HMRC's annual report and accounts 2022 to 2023: governance statement and principal accounting officer’s report
Published 17 July 2023
Our accountability – Governance statement
Foreword by Dame Jayne-Anne Gadhia, HMRC’s Non-Executive Chair
This year, HMRC has remained focused on delivering a good service to those who need support to get their tax right and making it hard to bend or break the rules.
The department has made positive progress in bringing its customer service levels closer to its service standards, but there is more to do. By modernising, and encouraging as many customers as possible to self-serve online or through the mobile app, HMRC can improve the overall customer experience and deploy its officers to helping those customers who need extra support or tackling those who try to avoid paying the tax they owe. The department continues to collect and protect billions of pounds of tax revenue which would otherwise have been lost and maintain a tax gap of around 5%.
I am pleased that HMRC is focused on the right issues and I’m also pleased with the role the Board has played in supporting the Executive to navigate these issues.
Over the course of the year, HMRC’s non-executive directors have provided scrutiny, challenge, and support to an open and engaged Executive. The Board’s main areas of focus have been:
- challenging the Executive to improve customer service performance
- scrutinising delivery of HMRC’s transformation agenda, including flagship programmes such as Making Tax Digital, so that the department can continue to deliver its services and control the tax gap in the future with reduced resources
- assuring departmental business planning
- testing HMRC’s strategies
Making the tax system simpler, more modern and resilient is a government priority. HMRC’s non-executive directors have championed this ambition by providing expert guidance and support to key programmes that are delivering this change.
HMRC has an ambitious and complex transformation agenda, which has seen it make some challenging delivery decisions this year. Specifically, the Board has supported the Making Tax Digital Programme in reviewing lessons learnt from the deferral to Income Tax Self Assessment mandation. Working with the Executive, I feel reassured by their engaged and constructive approach to understanding and learning from delays and taking proactive steps to reset delivery timelines. As part of the Board’s commitment to supporting HMRC’s transformation journey, we appointed a new non-executive director, Jennifer Tippin, to bring greater industry experience of transformation and people change to HMRC.
Throughout the year, Board meetings have been well attended and engaging. Non-executive colleagues and I welcome the open and honest conversations the Executive has had with the Board to help them achieve HMRC’s transformational goals.
In accordance with the Code of Good Practice, the Board undertook an external independent review this year. The review, led by Dame Alison Nimmo, provided focus to ensure non-executives and the Executive operate an effective governance framework that is able to scrutinise and support HMRC in tackling key challenges and delivering for citizens.
As part of the Board’s role in assuring succession planning and senior leader development, we established a standalone Nominations Committee, as a sub-committee of the Board. I chair this Committee, and it is attended by HMRC’s First Permanent Secretary, Chief People Officer and the non-executive chair of the People Committee. It enables the Board to support the Executive in making sure effective succession plans are in place for the coming years.
Non-executive directors and independent advisers on the Customer Experience Committee have focused on helping the department to improve customer service levels in the light of challenging budgets. The Committee has worked closely with policy and transformation teams to ensure that customer experience improvements are at the heart of the changes that HMRC is making over the coming months and years.
The past financial year brought many challenges, but I am reassured by the commitment of HMRC’s workforce in rising to these and continuing to deliver under stretching circumstances. I would like to take this opportunity to thank my non-executive colleagues for their dedication and time on the Board, as well as to the Executive for their honest and engaging approach.
I look forward to continuing to work with the department as it delivers in 2023 to 2024.
Dame Jayne-Anne Gadhia
Lead Non-Executive Director, and Chair of the HMRC Board
HMRC’s non-executive directors board members (end of March 2023)
Dame Jayne-Anne Gadhia
Lead Non-Executive
David Cooper
Committees: Data Protection Delivery Board
Patricia Gallan
Committees: People, Customer Experience, Professional Standards
Michael Hearty
Committees: Audit and Risk, Customer Experience
Paul Morton
Committees: Audit and Risk, Professional Standards
Juliette Scott
Committees: Customer Experience
Jennifer Tippin
Committees: Performance, Customer Experience & People
Non-executive and sub-committee members (end of March 2023)
Elizabeth Fullerton-Rome
Committees: Audit and Risk
Tom Taylor
Committees: Audit and Risk
HMRC’s Executive Committee members (end of March 2023)
Jim Harra
Commissioner of Revenue and Customs, Chief Executive and First Permanent Secretary, Principal Accounting Officer, and member of the Board
Angela MacDonald
Commissioner of Revenue and Customs, Deputy Chief Executive and Second Permanent Secretary and member of the Board
Jonathan Athow
Commissioner of Revenue and Customs, Director General Customer Strategy and Tax Design
Carol Bristow
Director General Borders and Trade
Penny Ciniewicz
Commissioner of Revenue and Customs, Director General Customer Compliance
Alan Evans
General Counsel and Solicitor
Justin Holliday
Commissioner of Revenue and Customs, Chief Finance Officer, Tax Assurance Commissioner and member of the Board
Myrtle Lloyd
Commissioner of Revenue and Customs, Director General Customer Services
Suzanne Newton
Director General for Strategic Change
Andrew Pemberton
Director of Communications
Daljit Rehal
Chief Digital Information Officer
Joanna Rowland
Commissioner of Revenue and Customs, Director General Transformation Group
Jonathan Russell
Chief Executive of the Valuation Office Agency
Esther Wallington
Chief People Officer
Our governance arrangements
This statement sets out our governance, risk management and internal control arrangements for the financial year 1 April 2022 to 31 March 2023 and up to the date of approval of the annual report and accounts, in accordance with HM Treasury guidance.
Ministerial arrangements
HMRC is a non-ministerial department established by the Commissioners for Revenue and Customs Act 2005 (CRCA). This gives legal powers and responsibilities for managing our day-to-day functions to commissioners appointed by the King. Our status as a non-ministerial department is intended to ensure that administration of the tax system is fair, impartial and does not bring political decision-making into individual taxpayer affairs. We are accountable for how we conduct our business to the Chancellor of the Exchequer. In 2022 to 2023 the Chancellor delegated responsibility for overseeing HMRC to the Financial Secretary (1 April to 8 September, and 27 October to present) and to the Economic Secretary to the Treasury (8 September to 27 October 2022).
We comply with directions of a general nature from Treasury ministers on issues like strategies, operational policies and targets and we work in partnership with HM Treasury to advise ministers on developing and delivering tax policy. HM Treasury leads on strategic policy development, supported by HMRC. HMRC leads on policy maintenance and delivery, supported by HM Treasury. This policy partnership covers direct and indirect taxes and duties, National Insurance, tax credits and Child Benefit, for which HMRC has administrative responsibility.
