Corporate Governance Report
Statement of the Accountable Officer's Responsibilities
Under section 19(4) of the Public Finance and Accountability (Scotland) Act 2000, the Scottish Ministers have directed Revenue Scotland to prepare, for each financial year, a statement of accounts in the form and the basis set out in the Accounts Direction. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of Revenue Scotland and of its revenue and expenditure, statement of financial position and cash flows for the financial year.
The Chief Executive of Revenue Scotland is designated as the Accountable Officer for Revenue Scotland by the Permanent Secretary of the Scottish Government (SG), who is the Principal Accountable Officer for the Scottish Administration, in accordance with sections 14 and 15 of the Public Finance and Accountability (Scotland) Act 2000.
In preparing the accounts the Accountable Officer is required to comply with the requirements of the Government Financial Reporting Manual (FReM) and has:
- observed the Accounts Direction issued by Scottish Ministers, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis;
- made judgements and estimates on a reasonable basis;
- stated whether applicable accounting standards as set out in the FReM have been followed and disclose and explain any material departures in the financial statements; and
- prepared the accounts on a going concern basis.
The responsibilities of an Accountable Officer, including responsibility for the propriety and regularity of the public finances for which she is answerable, for keeping proper records and for safeguarding Revenue Scotland's assets, are set out in the Scottish Public Financial Manual.
The Accountable Officer may consult with the SG Chief Financial Officer (CFO) on any aspects of the duties applying to Accountable Officers in the Scottish Administration. The Accountable Officer must consult the CFO on any action which she considers is inconsistent with her duties on financial, regulatory or propriety grounds, and specifically where she seeks written authority from the Scottish Ministers or a direction from the Board of Revenue Scotland. In practice, she will delegate authority widely to other employees of Revenue Scotland but cannot, on that account, disclaim responsibility. The Chief Executive is responsible for informing the Principal Accountable Officer about any complaints about Revenue Scotland accepted by the Scottish Public Services Ombudsman (SPSO) for investigation and about the response to any subsequent recommendations from the SPSO.
I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information, and to establish that Revenue Scotland's auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.
I confirm that this Annual Report and Accounts, taken as a whole, is fair, balanced and understandable, and take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
Governance Statement
In the paragraphs below, I report on the governance arrangements in place within Revenue Scotland.
Governance Framework
Revenue Scotland is responsible for the collection and management of Scotland's wholly devolved taxes. The relevant powers and duties of Revenue Scotland, and of the Scottish Ministers are set out in the Revenue Scotland and Tax Powers Act 2014.
Scottish Ministers are responsible for appointing the Board of Revenue Scotland following a public appointment exercise, regulated by the Commissioner for Ethical Standards in Public Life in Scotland. Ministers must not direct, or otherwise seek to control Revenue Scotland in the exercise of its functions but they may give guidance. This guidance must be published and laid before the Scottish Parliament unless Ministers consider that to do so would prejudice the effective exercise by Revenue Scotland of its functions. Scottish Ministers are also responsible for tax policy and for setting rates, bands and thresholds relating to the devolved taxes, subject to the approval of the Scottish Parliament.
The Board of Revenue Scotland is responsible for the leadership and direction of the organisation and for ensuring that it carries out its statutory functions effectively and efficiently. It may delegate any of its functions to an individual Board member, a committee of the Board, the Chief Executive, or any other staff member, but retains responsibility for carrying out any function it delegates.
As the Chief Executive of Revenue Scotland, I am employed by, and accountable to, the Board of Revenue Scotland for the day-to-day running of the organisation and its operational performance.
I am supported in this role by the other members of the Senior Leadership Team (SLT), who oversee the day-to-day business of Revenue Scotland, with each member taking responsibility for a specific area. The SLT is made up of the Chief Executive, the Head of Tax, the Head of Corporate Functions and the Head of Legal.
Operation of the Governance Board and Committees
The Board is responsible for the functions and powers of Revenue Scotland and delegates authority to staff through a Scheme of Internal Delegation. The Board sets the strategic direction for the organisation, oversees Revenue Scotland's work and monitors performance including the design and operation of risk and governance frameworks. They do this through scrutiny (and where appropriate) approval of:
- Annual Business Plans and three year Corporate Plans;
- key strategies and policies;
- regular reports, including reports relating to risk management, performance, tax compliance, business continuity, staffing and health and safety, and changes in the devolved taxes;
- the Annual Reports and Accounts;
- reports from the Audit and Risk and Staffing and Equality Committees; and
- strategic engagement with key partners and customers.
I can report that in the course of the year, the Board met on ten occasions (2018-19: nine). During this time, the Board scrutinised a number of specific matters, including:
- making a number of significant decisions on LBTT and SLfT cases (in line with the Scheme of Internal Delegation);
- oversight of the implementation of the changes to LBTT rates; and
- strategic oversight of the LEAP programme including the replacement of the tax system.
