It’s probably fair to say that most of us with an interest in saas/on-demand/cloud computing like the notion of ‘openness’ in the sense that applications can be extended relatively easily through APIs. Having the means to allow third parties to build something that’s not core to what I perceive as a developer certainly allows me to become more appealing. However, I do think that it’s not being thought through very well in some quarters.
I’ve identified a set of use cases where ‘access all areas’ might not be a good idea (and as of now the debate continues to rumble on) but there’s one that is particularly worrisome. Since April 2009, HMRC has taken on enhanced powers and can raise random inquiries. Experience tells me that VSB/SMB businesses are relatively easy to attack on many fronts, not least because they don’t necessarily understand what they can legitimately claim and what they can’t. That makes them easy meat for an audit. HMRC reasoning goes – if they got this wrong then what else is hidden?
I recall a conversation with one professional who said: “How do you distinguish between a user entering something that’s a capital item and one that’s an expense?” Great question for which I didn’t have an answer at the time. Today, I would flag that transaction, probably based on value, send an alert to my professional adviser and then work out what to do. Problem solved and a good use case for real time saas accounting rather than having to wade through a mountain of transactions way past year end.
That should mean as a professional I have greater confidence in what the client is telling me through their books and records. But that won’t always be the case and so having systems that include learning capabilities based on how transactions are handled is a good way to overcome most problems. So far so good. But what happens when HMRC wants to see the records? Do I give them carte blanche to go on a fishing expedition?
In times past I have resisted that as far as is reasonably possible because HMRC is not qualified (by and large) to recreate or analyze books and records albeit it has better resources now than in times past. However, I might be prepared to let them have restricted access provided I understood the scope of what they’re trying to discover and that access allowed them to do that to which they are entitled. More to the point, if I have groups of clients in broadly similar areas of business, I should be able to easily analyze relative performance and benchmark. That should in turn allow me to operate a reasonably good early warning system and be well equipped for these types of inquiry/audit. One vendor example that looks at this from the business person’s view is MyCake. Another, albeit on the supplier side is Coupa. Let’s take some examples from my imaginary portfolio of business clients:
If I have 40 fishmongers as clients and the average GP is (say) 30% and one is showing me 20% then I’m going to have the basis for asking questions about the business long before it becomes an HMRC investigation issue that could lead to interest and penalties plus automatic back years adjustments. Turning this on its head, if I have publicans who consistently show 45% GPM and HMRC is trying to tell me it should be 47% then either my entire group is out of kilter or HMRC has it wrong. The likelihood that it’s my group that has a problem is far less than that of HMRC because my data should be much more current and reflecting of local economics. It was something our old farming practice was able to do very effectively as we had hundreds of farm clients in groups that were easy to segment plus we had people steeped in farm accounting.
Even so, does that fact alone provide sufficient reason for me to resist access to everything? I’d like to think so and in support I’d probably think about producing schedules that demonstrate what I mean. Of course this argument isn’t restricted to cash businesses but to any business grouping.
The point then is not what I can do with the data coming out of saas systems although that is incredibly useful but how I can use it as a way of providing help to clients on a preventative basis. It should be part of my service assurance. More generally saas should serve as a way of providing me with analysis that helps resist the kinds of business recreation exercise HMRC is fond of attempting as a way of extracting more tax than is due. I’m going to be pretty hard pressed to do that if I don’t have a solid means of control over what anyone can do with those records. You can always argue that if the client has nothing to fear then let them have at it. Sure – but then I’ve likely got to spend more time defending a situation that should not require defending in the first place. That has a cost the client almost always has to bear.
Related articles by Zemanta
- Use Cases a Simple but Powerful Tool (ricksegal.typepad.com)
- HRMC wins court order for access to offshore accounts (telegraph.co.uk)
- Taxman clamps down on cash payments to builders (telegraph.co.uk)
- More banks told ‘reveal accounts’ (news.bbc.co.uk)