Corporate Governance Report
Statement of the Accountable Officer’s responsibilities
Under section 19(4) of the Public Finance and Accountability (Scotland) Act 2000, Scottish Ministers have directed Revenue Scotland to prepare for each financial year a statement of accounts in the form and on the basis set out in the Accounts Direction. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of Revenue Scotland and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.
In preparing the accounts, the Accountable Officer is required to comply with the requirements of the Government Financial Reporting Manual (FReM) and in particular to:
- observe the Accounts Direction issued by Scottish Ministers, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis
- make judgements and estimates on a reasonable basis X state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the financial statements
- prepare the financial statements on a going concern basis
- confirm that the Annual Report and Accounts as a whole is fair, balanced and understandable and take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
The Permanent Secretary of the Scottish Government (SG), who is the Principal Accountable Officer for the Scottish Administration has designated, in accordance with sections 14 and 15 of the Public Finance and Accountability (Scotland) Act 2000, the Chief Executive of Revenue Scotland as Accountable Officer for Revenue Scotland.
The responsibilities of an Accountable Officer, including responsibility for the propriety and regularity of the public finances for which they are answerable, for keeping proper records and for safeguarding the Revenue Scotland’s assets, are set out in the Scottish Public Finance Manual.
The Accountable Officer may consult with the SG Chief Financial Officer (CFO) on any aspects of the duties applying to Accountable Officers in the Scottish Administration. The Accountable Officer must consult the CFO on any action which they consider is inconsistent with their duties on financial, regulatory or propriety grounds, and specifically where they seek written authority from the Scottish Ministers or a direction from the Board of Revenue Scotland. In practice, the Chief Executive will delegate authority widely to other employees of Revenue Scotland but cannot, on that account, disclaim responsibility. The Chief Executive is responsible for informing the Principal Accountable Officer about any complaints about Revenue Scotland accepted by the Scottish Public Services Ombudsman (SPSO) for investigation and about the response to any subsequent recommendations from the SPSO.
As the Accountable Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that Revenue Scotland’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.
I confirm that this Annual Report and Accounts, taken as a whole, is fair, balanced and understandable, and I take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
Governance Statement
In the paragraphs below, I report on the governance arrangements in place within Revenue Scotland.
Governance Framework
Revenue Scotland is responsible for the administration and collection of Scotland’s wholly devolved taxes. The relevant powers and duties of Revenue Scotland, and of the Scottish Ministers are set out in the Revenue Scotland and Tax Powers Act 2014. Scottish Ministers are responsible for appointing the Board of Revenue Scotland following a public appointment exercise, regulated by the Commissioner for Ethical Standards in Public Life in Scotland.
Ministers must not direct, or otherwise seek to control Revenue Scotland in the exercise of its functions but they may give guidance. This guidance must be published and laid before the Scottish Parliament unless Ministers consider that to do so would prejudice the effective exercise by Revenue Scotland of its functions. Scottish Ministers are responsible for setting rates, bands and thresholds relating to the devolved taxes, subject to the approval of the Scottish Parliament.
The Board of Revenue Scotland is collectively responsible for the leadership and direction of the organisation and for ensuring that it carries out its statutory functions effectively and efficiently. It may delegate any of its functions to an individual Board member, a committee of the Board, the Chief Executive, or any other staff member, but it will retain its responsibility for carrying out its function.
As the Chief Executive of Revenue Scotland, I am employed by, and accountable to, the Board of Revenue Scotland for the day-to-day running of the organisation and its operational performance. In this role I seek assurance that appropriate controls are in place across the organisation, and in respect of the partners whom we rely on to support us in delivering our objectives, and I can confirm that these have been in operation during 2022-23 and to the date of signing these accounts.
I am supported by the Senior Leadership Team (SLT), who oversee the day-to-day business of Revenue Scotland, with each member taking responsibility for a specific area. The SLT is made up of the Chief Executive, the Head of Tax, the Head of Corporate Functions and the Head of Legal Services.
