Tel: +44 330 133 4075

Information for small businesses & individuals


PAYE healthcheck

Why is a PAYE / NIC healthcheck needed?

A PAYE healthcheck is a review of an employer’s payroll and benefit procedures to ensure that they are delivering the right results in terms of compliance with HMRC’s rules on tax and NIC on employees’ pay, expenses and benefits. It is designed to minimise the risk of interest and penalties and to improve compliance.

Some organisations shy away from the idea of having a PAYE / NIC risk review as it is often seen as being an unnecessary cost. Other organisations take the view that if there are problems with their payroll and benefit procedures, these will surely be identified by their auditors as part of the annual audit process. However, a detailed examination of the client’s payroll, benefits and expenses is not a requirement of an audit. Therefore employers should not assume that a lack of comment from their auditors must mean that their PAYE procedures are in order.

Although a major item of expenditure for most organisations in the profit and loss account, the payroll itself is unlikely to be the source of any major discrepancies from a tax or National Insurance perspective. Once an item is included in the payroll, more often than not the appropriate deductions will be accounted for and any errors are likely to be insignificant and certainly not material for audit purposes. Of course, this does not prevent the payroll from being a major source of employee fraud, which a PAYE healthcheck may help uncover, as it should identify flaws in processes that could allow fictitious employees to be included on the payroll or for payments to continue to be made to employees who have left.

Some of the problems that create the greatest risk are often not on the payroll. Workers paid gross on a self-employed basis, expense payments that prove to be taxable and benefits not included on the relevant P11D returns are just some of the areas that can have a damaging and costly effect for any business.

Whilst it is understandable that employers make mistakes, given the complexity and ever changing legislation, the potential for interest and penalties to be added to any tax or National Insurance contributions unpaid, means that such errors can be very costly for any business.

Many organisations are concerned that the commissioning of such a risk review will uncover liabilities that will have to be disclosed to HMRC. Should irregularities be discovered then the employer must put them right and this might include a disclosure of liabilities for earlier periods. However, the employer can mitigate the extent of any penalties charged by taking the initiative and making an unprompted disclosure to HMRC if this is appropriate. A full and comprehensive disclosure of any irregularities may prevent the need for an HMRC visit and the disruptions that this can cause.

10 reasons why an organisation should consider a PAYE healthcheck

  • it will provide peace of mind for an organisation if it is fully compliant and, if it is not, it is better to know so it can take steps to remedy any problems.
  • if an organisation knows things are wrong and does nothing about it, and HMRC discovers the failing, the organisation will be deemed to be careless, increasing the potential level of penalty. It is better to take the initiative.
  • in-year errors may be put right during the tax year, which could prevent an incorrect return being submitted and avoid potential penalties, although under RTI we now have penalties for inaccurate returns on a weekly / monthly basis.
  • a voluntary disclosure can be made to HMRC of any failures discovered during the review. This may prevent HMRC from carrying out an Employer Compliance Review and the disruption and cost this might cause for the business.
  • it can reduce the risk of fines under the Senior Accounting Officer (SAO) legislation. If the organisation is large enough to have a SAO, he or she will be responsible for ensuring full compliance with PAYE procedures and could be fined for any irregularities.
  • an organisation may have changed its procedures and processes, and no longer fully comply with the regulations, eg it may need to update its agreements with HMRC such as an approval notice (P11D dispensations were abolished from April 2016)
  • it is important to keep up to date with legislative changes to ensure full compliance.
  • if an organisation has not had an HMRC compliance review for a number of years, it may be high on the list for a visit. Organisations should also remember that HMRC is likely to carry out a review of its PAYE procedures at some stage.
  • to protect an organisation against employee fraud. A detailed review could identify areas of risk.
  • HMRC assesses the level of risk at an organisation when deciding whether or not to carry out an Employer Compliance Review. Certain types of business, and businesses with late payments or returns or high levels of casual employees may have a higher risk profile. An organisation can be prepared for this by commissioning its own review.