I can also report that, during 2019-20, in line with best practice, the Board and its Committees have reviewed their effectiveness and the Chair has conducted individual Board appraisals.
Audit and Risk Committee
The remit of the Audit and Risk Committee is to support the Board and Accountable Officer by reviewing the comprehensiveness, reliability, and integrity of the assurances produced in support of financial reports. The Committee fulfils its role through:
- scrutiny of risk management arrangements;
- scrutiny of audit plans and reports;
- considering and monitoring of responses to recommendations from internal and external auditors and other bodies;
- review of the certificates of assurance produced by management as part of the financial reporting process, and the Chief Executive's Governance Statements; and
- overseeing the financial reporting process.
The terms of reference for the committee are published on Revenue Scotland's website within the Board Standing Orders.
Members of the committee in 2019-20 were Lynn Bradley (Chair), John Whiting and Jean Lindsay, who joined the Committee on 1 November 2019, and was replaced by Martin McEwen on 11 March 2020.
The Committee also has co-opted members, Steve Bruce who completed his term on 31 March 2020 and Simon Cunningham who joined the ARC in November 2019. Co-opted members do not form part of quorum and therefore do not have the same rights as Board members on the Committee.
The Committee is also attended by the Chief Executive, Head of Corporate Functions, Head of Tax, Head of Governance, Chief Accountant, and representatives of internal and external audit as well as other staff members as required.
I can report that the committee met five times in 2019-20, including a Special ARC to scrutinise the Annual Reports and Accounts (2018-19: four).
The committee reviewed its effectiveness using the checklist set out in the Scottish Government's Audit Committee Handbook and found no issues of concern which could affect its normal function.
In the course of the year, I can report that the Committee actively engaged in a number of relevant matters, including:
- Business Continuity Planning;
- Internal and External Audit;
- Review of the Corporate Risk Register; and
- 2019-20 Annual Report and Accounts.
Staffing and Equalities Committee
The Staffing and Equalities Committee's primary objective is to provide assurance to the Revenue Scotland Board on the establishment and maintenance of an effective framework and systems for the remuneration, performance, evaluation and welfare of staff, including equality and diversity. The terms of reference for the committee are published on Revenue Scotland's website within the Board's Standing Orders document.
The Committee comprises three Board members, Jane Ryder (Chair), John Whiting and Martin McEwen, who joined the Committee on 1 November 2019 and was replaced by Jean Lindsay on 11 March 2020. Staff attendees comprise the Chief Executive, Head of Corporate Functions, the Head of Tax, the Head of Legal, the Head of Organisational Development and the Head of Planning, Performance and Risk who has responsibility for Equalities. Further staff members attend as required.
I can report that the committee met four times during 2019-20 (2018-19: three) and engaged in a number of relevant matters including scrutiny of:
- delivery progress and evaluation of the People Strategy, and related workforce planning, learning and development plans;
- the development of the Scottish Tax Education Programme (STEP);
- performance against our Equalities Action Plan;
- the development of new Equality Outcomes and Action Plan for 2020-24; and
- the Equality Mainstreaming Report.
Assurances provided to the Chief Executive
I have received written assurances from members of my Heads of Service who have responsibility for the operation and effectiveness of internal controls within the Tax, Legal, Communications and Change, Organisational Development and Corporate Functions teams.
The assurances from Heads of Service raised the issue that Revenue Scotland were not fully compliant with Health and Safety best practice, particularly with regards to the operation of Health and Safety Committee and the inclusion of wider health and wellbeing being formally part of its remit. I can report that this has now been addressed. A revised Health and Safety Policy was approved by the Board in October 2020, and the Health and Safety Committee has been refreshed and will now meet regularly.
I have also received specific assurance from the Head of Tax to confirm that internal controls and training have now been strengthened as a result of the identification of an issue in the process of making 'Designated Officer' compliance decisions (for further detail see the Risk Management section below).
For those services which Revenue Scotland receives from the Scottish Government, I have received written assurance from the Scottish Government's Chief Financial Officer in respect of the financial systems, from the Scottish Government's Director for People in respect of the human resources (HR) services and payroll systems shared with Revenue Scotland and from Scottish Government's Director Digital in respect of digital corporate services shared with Revenue Scotland. No issues of significance were raised with me as part of these.
I requested further information and assurance from the Director for People concerning the need for progress on concluding revised arrangements with Revenue Scotland that reflect our status as a separate employer and am pleased to report that a commitment has been given to conclude these matters by the end of March 2021. I have also requested that the matters that I have raised are taken into account as part of the programme for development and reform of shared services.
I have also received assurance from the Accountable Officers of Registers of Scotland and the Scottish Environment Protection Agency in respect of the statutory functions delegated to them by Revenue Scotland. No issues of concern were raised by them.
