Promotional material

Outsourcing (part 9)

Updated 25 September 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/help-with-vat-compliance-controls-guidelines-for-compliance-gfc8/outsourcing-part-9

Read purpose, scope and audience (part 1) and general approach to VAT compliance controls (part 2) of Help with VAT compliance controls — Guidelines for Compliance GfC8, if you have not already.

Outsourcing is the business practice of engaging with a third party to perform services that were traditionally performed in-house by the organisation’s own employees. There are also co-sourcing arrangements where an external partner works alongside the in-house team, who retain overall control of the process.

Outsourcing decisions are likely to involve these key stages:

  1. Feasibility study and requirements analysis.
  2. Potential supplier shortlisting.
  3. Supplier tendering – bids and proposals.
  4. Bid evaluation and selection.
  5. Service contract drafting and agreement.
  6. Implementation.
  7. Monitoring.

General governance considerations

Outsourcing processes, including VAT compliance processes and obligations, does not outsource the risk. Legal responsibility, and the potential for reputational damage, remains with the commissioning organisation.

Control points

  1. The organisation needs to plan and document its service requirements, as appropriate, to inform a technical specification which scopes the project and produces Key Performance Indicators (KPIs).
  2. KPIs should be measurable in terms of cost, time and quantity, or other metrics which allow effective benchmarking.
  3. Due diligence should be performed when searching for potential outsourcing parties, in terms of evidence of trading history, track record, and independent reviews and recommendations.
  4. The organisation should have an objective and structured approach to evaluate service proposals, using criteria developed from the KPIs.
  5. Service contracts and Service Level Agreements (SLAs) should be drafted and agreed by all stakeholders.
  6. SLA sign-off should be of sufficient authority in both organisations.
  7. Sufficient time and resource should be allocated to the transition of services to the outsourcer. This may involve knowledge transfer and staff training, physical transfer of staff and equipment, and relocation to new premises.
  8. In a co-sourcing arrangement, the external provider may need training on client systems and sufficient time to become familiar with the in-house client processes.
  9. Effective communication needs to be established in terms of a nominated contact, regular reviews and information sharing.
  10. Regular reviews may be important to establish in co-sourcing where shared activities and responsibilities are more flexible and may evolve as the contract progresses. Service delivery as set out in the SLA, KPIs or co-sourcing contract should be monitored to ensure objectives are being met.

The SLA is the key outsourcing document, which is the formal contract setting out what will be provided in terms of quality, cost and time (the KPIs). The SLA should include (as appropriate):

  • detailed service description
  • responsibilities and liabilities of both parties
  • communication and access protocols
  • escalation routes for problem solving
  • security requirements, including adherence to data protection standards
  • agreed KPIs and minimum service levels
  • monitoring and reporting requirements, including data and exception reports required for compliance checks
  • consequences of either party not being able to meet their contractual obligations
  • contingency and disaster recovery arrangements
  • provisions for the commissioning organisation to audit outsourced activities
  • contract termination protocols, including access to records

Outsourcing business processes

Many areas of business process activity can be outsourced, including:

  • IT services
  • finance and accounting
  • legal
  • sales billing
  • supplier invoice processing

There are VAT compliance risks to an organisation when the IT platform, transaction processing and legal requirements are being handled by a third party.

Control points

  1. Data security protocols, for data protection, should be in place — globally recognised standards such as ISO 27001 help to demonstrate good security practices.
  2. System and data integration issues are considered early on and tested as part of implementation.
  3. Regulatory and tax compliance matters are considered as part of SLAs.
  4. Communication and knowledge sharing agreements include tax matters with oversight by the in-house tax team.
  5. Sales invoicing tax calculation is approved by the commissioning organisation.
  6. Sales invoices comply with VAT Regulations 1995 Part 3 invoicing requirements.
  7. Sales credit note authorisation process is approved by commissioning organisation.
  8. Supplier invoice processing includes compliance with input tax rules on blocking and restriction.
  9. VAT reporting requirements, including bad debt reports, are met by the outsourcing organisation.
  10. Communication and escalation routes for transaction and tax queries are established.
  11. Where outsourced, business records must meet the basic VAT requirements of being complete and up to date and retained for the specified period.
  12. Where outsourced, VAT account records must meet Making Tax Digital (MTD) requirements.

There is more detailed consideration of control points in the separate parts for these processes:

  • order to cash
  • procure to pay
  • VAT reporting

Outsourcing VAT compliance and reporting

Organisations can outsource their VAT compliance obligations for various reasons. Compliance services offered could include:

  • advising on technical tax issues
  • advice on tax planning and efficiency
  • handling VAT registration requirements
  • correspondence with tax authorities
  • providing a single point of contact for global tax matters
  • automatic tax processes such as tax engines and tax determination tools
  • compilation and submission of VAT returns

Cloud-based VAT reporting tools operated by third parties can receive client data for automated processing, including transaction checking, exception reporting and VAT return preparation.

Control points

  1. Sufficient time and resource should be devoted to onboarding and tailoring services and software solutions to meet business compliance needs.
  2. Data transfer between client and solution provider should be tested, for example by reconciliation.
  3. Return output should be tested before roll-out, for example by parallel runs.
  4. VAT reporting must comply with Making Tax Digital requirements.
  5. VAT reporting outsource planning should include the requirements for manual adjustments.
  6. Adjustments resulting from transaction checking should be authorised and recorded.
  7. Outsourced VAT reporting should include regular communication, including client review and approval before submission.
Back to top