Operation of the Board and committees
The Board is responsible for the functions and powers of Revenue Scotland and delegates authority to staff through a Scheme of Internal Delegation. The Board sets the strategic direction for the organisation, oversees Revenue Scotland’s work and monitors performance including the design and operation of risk and governance frameworks. They do this through scrutiny and, where appropriate, approval of:
- corporate plans and business plans
- key strategies and policies
- X regular reports, including reports relating to risk management, performance, tax compliance, business continuity, staff, health and safety, and changes in the devolved taxes
- scrutiny of the Annual Reports and Accounts
- reports from the Audit and Risk and Staffing and Equalities Committees
- strategic engagement with key partners and customers.
I can report that during 2022-23 the Board met on seven occasions including a strategy meeting (2021-22: eight). During this time the Board scrutinised and considered a number of specific matters including:
- decisions relating to the Scottish Landfill Communities Fund
- oversight of Revenue Scotland’s review of its future operating model and approach to hybrid working
- oversight of tax and litigation cases and the implications for the organisation following the outcome
- strategic oversight of the development of our Tax Settlement and Litigation Principles
- reviewing the terms of reference for the Staffing and Equalities Committee to ensure that it continues to meet the needs
- approval of revisions to governance documents including the Scheme of Internal Delegation and the Code of Conduct for Revenue Scotland Board members.
Audit and Risk Committee
The purpose of the Audit and Risk Committee is to support the Board and Accountable Officer by reviewing the comprehensiveness, reliability and integrity of the assurances produced in support of the financial statements. The terms of reference of the committee are published on Revenue Scotland’s website within the Board’s standing orders. The committee fulfils its role through:
- scrutiny of risk management arrangements
- regular liaison with internal and external audit and scrutiny of their plans and reports
- considering and monitoring of responses to recommendations from internal and external auditors and other bodies
- review of the certificates of assurance produced by management as part of the financial reporting process and the Chief Executive’s governance statement, and
- overseeing the financial reporting process
Members of the committee during 2022-23 were Martin McEwen (Chair), Simon Cunningham and Robert MacIntosh. Lynn Bradley served until June 2022.
The committee is also attended by the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of Governance, the Chief Accountant and representatives of internal and external audit as well as other staff as required.
I can report that during 2022-23 the committee met seven times (2021-22: five).
The committee reviewed its effectiveness, using the checklist set out in the Scottish Government’s Audit Committee Handbook, in early 2023-24 and found no issues of concern which could affect its normal function.
Staff and Equalities Committee
The Staffing and Equalities Committee advises and provides assurance to the Revenue Scotland Board and Accountable Officer on issues relating to: people; equality, diversity and inclusion; and health, safety and wellbeing.
During 2022-23 the Revenue Scotland Board reviewed the operation of the committee and agreed to pilot changes during 2023-24 aimed at ensuring a more strategic focus for the committee.
The terms of reference for the committee are published on Revenue Scotland’s website within the Board’s Standing Orders.
The committee comprised three Board members during 2022-23; Jean Lindsay (Chair), Idong Usoro and Ken Macintosh. John Whiting served until June 2022. Staff attendees comprise the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of People Services and Head of Governance. Further staff members attend as required.
I can report that during 2022-23 the committee met three times (2021-22: three) and engaged in a number of relevant matters including supporting the development and scrutiny of:
- the People Strategy and subsequent action plan
- workforce planning
- health, safety and wellbeing
- equality and diversity.
Assurances provided to the Chief Executive
I have received written assurances from members of my Heads of Service who have responsibility for the operation and effectiveness of internal controls within the Tax, Legal and Corporate Functions teams. No significant matters were identified through this process.
The 2021-22 report highlighted the need to continue to strengthen health and safety systems within Revenue Scotland. I am pleased to report that progress has been made over the last year, particularly in respect of the arrangements for landfill site visits. At the time of writing, I am pleased to report that landfill site visits by Revenue Scotland staff are now able to resume. As we look ahead to the Scottish Aggregates Tax coming on stream, we are committed to further strengthening our health and safety controls as we become exposed to an additional high risk industry. We recognise the importance of proactively addressing potential risks and ensuring compliance with regulatory requirements in order to provide a safe system of work for our staff.
