examples
Retail

Context. A multi-country retailer with a central tax team and local finance leads.

Adapted request. Please share the tax governance pack for [period]: the board or executive owner for tax, the group tax policy, how tax checks are built into store, online, and payroll processes, the tax risk register, the review and testing routine, the speak-up route for tax concerns, and any assurance statement linked to tax reporting. Use your internal names for these items and include the document version/date and owner.

Example response. Tax policy v4.0; CFO named as oversight owner; quarterly tax risk review log; control testing summary for VAT, payroll, and corporation tax; ethics hotline route; external assurance statement dated [date].

Manufacturing

Context. A manufacturer with a shared services finance function and site-level operations.

Adapted request. Please provide the tax governance and control evidence for [period] covering the group and sites: who oversees tax, how tax is embedded in purchase-to-pay and payroll processes, how tax risks are identified and monitored, how control checks are performed, how staff can raise tax-related concerns, and any assurance report or statement for tax disclosures. Please use the terms your finance and compliance teams already use.

Example response. Tax control framework note; Audit Committee oversight; process map showing tax checks in procurement and payroll; tax risk register with monthly review; compliance testing results; speak-up policy excerpt; assurance statement from external reviewer.

The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.

Draft your disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

Explain the basis used to describe the tax governance setup, including how roles, controls, risk handling, concern-raising routes and any external assurance were identified and summarised.

Context note

Set out what the disclosure tells readers about how tax is overseen, who is accountable, how tax is embedded in the organisation, and how confidence in the information is supported.

Fluctuation statement

If the description changes from one period to the next, note whether that reflects a change in governance, control design, risk handling, reporting routes or the scope of assurance rather than a change in tax outcomes.

Content index entry

GRI 207-2 Tax governance, control, and risk management — [location / page] / [notes]

Assurance readiness
For each claim, check the evidence
ClaimRiskEvidence to check
We set out, in our own words, how the tax control set-up works, who does what, and how the main checks are organised.The narrative is too generic, or it does not match the actual control structure used in the business.Tax policy documents, governance charts, role descriptions, committee terms of reference, and internal process maps showing the control set-up described in the report.
We identified the board member or senior leader who is responsible for making sure the tax approach is followed.The named accountable person is unclear, outdated, or not supported by formal delegation.Board papers, delegation letters, executive role profiles, committee minutes, and current organisation charts showing the named accountable person.
We explained how tax responsibilities are built into day-to-day management rather than left as a standalone topic.The description overstates how embedded the approach is, or there is no evidence that tax is integrated into normal business processes.Policies, training records, approval workflows, finance and legal process documents, and examples showing tax considerations built into routine decision-making.
We described how tax exposures are spotted, handled, and kept under review across the reporting period.The account is incomplete, or the controls described do not cover identification, response, and monitoring in practice.Risk registers, issue logs, monitoring reports, escalation records, control testing results, and meeting packs showing how tax matters were tracked.
We explained how we checked whether the control set-up was working as described before the report went out.The reported evaluation process is not evidenced, or the checks were too limited to support the statement made.Internal review notes, control testing outputs, audit findings, management sign-off, remediation trackers, and evidence of follow-up on any weaknesses.
We described the routes people can use to raise concerns about conduct or integrity issues linked to tax.The disclosure suggests a channel exists, but the organisation cannot show that the route is available, communicated, or suitable for tax-related concerns.Speak-up policy, whistleblowing procedure, hotline details, intranet pages, training materials, case logs, and communications showing how concerns can be raised.
Evidence pack to prepare
  • The governing policy or written commitment behind this disclosure
  • A methodology / definition note setting out how the disclosure was scoped and prepared
  • Source-system exports the figures or facts were drawn from
  • The internal approval / sign-off record for the disclosure before publication
  • Minutes or records evidencing the relevant engagement or consultation
Common reporting gaps
  • The information is presented without a date or as-at point.
  • The scope or boundary of the statement is left undefined.
  • Key terms are used inconsistently across the report.
  • Material changes since the previous period are not disclosed.
  • Assertions are made without supporting detail or a source record.
  • Boilerplate is used that does not actually answer what is asked.
Examples
Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Retail and consumer goods · synthetic · written by LRA

