BRM Holdich E-News

17 April 2015


You will be aware that the Australian Taxation Office (‘ATO’) is steadily moving towards electronic communications as their preferred method.  In the last few months for some communications this has started to progress to being the only method.  Many of you will have noticed that you no longer receive paper Activity Statements from the ATO, and you should also have been notified by the ATO that your 2015 financial year PAYG Withholding and Taxable Payments Reporting must be lodged via the ATO Business Portal, you will no longer be able to lodge via paper or other electronic media.

The purpose of this article is to provide you with information about communicating with the ATO electronically and how to get started.  It is clear that ultimately all of your dealings with the ATO, and many other government departments, will be required to be made electronically, so you may as well get yourself organised now.

As Tax Agents we have been communicating with the ATO electronically for a number of years, and we consider this to be the preferred method.  There are many advantages, predominantly related to efficiency and instant access to information.  Once set up to communicate electronically with the ATO we are of the opinion that you will also find that it is a better method for you.  Therefore, it is worth the time to become familiar with the process and get organised.

Your electronic communication with the ATO is via an AUSkey.  There is a lot of information available on the ATO website and the Australian Business Register (‘ABR’) website on AUSkeys, the attached PDF document summarises much of this information for you.  We are familiar with AUSkeys and the ATO Business Portal and would be more than happy to assist you in getting setup with your AUSkey.

Responsible Digital Organisations

All organisations utilising technology have a responsibility to use it appropriately in order to participate in a global society.  But what is appropriate? Responsible and appropriate behaviour in a world super-charged by modern technology requires direction, guidance and ultimately a framework underpinned by complimentary technologies designed to protect the organisations technology networks, infrastructure and people.

The use and life of technology within an organisation characteristically starts with the end user, therefore, organisations have a responsibility to be instrumental in guiding user behaviour.  An acceptable use policy is designed to educate and protect both the user and the organisation through advice on specific technology use.  This should be supported by an overarching information security framework.

It is important for users to know the online world. Organisations need and want their employees to be curious, to learn new things using technology as an information source, but it is imperative that to protect the organisation it has responsible digital users.  That is to say, users who are both aware of the risks, and aware of how to protect themselves and the organisation.

Organisations should support users to:

  • Choose consciously: think before they act - the choices they make whilst using technology and online can last forever.

  • Engage positively: what a user says and does online can affect everyone! It is important users understand the need to avoid bullying, harassment and online abuse and learn how to take positive steps if others do not.

  • Understand individual responsibility: connecting in safe environments, consequences of risky online behaviour and making responsible choices.

Organisations should consider:

  • Strategy - A comprehensive information security strategy explicitly linked with IT and organisational business objectives.

  • Directives - The directives in this context are a set of imperatives from the Board to the business on how information security, in accordance with organisational information security priorities, standards and regulatory guidelines, will be controlled within the environment.

  • Policy - The Information Security policy is a standard for the implementation of information security across the organisation to ensure that all technology users within the organisation, or its networks, comply with rules and guidelines related to the security of all information that is stored, transmitted or processed digitally at any point in the network or within the organisation's parameters of authority.  These are accompanied by policies and processes that support the information security policy, its directives and the overall information security strategy. 

  • Digital Security - precautions to guarantee safety.  In any society, there are individuals and organisations who steal, deface, or disrupt others.  The same is true for the digital community.  It is not enough to trust other members in the community with the organisations or the employee’s safety. Think about the organisation and its people as if it were home and family.  At home you put locks on the doors and fire alarms to provide some level of protection. The same must be true for digital security. Organisations need to have virus protection, backups of data, and properly protected equipment.

As a responsible digital society we need to protect our organisation, information and users from outside forces that might cause disruption or harm.

There are many benefits to technology but it is important that organisations ensure that there is organisation-wide understanding of the risks and that users are fully supported to make appropriate choices.

Organisations, even in 2015, are not necessarily equipped to deal with the threat landscape and the ever changing risks that exist in our digital world.  People are always the weakest link and are inherently trusting therefore we must ensure that they are reminded of their roles and responsibilities in relation to the digital landscape and the use and protection of valuable corporate information.

If you are interested in understanding the digital security landscape of your organisation and evaluating if you have the frameworks and policies to support responsible and appropriate behaviour to protect your organisation, contact Jo Stewart-Rattray, Director of Information Security and IT Assurance at BRM Holdich on 08 8168 8410


Important: This is not advice.  Clients should not act solely on the basis of the material contained in this Bulletin.  Items herein are general comments only and do not constitute or convey advice per se.  Also changes in legislation may occur quickly.  We therefore recommend that our formal advice be sought before acting in any of the areas.  The Bulletin is issued as a helpful guide to clients and for their private information.  Therefore it should be regarded as confidential and not be made available to any person without our prior approval.


BRM Holdich
Level 8, 420 King William Street
Adelaide SA 5000