Statement of the Accountable Officer’s responsibilities
Under section 19(4) of the Public Finance and Accountability (Scotland) Act 2000, Scottish Ministers have directed Revenue Scotland to prepare for each financial year a statement of accounts in the form and on the basis set out in the Accounts Direction. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of Revenue Scotland and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.
In preparing the accounts, the Accountable Officer is required to comply with the requirements of the Government Financial Reporting Manual (FReM) and in particular to:
- observe the Accounts Direction issued by Scottish Ministers, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis
- make judgements and estimates on a reasonable basis
- state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the financial statements
- prepare the financial statements on a going concern basis
- confirm that the Annual Report and Accounts as a whole is fair, balanced and understandable and take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable
The Permanent Secretary of the Scottish Government (SG), who is the Principal Accountable Officer for the Scottish Administration has designated, in accordance with sections 14 and 15 of the Public Finance and Accountability (Scotland) Act 2000, the Chief Executive of Revenue Scotland as Accountable Officer for Revenue Scotland.
The responsibilities of an Accountable Officer, including responsibility for the propriety and regularity of the public finances for which they are answerable, for keeping proper records and for safeguarding the Revenue Scotland’s assets, are set out in the Scottish Public Finance Manual.
The Accountable Officer may consult with the SG Chief Financial Officer (CFO) on any aspects of the duties applying to Accountable Officers in the Scottish Administration. The Accountable Officer must consult the CFO on any action which they consider is inconsistent with their duties on financial, regulatory or propriety grounds, and specifically where they seek written authority from the Scottish Ministers or a direction from the Board of Revenue Scotland. In practice, the Chief Executive will delegate authority widely to other employees of Revenue Scotland but cannot, on that account, disclaim responsibility. The Chief Executive is responsible for informing the Principal Accountable Officer about any complaints about Revenue Scotland accepted by the Scottish Public Services Ombudsman (SPSO) for investigation and about the response to any subsequent recommendations from the SPSO.
As the Accountable Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that Revenue Scotland’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.
I confirm that this Annual Report and Accounts, taken as a whole, is fair, balanced and understandable, and I take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
In the paragraphs below, I report on the governance arrangements in place within Revenue Scotland.
Revenue Scotland is responsible for the administration and collection of Scotland’s wholly devolved taxes. The relevant powers and duties of Revenue Scotland, and of the Scottish Ministers are set out in the Revenue Scotland and Tax Powers Act 2014.
Scottish Ministers are responsible for appointing the Board of Revenue Scotland following a public appointment exercise, regulated by the Commissioner for Ethical Standards in Public Life in Scotland.
Ministers must not direct, or otherwise seek to control Revenue Scotland in the exercise of its functions but they may give guidance. This guidance must be published and laid before the Scottish Parliament unless Ministers consider that to do so would prejudice the effective exercise by Revenue Scotland of its functions. Scottish Ministers are responsible for setting rates, bands and thresholds relating to the devolved taxes, subject to the approval of the Scottish Parliament.
The Board of Revenue Scotland is collectively responsible for the leadership and direction of the organisation and for ensuring that it carries out its statutory functions effectively and efficiently. It may delegate any of its functions to an individual Board member, a committee of the Board, the Chief Executive, or any other staff member, but it will retain its responsibility for carrying out its function.
As the Chief Executive of Revenue Scotland, I am employed by, and accountable to, the Board of Revenue Scotland for the day-to-day running of the organisation and its operational performance. In this role I seek assurance that appropriate controls are in place across the organisation, and in respect of the partners whom we rely on to support us in delivering our objectives, and I can confirm that these have been in operation during 2021-22 and to the date of signing these accounts.
I am supported by the Senior Leadership Team (SLT), who oversee the day-to-day business of Revenue Scotland, with each member taking responsibility for a specific area. The SLT is made up of the Chief Executive, the Head of Tax, the Head of Corporate Functions and the Head of Legal Services.