Synthetic example for training only. We describe a tax control set that sits under our finance policy, with board oversight through the audit committee and day-to-day ownership by the group tax lead, who reports into the chief financial officer. Tax thinking is built into budgeting, pricing, acquisitions, and country filings through written procedures, staff training, and quarterly reviews; we track risks by jurisdiction, log issues in a register, and test controls through internal review and periodic management checks.
- We assess whether the control set is working through self-assessments, internal audit testing, and sign-off from finance leaders, while staff can raise tax-related conduct concerns through our ethics line, whistleblowing route, and direct escalation to the audit committee chair.
- For this disclosure, an external firm reviewed the tax narrative and selected data points, and its limited assurance statement is referenced in our annual report appendix.

This example shows how a reporter can explain who owns tax oversight, how tax is built into operations, how risks and controls are monitored, how concerns can be raised, and how the disclosure was externally checked, without using the standard’s wording.
Infrastructure and utilities · synthetic · written by LRA

Synthetic example for training only. Our tax approach is set out in a group policy that the board approves, with the finance director responsible for delivery and the risk committee receiving regular updates. We embed that approach through approval limits, project-stage tax reviews, country-by-country filing calendars, and training for finance and commercial teams; tax exposures are identified through a risk map, monitored through monthly dashboards, and escalated where controls or filings fall behind.
- We check compliance by combining control testing, internal audit work, and management review of exceptions, and people may report concerns about conduct or integrity through our speak-up channel, the ethics mailbox, or direct contact with the chair of the risk committee.
- An independent assurance provider reviewed the disclosure package and issued a separate assurance statement, which we refer to in the sustainability section of our annual report.

This example illustrates a different reporting style and governance set-up, while still covering the same required points: control design, ownership, embedding, risk management, compliance checks, speak-up routes, and external assurance.
Draft output & visualisation ideas

How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.

Suggested visuals

  • Tax governance and control framework overview — table: A concise summary of the organisation’s tax oversight model, including the main controls, review points and responsible roles.
  • Accountability for tax strategy — bar: Which board-level or senior leader role carries responsibility for tax strategy compliance and oversight.
  • How tax is built into the business — table: Where tax responsibilities sit across the organisation and how tax considerations are embedded into day-to-day processes.
  • Tax risk management cycle — stacked bar: How tax risks are identified, handled and tracked over time, with the different stages shown side by side.
  • Channels for raising tax-related concerns — bar: The main routes available for staff or others to raise concerns about conduct or integrity issues linked to tax.
  • Assurance coverage for tax disclosures — table: What parts of the tax disclosure set were checked independently, and whether there is a linked external assurance statement or report.
From a number to a disclosure

What separates a figure from a disclosure.

Basic

We have a tax control framework, with the finance director accountable for tax compliance.

Better

We run tax through our group policy, with the finance director accountable, quarterly risk reviews, a whistleblowing route for tax concerns, and an annual internal check of the controls.

Best

For the year ended 31 December 2025, we applied our group tax policy across all subsidiaries, with the finance director accountable; we identified and tracked tax risks through quarterly reviews, used our speak-up channel for tax concerns, and completed an annual internal review of the controls, with the slight rise in issues raised this year mainly due to staff training on the new reporting process.

From company reports
Real published reports Compare side by side →Get it free

Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 207-2 — these are report practice, not exact disclosure examples.

