Accountability Report
Corporate Governance Report
Statement of the Accountable Officer’s responsibilities
Under section 19(4) of the Public Finance and Accountability (Scotland) Act 2000, Scottish Ministers have directed Revenue Scotland to prepare for each financial year a statement of accounts in the form and on the basis set out in the Accounts Direction. The accounts are prepared on an accruals basis and must give a true and fair view of the state of affairs of Revenue Scotland and of its income and expenditure, Statement of Financial Position and cash flows for the financial year.
In preparing the accounts, the Accountable Officer is required to comply with the requirements of the Government Financial Reporting Manual (FReM) and in particular to:
- observe the Accounts Direction issued by Scottish Ministers, including the relevant accounting and disclosure requirements, and apply suitable accounting policies on a consistent basis
- make judgements and estimates on a reasonable basis
- state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the financial statements
- prepare the financial statements on a going concern basis
- confirm that the Annual Report and Accounts as a whole is fair, balanced and understandable and take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
The Permanent Secretary of the Scottish Government (SG), who is the Principal Accountable Officer for the Scottish Administration has designated, in accordance with sections 14 and 15 of the Public Finance and Accountability (Scotland) Act 2000, the Chief Executive of Revenue Scotland as Accountable Officer for Revenue Scotland.
The responsibilities of an Accountable Officer, including responsibility for the propriety and regularity of the public finances for which they are answerable, for keeping proper records and for safeguarding Revenue Scotland’s assets, are set out in the Scottish Public Finance Manual.
The Accountable Officer may consult with the SG Chief Financial Officer (CFO) on any aspects of the duties applying to Accountable Officers in the Scottish Administration.
The Accountable Officer must consult the CFO on any action which they consider is inconsistent with their duties on financial, regulatory or propriety grounds, and specifically where they seek written authority from the Scottish Ministers or a direction from the Board of Revenue Scotland. In practice, the Chief Executive will delegate authority widely to other employees of Revenue Scotland but cannot, on that account, disclaim responsibility.
The Chief Executive is responsible for informing the Principal Accountable Officer about any complaints about Revenue Scotland accepted by the Scottish Public Services Ombudsman (SPSO) for investigation and about the response to any subsequent recommendations from the SPSO.
As the Accountable Officer, I have taken all the steps that I ought to have taken to make myself aware of any relevant audit information and to establish that Revenue Scotland’s auditors are aware of that information. So far as I am aware, there is no relevant audit information of which the auditors are unaware.
I confirm that this Annual Report and Accounts, taken as a whole, is fair, balanced and understandable, and I take personal responsibility for the Annual Report and Accounts and the judgements required for determining that it is fair, balanced and understandable.
Governance Statement
In the paragraphs below, I report on the governance arrangements in place within Revenue Scotland.
Governance Framework
Revenue Scotland is responsible for the administration and collection of Scotland’s wholly devolved taxes. The relevant powers and duties of Revenue Scotland, and of the Scottish Ministers are set out in the Revenue Scotland and Tax Powers Act 2014.
Scottish Ministers are responsible for appointing the Board of Revenue Scotland following a public appointment exercise, regulated by the Commissioner for Ethical Standards in Public Life in Scotland.
Ministers must not direct, or otherwise seek to control Revenue Scotland in the exercise of its functions but they may give guidance. This guidance must be published and laid before the Scottish Parliament unless Ministers consider that to do so would prejudice the effective exercise by Revenue Scotland of its functions. Scottish Ministers are responsible for setting rates, bands and thresholds relating to the devolved taxes, subject to the approval of the Scottish Parliament.
The Board of Revenue Scotland is collectively responsible for the leadership and direction of the organisation and for ensuring that it carries out its statutory functions effectively and efficiently. It may delegate any of its functions to an individual Board member, a committee of the Board, the Chief Executive, or any other staff member, but it will retain its responsibility for carrying out its function.
As the Chief Executive of Revenue Scotland, I am employed by, and accountable to, the Board of Revenue Scotland for the day-to-day running of the organisation and its operational performance. In this role I seek assurance that appropriate controls are in place across the organisation, and in respect of the partners whom we rely on to support us in delivering our objectives, and I can confirm that these have been in operation during 2023-24 and to the date of signing these accounts.
I am supported by the Senior Leadership Team (SLT), who oversee the day-to-day business of Revenue Scotland, with each member taking responsibility for a specific area. The SLT is made up of the Chief Executive, the Head of Tax, the Head of Corporate Functions and the Head of Legal Services.
