Risk Management Accredited
Six Eye Review Management
Cybersecurity Accredited
ISO 31000: Risk Management Principles
Swanson Reed’s risk management framework, certified to the ISO 31000 standard, is founded on a set of principles that ensure risk is managed effectively throughout the entire organization. These principles are what govern their conservative approach to R&D tax advisory.
| Principle | Description | Implication for R&D Tax Services |
| Integrated | Risk management is not a separate activity; it’s part of all organizational activities and processes, including decision-making. | Risk considerations are built into the firm’s client engagement, scoping, and fee structure (e.g., avoiding contingency fees to minimize conflict of interest). |
| Structured & Comprehensive | A systematic, timely, and organized approach to risk contributes to efficiency and consistent, comparable results. | Ensures a standardized risk matrix is used for every R&D claim to consistently evaluate audit likelihood and potential risk severity. |
| Dynamic | Risk management anticipates, detects, acknowledges, and responds to changes, as risks emerge, change, and disappear. | The firm must continually monitor changes in IRS or tax authority guidance and adjust claim preparation methodologies immediately. |
| Best Available Information | Inputs are based on historical and current data, explicitly considering limitations and uncertainties. | Claims are substantiated with detailed, factual documentation (time logs, contracts, technical reports) to withstand audit scrutiny. |
| Continual Improvement | Risk management is continually improved through learning and experience. | Results from every internal review and external audit (even on other firms) are used to refine the Six-Eye Review process and documentation requirements. |
Risk Management Process
While the principles are the foundation, the ISO 31000 process provides the practical steps that Swanson Reed must follow to manage risks associated with client claims:
-
Establish Context: Defining the firm’s objectives and the external/internal environment (e.g., the specific tax jurisdiction and its audit risk).
-
Risk Assessment:
-
Risk Identification: Recognizing potential tax compliance errors or audit triggers.
-
Risk Analysis: Determining the likelihood and consequence (impact) of each risk.
-
Risk Evaluation: Comparing the analysis results against the firm’s risk criteria (appetite).
-
-
Risk Treatment: Selecting and implementing options to modify the risk (e.g., strengthening documentation, using creditARMOR insurance).
-
Monitoring & Review: Continually checking the risk landscape and the effectiveness of controls.
-
Communication & Consultation: Engaging stakeholders (clients, auditors) throughout the process.
ISO 27001: Information Security Controls
ISO 27001 certification mandates the implementation of specific safeguards, or controls, organized into a framework to protect information. This is critical for handling confidential IP, financial models, and personal data.
The standard’s Annex A outlines the security controls, which are typically grouped into four domains (based on the latest 2022 revision), demonstrating how Swanson Reed protects client data:
| Control Domain | Focus Area | Example Controls (Required of an ISO 27001 ISMS) |
| Organizational | Information Security Governance and Policies | Roles, Responsibilities, Segregation of Duties, Compliance with legal and regulatory requirements. |
| People | Security for personnel and human resource processes | Screening, terms of employment, awareness training, non-disclosure agreements. |
| Physical | Protecting the physical premises and equipment | Physical security perimeters, securing offices/rooms, protection against physical and environmental threats, clear desk policy. |
| Technological | Utilizing technology to protect data | Secure authentication, privileged access control, data leakage prevention, encryption, malware protection, backup. |
The key takeaway is that ISO 27001 requires the firm to define its Information Security Management System (ISMS), which follows the Plan-Do-Check-Act cycle to ensure security is never static, but is continually assessed and improved.