These arrangements have been in operation throughout 2019-20, up to, and including the date of issue of these accounts.
In conclusion, I can confirm that, based on the aforementioned written assurances received, there were no other significant control weaknesses identified in the period under review.
Report on Personal Data Incidents
Revenue Scotland manages, maintains and protects all information according to the requirements of relevant legislation, its own information policies and best practice.
Revenue Scotland has an Information Assurance governance structure which prioritises and manages information risks. The governance structure:
- protects the organisation, its staff and our customers from information risks where the likelihood of occurrence and the consequences are significant;
- ensures adherence with statutory duties; and
- assists in safeguarding Revenue Scotland's information assets.
Revenue Scotland has a Senior Information Risk Owner (SIRO) and a number of Information Asset Owners (IAOs), who provide assurance to the SIRO that proper controls are in place. The SIRO role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland's business functions.
The IAOs are tasked with ensuring compliance with statutory duties, knowing what information assets they 'own' and what information they handle, along with the relevant security requirements, sensitivity, importance and protocols for sharing of information assets.
In addition, all staff are aware that they need to report any data breaches immediately to Revenue Scotland's IAO and SIRO. They are required to undertake regular training and information sessions. A refresh of the training sessions was completed mid-year and a schedule of workshops was held with each team on assuring our data.
During the year, there were four Information Commissioner's Office (ICO) Notifiable Incidents. The incidents related to six taxpayers and were reviewed by the Information Assurance Group and assessed by Data Protection Officer (DPO) and SIRO. A number of minor actions were agreed and implemented to reduce the risk of a re-occurrence.
Internal Audit
The Internal Audit service is provided by the Scottish Government's Directorate for Internal Audit and Assurance (DIAA). The Audit and Risk Committee reviewed and approved the audit plan produced by DIAA who present regular updates on progress of this plan to the Committee meetings.
During the year, DIAA completed audits on the following:
- Cheques and repayments;
- Conduct of reviews; and
- Assurance Map – Advisory Audit.
In terms of the overall assessment for each audit, 'substantial' assurance was awarded to the audit on conduct of reviews[4] and 'limited' assurance was given to the audit on cheques and repayments. One high priority recommendation was made about the segregation of duties for repayments and further recommendations relating to cheques and repayments were medium priority (two) and low priority (one). Revenue Scotland welcomed the recommendations made through the audit report, and through the appointment of a lead reviews officer, successfully addressed all issues raised.
Follow-up audits were completed on:
- Protecting Taxpayer Information;
- Enquiries and Penalties;
- Shared Services; and
- Review and Validation of Key Performance Indicators Framework.
Progress was made on the implementation of recommendations from these reports meaning that controls in these areas improved during the year.
DIAA's overall annual assessment of Revenue Scotland's internal controls is 'reasonable'. This means that DIAA views Revenue Scotland's controls around risk management, governance, and control procedures as adequate, but requiring some improvement. This is a reduction on the 'substantial' assessment received last year. The organisation fully accepts all the recommendations made and is committed to addressing all the issues raised. The Audit and Risk Committee views the assessment as a fair reflection of Revenue Scotland's position based on the evidence reviewed by DIAA.
External Audit
External Audit is provided by Audit Scotland. Mark Taylor, Director of Audit is appointed under the Public Finance and Accountability (Scotland) Act 2000 to carry out the external audit of Revenue Scotland. During the year, the Audit and Risk Committee scrutinised Audit Scotland's audit plan and received regular updates from them. Reporting on the 2019-20 Interim Audit, Audit Scotland identified several control weaknesses. Audit Scotland was content that Revenue Scotland's control environment was operating effectively for the Resource Accounts. As a result of COVID-19, and the control issues identified, Audit Scotland took limited assurance over the controls operating for the Devolved Taxes Accounts and took a substantive approach for the Devolved Taxes. Some less significant issues were identified and were discussed with management. Management welcomed the recommendations from Audit Scotland and actions have been agreed. See the Independent Auditor's Report.
Assessment of Corporate Governance
Revenue Scotland has developed a system of internal controls and policies which have been designed to safeguard its assets, data and ensure the reliability of financial records in relation to operational and tax duties. These controls are subject to review by management on a regular basis and undergo formal review by both Internal and External Audit, whose reports are made available to the Audit and Risk Committee.
I have assessed our corporate governance arrangements and confirm that they comply with generally accepted best practice principles and relevant guidance.
Risk Management
I can report that a number of issues arose during the year, and during the period up to signing of the Accounts.