Operation of the Board and committees
Our Board is responsible for the functions and powers of Revenue Scotland and delegates authority to staff through
a Scheme of Internal Delegation. The Board sets the strategic direction for the organisation, oversees Revenue Scotland’s work and monitors performance, including the design and operation of risk and governance frameworks. They do this through scrutiny and, where appropriate, approval of:
- corporate plans and business plans
- key strategies and policies
- regular reports, including reports relating to risk management, corporate performance, tax compliance, staff, health, safety and wellbeing, changes in the devolved taxes, progress on the introduction of new taxes
- scrutiny of the Annual Reports and Accounts
- reports from the Audit and Risk and Staffing and Equalities Committees
- strategic engagement with key partners and service users.
I can report that during 2023-24 the Board met on six occasions. This included a joint formal Board meeting and strategy session (2022-23: seven). During this time our Board scrutinised and considered a number of specific matters including:
- Revenue Scotland’s new Corporate Plan 2024-27
- the move from the hybrid pilot to hybrid working formally becoming Revenue Scotland’s ongoing operating model
- recommendations to improve compliance rates for Three-Yearly Reviews of Non-residential Leases and proposals to reduce the backlog of lease review penalties
- approval of the business case and the programme of activity required to implement Scottish Aggregates Tax
- development of the new Data and Digital Strategy
- revisions to governance documents, including the Financial Framework, Whistleblowing Policy and Risk.
Audit and Risk Committee
The Audit and Risk Committee (ARC)supports the Board and Accountable Officer through reviewing the comprehensiveness, reliability and integrity of the assurances produced in support of the financial statements. The terms of reference of the committee are published on Revenue Scotland’s website within the Board’s Standing Orders.
The committee fulfils its role through:
- scrutiny of risk management arrangements
- regular liaison with internal and external audit and scrutiny of their plans and reports
- considering and monitoring of responses to recommendations from internal and external auditors and other bodies
- review of the certificates of assurance produced by management as part of the financial reporting process and the Chief Executive’s governance statement, and
- overseeing the financial reporting process.
Members of the committee during 2023- 24 were Martin McEwen (Chair), Simon Cunningham (Deputy Chair) and Robert MacIntosh.
The committee is also attended by the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of Governance, the Head of Finance and representatives of internal and external audit as well as other staff as required.
I can report that during 2023-24 the committee met six times, this included a joint quarterly committee meeting and strategy session on risk management (2022- 23: seven). The committee engaged in a number of relevant matters including:
- consideration of reports from Internal Audit
- a strategy session to review Revenue Scotland’s corporate risk register, with a focus on risk appetite
- consideration of cyber security assurances
- consideration of assurances around the introduction of new corporate IT systems for HR and Finance
The committee reviewed its effectiveness during 2023-24, using the checklist set out in the Scottish Government’s Audit Committee Handbook, in early 2024-25. It found no issues of concern which could affect its normal function.
Staff and Equalities Committee
The Staffing and Equalities Committee (SEC) advises and provides assurance to our Board and Accountable Officer on issues relating to: people; equality, diversity and inclusion; and health, safety and wellbeing.
During 2022-23, our Board reviewed the operation of the committee and agreed to pilot changes during 2023-24 aimed at ensuring a more strategic focus for the committee. Following their review, the Committee is in agreement that the new format has been a success, allowing for more strategic and focused discussions.
The new format will continue to be used and be reviewed periodically to ensure that it continues to meet the needs of SEC and the Board.
The terms of reference for the committee are published on Revenue Scotland’s website within the Board’s Standing Orders. The committee reviewed its effectiveness during 2023-24 and found no issues of concern which could affect its normal function.
Members of the committee during 2023–24 were Jean Lindsay (Chair), Idong Usoro (Deputy Chair) and Ken Macintosh. Staff attendees comprise the Chief Executive, Head of Corporate Functions, Head of Legal Services, Head of Tax, Head of People Services and Head of Governance. Further staff members attend as required.
I can report that during 2023-24, the committee met three times (2022-23: three) and engaged in a number of relevant matters including supporting the development and scrutiny of:
- the People Strategy and action plan
- staff survey
- workforce planning
- health, safety and wellbeing
- equality, diversity and inclusion.
Assurances provided to the Chief Executive
I have received written assurances from my Heads of Service, who have responsibility for the operation and effectiveness of internal controls within Revenue Scotland’s Tax, Legal and Corporate Functions teams.
I am pleased to report that no significant matters were raised with me.
The Accountable Officer of the Scottish Environment Protection Agency (SEPA) has provided me with assurance in respect of the statutory functions delegated to them by Revenue Scotland. No significant issues were raised with me by SEPA.