Commissioners of Revenue and Customs
The commissioners are responsible for collecting and managing revenue and payments and managing tax credits. They conduct business according to the Commissioners for Revenue and Customs Act 2005 and are entitled to appoint officers of Revenue and Customs, who must comply with their directions. In 2022 to 2023, we had 9 commissioners – Jim Harra, Angela MacDonald, Justin Holliday, Penny Ciniewicz, Myrtle Lloyd, Sophie Dean (left 31 May 2022), Katherine Green (left 20 May 2022), Joanna Rowland and Jonathan Athow (from 19 May 2022).
First and Second Permanent Secretaries
Our First Permanent Secretary and Chief Executive, Jim Harra, is HMRC’s Principal Accounting Officer. He is responsible for delivering our strategy and is accountable to Parliament for managing our resources. He chairs the Executive Committee (ExCom) and is a member of HMRC’s Board. We set out Accounting Officer responsibilities in the Principal Accounting Officer’s report. Our Second Permanent Secretary and Deputy Chief Executive is Angela MacDonald.
Tax Assurance Commissioner
The Tax Assurance Commissioner (TAC) has an explicit challenge role and provides assurance in HMRC’s largest and most sensitive disputes, and a sample of smaller cases. Justin Holliday is the current TAC. Decisions about how to resolve our largest and most sensitive cases are decided by 3 commissioners, led by the TAC, who reports each year in the annual Tax Assurance Commissioner’s report.
Non-executive directors
Non-executive directors bring external experience and expertise to HMRC. They provide advice, challenge and scrutiny and support the effectiveness of programme boards for our most significant transformation programmes. Dame Jayne-Anne Gadhia is our Lead Non-Executive Director and chairs the HMRC Board. She meets regularly with other non-executive directors and the First and Second Permanent Secretaries. She liaises with lead non-executive directors across government and develops and appraises non-executives as effective board members.
Our governance committee structure
HMRC has 2 top-level governance committees, which are HMRC Board and HMRC Executive Committee. This framework enables our Executive Committee (ExCom) to make decisions effectively and transparently, with appropriate support, challenge and assurance from our non-executives.
Figure 40: HMRC Committee structure during 2022 to 2023
HMRC Board
Provides challenge and advice on HMRC strategy, performance, risk and capability. The Board is advisory and does not have a role in operational decision-making, tax policy or individual taxpayer matters.
The Board has 5 sub-committees:
- People Committee: Provides support to the Board on people related issues, including the ‘Great Place to Work’ strategic objective, the overarching employment framework and workforce metrics and risk.
- Audit and Risk Committee: Provides independent assurance to the Board and Principal Accounting Officer. This covers the integrity of financial statements as well as the comprehensiveness and reliability of assurances across HMRC on governance, risk management and the control environment.
- Customer Experience Committee: Provides challenge and support on customer experience related issues, to help HMRC deliver on its strategic objectives and vision. Monitors departmental performance against the HMRC Charter and produces the Charter annual report for the HMRC Commissioners.
- Performance Committee: Enables the Board to review, challenge and support the department on implementation and operational matters. Ensures robust and transparent governance around non-executive scrutiny of organisational performance.
- Nominations Committee: Scrutinises and advises on senior-level succession planning, performance and reward.
Executive Committee
Oversees HMRC’s performance and transformation for both immediate and future objectives. Also responsible for improving our performance, customer experience and change agendas.
The Executive Committee has 3 sub-committees:
- Strategy Committee: Provides oversight and approval of HMRC’s strategy for tax administration. It also has an assurance role to ensure that strategy is delivered.
- Change, Investment and Design Committee: Provides oversight and approval of how change is designed and implemented and approves spend on change within its delegations. It also helps to assure that the right change is being delivered.
- Professional Standards Committee: Provides oversight of how HMRC administers the tax system and applies policies in accordance with its values. Considers how HMRC’s actions could affect trust in the tax system and public perception of fairness.
The data and information presented in this chart is available in an alternative format within the HMRC’s annual report and accounts 2022 to 2023: chart data – tab 40.
HMRC Board and sub-committees
HMRC Board
The Board focused on improving customer service performance, scrutinising delivery of HMRC’s transformation agenda, including flagship programmes like Making Tax Digital, assuring departmental business planning, and testing HMRC’s strategies. The Board is chaired by Jayne-Anne Gadhia and met 10 times in 2022 to 2023.
Board effectiveness
The Board conducts a thorough review of its effectiveness each year, through individual discussions and a Cabinet Office questionnaire. The review enables the Board to assess progress against recommendations from previous reviews and to ensure there is continuous improvement in the Board’s effectiveness and impact. During February and March 2023, Board members undertook a full Board Effectiveness Review of 2022 to 2023 that included independent input from a Lead Non-Executive Director from another government department. The review found that the Board covered all key issues, supported by a transparent executive team. It found that non-executive directors express their opinions openly and that agreed outcomes are acted upon. The Board agreed that, to further improve its effectiveness, there should be greater integration of the business of its sub-committees into the dialogue and agenda of the main Board.
HMRC Board sub-committees
Customer Experience Committee
Chaired by Juliette Scott, the Customer Experience Committee (CEC) met formally 5 times and continues to monitor the department’s implementation of the HMRC Charter along with discussions on how to optimise customer experience as the department improves the range, accessibility and reach of its digital services. The committee also ran sessions on customer experience measures, the business benefits of investment in customer experience, shaping our customer experience ambition and making the best use of data and customer insight as key.
Audit and Risk Committee
The Audit and Risk Committee (ARC) oversaw the production and assured the integrity of HMRC’s 2022 to 2023 Annual Report and Accounts, National Insurance Fund for Great Britain, National Insurance Fund for Northern Ireland, Account of Duties Collected in the Isle of Man and Revenue and Customs Digital Technology Services Ltd. The committee also provided advice and assurance on annual statements, the assessment of risk, controls and governance made by ExCom members. They monitored processes for whistleblowing, assured the adequacy of HMRC’s risk and control framework, and the department’s approach to horizon scanning and managing emerging risks. It is chaired by Michael Hearty and met 8 times in 2022 to 2023.
People Committee
The People Committee (People Ctte) discussed progress being made against HMRC’s great place to work strategic objective, with a focus on engaging leaders across the business, and strategic workforce planning to consider how the department’s workforce responds to changing customer demand and ensuring the right tax gets paid. It is chaired by Patricia Gallan, following the departure of Alice Maynard, and they met 4 times in 2022 to 2023.