CompanySector · CountryYearMatchPageReportAssurance
Zydus Lifesciences Limited Pharmaceuticals / Biotech / Life Sciences · India 2025 Partial p. 149 →p. 29 →p. 79 → ESG Report FY24-25 →
Evidence in Zydus Lifesciences Limited’s report

What the report shows

Zydus Lifesciences Limited’s ESG Report FY24-25 provides coverage on its tax strategy and governance on page 2, detailing tax reporting and effective tax measures. The report also addresses identified risks and mitigation measures related to limited wild flora and fauna availability on page 86, and includes a description of risk governance and management processes on pages 2 and 148. However, the report lacks clear narrative or methodology for some disclosure items, such as narrative item (a-ii), (a-iv), (b), and (c), where no quotable evidence was found.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Tax control frameworkA reported value was found on this page. covered p. 148
Tax accountability leadA reported value was found on this page. covered p. 2
Tax embedded in businessNo quotable evidence was found (methodology/narrative). unclear
Tax risk managementA reported value was found on this page. covered p. 86
Tax control reviewNo quotable evidence was found in this report. not found
Tax concern channelsNo quotable evidence was found in this report. not found
Tax assurance processNo quotable evidence was found (methodology/narrative). unclear

Source trail

  • p. 148Description and Impact 17 Section A. VII. 26 6.3, 6.4, 6.5, 6.6, 7.2, 7.3, 8.2, 8.3, 8.5, 8.7, 8.8, 12.5, 12.6, 12.7, 13.2, 16.5 2.1, 1.24 17 Risk
  • p. 2Description And Impact.........................17 Risk & Crisis Management Risk Governance..................................................................................23 Risk Management Process............................................................23 Emerging Risks.................................................................................... 26 Business
  • p. 24description of two Company-specific critical risk, potential impact and mitigation action are as follows: Sr. No. Risk Area Description
  • p. 2Tax Strategy Tax Strategy and Governance.....................................................42 Tax Reporting........................................................................................42 Effective Tax
  • p. 148Governance Dimension SL. No. Section Subsection Page No. TCFD BRSR SDG CSA CDP SASB UNGC GRI 13 Materiality
  • p. 148Governance 23 9.5, 16.10 1.4.1 1.3, 2.1 GRI 2-23, GRI 2-24 18 Approach to Risk Management 23 9.5, 16.10 1.4.2 1.3, 2.1 19 Emerging
  • p. 147Governance Dimension SL. No. Section Subsection Page No. TCFD BRSR SDG CSA CDP SASB UNGC GRI 1 Introduc­
  • p. 86IDENTIFIED RISKS MITIGATION MEASURES 4. Limited Wild Flora and Fauna Availability The availability of wild flora and fauna
  • p. 46Governance The Company has developed a comprehensive Information Security Governance, Audit and Compliance Policy and Information
  • p. 155Governance ISO14001 Environmental Management Sys­ tems (EMS) ISO45001 Occupational Health and Safety Manage­ ment Systems ISO27001 Information Security
  • p. 23compliance risks. This framework promotes a consistent and collaborative approach to risk identification, prioritisation, response, and monitoring, while also
  • p. 23risks across its business units and functional areas. This methodology evaluates risks based on their potential impact, likelihood
  • p. 17Identified Risk or Opportunity (R/O) Rationale for Identifying the Risk/ Opportunity In Case of Risk, Approach to Adapt or Mitigate
  • p. 18Identified Risk or Opportunity (R/O) Rationale for Identifying the Risk/ Opportunity In Case of Risk, Approach to Adapt or Mitigate
  • p. 21Identified Risk or Opportunity (R/O) Rationale for Identifying the Risk/ Opportunity In Case of Risk, Approach to Adapt or Mitigate
  • p. 20Identified Risk or Opportunity (R/O) Rationale for Identifying the Risk/ Opportunity In Case of Risk, Approach to Adapt or Mitigate
Firstsource Solutions Limited Professional Services · India 2025 Partial p. 86 →p. 216 →p. 63 → ESG Report FY 2024-25 → BSI
Evidence in Firstsource Solutions Limited’s report

What the report shows

Firstsource Solutions Limited’s ESG Report FY 2024-25 provides coverage on governance aspects related to tax transparency and accountability, referencing GRI 207: Tax 2019 on page 216. The report also addresses risks and controls linked to financial reporting and key performance metrics on page 56, and outlines its overall approach and governance framework on page 205. However, there is only partial context on emerging risks without a headline value on page 54, and no clear evidence or quotable information was found for certain narrative items, including methodology details and some specific disclosures.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Tax control frameworkSupporting context was found, but no headline value. partial p. 54
Tax accountability leadA reported value was found on this page. covered p. 216
Tax embedded in businessNo quotable evidence was found (methodology/narrative). unclear
Tax risk managementA reported value was found on this page. covered p. 56
Tax control reviewNo quotable evidence was found in this report. not found
Tax concern channelsNo quotable evidence was found in this report. not found
Tax assurance processA reported value was found on this page. covered p. 205