I also receive copies of the certificates of assurance provided to the Scottish Government’s Director General Corporate, produced to support the assurances she provides to the Principal Accountable Officer in respect of the Scottish Government’s digital, financial and people services. These are shared with me as some aspects of these are relevant to the services we receive from the Scottish Government as a shared service. No significant issues were raised within these.
One issue of particular interest to Revenue Scotland raised within the SG certificates relates to the implementation of the new HR and Finance systems. I am very aware of the challenging nature of this substantial change programme and also the significant benefits that this investment in digital services will bring to both the Scottish Government and Revenue Scotland. Given the significant operational impacts for our organisation should the programme fail to deliver the intended benefits, I continue to
engage closely with the Scottish Government to ensure that I continue to receive the assurance I require as Accountable Officer that the programme will be delivered effectively and that the systems will meet Revenue Scotland’s needs.
In conclusion, I can confirm that, based on the aforementioned written assurances received, there were no significant control weaknesses identified in the period under review.
Report on personal data incidents Revenue Scotland manages, maintains and protects all information according to the requirements of relevant legislation, its own information policies and best practice.
Revenue Scotland has an Information Assurance governance structure which prioritises and manages information risks.
The governance structure:
- protects the organisation, its staff and our taxpayers from information risks where the likelihood of occurrence and the consequences are significant
- ensures adherence with statutory duties and
- assists in safeguarding Revenue Scotland’s information assets
Revenue Scotland has a Senior Information Risk Owner (SIRO) and a number of Information Asset Owners (IAOs), who provide assurance to the SIRO that proper controls are in place. The SIRO role is to ensure information security policies and procedures are fit for purpose and are reviewed and implemented across all of Revenue Scotland’s business functions.
In support of the SIRO, an Information Governance Group (IGG) has also been established whose role is to steer Revenue Scotland’s approach to information governance, review issues arising with regards to data protection, carry out horizon scanning in relation to new legislative and other developments relating to information governance and above all, to ensure that we comply with all of our mandatory legal obligations.
The IAOs are tasked with ensuring compliance with statutory duties, knowing what information assets they ‘own’ and what information they handle, along with the relevant security requirements, sensitivity, importance and protocols for sharing of information assets.
During the course of the year, there were two issues relating to minor data losses, which were reported and dealt with internally. The losses were resolved quickly and mitigations put in place. None of the losses met the threshold of being reportable to the Information Commissioner’s Office.
There were no security incidents involving any physical losses such as paper files or laptops.
Parliamentary scrutiny
As a Non-Ministerial Office, Revenue Scotland is accountable to the Scottish Parliament and, as such, can be called to appear before parliamentary committees to provide updates on operational matters, give evidence on tax related matters or provide written statements.
During 2023-24 Revenue Scotland attended Parliament on three occasions providing evidence on: The Aggregates Tax and Devolved Taxes Administration (Scotland) Bill; the Scottish Government’s Public Services Reform Programme and Revenue Scotland’s performance during 2022-23.
Revenue Scotland’s Corporate Plan, supporting legislation and this Annual Report are published documents. The Corporate Plan 2021-24, on which this document reports, was approved by Scottish Ministers and laid before the Scottish Parliament in November 2021 and this report will be laid before Parliament in October 2024.
A new Corporate Plan covering was laid before the Scottish Parliament on the 28 March 2024 and will direct the organisation’s activities during the period 2024-27.
Corporate plans, annual reports and accounts and minutes of Revenue Scotland Board meetings are available on our website.
Internal Audit
The Scottish Government’s Directorate for Internal Audit and Assurance (DIAA) provide Revenue Scotland’s internal audit service.
DIAA produce an annual audit plan which is reviewed by the Audit and Risk Committee, who provide advice on the plan to the Board and the Accountable Officer. Regular updates on progress against the audit plan are presented by DIAA to the Audit and Risk Committee’s meetings.
The Memorandum of Understanding between Revenue Scotland and DIAA was also reviewed during the year, reconfirming the basis for this service going forwards.
During the year, DIAA completed audits on the following:
- Knowledge Management within the Legal Team: This review looked at knowledge management within the Legal Services Team and how it can contribute to the quality of advice provided and/or the efficiency of the process. A ‘substantial’ assurance rating was awarded. The report noted a solid foundation for storing information together with a very strong culture and ‘tone from the top’ around knowledge management. It highlighted areas of good practice around availability of expertise and experience together with strong relationships with client teams, which all contribute to the quality of knowledge sharing already in place. The report concluded that the team is very well placed to build on what has been achieved already with the positive culture and quality of resource and support and noted the opportunity for other teams to consider the results of the review for application in their own areas and to help embed the enhancement opportunities across the organisation.