Performance Committee
The Performance Committee (Perf. Ctte) provided challenge and assurance to the Chief Executive and Executive team by scrutinising HMRC’s performance and delivery, both against its business plan and wider strategy and in the context of specific projects and issues. It also reviewed HMRC’s security arrangements and top tier risks. The Committee is chaired by Jayne-Anne Gadhia and met 7 times in 2022 to 2023.
Nominations Committee
A separate Nominations Committee (NC) was established in December 2022 to scrutinise succession planning and the management of senior-level talent, performance, and reward - functions that were previously reserved matters for the Board. The Committee is chaired by Jayne-Anne Gadhia, and it met twice in 2022 to 2023.
Executive Committee and sub-committees
Executive Committee
Executive Committee (ExCom) oversees progress towards the achievement of HMRC’s short- and long-term performance and transformation objectives, monitors delivery of significant programmes, and manages the department’s most significant risks. Every month, ExCom considered HMRC’s performance against key performance indicators. In 2022 to 2023, ExCom scrutinised and agreed HMRC’s business planning process and agreed the department’s approach to pay and reward. They also discussed the department’s architecture, data strategy, channel strategy, approach to trust, upstream compliance, security, and plans to improve employee engagement at work.
ExCom sub-committees
Strategy Committee
The Strategy Committee provides high-level oversight of HMRC’s strategy and how it is implemented across HMRC. In 2022 to 2023, the committee reviewed the department’s strategy for tax debt, intermediaries, insolvency and sustainability. It also supported progress on the Tax Administration Strategy and the development of the vision for the customs system. The committee is chaired by Jonathan Athow and met 10 times in 2022 to 2023.
Change Investment and Design Committee
The Change Investment and Design Committee approved our biggest business cases. The committee also developed, supported and assured design principles and standards for use across HMRC. It is chaired by Justin Holliday and Jonathan Athow and met 11 times in 2022 to 2023.
Professional Standards Committee
The Professional Standards Committee discussed how delivering HMRC’s strategic objectives affects public trust. The committee also considered the ethical implications around data, artificial intelligence and machine learning, as well as principles of fairness and delivering fair outcomes for customers. It is chaired by Jonathan Athow and met 4 times in 2022 to 2023.
Read more about HMRC’s governance at GOV.UK.
Table 7: Meeting attendance by executive and non-executive directors
Date started or left role | Board (10) | ARC (8) | Perf. Ctte (7) | People Ctte (4) | NC (2) | CEC (5) | ExCom (28) | |
---|---|---|---|---|---|---|---|---|
NEDs Board Members | ||||||||
Dame Jayne-Anne Gadhia | 9 | 6 | 2 | |||||
Patricia Gallan | 10 | 5 | 4 | 2 | ||||
Michael Hearty | 9 | 8 | 4 | 4 | ||||
Alice Maynard | 30 June 2022 (left) | 3 | 3 | 1 | ||||
Paul Morton | 10 | 6 | 5 | |||||
Juliette Scott | 9 | 5 | 5 | |||||
David Cooper | 10 | 6 | ||||||
Jennifer Tippin | 9 January 2023 (joined) | 2 | 1 | |||||
NEDs | ||||||||
Elizabeth Fullerton-Rome | 8 | |||||||
Tom Taylor | 8 | |||||||
Executives | ||||||||
Jim Harra | 10 | 7 | 2 | 27 | ||||
Angela MacDonald | 8 | 7 | 26 | |||||
Jonathan Athow | 19 May 2022 (joined) | 5 | 24 | |||||
Carol Bristow | 15 May 2022 (joined) | 23 | ||||||
Penny Ciniewicz | 3 | 22 | ||||||
Sophie Dean/ Katherine Green | 31 May 2022/ 20 May 2022 (left) | 1 | ||||||
Alan Evans | 28 | |||||||
Justin Holliday | 10 | 6 | 26 | |||||
Myrtle Lloyd | 1 | 23 | ||||||
Suzanne Newton | 20 February 2023 (joined) | 5 | ||||||
Daljit Rehal | 22 | |||||||
Joanna Rowland | 3 | 25 | ||||||
Jonathan Russell | 18 | |||||||
Esther Wallington | 4 | 2 | 20 |
Our conflict of interest policy
Within our policies on conduct, we have a ‘conflict of interest’ policy which is aligned to the Civil Service Management Code (section 4.3). This applies to all employees and non-executive directors. The policy explains what a conflict of interest is, and provides information on declaring, recording and managing outside interests.
A conflict of interest will arise when personal interests, activities or relationships may potentially interfere, or be perceived to interfere, with business decisions, may compromise the ability to remain fair and objective, or may result in a personal gain or advantage.
Individuals are responsible for notifying their managers of any conflicts. The relevant manager or business area must determine whether there is in fact a conflict (actual, potential or perceived) and what mitigating action is to be taken, and the manager is responsible for recording this information. If the individual moves to another team or business area, they must assess whether a new notification needs to be made in relation to the new role.
In high-risk areas, conflicts are recorded on a register, which is maintained at a business unit level.
In May 2022, Civil Service HR issued guidance to ensure a consistent approach across the Civil Service in relation to the declaration of interests, the identification and management of conflicts, and transparency regarding paid outside employment for SCS (Senior Civil Service). It has strengthened existing requirements and ensured a consistent approach in the Civil Service Management Code for the declaration and management of SCS colleagues’ outside interests.
As a result of this new guidance, in addition to declaring any interest to line managers in accordance with HMRC’s Conflict of Interest policy, SCS colleagues are now required to complete an annual declaration of interest via a central register which is held securely by SCS HR team. The information required for the register is a high-level record of the conversations already held with Line Managers to confirm that declarations of interest are up to date and includes nil returns. All SCS were invited to complete their annual declaration of interest in December 2022 and HMRC is therefore fully compliant with the revised Civil Service HR guidance.
HMRC Board members and non-executive members are required to declare real and potential conflicts of interest on appointment and to notify of any arising during their term. This is in accordance with The Code of Good Practice para 4.15. They are also included as part of the new SCS process outlined above.
A comprehensive list of Board members’ interests (both executive and non-executive) are reported in HMRC’s Register of Interests and SCS outside remuneration as at 31 March 2023, agreed through the process of declaration and management of outside interests, is reported in HMRC’s senior officials’ outside employment, April 2022 to March 2023 transparency data in accordance with The Code of Good Practice 2017 para 4.15 and HM Treasury Public Expenditure System (PES) guidance paras 19.4 and 19.8.
The director responsible for the policy and process is Hannah Watson (HR Director). Both Hannah and Jim Harra (CEO) are part of the team who scrutinise the data. The data is presented annually for scrutiny and assurance to the Audit & Risk Committee who will scrutinise the data following the end of each financial year, alongside the Business and Appointment Rules data.
