Legislators favor lighter touch to regulating business audits contracted by cities | The Sum and Substance

Given the options of taking an aggressive or conservative approach to combatting “trigger audits,” Colorado legislators appear to have chosen the latter.

The Sales and Use Tax Simplification Task Force last week unanimously approved a bill for drafting that would require any that any third-party auditors contracted by cities maintain the same confidentiality with collected data that Colorado governments would use. It also will send a letter to the Colorado Department of Revenue calling on it to convene a task force to help increase the number of businesses using the existing SUTS tax-filing system — a change that it believes would boost compliance with state law.

Members chose that approach rather than one suggested by a coalition of tax-concerned business interests, which had sought to mandate the use of nondisclosure agreements by auditors and limit the frequency with which cities could audit compliant companies. But a Simplify Colorado Sales Tax leader said her group backed the less aggressive bill because it was more doable in a local-control state and still sends a message to audit firms that they will be punished if they share findings with unauthorized governments.

“I don’t know that it has any teeth. But the bigger problem is you’ve got to push because nothing is happening,” said Judy Vorndran, a member of Simplify Colorado and a state and local tax partner with TaxOps LLC. “The legislation is to propel action, to say ‘We’re watching. We’ll do something.’”

Issues with coordinated audits

Medium-sized businesses in particular have been sounding the alarm this year about the number of audits they are seeing done by a private firm that contracts with as many as two dozen cities at once to investigate those businesses’ compliance with local tax filing. These coordinated audits are legal, but business leaders say they place a huge burden on the targeted companies, who often find themselves undergoing the same process every three years as cities and the contracted firms check in on past offenders.

The primary contractor — Revenue Recovery Group of Baton Rouge, Louisiana, which has conducted 11,200 audits in Colorado in the past 28 years — told the task force that it doesn’t share information gleaned through audits. Instead, it uses public records to find multistate companies that don’t appear to be registered in certain cities, approaches those cities about doing an audit for them and then shares its findings only with the cities that already have contracted with it.

But because RRG President and Founder King Woolf declines to signs NDAs, as he told the task force, some businesses question whether audit findings may be given to other non-contracting cities, leading to so-called trigger audits that may come in succession. And business leaders want to make sure that isn’t happening.

How the bill would impact local audits

The bill forwarded from the SUTS Task Force to the Legislative Council — a final step before the bill is introduced early in the 2025 session — would establish statewide standards prohibiting private auditors from divulging any information found in their examinations. Violation of these confidentiality provisions would be a misdemeanor punishable by a fine of not more than $1,000 per violation.

Sen. Jeff Bridges, the Greenwood Village Democrat who intends to sponsor the proposal, noted that the final bill is the result of discussions between business groups and municipal leaders about what limitations on the audits would be acceptable. The wording of the proposal would allow for continued coordinated audits, which are used more often by smaller cities with limited resources to audit taxpayers themselves, but it would hold the firms more accountable.

“There are a lot of people who came together to put together what I think is a great bill,” Bridges said.

Simplify Colorado had sought more, however.

Does the bill have enough enforcement capability?

It wanted a requirement that private auditors would have to sign NDAs, and it even floated the idea of giving business a private right of action if those NDAs were violated. The organization also wanted to bar municipalities from conducting subsequent audits for five years on any company that is investigated and was found to be compliant. And it felt that the $1,000 fine is not enough to deter illegal practices.

But Kevin Bommer, executive director of the Colorado Municipal League, said his organization stepped in to assert that legislators can’t tell city governments how often they do audits under the home-rule provisions of the state constitution. He also questioned why the state would consider imposing the use of NDAs on other governments, and he said he believes the final bill proposal reflects that while businesses use the term “trigger audits,” there remains a dearth of evidence that they are happening.

“If we could address the confidentiality issues and that could be done with state legislation, you don’t have to deal with home-rule issues,” Bommer said after the Sept. 25 task force meeting that forwarded the bill proposal.

Vorndran said she was particularly disappointed that the five-year audit pause was not included in the bill, as that is the biggest problem for businesses who are constant targets of these third-party audits. In fact, she asserted, those audits seem to target such a limited number of companies repeatedly that it leads to noncompliance with state and local tax laws among firms that know they’re less likely to be targeted.

“It is a punitive practice,” she said of the triennial audits of previously noncompliant firms, which some local finance officials acknowledged to the task force as a common practice. “Once you get in the audit cycle, you will get audited again.”

Also coming: A new task force on improving SUTS usage

The need for compliance with the state’s byzantine sales-tax structure — the overlap of municipal and special districts charging different rates creates about 700 different taxing districts statewide — is a reason legislators launched the SUTS system in 2020. Businesses that ship goods remit taxes based on the location of the customer who receives the products, and the SUTS database allows them a one-stop option of determining all taxes they must pay and then sending them to the state to distribute to local governments.

However, use of the system by businesses, particularly smaller ones, remains low, and state officials fear that means that many firms, rather than choosing to remit taxes individually to all governments to which they owe them, are just not paying taxes. And a letter that the task force approved to send last week aims to address that.

The letter directs the revenue department, which oversees SUTS, to convene a group of stakeholders to study businesses’ use of the centralized filing portal and recommend improvements that would boost its use. The task force — composed of government officials, businesses and tax practitioners — would look at areas such as potentially cumbersome user requirements and functionality gaps.

The task force is expected to begin meeting this month and work through next spring. It then is expected to recommend upgrades in to the legislatively created SUTS Simplification Task Force in time for it to consider possible fixes that could be made in the 2026 session.