Operation of the Board and committees
The Board is responsible for the functions and powers of Revenue Scotland and delegates authority to staff through a Scheme of Internal Delegation. The Board sets the strategic direction for the organisation, oversees Revenue Scotland’s work and monitors performance including the design and operation of risk and governance frameworks. They do this through scrutiny and, where appropriate, approval of:
- corporate plans and business plans
- key strategies and policies
- regular reports, including reports relating to risk management, performance, tax compliance, business continuity, staff, health and safety, and changes in the devolved taxes
- scrutiny of the Annual Reports and Accounts
- reports from the Audit and Risk and Staffing and Equalities Committees
- strategic engagement with key partners and customers.
I can report that during 2021-22 the Board met on eight occasions including two strategy meetings (2020-21: eight). During this time the Board scrutinised and considered a number of specific matters including:
- decisions on LBTT and SLfT cases, including delegation of any necessary decisions on LBTT compliance cases, where the amount exceeded the delegated limits under the Schemeof Internal Delegation, to the Chief Executive;
- oversight of litigation cases and the implications for the organisation following the outcome;
- strategic oversight of draft Tax Settlement and Litigation Principles;
- approving the Corporate Plan 2021-24 and recommending its submission to Scottish Ministers for approval in accordance with the requirements set out in the Revenue Scotland and Tax Powers Act;
- strategic oversight of the Future’s Programme to establish a new way of working and piloting a return to the office in light of the experience of working remotely as a result of COVID-19
Audit and Risk Committee
The purpose of the Audit and Risk Committee is to support the Board and Accountable Officer by reviewing the comprehensiveness, reliability and integrity of the assurances produced in support of the financial statements. The terms of reference of the committee are published on Revenue Scotland’s website within the Board’s standing orders.
The committee fulfils its role through:
- scrutiny of risk management arrangements
- regular liaison with internal and external audit and scrutiny of their plans and reports
- considering and monitoring of responses to recommendations from internal and external auditors and other bodies
- review of the certificates of assurance produced by management as part of the financial reporting process and the Chief Executive’s governance statement, and
- overseeing the financial reporting process.
Members of the committee during 2021-22 were Lynn Bradley (Chair until 31 December 2021 and member until June 2022), Martin McEwen (Chair from 1 January 2022), Simon Cunningham and John Whiting (until June 2021). Robert MacIntosh joined this committee in 2022-23.
The committee is also attended by the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of Governance, Chief Accountant and representatives of internal and external audit as well as other staff as required.
I can report that during 2021-22 the committee met five times (2020-21: five).
The committee reviewed its effectiveness using the checklist set out in the Scottish Government’s Audit Committee Handbook and found no issues of concern which could affect its normal function.
Staff and Equalities Committee
The Staffing and Equalities Committee’s primary purpose is to provide assurance to the Revenue Scotland Board on the establishment and maintenance of an effective framework and systems on matters of strategic people issues including workforce planning, staff welfare, performance management, learning and development, health and safety and equality and diversity. The terms of reference for the committee are published on Revenue Scotland’s website within the Board’s standing orders.
The committee comprised of two Board members during 2021-22; Jean Lindsay (Chair) and John Whiting (until 30 June 2022). Idong Usoro and Ken Macintosh joined the committee in 2022-23, bringing the membership to three. Staff attendees comprise the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of People Services and Head of Governance. Further staff members attend as required.
I can report that during 2021-22 the committee met three times (2020-21: three) and engaged in a number of relevant matters including supporting the development and scrutiny of:
- People strategy and subsequent action plan
- workforce planning
- health, safety and wellbeing
- equality and diversity.
Assurances provided to the Chief Executive
I have received written assurances from members of my Heads of Service who have responsibility for the operation and effectiveness of internal controls within the Tax, Legal and Corporate Functions teams. No significant matters were identified through this process.