- The programme to develop a new tax system (SETS) posed a number of significant risks, both to delivery of the new system and delivery of business as usual (BAU). In addition it was crucial to ensure data security through the transition from one system to another, and to support taxpayers and their agents; maintaining Revenue Scotland's reputation and relationships. The Programme Board, Senior Leadership Team and the Revenue Scotland Board provided scrutiny throughout. Delivery risks were successfully identified and controls put in place to manage these. In addition, the programme was subject to scrutiny through Gateway Reviews and a Digital First Assessment. The new system was launched on time and on budget in July 2019. BAU was maintained, and KPIs were generally maintained or improved compared to the previous year.
- It was identified that some compliance decisions reserved to 'Designated Officers' (DOs) had been taken by staff who had not been formally designated. I took action to identify the nature and scope of the issue, and sought assurance through Internal Audit and an independent expert to support this process. Controls have now been put in place to prevent reoccurrence, including more robust processes and specific training. This has also been incorporated into STEP training. A project was established to consider affected cases afresh and to contact the relevant taxpayers to inform them of the issue and the decision of the Designated Officer on their case. These cases are now complete.
- We have engaged in a number of significant tax litigation cases which placed a significant burden on a number of key staff from across the organisation.
- A decision of the Upper Tribunal for Scotland clarified the legislative process in respect of daily penalties notices. In consequence, Revenue Scotland's process of issuing one combined tax penalty notice ceased and instead two separate notices for different stages of the daily penalties processes were required. The issuing of daily penalties was suspended pending consideration and a change has subsequently been made to the LBTT legislation to resolve this issue. This suspension was extended as a result of COVID-19, and issue of penalties is expected to resume soon.
- At the end of the year, and in the subsequent period up until signing of the Accounts, Revenue Scotland was impacted heavily by COVID-19. Activity in 2019-20 was focused on putting in place governance arrangements to scrutinise the implementation of an Incident Response Plan and monitor organisational performance. Specific risks were identified, and controls put in place to manage them. Drawing upon previous experience from adverse weather events and Business Continuity Planning exercises, Revenue Scotland moved swiftly to a remote operating model, supporting staff and continuing to provide excellent service for taxpayers. In the period before signing of the Accounts, this governance and risk management has been incorporated into BAU and informs the current risk management framework. In addition, work has commenced on a project to use this experience of a completely remote operating model, to develop and implement plans to realise the benefits of both remote and office based working in future.
This past year has been a significant one for Revenue Scotland, with the successful delivery of the SETS system and the STEP programme, along with management of risks and issues arising through the year. I am confident that as issues have arisen they have been appropriately dealt with. However, this has had an impact on the resources available for some of the priorities set out at the beginning of the year.
In particular, these resourcing pressures have had an impact on delivery of the LBTT Compliance Plan for 2019-20, due to the need to draw upon the expertise of key tax staff. This impact has been monitored by Management, and Compliance Plans are being reshaped to reflect this. The three-year window for tax enquiries means that while there has been a short-term impact on compliance activity, this need not have a longer term impact.
Engagement with staff also suggests that the scale of workload and priorities experienced during the year has also contributed to a lower Employee Engagement Index in the 2019 Civil Service People Survey (KPI 7) in 2019-20. In response to the People Survey results, an action plan has been co-produced with staff and changes have been implemented. The risk management framework for the organisation includes controls and actions in relation to staff engagement and this will continue to be monitored.
I have considered our response to issues and risks and the considerable pressures faced during the year. I can report that responses have been consistent with the organisation's frameworks of governance, planning and performance management, risk management, and incident response. Responses have identified, considered and mitigated where appropriate the potential impacts on; achievement of business objectives, regularity, propriety, openness, transparency and Value for Money (VfM), using an evidence-based, risk management approach.
I can report that, in July 2020, our risk performance has been assessed as "Managed" against the Risk Maturity Model provided for in the Revenue Scotland Risk Management Framework. This assessment means that the organisation's risk maturity has improved since last year and reflects a further integration of risk management practice and behaviours across the organisation, and a strengthening of risk governance by the Senior Leadership Team.
I have assessed our risk management arrangements and confirm that they accord with the guidance set out in the SPFM. In addition, as part of the year end Certificates of Assurance process the assessment of risk throughout the year contributes to the overall confidence assessment offered, further confirming that robust arrangements and practices were in operation throughout the year 2019-20.
Parliamentary Scrutiny
As a Non-Ministerial Office, Revenue Scotland is accountable to the Scottish Parliament and, as such, can be called to appear before parliamentary committees to provide updates on operational matters, give evidence on tax-related matters or provide written statements.
Revenue Scotland's Corporate Plan, supporting legislation and this annual report are published documents. The Corporate Plan 2018-21, on which this document reports, was approved by Scottish Ministers and laid before the Scottish Parliament in April 2018, and this report was laid before Parliament on 25 November 2020.
Both Corporate Plans, all annual reports and accounts and minutes of the Revenue Scotland Board meetings are available to download on our website.
Elaine Lorime
Chief Executive of Revenue Scotland and Accountable Officer