TCRM3342 - The Business Risk Review (BRR+): Business Risk Review (BRR+) Assessment indicators: Risk Assessing Across Taxes: Systems and Delivery
Systems and Delivery is about assessing the customers’ ability to deliver the right tax at the right time. The CCM and the Tax Specialists should consider the size and complexity of the business, as well as the landscape in which it operates, when determining the systems, processes and resources needed for a customer to meet its tax obligations.
There are two key aspects to consider when evaluating systems and delivery:
- Are the systems and processes adequate? This is a competency test. Does the customer have the appropriate systems and processes and a sufficiently resourced tax team in place to be able to deliver the right tax at the right time? This test might not be met if, for example, systems are under-funded or processes are not fit for purpose. Does the customer meet the digital record keeping and return requirements for Making Tax Digital, where applicable? It would be a concern if the customer’s tax team is regularly short-staffed/over-stretched. Every business will need to train and develop people, especially those in new or changed roles; but if key established people in the tax team are not sufficiently skilled and knowledgeable, then that would be a concern. Evidence of these risks being present might be basic and/or repeated errors coming to light.
- Are the systems and processes used to deliver the right tax at the right time? This is a behavioural test. For example, does the company use its systems, processes, knowledge and skills in such a way to ensure that tax is accounted for in a way which HMRC would consider correct? Evidence that this test has not been met could include regular error-correction notices which favour the customer’s position rather than taking a balanced view.
We want to encourage good systems and processes to support tax compliance but we recognise it is not feasible or time/cost-effective to review processes and systems for all risk areas. The aim is therefore to focus on identifying significant risk areas or key events. There will be occasions where HMRC has not tested a system or process and therefore cannot say with confidence that the tax is being adequately delivered. HMRC will not automatically default to regarding any such untested systems as High Risk. Instead, subject to the scope and impact of the systems in question and subject to the customer having a good track-record when it comes to systems and processes compliance, HMRC will tend to regard the untested areas as Low Risk unless there are specific material concerns which warrant closer review. This will be at the discretion of the CCM.
The existence of robust systems and processes demonstrates that a customer has a sustainable ongoing tax compliance process which requires minimal HMRC intervention. CCM’s will work closely with both Audit (where appropriate) and Tax Specialists to understand whether the customer is managing a key risk adequately through their systems and processes.
Additional Information on Low Risk Indicators
Low Risk Indicator 5 - A tax risk and controls matrix refers to a document held by the customer for their own use which documents those areas in which the customer has identified potential for error and detailed the steps in place to mitigate the risk of error. HMRC does not require a register of uncertain tax positions adopted by the customer which are currently disputed or open to interpretation.
The Systems and Delivery risk indicators are contained within the below document along with expectations as to when a customer would be Low Risk, Moderate Risk, Moderate - High Risk and High Risk.