I have received assurance from the Accountable Officer of the Scottish Environment Protection Agency (SEPA) in respect of the statutory functions delegated to them by Revenue Scotland. No significant issues were raised with me as part of this process.
For those services for which Revenue Scotland receives from the Scottish Government, I have received assurance from the Scottish Government’s Chief Financial Officer in respect of financial systems, the Scottish Government’s Director for People in respect of Human Resources (HR) services and payroll systems shared with Revenue Scotland and from the Scottish Government’s Director of Digital, in respect of digital corporate services shared with Revenue Scotland. No significant issues were raised with me as part of these.
In conclusion, I can confirm that, based on the aforementioned written assurances received, there were no significant control weaknesses identified in the period under review.
Report on personal data incidents
Revenue Scotland manages, maintains and protects all information according to the requirements of relevant legislation, its own information policies and best practice.
Revenue Scotland has an Information Assurance governance structure which prioritises and manages information risks.
The governance structure:
- protects the organisation, its staff and our taxpayers from information risks where the likelihood of occurrence and the consequences are significant
- ensures adherence with statutory duties and
- assists in safeguarding Revenue Scotland’s information assets.
Revenue Scotland has a Senior Information Risk Owner (SIRO) and a number of Information Asset Owners (IAOs), who provide assurance to the SIRO that proper controls are in place. The SIRO role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland’s business functions.
The IAOs are tasked with ensuring compliance with statutory duties, knowing what information assets they ‘own’ and what information they handle, along with the relevant security requirements, sensitivity, importance and protocols for sharing of information assets.
During the course of the year, there were eight issues relating to minor data losses which were reported and dealt with internally. The losses were resolved quickly and mitigations put in place. None of the losses met the threshold of being reportable to the Information Commissioner’s Office. There were no security incidents involving any physical losses such as paper files or laptops.
Parliamentary scrutiny
As a Non-Ministerial Office, Revenue Scotland is accountable to the Scottish Parliament and, as such, can be called to appear before parliamentary committees to provide updates on operational matters, give evidence on tax related matters or provide written statements. Revenue Scotland’s Corporate Plan, supporting legislation and this Annual Report are published documents. The Corporate Plan 2021-24, on which this document reports, was approved by Scottish Ministers and laid before the Scottish Parliament in November 2021 and this report will be laid before Parliament in November 2023.
Corporate plans, all annual reports and accounts and minutes of Revenue Scotland Board meetings are available on our website.
Internal Audit
The Scottish Government’s Directorate for Internal Audit and Assurance (DIAA) provide Revenue Scotland’s internal audit service.
DIAA produce an annual audit plan which is reviewed by the Audit and Risk Committee, who provide advice on the plan to the Board and the Accountable Officer. Regular updates on progress against the audit plan are presented by DIAA to the Audit and Risk Committee’s meetings.
During the year, DIAA completed audits on the following:
- The review of Equalities and Diversity evaluated Revenue Scotland’s approach to embedding consideration of equality and diversity as part of strategic and operational decision-making. An upper-end of ‘reasonable’ assurance rating was awarded. The report indicated that Revenue Scotland was well placed to achieve its ambition to fully embed consideration of equality and diversity throughout its decision-making. Areas of improvement were identified which will: help ensure that a greater focus given at the strategic level; that effort is focused on areas of greatest impact and need; and that communications around outcomes are targeted those who will benefit most.
- The review of Litigation Decisions considered Revenue Scotland’s processes and governance around taking and responding top litigation decisions. An upper-end of ‘reasonable’ assurance rating was awarded. The report concluded that the organisation had developed an effective approach to litigation decisions. Areas for further improvement were identified to: further formalise the process and bring greater clarity and transparency to support those involved; build in resilience and scalability; and identify further opportunities to enhance processes.
