You might also be interested in
Replies (21)
Please login or register to join the discussion.
youre over egging the christmas pudding
you can submit electronically either by template or thro your accounts software, in neither case have i ever had a problem as opposed to paper filings where we have had last minute rejections especially re LLPs that cannot be yet filed electronically
ONLINE ACCOUNTS FILING
There one serious issue that is worth reporting to readers. If you use the Companies House abbreviated accounts format and enter the WRONG authentication code, you don't usually see the Companies House message that tells you the submission has been rejected. When you click "OK" in the Javascript window to submit, the only check at that point is to see if you've keyed in the same code twice. After submitting, the system comes back with a message. Adobe Reader then asks you if you "trust" the source before letting you view the message. By the time you have said, "Yes trust always", the message has disappeared. It generally doesn't matter, if you were successful -- but if you used the wrong code (as I did once) there is no obvious way to tell. The file behaves almost the same whether or not the data was accepted. All you can do is to wait for the email. I reported this to Companies House on 28 September and so far as I know, they never bothered to get back to me
I know this is boring but
any potential problems from filing on the last day and running into overloaded CH/HMR&C systems can be avoided by filing before the last day. We have nine months, after all. I know there are clients who may not understand this but surely enough of them can be educated by their professional advisors.
Filing Deadlines
Sir
I find your comments an insult
Do we not try to educate
You obviously have never heard of the expression that you can take a horse to water but you cannot make him drink
Your response was one I heard from Companies House
Do you say to your clients - tough you should have got it in on time
I have made a list of those who with have to suffer the slings and arrows of outrageous fortune
Ask for penalties to be in instalments
Although appealling the penalties is unlikely to succeed, there may be more scope to pay in instalments, over up to 15 months I think, without extra costs. That might ease the pain a little bit.
But I agree that, as with DVLA and their "continuous enforcement", this is seen as a marvellously efficient revenue raising measure as all they have to do is let their computer scan for overdues and spit out a bill.
Awebbie - yes, I had that problem too. All the data disappeared & it cost me £150 once I had got everything back in and uploaded.
are you sure there is no mitigation for late filing
If it is your own fault then fair enough, but if its a CH systems fault? We seem to live in a time when people roll over too easily.
replying to listerramjet...
I would think it's worth a try if it is their systems fault, particularly if you can point to exactly what went wrong/didn't happen in terms a systems designer might understand (ie not just "it didn't work" but "I didn't receive a rejection message because the screen display had changed before I was able to complete the next warning dialog"). But you'd need to have the nerve to try it and I bet there is something in the T&Cs saying it's your responsibility to make sure the acceptance arrives in time and that is the key indicator.
In other words, don't push it right to the deadline, so that you have time for the acceptance to appear or not appear and get onto the helpdesk as soon as the acceptance is overdue. I don't think it's safe to rely on the rejection alone for reasons others have explained. Personally I'm not happy until I've got a safe copy of the acceptance in my file.
Penalties waive
If it is your own fault then fair enough, but if its a CH systems fault? We seem to live in a time when people roll over too easily.
CH do waive penalties if the fault lies with their systems and people, as they accept they can make mistakes. It's just everyone else who is expected to be infallible.
mitigation
Normally, I would fight but in this instance I was busy with other things and recent attempts with HMRC over a £200 fine reduction to £100 fine failed. Long story with HMRC - they advised after 8 months of not hitting the final submission button for PAYE on end of period minus 2 days. They sent notification by second class post so it wouldn't even arrive before the period end and we hit the button on the day it arrived our end. They then claimed we had breached the 28 day rule on notification, so £200 penalty! Appeal denied...
Paper Filing
The article says:
"it may not be possible to do so because once you have registered for PROOF (“Protected” Online Filing), CH will normally reject any paper forms unless accompanied with a letter from the directors".
PROOF DOES NOT APPLY to paper filing of accounts. Co.Ho. accepts them at the moment (no covering letter needed) and has no published date when electronic filing of accounts will become compulsory.
My software doesn't yet do online filing to Co.Ho., and I'm certainly not going to use the template which involves RE-TYPING all the numbers and notes - with attendant risks of errors and extra time.
For me, at the moment, it's a paper copy to the client for them to sign and send. Almost no extra time or cost because I'm sending them all the other paperwork anyway.
Text does not say Proof applies to paper filing...
... what Jennifer's text states is that should you have registered for Proof and then try to submit via paper Co House will normally reject the paper forms.
This is quoted straight from Co House website itself as follows.....