Business Appointment Rules
In compliance with business appointment rules, we are transparent in the advice given to individual applications for senior staff and publish details on a quarterly basis on GOV.UK. The Audit and Risk Committee also receives a quarterly paper on business appointment rules, to monitor HMRC’s application of the rules.
Statistics cover the period 1 April 2022 to 31 March 2023:
Table 8: Statistics on the application of business appointment rules
SCS Population: | For AA-G6 population: | |
---|---|---|
Number of exits from Crown Service (civil servants and special advisers) | 57 | 5,725 |
Number of exits where Business Appointment Rules (BAR) applications were required | 14 | 55 |
Number of exits where BAR conditions were set | 14 | 6 |
Any enforcement actions the department has taken relating to breaches of the rules in the preceding year | - | No detail available |
In April 2022, HMRC introduced a new Business Appointment Rules (BAR) assurance tool and governance panel. The new tool has helped the SCS community to identify whether a full BAR application is needed when colleagues leave HMRC, and provides data to support the Audit and Risk Committee in their oversight role. The governance group provides central oversight of full BAR applications, and considers data on leavers where no BAR application is required.
Read advice regarding specific business appointments at GOV.UK.
Risk management and assurance
Our approach to risk management
HMRC has a well-established culture of managing risks. The Performance analysis section, HMRC’s Key risks, highlights some specific identified risks and explains how we are managing them. This section outlines our approach to managing risks across HMRC over the reporting period.
We manage 2 main types of risk:
- Strategic risks: these are risks to the management of HMRC and delivery of our strategic objectives. The Executive Committee (ExCom) and HMRC Board, inclusive of Audit and Risk Committee members scrutinise these risks through regular reporting and participation in deep dive sessions. We manage these risks across all levels of HMRC, from decision making on individual cases to delivering large-scale change and strategic policy making.
- Process risks: these are risks to the efficient operation of our processes. We are putting more controls in place to help us manage the risks associated with our operational processes. These controls are reviewed and assured regularly during the reporting period to make sure they are effective.
HMRC’s risk and control framework
We continually review and refine how we manage risk, so we can understand and keep improving the effectiveness of our strategic delivery, processes and controls.
We have appointed a Group Controller who has oversight for management assurance activity including the disciplines of governance, risk, and control. Alignment of these activities across HMRC is helping us to create a unified view of our risks and controls and to streamline activity. The Group Controller, supported by the HMRC Risk and Control Board, will help ExCom to further improve our risk and control framework, contributing to more effective and efficient processes that support the delivery of our strategic objectives.
Our risk and control framework is based on the ‘Three Lines Model’. This assurance model facilitates the effective management of risk throughout the reporting period, by clearly defining roles and activities for front-line operations, internal assurance, and independent assurance; and by supporting regular monitoring, reviewing and assurance. The front-line operates controls to mitigate risks to delivery and internal assurance provides management with confidence that the controls in place are effective. An independent view of the overall effectiveness of controls including our internal assurance is provided by Internal Audit and external bodies.
These activities provide the Accounting Officer, ExCom and the Board with assurance about the delivery of HMRC’s overall strategy and objectives.
For more information on actions taken on specific control challenges, please see the Control challenges in financial year 2022 to 2023 section of the the Principal Accounting Officer’s report.
Figure 41: HMRC’s Three Lines Model
The data and information presented in this chart is available in an alternative format within the HMRC’s annual report and accounts 2022 to 2023: chart data – tab 41.
Our risk and control framework covers:
- governance: ensuring that authorities and accountabilities are clear, appropriate strategies and plans are in place and our success in operating the control framework is reflected in the annual governance statements
- risk management: identifying, assessing, managing and reporting the risks to the delivery of our objectives
- process management: taking the necessary action to ensure our processes are effective, efficient, well-controlled and easy for our customers to use
- controls: embedding effective controls in our business processes to ensure objectives are met and any risks reduced
- management assurance: assuring the controls in place are sufficient and operating as intended, and taking the necessary action to address any weaknesses
- independent assurance: getting internal and external audit to challenge or confirm the effectiveness of our control framework
- data: ensuring that the data on which our business relies is secure and accurate
The HMRC Risk and Control Board manages the integration of these activities. It is chaired by the Group Controller and is attended by the Directors of Internal Audit, Data, Customer Insight and Design, as well as senior leaders from each Business Group. The Risk and Control Board reports progress on improving the control framework to our Executive Committee and Audit and Risk Committee.
For information on how we comply with requirements for specific sectors and jurisdictions governed by the relevant authorities, see the Principal Accounting Officer’s report, Conclusion and compliance with the code of good practice.
Recommendations made by external scrutiny bodies
We monitor the implementation of recommendations by external scrutiny bodies including the National Audit Office (NAO), Public Accounts Committee (PAC) and Infrastructure Projects Authority. In the 2022 to 2023 financial year, we received and responded to recommendations from the following Parliamentary reports:
We accepted 11 recommendations from NAO value for money reports published after April 2022. Further detail on the status of all NAO recommendations the department has accepted since April 2019 can be found via the NAO recommendations tracker.
We accepted 23 recommendations from the NAO management letter 2021 to 2022, of which 6 were implemented by 1 April 2023. We also implemented 106 recommendations from the Infrastructure and Projects Authority.
Personal data-related incidents
All government departments are required to publish information about any serious data-related incidents, which must be reported to the Information Commissioner (ICO). A summary of these incidents is shown in Table 9.
Table 9: Summary of protected personal data-related incidents reported to the Information Commissioner’s Office
Nature of incident | Number of breaches 2022-23 | Number of breaches 2021-22 |
---|---|---|
Personal information used to make changes to customer records on HMRC systems without authorisation | 2 | 3 |
Loss of inadequately protected electronic equipment, devices or paper documents from secured government premises | 2 | 1 |
Loss of inadequately protected electronic equipment, devices or paper documents from outside secured government premises | 1 | - |
Insecure disposal of inadequately protected electronic equipment, devices or paper documents | - | - |
Unauthorised disclosure | 11 | 16 |
Other | 2 | 2 |
We have notified the ICO of several instances of unauthorised disclosure during 2022 to 2023. The number of customers potentially affected by these ICO notifiable incidents is 10,209 (2021 to 2022: 10,896). This figure could still change over time, as new information becomes available as a result of further enquiries and ongoing security incident investigations.