- Lease Review Returns: This review commenced during 2023-24 and was completed during early 2024-25. It examined the effectiveness of the series of actions taken to improve lease review return submissions and the outcomes achieved. A ‘Reasonable’ assurance rating was provided. The report: concluded that progress was being made and that a large amount of work and analysis had been undertaken to date; noted the complexity of the issues involved and recommended a more strategic approach should be adopted to achieve improvement in lease review return compliance and to support the case for change in areas required.
- Revenue Scotland’s approach to Assurance Mapping: This advisory review provided assurance on our approach to Assurance Mapping and the changes that had been made to the corporate assurance map. A ‘substantial’ assurance rating was awarded. The report concluded that the approach built on the positive culture around internal control and continuous improvement, using the assurance map as a tool to evidence management’s ongoing assurance conversations. It supported the approach that had been undertaken, which was seen to reflect good practice and followed recommended practise in identifying assurance provided across the four lines of defence helping ensure completeness of sources of assurance considered.
- Approach to Hybrid Working: This review, deferred from 2022-23 to take into account other work in this area, considered Revenue Scotland’s approach to considering and adopting hybrid working. A ‘substantial’ assurance rating was awarded. The report supported the approach to the consideration and piloting of hybrid working. It also endorsed the proposed next steps in moving out of the pilot stage and into the adoption of hybrid working as the organisations operation model. The report stated that the approach taken, involving consideration of optimal operating model, gathering data on agreed evaluation criteria, employee feedback and consideration of wider trends to be good practice.
In addition, a follow up review was conducted in respect of the 2022-23 Review of Litigation Decisions. This review considered Revenue Scotland’s processes and governance around taking and responding to complex litigation decisions.
The review was completed, noting that all recommendations had been fully implemented and good progress made to enhance overall governance over litigation decisions.
The overall annual assurance opinion for the year was ‘Substantial Assurance’. This is the fourth year running that Revenue Scotland has received this rating and reflects the fact that DIAA continues to view Revenue Scotland’s risk, governance and control procedures as effective in supporting the delivery of its objectives and that any exposure to potential weakness is low and the materiality of any consequent risks negligible.
DIAA reported that their work continues to obtain evidence of a strong culture and tone from the top regarding maintenance of robust control over key processes and embedding effective governance. They noted the focus on continuous improvement at all levels, helping to drive process improvement and efficiency, including improvements to enable taxpayers to comply with their obligations.
The report commented that Revenue Scotland is now well established in its role as the Tax Authority responsible for the collection and management of Scotland’s devolved taxes, commending the strong commitment to operational excellence and robust systems; which were clearly evidenced as part of stated strategic outcomes and priorities for further improvement and change beyond what is currently in place.
External Audit
External Audit is provided by Audit Scotland. The Audit Director is appointed under the Public Finance and Accountability (Scotland) Act 2000 to carry out the external audit of Revenue Scotland and the devolved taxes. During the year, the Audit and Risk
Committee scrutinised Audit Scotland’s audit plan and received regular updates from them. The Independent Auditor’s Report can be found on page 17.
As part of the 2022-23 audit undertaken by Audit Scotland, three matters were highlighted for attention, namely:
- the risk that the related party disclosure may be incomplete or inaccurate
- the risk that internal controls do not operate effectively, and
- the risk key IT system and service providers may not have appropriate IT business continuity and disaster recovery plans.
These matters were addressed by management and actions put in place to mitigate the risks.
Audit Scotland has reviewed these during their audit of 2023-24 and reported its conclusions in its Annual Audit Report 2023-24.
Assessment of corporate governance
Revenue Scotland has in place a system of internal controls and policies which are designed to safeguard its assets, data and
ensure the reliability of financial records in relation to operational and tax duties.
I continue to ensure that these controls are subject to review by management on a regular basis, and the new assurance mapping process, developed and implemented last financial year, has helped facilitate and enhance these regular reviews and alignment with Corporate Risks.
Our internal controls also undergo formal review by both Internal and External Audit, whose reports are made available to the Audit and Risk Committee. Having assessed our corporate governance arrangements, I confirm that they comply with generally accepted best practice principles and relevant guidance.
Risk management
I have assessed our risk management arrangements and confirm that they are in accordance with the guidance set out in the Scottish Public Finance Manual. The year-end Certificates of Assurance include a dedicated section assessing the effectiveness of Revenue Scotland’s risk management approach over the year and no significant control matters were raised. This, alongside the assessment of risk throughout the year, contributes to my overall confidence assessment offered; further confirming that robust arrangements and practices were in operation throughout 2023-24.
Elaine Lorimer – Chief Executive and Accountable Officer of Revenue Scotland 24 September 2024