Once registered for the PROOF scheme, Companies House will normally reject any paper versions of these forms and send them back to the registered office address.
Companies House Official Response
These reports contain a number of inaccuracies and assumptions and do not reflect the current position of our services. Companies House takes information security extremely seriously, as well as any concerns raised by our customers or the public. We have a range of security controls in place to protect information, we adhere to government standards and regularly undergo security testing by independent security consultants. As part of this continuous review and improvement approach, we are constantly implementing further improvements to these controls. We would therefore like to reassure our customers that we are committed to providing a safe and secure environment across all our services. Neil White Communications Manager Companies House
Request for further information...
In light of Neil's comments, I have requested further information from Companies House to clarify these alleged inaccuracies & assumptions.
Until then, I must stress that all of the issues outlined have been independently verified by several security experts, including Chester Wisniewski, a senior security advisor at Sophos & Troy Hunt, Microsoft MVP in Developer Security.
"Based upon the information in the video and the reply you received from Companies House, it is a bit of a mess," Chester Wisniewski, a senior security advisor at Sophos Canada, told El Reg.
"It is appropriate to pressure Companies House about why they are inconsistent in their use of SSL, strange password limitations and insecure password reset policies," he added.
http://www.theregister.co.uk/2012/11/28/companies_house_website_security/
Correction to Paul Moore's post
A small point perhaps, but an important one.
It's incorrect for anyone to say that Chester Wisniewski, who is one of my colleagues working at Sophos Canada, has independently verified the issues that Paul Moore has detailed.
In fact, The Register report says:
"Wisniewski.. added the caveat that he hadn't created the accounts necessary to personally verify Moore's claims."
Chester specifically did not confirm the issues, and said his responses were only valid if the facts could in fact be confirmed.
I hope that clarifies things.
Regards
Graham Cluley, Sophos
co house security
I agree co Hse is not secure.
The issue is not annual accounts. The issue is that under the present system passwords are not secure.
Also, the advent of one-man companies, with there no longer being the need for "Hard copy" signatures to be filed, has meant that it is relatively easy for persons of mischevious intent, to cause havoc.
Fortunately it does not happen too often, but it happens often enough to make this of real concern.
In order to simplify matters (Mostly for themselves?) the powers that be ignored the wise auditing truth:
If at least two persons rather than one person, has to certify or check something, you cut the risk of misdeed by 85%.
the issue is "Security"
The real issue is "Security" means different things to different people.
If you ask any person who is involved with computer systems, e:g: Companies House- To them "Security" means first and foremost, back-up, and preventing loss of information. Most other things come second.
But, then you have to ask, why do most solicitors refuse to accept delivery of time-crucial, or signature based, important legal documents, by fax or electronic means.
The answer is, experience indicates that enough of these items are questionable, so as to indicate that they are not "Secure"
Companies House often seems to relegate that meaning of "Security" to second place.
Interesting perspective, Gordon. Thanks.
I'm yet to receive any information which contradicts the article. Neil isn't available today, so it's unlikely to progress any further until at least tomorrow.
Hello Graham
You're obviously aware of the situation, but for the sake of lucidity and to clear up any confusion from my above post...
From what I can gather from reading the Register's article, Chester's comments were his own and not necessarily shared by Sophos. I believe John Leyden (The Register) mentioned Sophos purely to lend credibility to his comments.
"Chester specifically did not confirm the issues, and said his responses were only valid if the facts could in fact be confirmed."
It would seem somewhat unprofessional for any senior security advisor, especially one in Chester's position, to describe unconfirmed security flaws in a public forum as "a bit of a mess" and "insecure" unless there was sufficient evidence to justify the statement.
I'm very grateful for his impartial and candid response; it's refreshing to have someone effectively stick their neck out. I'd hope Sophos provides a venue to speak openly and honestly on any topic, without fear of repercussions... although your input suggests otherwise.
In the two months since these issues came to light, the only official responses have been of a perfunctory, press-oriented nature; Neil's response here is a prime example.
To quote my latest email to Neil White, I'm more than willing to retract the article & issue an apology if they're able to demonstrate the findings are indeed inaccurate. After 2 months, numerous emails and comments from several industry professionals, that's highly unlikely.
Thank you.
An important point about late filing penalties is that the revenue generated goes straight to the treasury - Companies House is a trading fund and operates on a cost recovery basis from fees charged for services.
re the arlier remark about not knowing
you always get an email if they have been submitted, tho i agree that if they can have a success screen for |ARs then why not for accounts
i why do i neeed 2 separate accounts fro CH stuff it would be somuch easier if there was just tone