- The review of Revenue Scotland’s Hybrid Working Pilot examined whether the organisation’s approach to considering and piloting hybrid working supports conclusions reached regarding next steps in moving out of the pilot and into business as usual. A ‘Substantial’ assurance rating was awarded in respect of this review. The report supported the approach that had been taken, which was seen to reflect good practice, and the conclusions reached regarding the next steps in moving out of the pilot and into the next stage
In addition, a follow-up review was conducted in respect of the 2021-22 Review of Capability and Capacity. This review considered the work that had been undertaken to better understand Revenue Scotland’s organisational capacity and to better understand what is optimum for the organisation. The review concluded further work was required and commended the good progress that had been made in researching available data and understanding the approaches taken in other organisations.
The overall annual assessment of Revenue Scotland’s internal controls provided by DIAA is ‘Substantial’. This means that DIAA continues to view Revenue Scotland’s risk, governance and control procedures to be effective in supporting the delivery of its objectives.
This is the third year running that Revenue Scotland has achieved such a rating and is a huge achievement for the organisation. This rating is testament to the importance placed on ensuring that risk, governance and control procedures are effective and continually reviewed and improved.
DIAA noted that their work consistently obtains evidence of a strong culture and ‘tone from the top’ regarding the maintenance of control over key processes and embedding effective governance. They also welcomed the action that had taken place to build in further resilience to staff turnover, which was an issue identified in their previous annual assurance report.
Members of the both the Board and the Audit and Risk Committee are delighted with this achievement and are committed to ensuring that this high standard is maintained in future years.
External Audit
External Audit is provided by Audit Scotland. Pauline Gillen, Audit Director is appointed under the Public Finance and Accountability (Scotland) Act 2000 to carry out the external audit of Revenue Scotland and the devolved taxes. During the year, the Audit and Risk Committee scrutinised Audit Scotland’s audit plan and received regular updates from them. The Independent Auditor’s Report can be found on page 17.
As part of the 2021-22 audit undertaken by Audit Scotland, two matters were highlighted for attention, namely:
Issue | Risk | Action taken |
Contingent assets: Deferrals |
Contingent assets may be overstated |
The process was revised to ensurereviews are conducted ontime and properly evidenced |
Payables controls |
Devolved tax payables balance could be overstated |
Investigation of historical credit balances was undertaken while developing internal processes for corrections |
Audit Scotland has reviewed these during their audit of 2022-23 and reported its conclusions in its Annual Audit Report 2022-23. Audit Scotland identified a small number of control weaknesses during the audit. These related to:
- one instance of a lack of evidence authorising the creation of a new user account on SETS;
- no regular account management meetings with the supplier of the tax finance system.
Arrangements have been put in place to correct these weaknesses.
Assessment of corporate governance
Revenue Scotland has in place a system of internal controls and policies which are designed to safeguard its assets, data and ensure the reliability of financial records in relation to operational and tax duties.
I have ensured that these controls have been subject to review by management on a regular basis. This has been facilitated through the implementation of a new assurance mapping process which was developed during the year and included a detailed review of all of our internal controls. As part of this process, controls will be reviewed monthly alongside our key corporate risks.
Our internal controls also undergo formal review by both Internal and External Audit, whose reports are made available to the Audit and Risk Committee. Having assessed our corporate governance arrangements, I confirm that they comply with generally accepted best practice principles and relevant guidance.
Risk management
I have assessed our risk management arrangements and confirm that they are in accordance with the guidance set out in the Scottish Public Finance Manual. The year-end Certificates of Assurance include a dedicated section assessing the effectiveness of Revenue Scotland’s risk management approach over the year and no significant control matters were raised. This, alongside the assessment of risk throughout the year, contributes to my overall confidence assessment offered; further confirming that robust arrangements and practices were in operation throughout 2022-23. I was also delighted to receive a ‘substantial’ assurance rating from our internal auditors for the third consecutive year in respect of our risk, control and governance procedures, confirming my assessment.
Elaine Lorimer – Chief Executive and Accountable Officer of Revenue Scotland