Six Eye Review | The Compliant R&D Tax Claim Preparation Process
Swanson Reed integrates its ISO-mandated risk mitigation directly into the workflow for preparing an R&D tax claim, primarily through a multi-step process culminating in their unique Six-Eye Review.
| Step | Description | Compliance & Risk Link |
| 1. Identification & Data Collation | Identify all qualifying R&D projects and collect the technical and financial data (costs, time tracking, design documents). | ISO 31000 (Risk Identification): Ensures all relevant data is collected upfront to support the claim’s eligibility and cost allocation. |
| 2. Technical Analysis & Write-up | Qualified engineers/scientists draft the R&D report, detailing the scientific/technological uncertainty and the systematic process used to resolve it, as required by tax law. | Defensibility: Establishes the core technical argument that proves the work meets the government’s criteria for Qualified Research. |
| 3. Financial Allocation & Computation | Accountants apply detailed methodologies to allocate employee wages, contractor costs, and supplies to the qualified R&D activities and compute the final credit amount. | Accuracy & Auditability: Ensures compliance with specific tax regulations on what constitutes a “Qualified Research Expense” (QRE). |
| 4. Mandatory Six-Eye Review | The claim undergoes review by at least one Engineer/Scientist for technical merit, and one CPA/Enrolled Agent for financial/tax compliance. | Compliance Quality Control: This mandatory check minimizes errors and maximizes the claim’s defensibility, aligning with both ISO 31000’s structured approach and professional due diligence. |
| 5. Submission & Documentation | The final, reviewed claim and all supporting documentation are submitted to the relevant tax authority (e.g., IRS). | ISO 27001: All data handling, storage, and submission processes are secured by the ISMS to protect client confidentiality throughout the filing process. |
| Framework Element | Description | Implication for Clients |
| Six-Eye Review | A mandatory internal review of every claim by a qualified engineer, a scientist, and a CPA or Enrolled Agent. | Ensures the claim is technically sound, financially accurate, and compliant with tax law, maximizing defensibility. |
| ISO 31000:2009 (Risk Mgmt) | An international certification for the firm’s comprehensive risk management policies and processes. | Provides objective, third-party validation of the firm’s commitment to mitigating client tax risk. |
| ISO 27001 (Info Security) | A leading global standard for establishing and maintaining an information security management system (ISMS). | Guarantees the highest level of protection for sensitive intellectual property and confidential financial data. |
| IRS CE Provider | Approved by the Internal Revenue Service to provide continuing education credits to Enrolled Agents. | Signifies a level of expertise and trustworthiness recognized by the U.S. federal tax authority. |
| NASBA CPE Provider | Certified by the National Association of State Boards of Accountancy to provide continuing education to CPAs. | Establishes the firm as an authority in its field, trusted to educate other accounting professionals. |
| BBB Accreditation (A+ Rating) | Accredited by the Better Business Bureau with the highest possible rating for ethical business practices. | Confirms a strong track record of client satisfaction and a commitment to resolving issues transparently. |
Ensuring You Receive Your R&D Tax Credits
Preparing an R&D tax credit claim is a meticulous process that requires a deep understanding of both technical and financial aspects. As Swanson Reed soley focuses on R&D tax credit claims, we are of the view we are best prepared to assist. R&D tax credit claim preparation involves a careful collation and analysis of technical information to identify qualifying activities, the preparation of formal government documents and supplementary technical documentation to substantiate the claim, the application of detailed accounting methodologies to calculate eligible expenses, and a thorough understanding of the R&D tax credit regulations and IRS administrative processes to ensure compliance. Each step is critical to maximizing the value of your claim while minimizing the risk of audits or disputes.
Who is Eligible to Claim R&D Tax Credits?
The R&D tax credit is designed to benefit businesses of all sizes, from small and medium-sized enterprises to large corporations. To qualify, companies must engage in activities that meet the criteria set by the IRS. These activities include, but are not limited to:
– The design and development of new products or processes;
– Enhancements to existing workflows and operational processes;
– The creation and implementation of new software or computer systems;
– The development of prototypes or products that have not yet entered production; and
– Improvements to existing products to enhance functionality, performance, or efficiency.
If your business is involved in any of these activities, you may be eligible to claim R&D tax credits, which can provide significant financial benefits.
Are you eligible?
Why choose us?
Pass an Audit?
Choose your state
Never miss a deadline again
Stay up to date on IRS processes
Discover R&D in your industry
