If they're confident they already had consent - people either signed up on their website or whatever, or are existing customers who've been given the ability to opt out - then nothing has really changed.
If they're not confident they have consent - they've bought lists from other people / randomly scraped them together from other websites or whatever - then it's been illegal to email them for about the last decade so the "click here to opt in" and chaser email will both be illegal under existing legislation.
Very many of the people sending "opt in" emails and particularly those who've waited till the last minute and are now in amongst the deluge are decimating their mailing lists for no reason whatsoever.
Well the way I correct errors now is to post correcting entries (or to alter the transaction in accounting software that does that for me automatically under the hood).
Clearly if your only way to reconcile is to print off before and after, you are not storing and preserving records in digital format.
It doesn't matter why a user makes a change. Of course it could be for a perfectly valid error correction. The point is that as soon as a user modifies an entry, there is no way to tell what it was before, and now no way to reconcile the figures currently in the spreadsheet with the ones that were submitted to HMRC at the time.
Taking VAT as an example - suppose a taxpayer unskilled in accounting software notices and corrects an error in a prior-period VAT transaction. The figures the spreadsheet will now give for that quarter will no longer match the submitted VAT return. In an inspection, there'll be no way to trace back from the HMRC submission to understand what underlying figures were included in it.
Perhaps more importantly, it's unlikely the spreadsheet will include the adjustment in the following quarter so it will sit there uncorrected on the VAT account indefinitely leaving either the trader or the VAT man out of pocket.
I don't understand the argument that a taxpayer unskilled in accounting software (or accounting principles) is better off using a spreadsheet over software specifically designed to help them avoid the most common errors people make.
I think a key part of that HMRC link you've missed is "allowing...HMRC to make regulations that require a business to keep *and preserve* certain records digitally".
Spreadsheets do not of themselves provide digital records with any guarantee over their preservation. There is no audit trail and no ability to prevent a user overwriting or modifying the data underlying a previously submitted return - and in many cases no ability even to detect if that has happened.
While there are ways of implementing some of that in Excel, most can be easily defeated by the user.
I think it's very likely that point-in-time historical accuracy and auditing will be one of the software requirements HMRC imposes, and I can't see how a spreadsheet could ever achieve that.
Equally, I'd argue against your more general opinion that a spreadsheet can provide a suitable basis for long-term recordkeeping like this.
Out of the box and in the hands of even advanced users, spreadsheets don't provide anything like the guarantees you'd need for a robust accounting system. There are any number of common errors - inconsistent formulae across the rows of a column, pivot tables whose ranges aren't large enough to span newly added rows, formulae which have picked up the wrong cell references through a botched sort / copy & paste / insert & delete.
Here are just a few http://www.smb.co.uk/5-epic-spreadsheet-fails/ of the very many examples of skilled professionals failing to notice that an overly spreadsheet is giving them duff figures.
You could of course mitigate many of these risks by paying a suitably competent specialist to build a spreadsheet that was sufficiently locked down and automated (e.g. with VBA to verify consistency of formulae etc). Or indeed if you have the experience and skills to do so you could invest significant time and effort in building it yourself.
But it's highly unlikely that would be cost-effective compared to accepting that a spreadsheet is the wrong tool for the job and signing up for one of the many relatively cheap accounting software packages where all those hassles are taken care of for you.
We're almost out of the window for this being relevant, but if it's a Scottish Charity and the accounting period begins before 1 January 2016, you have to prepare against full FRS102 (or FRSSE) with all the notes and cannot use the small entity version in Update Bulletin 1A. https://www.icas.com/technical-resources/oscr-clarifies-position-on-earl...
Also specifically for documents and email, Gsuite (Google apps for business, as was) has a package where you can specify mail and document retention policies for compliance purposes.
Since the whole point of this is to prevent any user from being able to ever delete or permanently overwrite an email or document, it follows that it's also impossible for any malware they've picked up to do that either. Only Google themselves could ever get round that.
Depends what you mean by cloud-based really. As others have said, anything that relies on document sync with your local PC is vulnerable, though many providers have an option to keep unlimited historical versions of a file so you're always able to recover the last good version.
Anything that involves remote desktop access to a virtual windows machine running Windows software is similarly vulnerable : again you'd hope that the platform would provide decent backup / malware protection but in some cases you just get a virtual machine and it's entirely up to you to manage it as it would be if it was the one on your desk.
Anything that's actually web-based - Xero, Freeagent, etc - will be much less vulnerable. That's because the web application exposes a much more restrictive set of access to the underlying data. There's no way for example for a virus on your computer to leap across the internet to Xero's server and start encrypting data. The worst it could do is pretend to be you and delete transactions through the web interface, but Xero could easily undo these changes from the history they store.
This makes it much easier for them to enforce audit trailing / backup / data security etc because very few systems have raw access to the data and they're all 100% controlled by the software provider.
There are still some security risks with web software, but the provider can tackle them once on behalf of all customers so for the same budget the level of security delivered is significantly higher. Equally, failing to tackle them would put the provider totally out of business, so there's a stronger incentive to make it a top priority than in an organisation where IT is a back office rather than core business function.
I was using "opinion" in the legal sense - advice from a barrister etc is generally referred to as an opinion [even where the law and the facts are clear].
Indeed even a precedent is quite often described in terms of being the court's opinion (both when set and when subsequently referred to).
In other words per http://www.dictionary.com/browse/opinion?s=t I was using it as "the formal expression of a professional judgement" than "a belief or judgement that rests on grounds insufficient to produce complete certainty".
I agree wholeheartedly with your cartoon (which I assume should say "uninformed" rather than "uniformed"), but it refers to the latter of those definitions.
Sorry, yes, my wording wasn't clear. I certainly didn't mean to imply that HMRC guidance would be in any way enforceable where it departs from the underlying law.
