Post Visit Action: Providing feedback on visits for excise Risk Analysis
Other than management assurance, the primary use of the report forms will be for Risk Analysis during the sift process, and then, if the trader is deemed non compliant, during preparation/planning for the audit. It is therefore essential that the information recorded will be of benefit to any future Risk Analysis.
Staff should report to their manager on business’ declarations, financial and other relevant systems supporting those declarations.
Reports should be a clear expression of opinion, based on review and assessment of the conclusions drawn from evidence obtained in the course of the work. The report should:
- state the scope, purpose, extent and conclusions of the audit or assurance work, including an opinion as to the reliability of the system (if a systems based audit) and its ability to account for the right amount of tax/duty at the right time;
- make recommendations which are appropriate and relevant, and which flow from the conclusions;
- acknowledge the action taken, or proposed, by the business; and
- state the extent of any numerical errors or regulatory breaches found.
The report should be sufficient in order to address the main points and cross-refer to the working papers. The length and level of detail in the report should be commensurate with the materiality of the business’ activity. The report should be presented in a standard format and be signed and dated.
There should be a statement on the audit or assurance process adopted, stating reasons for any deviation from this standard. Any limitations to the scope of the work should be stated which may influence confidence in the result of the work.
The size and depth of the audit or assurance report should be commensurate with the work carried out. For a small business audit, or when means of gaining assurance other than the systems based audit approach have been employed, some elements of the standard audit documentation will not be necessary and other standard forms should be used instead.
Officer reports should detail all irregularities found, and specify additional conditions/sanctions imposed. For example, warning letters, civil penalties, assessments issued. Further information on excise assessments can be found in EAIG guidance, including how to inform traders, who are joint and severally liable for the duty, of their liability.
While there are unresolved issues with regards to the credibility of the trader’s business, it wouldn’t be appropriate to score the risk to the revenue as low. However, it should be noted that the trader might be fully compliant with regards to excise, but may be understating sales to reduce his liability to VAT and/or Corporation Tax. Nevertheless, where there are doubts about the credibility of the business, further action must be taken. Not only is there the responsibility to bring it to the attention of the relevant section within the Department, but it should also increase the risk as an excise trader.
Reports to businesses
Officers should also normally confirm their findings, to the trader, in writing. Where officers are requesting that the trader complete a certain action, they must make it clear what will happen if the issue is not resolved to their satisfaction. See below for more detail.
Staff should raise matters that have come to their attention during the audit with the business’ management. To improve future compliance, the business should also be informed in writing of any system weaknesses and errors identified. Officers should also ask the business management to rectify the system, and to advise us of the action taken to do so.
Any suggestions for system improvements should also be included, and staff should follow this up to ensure that appropriate action has been taken on reported audit findings, and that the business has understood and assumed the risk of not taking corrective action. (For smaller businesses not under regular control, it is recognised that the follow-up action may be carried out by the next visiting officer).
Staff should re-evaluate the risk of non-compliance from the evidence of errors found in the assurance work, and any action taken by the business. The risk assessment should be revised where the risk was found to be different from what was understood prior to the assurance work. The notification of audit findings to the business is separate from the audit report, (which is not required to be issued to the business). Although it focuses on the work done and the specific results obtained, it should not be given a “clean certificate” of the business’ activities i.e. the impression that the business’ records are completely accurate and that the systems work fully, since this could prejudice future action.
Although there are no laid down requirements for when officers are required to issue correspondence following an audit, Charter Standards requires the Department to respond to trader’s correspondence within 10 days. Therefore, it is best practice to adhere to similar guidelines.