The 2020-21 report highlighted the work that was being undertaken to embed our equalities policy and practice throughout the organisation. These assurances from my Heads of Service note the progress that has been made in this important area over the last year and I look forward to further progress being made over the next year to achieve our objective of embedding consideration of equality and diversity as part of our strategic and operational decision-making.
I have received assurance from the Accountable Officer of the Scottish Environment Protection Agency (SEPA) in respect of the statutory functions delegated to them by Revenue Scotland. No significant issues were raised with me as part of this process.
Last year only limited assurance could be provided on the effectiveness of shared data controls, and the impact to SEPA (as regulator) of the Scottish Landfill Communities Fund (SLCF), following the cyber-attack on them in December 2020. I am pleased to report that no further issues of concern have been raised in this regard and that full assurance has been provided.
For those services for which Revenue Scotland receives from the Scottish Government, I have received assurance from the Scottish Government’s Chief Financial Officer in respect of financial systems, the Scottish Government’s Director for People in respect of Human Resources (HR) services and payroll systems shared with Revenue Scotland and from the Scottish Government’s Director of Digital, in respect of digital corporate services shared with Revenue Scotland. No significant issues were raised with me as part of these.
In conclusion, I can confirm that, based on the aforementioned written assurances received, there were no significant control weaknesses identified in the period under review.
Report on personal data incidents Revenue Scotland manages, maintains and protects all information according to the requirements of relevant legislation, its own information policies and best practice.
Revenue Scotland has an Information Assurance governance structure which prioritises and manages information risks.
The governance structure:
- protects the organisation, its staff and our customers from information risks where the likelihood of occurrence and the consequences are significant
- ensures adherence with statutory duties and
- assists in safeguarding Revenue Scotland’s information assets.
Revenue Scotland has a Senior Information Risk Owner (SIRO) and a number of Information Asset Owners (IAOs), who provide assurance to the SIRO that proper controls are in place. The SIRO role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland’s business functions.
The IAOs are tasked with ensuring compliance with statutory duties, knowing what information assets they ‘own’ and what information they handle, along with the relevant security requirements, sensitivity, importance and protocols for sharing of information assets.
During the course of the year, there were five issues relating to minor data losses (mainly by email) which were reported and dealt with internally. The losses were resolved quickly and mitigations put in place. None of the losses met the threshold of being reportable to the Information Commissioner’s Office. There were no security incidents involving any physical losses such as paper files or laptops.
As a non-ministerial office, Revenue Scotland is accountable to the Scottish Parliament and, as such, can be called to appear before parliamentary committees to provide updates on operational matters, give evidence on tax related matters or provide written statements.
Revenue Scotland’s Corporate Plan, supporting legislation and this Annual Report are published documents. The Corporate Plan 2021-24, on which this document reports, was approved by Scottish Ministers and laid before the Scottish Parliament in November 2021 and this report will be laid before Parliament in November 2022.
Corporate plans, all annual reports and accounts and minutes of Revenue Scotland Board meetings are available on our website.
Revenue Scotland’s internal audit service is provided by the Scottish Government’s Directorate for Internal Audit and Assurance (DIAA), who produce an annual audit plan.
The Audit and Risk Committee reviewed and advised the Board and Accountable Officer on the audit plan. Regular updates on progress against the audit plan are presented by DIAA to the Audit and Risk Committee’s meetings.
During the year, DIAA completed audits on the following:
- Review of debt management arrangements
- Review of capability and capacity.
The audit of Revenue Scotland’s debt management arrangements received a “substantial” assurance rating, demonstrating the risk, governance and control processes to be effective in the supporting the delivery of objectives in this area.
An assurance rating at the upper-end of “reasonable” was awarded in respect of the audit of capability and capacity.
Management recognised the need to take further action to manage resourcing challenges and work is underway to build in resilience and succession planning for key roles. Revenue Scotland has plans to consider how best to measure effectiveness of available capacity to identify efficiencies to help address capacity challenges.