The number of unauthorised disclosure incidents reported to the ICO decreased in 2022 to 2023 due to continued enhanced GDPR awareness across the department (the number of centrally recorded unauthorised disclosure incidents which did not require reporting to the Information Commissioner has also reduced). We take all of these incidents seriously and are acting to address them (for more information on these actions see Building a resilient tax system section of the Performance analysis).
We have used the lessons learned from these incidents to review and strengthen our customer identity and authentication processes. Protecting customer data is important to us and we monitor our processes continually to prevent recurrences. We are also delivering enhanced data security, governance and reporting across HMRC.
Other protected personal data-related incidents
Incidents which did not require reporting to the Information Commissioner are recorded centrally within HMRC. The overall number of centrally recorded incidents (particularly unauthorised disclosure) has reduced significantly due to enhanced GDPR awareness across the department.
The number of centrally-managed security incidents impacting on protected personal data in HMRC reduced from 5 to 3 in 2022 to 2023. The number of customers potentially affected by these incidents was 27 (2021 to 2022: 911). The figures quoted for the number of customers affected can change over time, as new information becomes available due to further enquiries and ongoing security incident investigations.
For more information on how we manage our data, please see Building a resilient tax system section of the Performance analysis.
Resolving historical issues for customers
Home Responsibilities Protection
Home Responsibilities Protection (HRP) was a scheme in operation from 1978 to 2010, to reduce the number of qualifying years of National Insurance (NI) contributions a person with caring responsibilities needed to receive a full pension.
As a result of a review by the Department for Work and Pensions (DWP) in 2021 to 2022, a historical issue with recording of HRP on people’s NI records was identified. Most people received HRP automatically where there was a claim for Child Benefit. However, in some cases this did not happen, leading to underpayments of State Pension (eligibility for which is calculated based on NI records). HRP may also affect benefit entitlement and the amount of Income Tax due.
The main cause was NI numbers not being recorded when customers claimed Child Benefit before 2000.
When HMRC assumed responsibility for the administration of Child Benefit in 2003, we adopted a policy of retaining Child Benefit records for 5 years (this was extended to 7 years in June 2022). As a result, records are no longer held for the HRP period, meaning it is not possible to easily identify those affected.
In 2022 to 2023, we have worked closely with DWP and the Department for Communities in the Northern Ireland Government to develop a targeted scan to identify potentially affected customers.
As it is not possible to identify individuals affected or to correct their records automatically, individuals who may be affected will be invited to make an application for any missing HRP years, accompanied by a communications campaign to reach people who we may be unable to identify. We have worked with DWP to make the application process and guidance as clear as possible and expect correction activity to begin in autumn 2023. While the plans are being finalised, the amount of time it will take to correct records is uncertain. We will take a proactive approach to correct records and DWP will pay any arrears as quickly as possible, taking into account the vulnerability of the customers impacted.
Further detail can be found in the DWP Annual Report and Accounts 2022-23.
Fulfilling international obligations on customs undervaluation fraud
In March 2018, the European Commission alleged that from 2011 to 2017 the UK took inadequate steps to prevent customs undervaluation fraud involving imports of Chinese textiles and footwear and that customs duty was therefore owed to the EU. In March 2022, the European Court of Justice found against the UK on most liability points. The UK made payments totalling €2.6 billion (£2.3 billion) in June 2022, January 2023, and February 2023 to cover both principal and interest. These payments were made from the Consolidated Fund and settled the case, with the UK fulfilling its international obligations.
Principal Accounting Officer’s report
HMRC’s Chief Executive, Jim Harra, has been appointed by HM Treasury as Principal Accounting Officer for HMRC. In this report, he sets out how our accounts are prepared and reviews the effectiveness of our governance, risk management and internal control. This report also contains the elements required for HMRC’s Accounting Officer System Statement.
How we prepare the accounts
HMRC is responsible for collecting the majority of the UK’s tax revenue, including Income Tax for the Scottish and Welsh governments, and its financial information is reported in 2 separate accounts.
Trust Statement
The Trust Statement reports the revenues, expenditures, assets and liabilities related to the taxes and duties for the financial year. The majority of taxes and duties are accounted for on an accruals basis. As agreed with HM Treasury, some tax elements are accounted for on a partial accruals basis, or cash basis where not enough information is known to reliably fully accrue for the revenue.
The HM Treasury ‘accounts direction’, issued under section 2 of the Exchequer and Audit Departments Act 1921, requires HMRC to prepare the Trust Statement to give a true and fair view of the state of affairs of the collection and allocations of taxes and duties, the revenue income and expenditure, and cash flows for the financial year.
Resource Accounts
The Resource Accounts report the costs of running HMRC, including making payments of Child Benefit and tax credits. The Valuation Office Agency (VOA) and Revenue and Customs Digital Technology Services Limited (RCDTS Ltd) are consolidated into the Resource Accounts. The Resource Accounts are prepared on an accruals basis.
The HM Treasury ‘accounts direction’, issued under the Government Resources and Accounts Act (GRAA) 2000, requires HMRC to prepare consolidated Resource Accounts to give a true and fair view of the state of affairs of HMRC and the departmental group and of the income and expenditure, Statement of Financial Position and cash flows of the departmental group for the financial year.
Principal Accounting Officer’s responsibilities
HM Treasury has appointed me, as HMRC’s Chief Executive, to be Principal Accounting Officer of HMRC, VOA and RCDTS Ltd, with overall responsibility for preparing the Trust Statement and Resource Accounts and for providing them to the Comptroller and Auditor General. In preparing these accounts, I am required to comply with the requirements of the Government Financial Reporting Manual and in particular to:
- observe the accounts directions issued by HM Treasury, including the relevant accounting standards and disclosure requirements, applying suitable accounting policies on a consistent basis
- ensure that HMRC has in place appropriate and reliable systems and procedures to carry out the consolidation process
- make judgements and estimates on a reasonable basis, including those judgements involved in consolidating the accounting information provided by the Valuation Office Agency and RCDTS Ltd
- state whether applicable accounting standards as set out in the Government Financial Reporting Manual have been followed, and disclose and explain any material departures in the accounts
- prepare the accounts on a going concern basis
As Principal Accounting Officer, I take personal responsibility for the annual report and accounts and confirm that I have judged it to be fair, balanced and understandable.
Accounting Officers for the Resource Accounts
For the financial year 2022 to 2023, I, Jim Harra, was the Principal Accounting Officer.
Jonathan Russell, Chief Executive of the Valuation Office Agency, was an Additional Accounting Officer and was accountable for the parts of HMRC’s accounts relating to specified lines of the Estimate (see SOPS 1.1 in the Parliamentary Accountability disclosures section).
