How have companies responded to SAO?

Companies responding

The main focus for many SAOs is achieving compliance with the new legislation and over 77% of respondents from our recent poll commissioned some kind of review in year one. Approaches to these reviews have differed depending on the nature of the business and its tax profile but we have found that there are some common steps that most businesses have taken toward achieving compliance.

Step 1: Plan

Understanding the legislation is crucial in determining its impact on the business, so time has been invested by many businesses in getting to grips with the requirements. In doing so, it has become clear that the legislation covers a broad range of taxes and involves people and systems across the business, not just within tax. Assessing the scope of the review to be undertaken, who is responsible for the different areas of tax, the systems and processes involved, the potential areas of risk and an appropriate level of materiality to be applied have been central to the planning stage. See In all material respects for further observations on applying materiality in the context of SAO.

Step 2: Review

To identify and prioritise areas of weakness and risk, businesses have been reviewing existing structures, processes and arrangements in the context of available information regarding HMRC’s expectations and industry practice. For higher-risk areas some clients have walked through processes, testing controls and outputs in detail. For lower-risk areas, issues can usually be spotted through discussion with the team involved. Having identified areas for improvement, businesses then look to develop and agree a plan for addressing the gaps, setting out who is responsible and when they need to deliver. See Common areas of risk for more details.

Step 3: Improve

The improvement phase is about rectifying areas of weakness and risk identified in the review phase. Improvements undertaken by businesses range from exercises involving key systems, e.g. improving the use of VAT codes within the Accounts Payable process, to simply improving communication between tax and the business through a weekly update meeting. In appropriately addressing these issues HMRC are able to see that existing exposures and errors should not recur.

Many businesses have sought to engage with their Customer Relationship Manager (CRM) throughout these steps and most have reported back to them at this stage regarding the risks identified and actions taken. See Engaging with HMRC for further information.

Step 4: Certify

Clients are now pulling together the outputs from the first three steps and looking to report back on progress to their SAO, along with recommendations as to the content of the final certificate. One client is revisiting its original risk analysis and testing the outputs of each of the improvement projects to ensure that the key issues identified are now being effectively addressed. Another client has worked through all the issues identified in step two and considered for each whether it is something significant which will need to be disclosed in the certificate, important enough to discuss separately with their CRM but not included in the certificate, or simply noted for follow-up internally. See The SAO certificate – what you may wish to include and how much to disclose for further detail.

Step 5: Sustain

Those clients that have got to this point are focused on achieving ongoing compliance. They are drawing on the work of the first year to establish a framework of controls and processes which support the completion of annual certification. Some groups are seeking to develop a process which sits alongside existing sign offs, such as the management representation letters on the statutory accounts, and enables SAO compliance without significant additional administrative hassle. See Beyond year one - ongoing monitoring and assurance for further discussion.

We have found that just over 20% of groups have not undertaken such a review. This could be due to a high level of confidence in the existing arrangements, although more commonly it is down to other pressures, leaving no resource for the work. If your company falls into this category visit our If you do nothing else before submitting the certificate section for some practical suggestions on the key steps to take now and consider undertaking a review as part of your monitoring activity in year two.