Help from HMRC with VAT compliance controls

HMRC has published new guidance to help businesses reduce the risk of making VAT errors. Rob Janering and Simon Atkins highlight the key points that businesses and their agents need to be aware of.

HMRC began publishing guidelines for compliance in November 2021 with the intention of highlighting “complex, widely misunderstood or novel risks that can occur across tax regimes”. Taxpayers do not have to follow the guidelines but, as HMRC says, doing so may mean avoiding “unnecessary contact” from HMRC and “reducing the risk of paying additional tax, interest, and penalties”. At the time of writing, there are 12 guidelines covering a range of areas including the off-payroll working rules and research and development tax relief.

VAT guidelines for compliance

In September 2024, HMRC published Guidelines for Compliance 8 (GfC8) relating to VAT compliance controls. The guidance sets out HMRC’s recommended approach to governance, controls and processes with regard to VAT accounting, focusing on risk management and how taxpayers can reduce the risk of making an error. It applies to all VAT-registered businesses, with no minimum threshold. However, the rules should be applied appropriately, considering the size and complexity of the organisation. Therefore, the controls and processes for a large corporate should be more sophisticated than those for a small business.

The guidance provides detailed expectations for the types of controls that should be in place; how these controls should be documented; the circumstances under which the controls should be reviewed and re-evaluated; and ownership of risk management.

There are 10 sections in areas such as: 

• the systems in place for the business journey from order/procurement through to payment and for capturing, authorising and paying employee expenses 
• the accounting processes for collecting, processing and presenting information to provide strategic, financial and operational analysis 
• control objectives for VAT reporting and manual adjustments 
• considerations where services or functions are outsourced.

In this article we’ll provide a brief overview of the key points.

Expectations

HMRC’s expectations with respect to a business’s management of its VAT position are clearly set out. The guidance emphasises the implementation and use of good practices, highlighting the importance of risk management, control design and documentation.

For instance, risks should be identified and then appropriate controls put in place to manage them. These should be documented alongside other processes so that the risks, people involved, controls and plan to manage change is available to the whole business (and HMRC). It is noted that VAT relies on having the right people involved and hence responsibilities should be clearly delegated. More than one person should be involved, as a return requires preparation and then review to ensure appropriate checks can take place.

Record keeping and audit trails

HMRC’s expectation for there to be a clear audit trail of documentation providing an accurate position to support a VAT treatment is reiterated in a number of sections. The guidance sets out: 

• the need to ensure that the tax treatment is correct before sales or purchase orders are issued 
• that documents (eg, official or commercial evidence of export from the UK to support zero rating) are added at appropriate moments 
• invoicing and credit notes are created accurately and issued in a timely manner.

Throughout the guidance, HMRC recommends particular controls at each stage of the audit trail to help manage VAT risk.

Expenses are nearly always reviewed during a VAT inspection, and there is a dedicated section for this. The theme here is the same but with more expectation towards having clear, understandable policies and guidance that is effectively communicated. HMRC prefers VAT calculations to be automated instead of using manual workings. There is also specific reference to making sure that recovery of VAT on subsistence, motoring, entertainment, and phone expenses is completed in accordance with the relevant rules and that evidence is kept that the rules have been reviewed and applied.

Implementing and maintaining the above measures might seem straightforward, but it remains the case that many businesses won’t have these documents to hand or processes in place. While expenses can often be small, not being able to demonstrate appropriate controls during a VAT inspection could lead to further checks on other processes. It should also be noted that it can be very time consuming to try to compile all the records ahead of a VAT inspection compared to managing it on an ongoing basis. Therefore, there are efficiencies and benefits to being proactive about these points.

VAT reporting checks

Every business will have its own unique way of managing compliance, but GfC8 lists out some robust practices applicable to all, including the following. 

• Spreadsheets are still ubiquitous and that is accepted. However, HMRC expects that businesses use: 
  • version control 
  • automatic linking 
  • drop-down menus instead of free entry 
  • trained developers and conduct thorough testing to ensure the files work as expected. 
• Risk-based checks are expected and referred to as “detective” controls. They should allow for exceptions (ie, errors) to be identified via review after a process is completed. Examples given include cash reconciliations, checking large value invoices against data, and reviewing zero-rated supplies.
• HMRC highlights trend analysis as a good practice. This should be applied not just to VAT totals but also to customer/supplier lists and forecasted payment values. HMRC also encourages the use of sample checks, rather than over-reliance on simple “top 10” lists. It also suggests a stratified approach focusing on a range of variables rather than just values.

Automation and IT system use

HMRC has set out previously its ambition to become a digital-first organisation, and this guidance reflects that message. Several sections focus on businesses’ IT infrastructure, highlighting how it should be used.

As a starting point, it expects that all interfaces (where systems meet or information passes across) are documented, so the flow of information is clearly defined. The systems used should reflect the organisation’s structure and apply a set of standard processes, tax codes, and logic.

Using the guidance

While the guidance is very detailed, it does provide taxpayers with some clear insights into HMRC’s expectations regarding controls, processes and documentation. Ultimately, this should be helpful to taxpayers.

For many organisations, complying with these requirements will necessitate involving people beyond the tax and finance teams. For example, checking the appropriate controls are in place with respect to master data or supporting import/export evidence may involve wider conversations in the business.

As mentioned above, it’s important for businesses to act on this guidance. If errors are made and this guidance has not been applied, it may be harder to argue that reasonable care has been taken. This may have a knock-on impact regarding the application of penalties. We are aware that HMRC has been discussing the guidance with taxpayers as part of VAT inspections and regular communications.

It’s also important for taxpayers covered by the senior accounting officer regime to be comfortable that the appropriate controls and processes are in place for VAT accounting. HMRC may start reviewing the extent to which the guidance has been applied when considering risk ratings.

Therefore, while the new guidance is helpful in its detail and clarity of HMRC expectations, it also requires many taxpayers to take action to meet HMRC standards in this area.

Further information

Please refer to HMRC’s guidelines for compliance collection page. For further information on anything discussed in this article, please contact Rob Janering, or your usual Crowe contact.

This article was first published on ICAEW on 7 February 2025.