Schedule 46 SAO Certificate FAQs

Transcription

1 Schedule 46 SAO Certificate FAQs Ensuring Correct Completion and Submission of the SAO Certificate The first submission of the Schedule 46 Finance Act 2009 (FA09) senior accounting officer (SAO) certificate is approaching fast. However, a recent Protiviti survey revealed that the majority of SAOs remain uncertain as to what information to report within the certificate. They are also unsure whether to disclose in the certificate weaknesses or deficiencies detected within the current control framework, as they might not be deemed material findings and could attract unnecessary attention from HM Revenue and Customers (HMRC). Given this uncertainty, Protiviti has prepared a short list of FAQs to support SAOs in providing an adequate certificate to HMRC. It is important to keep in mind that the SAO certificate is intended to be an open reflection of the company s tax accounting arrangements. Therefore, highlighting weaknesses and deficiencies will not in itself be regarded as something to be held against the company. Customer relationship managers (CRMs), as part of their normal discussions with customers, will expect SAOs to be able to explain what action(s) they are taking to rectify matters and will consider this information in their overall risk assessments. Who should submit the SAO certificate? The SAO of a qualifying company is responsible for providing HMRC with a certificate as set out in Section 46 stating whether the company has appropriate tax accounting arrangements or, where it does not, providing an explanation. Companies subject to Schedule 46 must notify HMRC of the name of the person(s) acting as SAO for each financial year. There is no set form of notification; at minimum, it should include the SAO s contact details, the period to which the notification relates, and the companies for which the SAO is acting. Notification will normally be made to the CRM and should be filed within the period under Companies House Requirements (six or nine months after the end of the relevant accounts reference period).

2 When should the certificate be submitted? The certificate should be provided to the CRM for the company or companies covered and must be submitted no later than the end of the period for filing the accounts for the financial year. The CRM may grant an extension, but this is provided only in exceptional circumstances (e.g., during mergers or acquisitions, or in the case of some other major change affecting the company, its systems or the personnel key to the systems and governance). To ensure no notification or filing dates are missed inadvertently, it is recommended that the SAO discusses a potential extension with the CRM in advance. How should the certificate be formatted? The HMRC guidance provides the following suggested format and wording for the certificate: I [ ] as Senior Accounting Officer of the qualifying company/companies listed below, hereby certify that to the best of my knowledge and belief throughout the company s or companies financial year ended [ ] the company/companies had appropriate tax accounting arrangements or to the extent it/they did not, an explanation is provided below. What information should be disclosed? As outlined in Section 46, the main duty of the SAO is to take reasonable steps to ensure the company establishes and maintains appropriate tax accounting arrangements. As such, the SAO must take reasonable steps to monitor the accounting arrangements of the company and identify any respects in which those arrangements are deemed not to be appropriate tax accounting arrangements. Although there is no official guidance on the meaning of appropriate tax accounting arrangements, they could include the following broad elements: A process for gathering and recording data in a systematic way An understanding of the key tax compliance risks in the business Designing and implementing control activities to mitigate these risks (e.g., separation of responsibilities and ensuring people who undertake delegated activities have the right skills and competency levels) Mechanisms for communicating roles and responsibilities Monitoring activities to ensure controls are operating effectively; the level of monitoring required will vary according to the level of risk present In addition, as outlined in Paragraph 16 of Schedule 46, the SAO should assess the company s relevant liabilities and ensure these are calculated accurately in all material respects. The focus should be on the significant transaction, system and tax and the relative size of these items in terms of the business. As stated in the guidelines, HMRC is not interested in small or insignificant errors. Consequently, it is important to concentrate on significant areas of risk. Protiviti 2

3 Taking into account the key elements reported above, interpretation of HMRC s guidance, the Schedule 46 legislation, and discussion with various SAOs and CRMs, we have identified three main issues that we believe should be disclosed within the SAO certificate: 1. Weaknesses or deficiencies within the current control framework likely to result in material inaccuracies being reported to HMRC. These weaknesses have not yet been resolved; therefore, the SAO has not been able to identify adequate compensating control(s) to mitigate the risk(s). Example: As part of the review of the internal controls, it has been noted that manual invoices have been created outside of the company s enterprise resource planning (ERP) system. The value added tax (VAT) has been added to the invoice correctly. However, the VAT payable to HMRC has not been captured within the VAT return as the corresponding entry was not posted to the appropriate VAT account. 2. Weaknesses or deficiencies within the current control framework likely to result in material inaccuracies being reported to HMRC for which adequate compensating controls have been identified. Example 1: The company utilises a number of spreadsheets in the creation and completion of tax returns. Due to the nature of the manual operations outside of the system, there is a higher risk of error. The company is currently performing a review of key spreadsheets in use to determine how best to reduce risk of error. Consideration will be given to access control: Defining and maintaining appropriate user access rights and restrictions: This includes segregation of duties, where applicable. Change control: Controlling changes made to the spreadsheet, including adequate testing and documentation of changes. Data input validation: Ensuring completeness and accuracy of data inputs. Independent review: Documented, independent review of spreadsheet logic. Identified errors: Where it has been identified that appropriate tax accounting arrangements are not in place throughout the financial year and have resulted in material inaccuracies in calculated tax liabilities. Example 2: Manual invoices have been created outside of the company s ERP system for a total amount of 10.5 million. The VAT has been correctly added to the invoice. However, the VAT payable to HMRC has not been captured within the VAT return, as no entry was recorded in the relevant VAT account. 3. Weaknesses or deficiencies identified throughout the year: The SAO also should prepare a list of weaknesses or deficiencies not deemed to be material and for which adequate compensating controls or remediation plans are in place to prevent error(s). This list should not form part of the certificate, but should be discussed with the CRM. Example: The SAO identifies a risk relating to lack of formal segregation of duties within the current ERP systems surrounding VAT tables. Because the team has a good understanding of their roles, unauthorised users are not trained on how to change VAT tables, and monitoring controls are in place to detect changes that could lead to material misstatements, no errors are thought to have arisen from this risk. However, to manage Protiviti 3

