Tax is entering the technological age. IT systems are under HM Revenue &
Customs scrutiny. Technology can help manage tax risk and will be integral to
tax compliance in the near future. Although increased attention from the tax
authorities is likely to lead to an additional compliance burden for business,
taking the opportunity to standardise and simplify business processes and
controls now will undoubtedly unlock value going forward.
Tax can sometimes be a ‘black box’ for organisations and its system
requirements have not always sat comfortably with the IT driven process
revolution the rest of finance has been experiencing since Sarbanes-Oxley. These
rules forced many large corporates to look critically at every aspect of their
financial reporting IT systems and controls, with the directors required to
attest to their adequacy.
Often tax was an isolated function with its own technical systems and tools
and these were not necessarily included in wider systems reviews and projects.
Tax authorities getting up to speed
This scenario is changing. Following HMRC’s review of its links with large
business late in 2006, it announced a new approach to compliance risk management
for the largest businesses, taking a risk-based, real-time approach to determine
a taxpayer’s level of compliance.
Large businesses (roughly those with turnover of over £200m) have already
been subject to a risk assessment by HMRC across all taxes. Those businesses
determined as ‘low risk’ are subject to less stringent examination, whereas
those deemed to be ‘non-low risk’ may now undergo more significant enquiry in
order for HMRC to gain adequate comfort.
Scoring is based on various criteria, including an assessment of the
taxpayer’s ability to deliver the right tax at the right time through its
systems, processes, controls and governance framework. Clearly, the adequacy of
the IT systems is now under the spotlight with HMRC now appreciating the
importance of transaction processing systems.
This marks a shift in approach, especially around direct corporate taxes. The
focus is no longer only on a taxpayer’s returns. HMRC is now concerned with also
determining the fitness of the taxpayer’s processes and arrangements leading to
the preparation of the return. HMRC now cares about the process and systems, as
well as the end result.
Senior Accounting Officer Signoff
Building on this, the recent Budget and subsequent developments brought the
introduction of the requirement for the largest taxpayers to appoint a senior
accounting officer to sign off, with personal accountability, on the
appropriateness of the tax accounting arrangements in place. The legislation
determining the criteria for a company to be caught is still being finalised –
but it is widely expected to be companies with a turnover exceeding £200m.
These are mostly companies with a ‘large business relationship’ with HMRC
where a client relationship manager has been appointed. The SAO is the person
with ‘overall responsibility’ for the group’s accounting arrangements. –
typically the CFO.
The legislation places the onus on the SAO to assess and attest to the tax
accounting arrangements, certifying either that they are appropriate (or that
reasonable steps have been taken to make them appropriate), or explain the ways
in which they are not appropriate. Failure to appoint an SAO, omission to
provide a certification or the provision of an inaccurate certification will
lead to a penalty (£5,000 for each infringement) being levied on the SAO
personally, or the company where an SAO is not appointed.
Although HMRC advised that it will not specifically audit the SAO’s
certification, it is anticipated that should stage 3 audit testing (see box)
lead to systems weaknesses being identified which were not disclosed in the
certification, a penalty is likely to be levied on the SAO personally.
Assessing your IT controls
Tax processes, general IT controls and specific application controls should
be critically reviewed and assessed. The tax director needs to work with IT to
address these questions:
- Are you confident in the overall security of the IT systems as well as key
- Are IT processes and controls relating to tax fully understood and
- Are accounting entries appropriately coded at data capture or by automated
systems to record the correct tax effect
- What controls and monitoring exists over tax sensitive master data? Could it
be tampered with leading to potential misstatement?
- What controls are in place to ensure that systems and related master data
are kept up to date with the latest legislative developments?
- Are tax considerations adequately addressed during changes to IT systems,
for example testing and sign off by tax?
- Are local tax considerations adequately addressed when global systems and
shared service centre approaches are introduced to process tax sensitive
- How does the business ensure that data transfers to prepare tax computations
are complete and accurate?
- Is the business making appropriate and efficient use of automation to ensure
robust systems and controls that are capable to deal with changing tax and local
entity reporting requirements externally and within?
There is a clear trend towards risk-based, process driven, real-time tax
reporting and enquiry across all the taxes. The capability, flexibility and
speed of access to a taxpayer’s information systems are increasingly important.
There is an assumption on the part of the authorities that companies are set up
Now is the time to take stock to see how your systems measure up and o
maximise opportunities for efficiencies and improvements.
Technology is to the fore again on tax reporting. HMRC recently formally ma
ndated the online filing of all corporation tax returns (including supporting
schedules and company accounts) in eXtensible Business Reporting Language
(‘XBRL’) format from 1 April 2011.
How are companies preparing?
XBRL is a web-based computer language written specifically for business
reporting. HMRC are driving this forward because they want to have access to
information that they can interrogate more efficiently. The resulting statistics
and variances will enable HMRC, for example, to be more specific in the
questions raised during an enquiry.
Many companies are unaware of this development. Fortunately, most tax
software vendors are already working hard to ensure that tax numbers can be
filed in an XBRL format. However, it is the company accounts requirement that
may be the stumbling block. Companies need time to consider their financial
statements to assess what work is required to meet the UK GAAP and/or IFRS XBRL
requirements, including implementing and testing.
HMRC has indicated it will focus on understanding a taxpayer’s processes and
systems, undertaking more detailed audits in areas where weaknesses are
identified. This will be carried out in a three stage review:
Stage 1: to understand the wider governance framework within which tax is
Stage 2: to evaluate the systems, processes and skills being deployed;
Stage 3: to perform audit testing to establish and quantify weaknesses in
information systems, their impact on the tax numbers as well as recommendations
of remedial actions. This stage is unlikely to be performed on low risk
Michelle Quest and Bivek Sharma are tax
partners at KPMG
Colin responds to the call for 'Darwinism' in accountancy
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
Just one half of UK practices have implemented a pricing structure around auto enrolment implementation and advice - with many suffering increased costs
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast