Market leading insight for tax experts
View online issue

SAO four years on

printer Mail
Speed read

There has been a noticeable shift in HMRC’s attitude to the SAO legislation. At first, HMRC adopted a ‘light touch’ approach. Now, HMRC is increasingly proactive, sending out standardised pre- and post- certification letters to remind companies of their SAO obligations. HMRC expects companies to undertake a level of testing each year to ensure ongoing compliance with the SAO regime, and the department is also linking SAO queries with issues of wider tax governance. Companies should be prepared to engage with HMRC on a greater level than was previously the case. It is suggested that a risk-based approach to SAO, which is well documented and includes a proportionate.

FA 2009 introduced legislation that requires senior accounting officers (SAOs) of qualifying large companies (broadly, UK groups with a turnover in excess of £200m) to provide personal certification that their accounting systems are capable of delivering accurate tax reporting across all major taxes.

HMRC’s view in 2009 was that this legislation should not impose a significant administrative burden on those companies caught. A ‘light touch approach’ was promised, and indeed applied, to the first financial year following its introduction. This article documents the shift in approach from both the company and HMRC that has occurred in the last four years.

HMRC’s new approach

Since the introduction of the SAO legislation in 2009, there has been a noticeable shift in HMRC’s attitude and approach to it. Initially, this could essentially be characterised as reactive. HMRC was content to let companies decide for themselves what an appropriate response might be and were not in any sense prescriptive as to what a compliant approach might look like.

In the last nine months, however, we have seen a shift in HMRC’s approach. Standardised pre-certification letters have been used, asking companies to bear in mind certain key issues when considering the SAO rules. Included within this list of issues:

  • companies are reminded that having completed an SAO review in year one does not mean that requirements continue to be met in year-two;
  • the company is reminded that ‘reasonable steps’ requires it to have in place mechanisms for identifying, on an ongoing basis, the risks which may lead to inaccuracies and ensuring that processes and controls are in place to manage and monitor them;
  • taking a risk-based approach to the risks identified is recommended; and
  • it is highlighted that the CRM will want to discuss what the SAO is doing to discharge his responsibilities under this legislation as part of the wider customer relationship discussions (and such discussions are now happening).

Standardised post-certification letters are also being used by HMRC. Presumably, these are sent to those companies which have chosen to submit a certificate without engaging in any detailed discussion with their CRM about its content. These letters ask questions such as: what checks and balances are in place to aid the SAO; how often are the checks undertaken in the year; and what qualifications does the SAO have to assume this role?

This new proactive HMRC approach reflects an increased awareness within HMRC about what good systems processes and controls look like and a consequential greater confidence to have the discussion. Furthermore, some recent high profile interactions between HMRC and large companies have led to criticism that certain CRMs may have become too ‘cosy’ with their large company ‘customers’. This could be a reaction to that criticism.

The key message for companies caught by SAO is clear; the need to engage with HMRC on the subject in much greater detail than before is inevitable. The challenges for year three onwards are set out below.

Engaging with HMRC

With the changing HMRC attitude comes the need for companies to reassess their own approach to the SAO requirements. The majority of impacted companies are now contemplating filing their third SAO certificate and the typical approach we are finding when talking to them is changing. Companies who were previously content to rely on a series of internal sign-offs and high level reviews, with perhaps a degree of internal audit scrutiny, are now deeming this to be no longer sufficient. They are seeking to conduct more detailed reviews, either in conjunction with their own internal audit departments or using third-party advisers (taking into consideration such factors as the technical expertise and the level of objectivity required).

One further consideration for companies is how they should demonstrate or present to HMRC that they are meeting their SAO compliance requirements. As referred to above, SAO is increasingly becoming at item for discussion at the regular meetings that large companies are expected to have with their CRMs. Where such meetings do not currently happen as a matter of course, or where SAO compliance is not being discussed at them, we would recommend that company tax directors (or whoever is responsible for tax) drive this to ensure that some communication is held prior to a certificate being submitted, as a minimum.