The allocation of Accounting Officer responsibilities in the department was as follows:
- Estimate sections A, C-K and N-Q: Jim Harra, Chief Executive and Permanent Secretary
- Estimate sections B, L and M: Jonathan Russell, Chief Executive of the Valuation Office Agency
As Accounting Officer of HMRC I am responsible, through the use of appropriate systems and controls, for ensuring that any grants we make to our sponsored bodies are applied for the purposes intended. I also ensure that such expenditure and the other income and expenditure of the sponsored bodies are properly accounted for, for the purposes of consolidation within the Resource Accounts. As Accounting Officer of the sponsored non-departmental public body RCDTS Ltd, I am accountable for the use, including the regularity and propriety, of the grants received and the other income and expenditure of the sponsored body.
My responsibilities as Accounting Officer - which include the propriety and regularity of the public finances for which I am answerable, keeping proper records and safeguarding the assets of the department or non-departmental public body for which I am responsible – are set out in Managing Public Money, published by HM Treasury.
Auditors
As the Accounting Officer, I have taken all the necessary steps to make myself aware of any relevant audit information and to establish that the auditors are aware of that information. As far as I am aware, there is no relevant audit information of which the auditors are unaware.
How we comply with the code of good practice for corporate governance in central government departments
Financial responsibilities within HMRC
As HMRC’s Principal Accounting Officer, I delegate financial authority to each of HMRC’s directors general through annual letters of delegation (issued by my Chief Finance Officer) to manage the budget for their business areas within agreed financial limits and Managing Public Money guidelines. The directors general are supported by their finance directors and finance business partners. They cascade delegations of the financial authorities within their business areas, at each stage setting the limits of financial authority and our policy requirements.
This Scheme of Delegations is supported by our financial control framework, which ensures that we adhere to financial control standards in all our financial processes. The HMRC Control Board oversees the development and administration of our control standards, ensuring that financial risks are managed effectively and efficiently through proportionate risk-based controls. The effectiveness of the controls is subject to regular specialist financial control assurance review, and independent review by Internal Audit and the NAO.
Statements and reports made by Executive Committee (ExCom) members
Each member of ExCom provides an annual governance statement, setting out the control framework arrangements (governance, risk, control, assurance, process and data) in their business areas. These statements are reviewed by Internal Audit Control Board and the Corporate Risk Team, as well as teams that lead on different aspects of our control framework. HMRC’s Audit and Risk Committee draws on the statements, alongside other sources of evidence, to provide overall assurance to the Accounting Officer and the Board.
The Tax Assurance Commissioner prepares a tax assurance report.
Additional Accounting Officers
I receive assurance from HMRC’s Additional Accounting Officers:
- Jonathan Russell has responsibility for Valuation Office Agency (VOA) administration
- Jonathan Athow has responsibility for the Scottish and Welsh rates of Income Tax
- Justin Holliday has responsibility for the signature of the Account of Duties Collected in the Isle of Man
- Patrick Whittome, HMRC Director, Group Controller, has responsibility for the signature of the Account of R.N. Limited
The VOA provides a separate governance statement and I take assurance from this and from the review which underpins it.
Security
ExCom receives weekly security incident reports, which include details of any personal data-related incidents we report to the Information Commissioner’s Office, as specified in the Personal data-related incidents section. A regular security incident report is also presented to the Audit and Risk Committee. I also receive formal assurance from HMRC’s Senior Information Risk Owner that information risk has been appropriately managed in the conduct of our business.
National Insurance funds
There are 2 National Insurance Funds: one for Great Britain and one for Northern Ireland. Each Fund has its own financial statements, including a governance statement, which I sign separately. Many of the activities relating to the transactions of the 2 Funds are carried out by other departments and agencies (for example, Department for Work and Pensions in Great Britain and Department for Communities in Northern Ireland), and I receive letters of assurance from the accounting officers of each of these entities every year.
Quality assurance
Quality assurance of business-critical models
We have developed a departmental framework, including central guidance, to underpin quality assurance of business-critical analytical models (BCMs). BCMs are managed by a Senior Responsible Owner who ensures proportionate quality assurance activities are carried out, including model reviews, documentation and governance. We maintain a register of these models, consistent with the recommendations of the 2013 MacPherson review. We have approximately 90 BCMs on the register, though this number can change as the register is regularly updated.
We continue to develop our quality assurance of BCMs by further improving model documentation, increasing independent assurance and exploring publication of the BCM register. These developments align with recommendations set out by the NAO in their Financial Modelling in Government report (published January 2022).
Management and quality assurance of the analytical models is monitored as part of the annual review of BCMs. The framework is promoted regularly to support the implementation of the guidance among modelling teams. We have a team which independently reviews a sample of the business-critical models, to provide assurance and share best practice.
Each year, our Audit and Risk Committee considers the quality assurance of our business-critical models and the need for any further actions.
Read the MacPherson review of government models at Review of quality assurance of government models.
Read the NAO Financial Modelling in Government report.
Internal audit
The Director of Internal Audit’s opinion to me, as Principal Accounting Officer and the Board is Limited assurance that HMRC has an adequate and effective framework for governance, risk management and internal control. HMRC’s risk exposure has remained high throughout 2022 to 2023, both operationally and in change delivery.
-
Risk Management:
Our opinions in relation to risk management were generally comparable to last year, albeit with a small improvement in results from individual audits. Risks are largely understood, and the risk management arrangements adequate at business group level to support HMRC in dealing with these challenges. Risk identification is particularly strong with 88% of audits providing a positive opinion. There has however, been slippage in the department’s activities to strengthen its corporate risk management processes, which remain sub-optimal. These include the development of a new risk management strategy and embedding an integrated risk and control tool. Often, where weaknesses are identified they are for risks that cut across organisational boundaries, where ownership is sometimes less clear, or a corporate solution is needed. Overall risk exposure is unlikely to reduce in the short-to-medium-term. Significant risks to funding, efficiency, delivering change, modernisation of IT systems and security require effective risk management arrangements. Capacity and funding pressures will increasingly be a limiting factor. There is therefore a need for HMRC to exploit efficiency opportunities which have not been sufficiently realised to date. The primary vehicle for delivering these efficiencies is not without significant risk and will require new and more agile ways of working. -
Governance:
Governance of the organisation is broadly effective, although HMRC should ensure that accountability for the operation and assurance of controls is overtly clear for all key components of its control framework. Whilst improvements have been made we found that this was not the case in all audits. Any other significant governance issues were generally at operational or delivery levels, particularly when systems cross organisational boundaries. Our assessment findings in this category were largely comparable to last year, with 80% of audits providing a positive opinion for governance. However, though our review of ExCom performance reporting was positive overall, audit findings relating to reliability of management information and monitoring and assurance, tended to have a lower percentage of positive opinions. In particular, understanding and reporting of the second line of defence remains largely linear and delivery uncoordinated, with opportunities for better alignment, efficiency and coverage yet to be realised. -
Internal Control:
Whilst there have been some improvements to the control framework, particularly in operational systems, there remain significant control weaknesses and our overall results have shown a 5% decrease in audits providing a positive assurance for control effectiveness. That said, many of the improvements to control effectiveness I reported last year have been consolidated within HMRC’s operational areas, where I am consequently able to uplift my opinion. There are, however, some long-standing control issues that are significant and limit the opinion that I can provide overall. Notably, the top ten control issues I raised in 2019 to 2020 remain a work in progress and, as a result, I have identified associated control weaknesses in the course of this year’s work. Delivery of improved control against many of these issues has been slow because they are either cross-cutting, difficult and/or legacy issues for which there are no easy fixes. In particular, parts of the IT estate, and therefore the control framework, are adversely impacted by long-standing issues, with a commensurate impact on control design, efficiency and effectiveness. Whilst I recognise some progress has been made, there will need to be risk-based decisions taken in 2023 to 2024 as to where investment in control remediation can continue to be made.