Source trail

  • p. 216Governance - Tax Transparency and Accountability 86 GRI 207: Tax 2019 207-1 Approach to tax
  • p. 247Tax 143 PCI-DSS Payment Card Industry Data Security Standard S.No Abbreviation Full Form 144 PEX Process Excellence
  • p. 56risks and Controls Risk to key performance metrics Financial reporting risks and Controls Cross cutting risks 56 Corporate
  • p. 195Risks Transition Risks Fragmented World Delayed Transition Net Zero Below 2°C Low Demand NDCs Current Policies 195 Introduction
  • p. 205205 Introduction Highlights Our Approach Governance Social Environment Annexure Assurance Statement GRI Content Index Mapping with UNGC Principles Mapping with UN Sustainable Development Goals (UN SDGs) Glossary of Terms & Abbreviations
  • p. 54framework. We proactively identify emerging risks, implement protective measures, and ensure business continuity to safeguard our operations and stakeholders
  • p. 37Governance Lead – Working Group “Strong governance processes are the foundation of our business. Our governance process clearly
  • p. 37Governance Lead – Working Group “Strong governance processes are the foundation of our business. Our governance
  • p. 63approach empowers Firstsource to proactively anticipate, respond to, and manage risks, significantly enhancing project outcomes, safeguarding stakeholder interests, and aligning
  • p. 51risks and opportunities with confidence and stability. We continuously review our strategies, ensuring our approach remains adaptive and aligned
  • p. 226Approach Governance Social Environment Annexure Assurance Statement GRI Content Index Mapping with UNGC Principles Mapping with UN Sustainable Development
  • p. 247Approach Governance Social Environment Annexure Assurance Statement GRI Content Index Mapping with UNGC Principles Mapping with UN Sustainable Developm
Amadeus IT Group, S.A. Hotels, Restaurants, Leisure, Tourism Services · Spain 2025 Partial p. 161 →p. 162 →p. 164 → Amadeus Non-Financial Report 2025 → Deloitte
Evidence in Amadeus IT Group, S.A.’s report

What the report shows

Amadeus IT Group’s 2025 Non-Financial Report provides coverage on governance related to tax functions (p.3) and describes policies adopted to manage tax practices, including a Corporate Tax Policy and related approaches (pp.165, 209). The report partially addresses risk mitigation related to suppliers, noting that suppliers are not onboarded if risks cannot be mitigated (p.159). However, there is no clear evidence found for narrative items (a-iv), (b), or (c), indicating gaps in the disclosure of certain aspects or methodologies.

Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict.

Datapoint coverage

DatapointStatusPage
Tax control frameworkA reported value was found on this page. covered p. 165
Tax accountability leadA reported value was found on this page. covered p. 3
Tax embedded in businessA reported value was found on this page. covered p. 209
Tax risk managementSupporting context was found, but no headline value. partial p. 159
Tax control reviewNo quotable evidence was found in this report. not found
Tax concern channelsNo quotable evidence was found in this report. not found
Tax assurance processNo quotable evidence was found (methodology/narrative). unclear