Follow-up audits were completed on:
- 2020-21 Governance and Compliance Review; and
- Review of Operational Decisions Made as a Result of COVID-19 2020-21.
The overall annual assessment of Revenue Scotland’s internal controls provided by DIAA is ‘substantial assurance’ for the second year running. This is a significant achievement and means that DIAA continues to view Revenue Scotland’s risk, governance and control procedures to be effective in supporting the delivery of its objectives.
Any exposure to potential weakness is low and the materiality of any consequent risk is considered to be negligible. The Audit and Risk Committee members are delighted with the assurance assessment awarded and are committed to working with the executive to ensure that this is maintained in future.
DIAA noted robust controls over the process. They welcomed the strong ‘tone-from-the- top’ and a culture of seeking opportunities for further improvement, in both services provided to the taxpayer and in the organisation’s internal processes. Reviewers noted that those involved in the process were proactive in seeking continuous improvement, regularly suggesting potential areas where processes could be further enhanced.
DIAA did not identify any issues in 2021- 22 as a result of the Scottish Environment Protection Agency information loss due to a cyber-attack in December 2020, where data relating to Scottish Landfill Communities Fund (SLCF) was lost; restricting Revenue Scotland’s ability to report on SLCF in last year’s annual report. As a result of this, Revenue Scotland’s approach to cyber controls will be considered as part of the review of the planned review of hybrid working taking place in 2022-23 and continues to remain a high priority for Revenue Scotland.
The Audit and Risk Committee views the assessment as a fair reflection of Revenue Scotland’s position based on the evidence reviewed by DIAA.
External Audit is provided by Audit Scotland. Mark Taylor, Audit Director is appointed under the Public Finance and Accountability (Scotland) Act 2000 to carry out the external audit of Revenue Scotland and the devolved taxes. During the year, the Audit and Risk Committee scrutinised Audit Scotland’s audit plan and received regular updates from them. The Independent Auditor’s Report can be found on pages 17-21.
As part of the 2020-21 audit undertaken by Audit Scotland, five matters were highlighted for attention, namely:
|Working papers||The audit could be delayed and the opinion impacted||Management continued to review and improve audit working papers for 2021-22|
|Payables controls||Devolved tax payables balance could be overstated||Additional functionality was introduced into the tax system which has led to a decrease in the payables balance|
|ADS repayments||The risk-based methodology does not target the highest areas of risk||ADS cases are being assessed for risk prior to repayment|
|Compliance activity||Compliance work is not effective||Compliance plans continue to appropriately address risks.|
|Procurement||Contracts may not be managed effectively||Work commenced on addressing procurement risks in 2021-22 and will continue in 2022-23|
Audit Scotland has reviewed these during their audit of 2021-22 and reported its conclusions in its Annual Audit Report 2021-22. Audit Scotland did not find any significant weaknesses in internal controls which require to be reported during its interim audit.
Assessment of corporate governance Revenue Scotland has developed a system of internal controls and policies which have been designed to safeguard its assets, data and ensure the reliability of financial records in relation to operational and tax duties.
I have ensured that these controls have been subject to review by management on a regular basis. They also undergo formal review by both Internal and External Audit, whose reports are made available to the Audit and Risk Committee. I have assessed our corporate governance arrangements and confirm that they comply with generally accepted best practice principles and relevant guidance.
I have assessed our risk management arrangements and confirm that they are in accordance with the guidance set out in the Scottish Public Finance Manual. The year-end Certificates of Assurance include a dedicated section assessing the effectiveness of Revenue Scotland’s risk management approach over the year and no significant control matters were raised. This, alongside the assessment of risk throughout the year, contributes to my overall confidence assessment offered; further confirming that robust arrangements and practices were in operation throughout 2021-22. I was also pleased to receive a ‘substantial assurance’ rating from our internal auditors in respect of our risk, control and governance procedures, confirming my assessment.
Elaine Lorimer – Chief Executive and Accountable Officer of Revenue Scotland