Government functional standards statement
UK Government Functional Standards set expectations for improved and consistent ways for functions to work across government. This includes the planning, delivery and assurance of functional work as well as support for continuous improvement and professional development. HMRC fully supports the embedding of functional standards. In line with HM Treasury/Cabinet Office requirements, in early 2023 all HMRC functional leads completed a self-assessment of how well they are meeting the requirements of their functional standard. Areas for improvement were identified and have been built into business plans. Internal Audit have started a programme of reviews of each function which will further strengthen our alignment with the relevant standards.
Control challenges in financial year 2022 to 2023
Over the past year, we have actively managed the following issues that posed a risk to delivery of our core work.
Tax credits error and fraud
The Comptroller and Auditor General has qualified his opinion on HMRC’s Resource Account for payments that we make that are not in accordance with Parliamentary intent, due to error and fraud in personal tax credits. Tax credits are being replaced by Universal Credit, so opportunities to resolve this issue through major system, product or process changes are significantly limited.
The error and fraud overpayment rate has reduced from the high levels of 8.9% seen in financial year 2008 to 2009, hitting an all-time low of 4.4% in financial year 2014 to 2015. HMRC has maintained the levels of error and fraud within an established range of 4.4 to 5.5% in every year since 2012 to 2013. Ministers retained the target to restrict error and fraud to no more than 5% of entitlement for 2018 to 2019 and 2019 to 2020 but, in line with other HMRC metrics during the COVID-19 pandemic, we did not set an error and fraud target for 2020 to 2021 or 2021 to 2022.
The level of error and fraud is impacted by the migration to Universal Credit and continued pressures on error and fraud compliance resourcing.
The central estimate of the error and fraud overpayment rate is estimated to have decreased to 4.5% (£510 million) in 2021 to 2022 from 4.7% (£730 million) in the final estimate for 2020 to 2021.
HMRC’s accounts have been qualified since the inception of tax credits. We expect the qualification of the accounts to continue, as error and fraud will remain a significant issue until the closure of tax credits.
Research and development tax relief error and fraud
The Comptroller and Auditor General has again qualified his opinion on HMRC’s Resource Account to include error and fraud in research and development (R&D) tax reliefs. This is the first year the Small and Medium Enterprise (SME) scheme estimate has been prepared using the results of a random enquiry programme. The original estimate for 2020 to 2021 has been revised as the random enquiry programme included claims received in 2020 to 2021. See Tackling error and fraud in financial support and tax relief in the Performance analysis section for more details.
The overall estimate of the level of error and fraud in 2020 to 2021 is 16.7% (£1.13 billion) of the estimated cost of the reliefs. The level of error and fraud in 2020 to 2021 is 24.4% (£1.04 billion) for the SME scheme and 3.6% (£90 million) for the RDEC (Research and Development expenditure credit) scheme. The rate is higher than the previous estimates for 2020 to 2021 and reflects recent and significant methodological improvements to the SME estimate and updates to assumptions which were previously based on limited information from claims selected for risk-based compliance enquiries.
Previous estimates assumed that claims which were not selected for enquiry had lower levels of error and fraud. As a result of the increase in the SME estimate, the error and fraud rate applied to the element of the RDEC scheme claimed by SMEs has also increased the overall estimate of error and fraud within the RDEC scheme. The random enquiry programme has shown that the assumptions for the SME estimate were previously underestimating the true rate and value of error and fraud. Compliance yield and monies paid out to criminal attacks and not recovered are included within the final estimate. HMRC have already implemented measures to tackle error & fraud and have now announced further steps which are covered in Tackling error and fraud in financial support and tax relief in the Performance analysis section.
Accountability relationships with arm’s length bodies
HMRC has 3 arm’s length bodies: Valuation Office Agency (VOA), an executive agency of HMRC, Revenue and Customs Digital Technology Services Limited (RCDTS Ltd), and R.N. Limited. I am satisfied that each of these has systems in place which meet appropriate standards of governance, decision-making and financial management.
Figure 42: HMRC accountability system
The data and information presented in this chart is available in an alternative format within the HMRC’s annual report and accounts 2022 to 2023: chart data – tab 42.
Valuation Office Agency (VOA)
The VOA is an executive agency of HMRC and provides valuations and property advice to the government and local authorities in England, Scotland and Wales. The VOA receives its funding to undertake valuations for local taxation purposes from HMRC through the Parliamentary supply process. It also recovers elements of its expenditure from other government departments where it has provided valuation services.
Performance monitoring
Jonathan Russell is the VOA’s Chief Executive and Accounting Officer. He is also a member of HMRC’s Executive Committee (ExCom).
HMRC’s ExCom performance hub and transformation performance pack include VOA data, and assurance is provided by HMRC’s Internal Audit function.
HMRC has a dedicated sponsor team for the VOA and ExCom sponsor, Justin Holliday. The team has a good understanding of the VOA and provides me with an update ahead of VOA Board meetings. I am content that our oversight is working well. I hold quarterly Business Reviews with Jonathan Russell, and he attends the HMRC Board at least once a year.
Accountability for spending
Jonathan Russell is accountable to Parliament for the propriety and regularity of the public finance within his charge, meeting the requirements of Managing Public Money, HM Treasury and Cabinet Office guidance, Public Accounts Committee and other Parliamentary select committees or authorities. As Principal Accounting Officer, I am accountable for ensuring a high standard of financial management by strategic oversight of the VOA.