Background – relationships with HMRC

Historically, an employer could expect a PAYE audit perhaps every six years. In recent years the focus has now moved to targeting resources at those employers perceived to represent the highest risk.

Large and medium-sized organisations (dealt with by HMRC’s large business service or local compliance (large and complex unit) respectively) should all be assigned a formal risk rating by HMRC based on their overall tax compliance. This will determine the approach HMRC takes towards the business’ tax affairs going forward. This risk-based approach is progressively being applied to smaller businesses.

The normal review cycle for a low-risk organisation will be every two to three years. In between, HMRC expects to be able to discuss matters with them on an ongoing basis and reserves the right to review their risk rating if necessary. An organisation with a low risk rating will be able to influence the degree of interaction with HMRC and will have the benefit of early certainty of its tax liabilities. However, HMRC may still include low-risk entities in any national targeting campaigns.

In contrast, organisations badged as ‘non-low risk’ will remain in an annual risk review cycle, with greater HMRC compliance intervention. There will be less certainty and greater risk of more frequent enquiries on all aspects of its tax affairs, including its PAYE operations. It is therefore imperative that those affected establish how they can improve their risk profile. Reviews could consist of significant issue interventions or be general and more wide-ranging.

What can an organisation do to achieve a low risk rating?
The easiest way is by demonstrating a good level of compliance by filing all returns and paying any tax due on time by communicating with HMRC and disclosing errors as they arise.

The key is to be proactive in managing tax compliance in order to control the risk exposure. As part of this, employers should consider undertaking their own employment taxes review or PAYE healthcheck (either by using an appropriately qualified in-house team or engaging a specialist). Standing back and looking at employment taxes in this way can highlight areas of concern with the processes in place or identify any potential compliance exposures.

Senior Accounting Officer (SAO)
There is also a statutory requirement for SAOs of qualifying companies to personally certify that they have taken reasonable steps to ensure that the company has established and maintains adequate tax accounting arrangements to enable it to make accurate tax returns (FA 2009, s 93 and Sch 46).

The definition of tax accounting arrangements includes amounts for which the company is accountable under PAYE regulations. This would incorporate the statutory PAYE and P11D returns. It would not include NICs, student loan collection or National Minimum Wage (NMW) compliance because these are not tax matters.

HMRC compliance checks

When considering whether to commission a PAYE healthcheck in order to pre-empt an adverse compliance check, it is worth remembering that HMRC has a standard system for how it carries out compliance checks (also known as reviews, enquiries, visits and inspections) across these areas:

  • capital gains tax
  • Construction Industry Scheme
  • corporation tax
  • income tax
  • PAYE
  • VAT

It should be remembered that HMRC has one set of powers for these taxes, to:

  • visit businesses to inspect premises, assets and records
  • ask taxpayers and third parties for more information and documents

There are some important safeguards provided by FA 2008, Sch 36, Part 2:

  • HMRC cannot inspect purely private dwellings without consent
  • HMRC must give seven days prior notice of a visit, unless either an unannounced visit is necessary or a shorter period is agreed
  • a requirement that unannounced visits must be approved beforehand by a specially trained HMRC officer
  • a legal requirement for HMRC to act reasonably

Even so, the demands on business imposed by use of these powers by HMRC can be onerous, particularly when the organisation is just trying to run its business.

High risk areas

HMRC’s focus is to identify areas of high risk and collect additional tax and NICs. The top ten areas of risk are:

  • employment status, including employed v self-employed, office-holders, volunteers, Personal Service Companies
  • termination payments
  • entertaining, staff and business entertaining
  • mileage, company cars, private fuel
  • expatriate tax issues
  • Construction Industry Scheme, status of workers and operation of the scheme
  • salary sacrifice schemes
  • expenses reimbursements generally
  • HMRC agreements including PAYE Settlement Agreements
  • Employee Benefit Trusts (EBTs)

How to seek help?

If you’d like a PAYE Healthcheck, contact us today to arrange a compliance review.

Contact VECTIDE Corporate
Tel: 0207 427 6055
Or just click to send your requirements.  


This product has been added to your cart