With regard to the level of detail that is needed to be provided to HMRC, our experience is that if HMRC understands the overall approach taken and can be presented with a high level, comprehensible summary of findings, this should be sufficient. There is, in our view, no necessity to show HMRC the full detailed report which may have been prepared to support the summary, unless there are particular areas of concern. Far more important is the need to explain and, to a degree, justify the process and structure of the work undertaken.

When to submit a qualified certificate

When and how a certificate should be qualified appears to be a key area of uncertainty and contention for companies, with some advisers apparently advising to almost never qualify, others to qualify for virtually any and every issue (16 pages worth in one instance), and others (which HMRC really dislikes) advising the ‘cake and eat it’ approach – submitting an unqualified certificate but then mentioning numerous ‘areas of concern’.

We recommend taking a risk-based approach to your SAO review, wherein key tax accounting processes of a business are risk rated, and levels of assurance then identified. This means that the overall appropriateness of the process can be assessed in accordance with the risk status of the profile. A high risk process (which is inherently difficult to manage and/or has large levels of tax at stake) will require greater levels of assurance in order to be deemed appropriate than a low risk process, where there is a lesser amount of tax on the table. This approach, adopted consistently across all taxes, should ensure that insufficiencies to processes are disclosed at an appropriate level.

When qualification is required, we would advise that, wherever possible, investigative work is taken prior to certification. This means that the detail provided in the certificate can include a summary of the nature of the insufficiency, and the details of remedial actions taken, or to be taken, along with management’s view on whether the insufficiency has led to an actual underpayment of tax.

Guidance on certificate wording is given in HMRC’s SAO guidance (Senior Accounting Officer Guidance at SAOG15300 and SAOG15400). However, HMRC is currently consulting with businesses to slightly amend this guidance. It would appear that the objective of the proposed revision is to avoid any ambiguity around the status of certificates and whether or not accompanying detail represents a caveat or not. Companies that persist in blurring this distinction can expect to be challenged going forward.

The monitoring requirement

The requirement that impacted companies must attest that they are monitoring tax accounting arrangements is one which really can no longer be ignored or trivialised. Companies are now expected to undertake a level of testing each year to ensure that compliance is maintained.

The SAO legislation and accompanying HMRC guidelines do not prescribe the level of testing that a company must undertake on an annual basis so as to be compliant. Inevitably, the approach to be adopted here is somewhat subjective. In our view, the appropriate response to this requirement is for a company to adopt a risk-based approach, with a testing programme which will seek to test all of the major tax risk processes over the course of a number of years. This programme should be fully documented, to include the reasoning behind the prioritising of testing some areas earlier in the cycle than others, if appropriate. We would advise that any testing plan is endorsed by a tax specialist, be that an internal tax specialist (via, for example, a peer review) or an external adviser.

The wider tax risk issues

Most recently, we have also seen examples of HMRC linking SAO queries into issues of wider tax governance, asking questions such as: ‘how does the SAO interact in terms of board of directors’ involvement, audit committees and internal and external audit?’ and ‘did the company seek advice from accountants on best practice?’ Again, this seems to us a natural development in the lifecycle of a systems-based process. Once SAO is embedded, it is inevitable that HMRC will want to understand how the approach adopted fits within the broader approach to tax risk. Yet it is not just HMRC forcing this issue; recent publicity for tax structures adopted by Starbucks, Amazon, et al demonstrates that mismanagement of UK tax risk can become a front page (and reputationally damaging) issue. For a number of large companies, this is forcing them to reconsider the content of their tax strategy and policy documents, often created four or five years ago in a very different political climate (and before the SAO rules were brought in).

Boards, audit committees and non-executive directors are undoubtedly showing a greater interest in tax risk than ever before. Compliance with the senior accounting officer regulations is a part of that, becoming one of the key performance indicators that a successful in-house tax/ finance function is to be judged by going forward. Whilst there would appear to have been few instances of outright SAO failures to date, the incidence of them being identified and challenged is likely to increase as the HMRC approach described here begins to bite. We believe that adopting a considered risk-based approach to SAO that is well documented and includes a proportionate testing programme is the best insurance policy against being found to fall short and suffering the consequent turmoil that would cause.

Ed Dwan is a tax partner at BDO LLP

Lucy Sauvage is a tax senior manager at BDO LLP