Source trail

  • p. 165tax functions at Amadeus Associated policies Corporate Tax Policy Description ESRS 2-MDR-A p. 68 a AR 22 ESRS
  • p. 163tax practices Corporate Tax Policy Related IROs ES1.1 Description and objectives ESRS 2-MDR-P p. 65 a The Amadeus
  • p. 3Governance.............................................................................................................................................................................................................. 4 Strategy...................................................................................................................................................................................................................... 19 Impacts, risks and opportunities management...................................................................................................................................... 29 Environmental information 44 Disclosures pursuant to EU Taxonomy
  • p. 206tax practices Material 158 MDR-P Policies adopted to manage material sustainability matters-Fair and transparent tax practices
  • p. 209approach • Description of the policies the Group applies and its results NA ESRS 2 - MDR-P Policies adopted to manage
  • p. 161tax strategy and of the principles and Good Tax Practices • Receives input from Audit Committee and Tax
  • p. 161Tax Compliance Committee, Group Tax Unit, and Finance Operations Unit Supervises compliance with Corporate Tax Policy
  • p. 161g taxes accurately and ensuring timely tax returns, supporting tax audits and ensuring compliance with tax regulations. • In charge of adapting the company's accounting reporting system to properly comply with any tax obligations 1This is a Tax Compliance body comprised of Amadeus executives with responsibilities in…
  • p. 161tax returns, supporting tax audits and ensuring compliance with tax regulations. • In charge of adapting
  • p. 18Compliance, Business Resilience and IT Controls Governance, Corporate Information Security Office, Data Privacy, Legal, Group Internal Control and People
  • p. 21Compliance team and Group Internal Control, overseen by the Chief Accounting Officer, ensure compliance with sustainability reporting requirements. The Group
  • p. 159identified risks can be adequately mitigated. If mitigation is not feasible, the supplier is not onboarded. This approach
  • p. 45Tax Policy The Policy applies to all taxes, tax risks and tax topics
Check your understanding
A group has a written tax policy, but the finance team says the board only sees tax matters when a problem has already escalated. The tax lead also cannot point to any named person who owns oversight of the tax approach.What should the preparer check before describing the tax governance set-up?
Model answer. They should confirm and state who at board or senior management level is accountable for the tax strategy, and show how that oversight connects to day-to-day controls rather than leaving it as an informal finance-only matter. The description should also make clear how the tax approach sits within the wider organisation, not just within the tax team.
Why this matters. The disclosure should show clear ownership and how tax is built into the organisation, not treated as a stand-alone finance task.
A business has a tax risk register, but it was last updated 18 months ago and only lists transfer pricing. Local teams handle VAT and payroll tax issues informally, with no common method for spotting or tracking them.How should the preparer judge whether the risk narrative is complete enough?
Model answer. They should explain how tax risks are found, recorded, reviewed, and followed up across the business, covering the main tax exposures relevant to the organisation rather than one topic only. If different teams handle different taxes, the narrative should show the shared process that keeps those risks visible and monitored over time.
Why this matters. A useful description covers the full cycle of spotting, managing, and watching tax risks across the organisation.
The company has annual internal audit testing of tax controls, but the tax team cannot explain how the results are used, and there is no evidence that failures lead to action plans or reporting to leadership.What decision should the preparer make about the control-evaluation description?
Model answer. They should only describe the evaluation process if they can explain how compliance with the tax control framework is checked in practice, what evidence is reviewed, who receives the results, and how issues are corrected. If the testing exists but does not feed into follow-up or oversight, that gap should be made clear rather than presented as a stronger process than actually exists.
Why this matters. The report should show how control checks work in practice and how findings are acted on.
Employees can raise ethics concerns through a general whistleblowing line, but the tax team has never publicised that route for tax-related conduct issues. An external assurance provider has reviewed the tax disclosures, but the draft report does not mention the assurance statement anywhere.What should the preparer include to make the disclosure complete?
Model answer. They should describe the channels people can use to raise concerns about tax-related conduct and integrity, even if those channels are shared with other topics, and explain how those concerns are handled. They should also state how the tax disclosures were assured and, where relevant, point readers to the external assurance report or statement so the assurance trail is easy to find.
Why this matters. The disclosure should cover both concern-raising routes and the assurance trail for tax information.
Analyse this disclosure across real reports

See how companies actually report GRI 207-2 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.

Related framework references

How this disclosure maps across the major reporting frameworks.

GRIPrimary
GRI 207-2
within GRI 207: Tax 2019
Open official source →
ESRSRelated
ESRS G1
Business Conduct — closest topical match (post-Omnibus ESRS catalogue).
IFRSNo equivalent
No direct IFRS S1/S2 topical equivalent.
Related & explore
Questions this page answers
What do I need to gather before drafting GRI 207-2 (Tax) on this page?