4 and minimise the risk of VAT tables being incorrectly changed by unauthorised users, the SAO may decide to allow only a few users access to the tables. How does the CRM use the certificate? The SAO certificate will form part of the overall information that will be used by HMRC to riskassess a business. The certificate s content will help the CRM to focus corporate compliance activity. HMRC does not foresee the CRM specifically undertaking work to verify the accuracy of the certificate. It is therefore not envisaged that the CRM will undertake an in-depth audit review in order to cover all taxes in scope. Typically, the CRM will build up an understanding of the systems and governance through real-time discussions with the business and normal risk-based compliance checks. The CRM expects to have an open and transparent relationship with the SAO; therefore, he or she will want to discuss weaknesses that have been disclosed on the certificate, or known historical weaknesses in the tax accounting arrangements, and will focus on what steps the SAO is undertaking in order to solve them. Situations where the CRM may want to consider further work on systems and governance could include: Historic evidence of weaknesses within the tax accounting arrangement: Where the tax accounting arrangements have been certified as appropriate, if there is some historic evidence of tax accounting arrangement weakness, it is anticipated the CRM may perform targeted checks on known areas of weakness. The CRM also may decide to undertake real-time compliance checks on key areas of risk deemed material for the company. Weaknesses reported within the certificate: Where a disclosure has been made on the certificate stating that part of the tax accounting arrangements are not appropriate, the CRM would expect additional controls to be put in place to address deficiencies. In certain cases, the CRM might decide to undertake real-time compliance checks both on known areas of weakness and on risks arising from the specific risk assessment performed on the company. Deficiencies identified: Where deficiencies have been found in the tax accounting arrangements, the CRM would expect additional controls to be put in place to address the deficiencies. In subsequent periods, it may be appropriate to undertake real-time compliance checks to ensure controls put in place are working properly. The extent of these reviews will depend on the relationship between the CRM and the SAO, and its level of openness and transparency. Where, as a result of any further work, it appears the requirements of the legislation may not have been met and penalties may be applied, there will need to be discussions with the SAO to determine whether he or she has taken reasonable steps to ensure the company established and maintained appropriate tax accounting arrangements. Protiviti 4

5 What if the CRM identifies errors or deficiencies not disclosed on the certificate? If the CRM, while performing a normal compliance check, identifies errors or weaknesses in tax accounting arrangements for which a full disclosure within the certificate for the appropriate period has not been provided, he or she may not necessarily conclude that the certificate was inaccurate or that there was a failure to establish and maintain appropriate tax accounting arrangements. The CRM concluding that there have been any SAO failures will depend on how the error arose and its significance. What if the SAO and the CRM disagree? As previously stated, HMRC, as well as the CRM, aim to have an open, collaborative dialogue with the SAO. Where there are differences in opinion, as with any other area of risk, they would expect to have a reasonable, professional discussion with the SAO to understand the difference in opinion. However, in cases where disagreements cannot be resolved easily and the CRM believes the SAO or company may not have met the requirements of the legislation, the issue should be escalated to the Sector Lead in the Large Business Service and to the Business Unit Head in Local Compliance. What is the link between the SAO penalties and Penalties for Inaccuracies outlined in Schedule 24 Finance Act 2007 (FA07)? As outlined by the guidance provided by HMRC, there is no automatic link between: Penalties for errors on tax returns, and Penalties for the SAO failing to carry out the main duty per Schedule 46, Paragraph 1. These two provisions are entirely separate. Consequently, failure to have appropriate tax accounting arrangements will not necessarily result in an error attracting a penalty under Schedule 24 FA07. Additionally, an error in the return that has attracted a penalty under Schedule 24 FA07 will not automatically mean a company does not have appropriate tax accounting arrangements and that there is any failure under Schedule 46 FA09. However, it is important to outline the fact that appropriate tax accounting arrangements will not necessarily result in a mitigation of a penalty for an error under Schedule 24 FA07. There may be circumstances where penalties under both Schedule 46 FA09 and Schedule 24 FA07 are chargeable, but it will depend entirely on the circumstances of each individual case. Protiviti 5

6 About Protiviti Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000 and Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half International Inc. (NYSE: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. Contacts: Jonathan Wyatt Loredana Guetg-Wyatt Managing Director Director +44 (0) (0) jonathan.wyatt@protiviti.co.uk loredana.guetg-wyatt@protiviti.co.uk 2011 Protiviti Inc. An Equal Opportunity Employer. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.