Revenue and Customs Digital Technology Services Limted (RCDTS Ltd)
RCDTS Ltd is a non-profit making company wholly controlled by and operated for HMRC which supplied the department with IT services up until March 2023. The services RCDTS Ltd provided are now provided by a mixture of HMRC and third parties. It is a separate legal entity with an arm’s length relationship with HMRC. The RCDTS Ltd Board has 7 directors, all employed by HMRC.
RCDTS Ltd received funding from HMRC in the form of a repayable loan. RCDTS Ltd invoiced HMRC for the services it provided and was a non-profit making company, recharging all costs to HMRC (its only customer).
Performance monitoring
HMRC has a sponsor team to provide me with assurance as Accounting Officer of RCDTS Ltd. The team advises HMRC and ExCom, acting on our behalf in managing financial risk and return of RCDTS Ltd, challenging and supporting the Board and RCDTS Ltd in achieving its objectives. At an operational level, it ensures compliance with the Master Services Agreement and Framework Agreement.
Accountability for spending
The Resource and Company Accounts team within HMRC’s Group Controller directorate produces and publishes the RCDTS Ltd accounts. This team also maintains and monitors a control register for delivery of key operational processes; for example, delivering the balance sheet to the RCDTS Ltd Board, and submitting the VAT return. The team also monitors cash flow to ensure sufficient funds are held to meet working capital commitments.
Transfer of services from RCDTS Ltd and closure of the company
The majority of RCDTS Ltd services were transferred in-house to HMRC on 1 February 2023. The remaining services, Help Desk and Networks, were transferred on 26 September 2022 and 1 March 2023 respectively to external third parties. The company ceased trading on 31 March 2023 and entered dormancy. Following the period of dormancy, the company will follow the process for dissolution at Companies House.
R.N. Ltd
R.N. Ltd is a private company limited by shares held by the Treasury Solicitor on trust for the HMRC Commissioners. R.N. Ltd acts as a nominee for the commissioners and the company holds charges over assets that secure tax debts owing to HMRC. It holds registered title over assets assigned to HMRC in settlement of tax liabilities. R.N. Ltd had 4 directors on 31 March 2023. The Accounting Officer is Patrick Whittome, HMRC Director of Group Controller directorate, who has authority delegated by the HMRC Commissioners to give directions to the Treasury Solicitor on the shareholding of R.N. Ltd.
There is a formal agreement between HMRC and R.N. Ltd and ExCom-level sponsorship from Justin Holliday. R.N. Ltd has no employees. The Company Accounts Team within HMRC’s Group Controller directorate provides case work administration, accounts production and secretarial services. The running costs of R.N. Ltd are met by HMRC.
Performance monitoring
The R.N. Ltd Board meets quarterly. All Board meetings discuss strategy and monitor the success of R.N.’s strategies as well as any associated risks. The Finance Operations team monitors the risks and provides regular updates to the R.N. Ltd Board.
Accountability for spending
R.N. Ltd has no specific budget. The value of the assets over which the company holds charges and has title assigned amounts to £13.3 million (Voluntary Legal Charges £7.6 million and Funding Bonds/ Shares £5.7 million). These assets are excluded from the R.N. Ltd balance sheet, as the company holds these in a nominee capacity. In addition to preparing the accounts for R.N. Ltd, the HMRC Finance Operations team also keeps a register for R.N. Ltd where all controls are listed and monitored.
Other organisations
Entrust is an organisation that regulates the Landfill Communities Fund (a tax credit scheme enabling landfill operators to fund environmental bodies to undertake specified environmental projects). A levy on contributions to environmental bodies, set annually by HMRC and announced at Budget, funds Entrust. Entrust is not an arm’s length body of HMRC but has a close relationship with HMRC similar to other bodies.
Accountability for major contracts and outsourced services
The scope of this section is limited to major contracts and outsourced services. In 2022 to 2023, HMRC provided grant schemes in accordance with relevant guidelines to the charity sector who provide advice and assistance to vulnerable clients on their financial affairs (including tax affairs) operated by third parties.
HMRC has a number of major contracts that are significant in ensuring that it can deliver its core services. Our IT services are provided through contracts with Capgemini, Fujitsu, Accenture and Nasstar, valued approximately at £884 million in total, each year.
IT contracts
HMRC continues to deliver better value for money from its IT contracts by using well-established performance measures. During 2022 to 2023, new contracts were awarded which superceded the majority of IT contracts and further disaggregated the supplier base. Any new agreements are operating under modern framework contracts with improved and standardised performance measures. We are now working on new bespoke frameworks for HMRC to improve cost, capability and capacity. Expanding our supplier base has allowed us to take better advantage of technical innovations and keep pace with technology trends. This approach supports our digital transformation and move to lower-cost and highly resilient cloud data storage services.
The expenditure values for the IT contracts for HMRC’s 2022 to 2023 Resource Accounts are as follows:
- IT Public Private Partnership contract (PPP) payments: £85.9 million
- IT services and consumables: £1,057.3 million
- Total: £1,143.2 million
Facilities Management and Security contracts
Between August 2018 and June 2019, in advance of the Mapeley STEPS PFI Contract expiry on 1 April 2021, HMRC undertook 3 procurement exercises for regional Facilities Management services and a national Security service, which were required to underpin HMRC’s locations programme and give the department contractual resilience across the UK.
These procurement exercises have been completed and contracts awarded via further competition using the Crown Commercial Services Framework. As a result, 7 contracts have been awarded to 5 suppliers. The combined value of these contracts over a 5 year period is circa £250 million to £300 million, which will expire between December 2023 and March 2024, but all contracts have the option to extend by up to 2 years.
Conclusion and compliance with the code of good practice
I have assessed HMRC’s compliance with the ‘Corporate governance in the central government departments code of good practice 2017’.
The code focuses on governance arrangements for ministerial departments. While there are elements which are not directly relevant to HMRC due to our statutory framework and status as a non-ministerial department, we comply with the spirit and principles of the code and by this, and other means, good governance is achieved in HMRC.
Our corporate governance arrangements have continued to evolve during the year. An organisation of HMRC’s size and complexity will always have multiple risks to manage at any one time. I am satisfied that the governance arrangements in place throughout 2022 to 2023 have been sufficient to continue managing risks effectively.
Based on the review outlined above, I conclude that HMRC has a sound system of governance, risk management and internal control that supports the department’s aims and objectives for 2022 to 2023.
Read the ‘Corporate governance in the central government departments code of good practice 2017’ at GOV.UK.
Jim Harra
Accounting Officer
6 July 2023