Start with the datapoints listed on the page: tax control framework, tax accountability lead, how tax is embedded in the business, tax risk management, tax control review, tax concern channels, and the tax assurance process. The page also gives a step-by-step preparation section to help you turn those inputs into a draft. ↑ section

How should I set the scope for GRI 207-2 (Tax) using this page?

Use the page’s plain-language explainer and the listed datapoints to decide what your organisation can evidence for the disclosure. The page is designed to help you define the scope and methodology before you write the draft. ↑ section

Who should own the GRI 207-2 (Tax) data collection in practice?

The page points you to a tax accountability lead and to tax being embedded in the business, so ownership may sit with tax but need input from other functions. Use the preparation section to assign responsibilities before you start collecting evidence. ↑ section

What evidence do I need for GRI 207-2 (Tax) to be assurance-ready?

The page includes six assurance claims to verify, each with claim, risk and evidence prompts, plus an evidence pack with five items. Use those sections to build a file that shows what was claimed, what could go wrong, and what supports the disclosure. ↑ section

How do I use the GRI 207-2 (Tax) evidence pack on this page?

The evidence pack is there to help you assemble the core documents and records needed for assurance readiness. It sits alongside the assurance claims so you can check that the evidence matches the claim and the risk being addressed. ↑ section

What are the common mistakes to avoid when reporting GRI 207-2 (Tax)?

The page lists common reporting gaps and mistakes so you can spot weak points before finalising the disclosure. Use that section as a pre-submission check against your draft and evidence pack. ↑ section

How can I turn the GRI 207-2 (Tax) page into a draft disclosure?

The page includes draft-output support with visualisation ideas, narrative starters and a GRI content-index line. Use those to move from collected data and evidence into a short draft narrative and a structured index entry. ↑ section

What should I put in the GRI 207-2 (Tax) narrative if I only have partial data?

The page’s narrative starters are meant to help you write from the data you do have, while the common gaps section helps you identify what is still missing. Keep the draft aligned to the evidence you can actually support. ↑ section

How do the synthetic example disclosures on the GRI 207-2 (Tax) page help me?

They show how a disclosure can be presented in practice, including a quantitative table where relevant. Treat them as illustrative only and use them to shape your own wording and layout, not as a template to copy. ↑ section

Can I reuse my GRI 207-2 (Tax) data for ESRS G1 Business Conduct reporting?

The page says ESRS G1 (Business Conduct) is the closest correspondence, so the same data may be reusable across both. Check the specific reporting needs separately, but use the page to organise the underlying tax data and evidence once. ↑ section

Where do I find the GRI 207-2 (Tax) workbook and printable card on this page?

The Download Centre includes a Prep & Assurance workbook in .xlsx format and a printable Library Card in .pdf format. Use the workbook to organise preparation and assurance, and the card for a quick reference copy. ↑ section

More questions this page can help with
  • GRI 207-2 Tax checklist for sustainability manager: what data points should I request?
  • GRI 207-2 Tax assurance evidence pack: what should be in it?
  • How to prepare a draft GRI 207-2 Tax disclosure from internal tax controls and risk data
  • GRI 207-2 Tax common reporting gaps and mistakes to check before submission
  • How to use the GRI 207-2 Tax Prep & Assurance workbook
  • GRI 207-2 Tax narrative starters and content index line examples
  • Who should be the tax accountability lead for GRI 207-2 Tax?
  • What is the closest ESRS correspondence for GRI 207-2 Tax and can data be reused?
  • GRI 207-2 Tax step-by-step preparation guidance for ESG teams
  • What evidence do assurance reviewers expect for GRI 207-2 Tax?
  • How to map tax concern channels and tax control review data into GRI 207-2 Tax
  • GRI 207-2 Tax example disclosure with quantitative table
Dr Ross Kurinko
✓ LRA AI Assistant · human-in-the-loop
Ask Study Studio AI assistant about this disclosure

Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.

Try
Sources, status and disclaimer

This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.