I absolutely (now! ;) ) agree with you stepurhan that there's a very clear and unambiguous meaning to Section 7.
However, while I don't think there's any ambiguity it appears HMRC either think there is or have knowingly chosen to over-reach.
So there may be a difference of opinion, regardless of whether or not any sensible reading of the legal framework allows it.
From experience I know that it can be deeply tedious, time consuming and potentially expensive to be mired in the HMRC process where they have incorrectly applied the law - even if ultimately successful - and much simpler and quicker when there is a Tribunal ruling against them.
So I was just interested to know if the point had been tested anywhere. I can't see how it would be anything other than an open and shut case if it were...
My answers
That's incorrect.
If they're confident they already had consent - people either signed up on their website or whatever, or are existing customers who've been given the ability to opt out - then nothing has really changed.
If they're not confident they have consent - they've bought lists from other people / randomly scraped them together from other websites or whatever - then it's been illegal to email them for about the last decade so the "click here to opt in" and chaser email will both be illegal under existing legislation.
Very many of the people sending "opt in" emails and particularly those who've waited till the last minute and are now in amongst the deluge are decimating their mailing lists for no reason whatsoever.
Great suggestion @claudialowe but, confident though I am in my own VAT accounting, I'm not certain I'm quite ready to "hope to get a VAT inspection"!
Well the way I correct errors now is to post correcting entries (or to alter the transaction in accounting software that does that for me automatically under the hood).
Clearly if your only way to reconcile is to print off before and after, you are not storing and preserving records in digital format.
It doesn't matter why a user makes a change. Of course it could be for a perfectly valid error correction. The point is that as soon as a user modifies an entry, there is no way to tell what it was before, and now no way to reconcile the figures currently in the spreadsheet with the ones that were submitted to HMRC at the time.
Taking VAT as an example - suppose a taxpayer unskilled in accounting software notices and corrects an error in a prior-period VAT transaction. The figures the spreadsheet will now give for that quarter will no longer match the submitted VAT return. In an inspection, there'll be no way to trace back from the HMRC submission to understand what underlying figures were included in it.
Perhaps more importantly, it's unlikely the spreadsheet will include the adjustment in the following quarter so it will sit there uncorrected on the VAT account indefinitely leaving either the trader or the VAT man out of pocket.
I don't understand the argument that a taxpayer unskilled in accounting software (or accounting principles) is better off using a spreadsheet over software specifically designed to help them avoid the most common errors people make.
I think a key part of that HMRC link you've missed is "allowing...HMRC to make regulations that require a business to keep *and preserve* certain records digitally".
Spreadsheets do not of themselves provide digital records with any guarantee over their preservation. There is no audit trail and no ability to prevent a user overwriting or modifying the data underlying a previously submitted return - and in many cases no ability even to detect if that has happened.
While there are ways of implementing some of that in Excel, most can be easily defeated by the user.
I think it's very likely that point-in-time historical accuracy and auditing will be one of the software requirements HMRC imposes, and I can't see how a spreadsheet could ever achieve that.
Equally, I'd argue against your more general opinion that a spreadsheet can provide a suitable basis for long-term recordkeeping like this.
Out of the box and in the hands of even advanced users, spreadsheets don't provide anything like the guarantees you'd need for a robust accounting system. There are any number of common errors - inconsistent formulae across the rows of a column, pivot tables whose ranges aren't large enough to span newly added rows, formulae which have picked up the wrong cell references through a botched sort / copy & paste / insert & delete.
Here are just a few http://www.smb.co.uk/5-epic-spreadsheet-fails/ of the very many examples of skilled professionals failing to notice that an overly spreadsheet is giving them duff figures.
You could of course mitigate many of these risks by paying a suitably competent specialist to build a spreadsheet that was sufficiently locked down and automated (e.g. with VBA to verify consistency of formulae etc). Or indeed if you have the experience and skills to do so you could invest significant time and effort in building it yourself.
But it's highly unlikely that would be cost-effective compared to accepting that a spreadsheet is the wrong tool for the job and signing up for one of the many relatively cheap accounting software packages where all those hassles are taken care of for you.
We're almost out of the window for this being relevant, but if it's a Scottish Charity and the accounting period begins before 1 January 2016, you have to prepare against full FRS102 (or FRSSE) with all the notes and cannot use the small entity version in Update Bulletin 1A. https://www.icas.com/technical-resources/oscr-clarifies-position-on-earl...
Also specifically for documents and email, Gsuite (Google apps for business, as was) has a package where you can specify mail and document retention policies for compliance purposes.
Since the whole point of this is to prevent any user from being able to ever delete or permanently overwrite an email or document, it follows that it's also impossible for any malware they've picked up to do that either. Only Google themselves could ever get round that.
Depends what you mean by cloud-based really. As others have said, anything that relies on document sync with your local PC is vulnerable, though many providers have an option to keep unlimited historical versions of a file so you're always able to recover the last good version.
Anything that involves remote desktop access to a virtual windows machine running Windows software is similarly vulnerable : again you'd hope that the platform would provide decent backup / malware protection but in some cases you just get a virtual machine and it's entirely up to you to manage it as it would be if it was the one on your desk.
Anything that's actually web-based - Xero, Freeagent, etc - will be much less vulnerable. That's because the web application exposes a much more restrictive set of access to the underlying data. There's no way for example for a virus on your computer to leap across the internet to Xero's server and start encrypting data. The worst it could do is pretend to be you and delete transactions through the web interface, but Xero could easily undo these changes from the history they store.
This makes it much easier for them to enforce audit trailing / backup / data security etc because very few systems have raw access to the data and they're all 100% controlled by the software provider.
There are still some security risks with web software, but the provider can tackle them once on behalf of all customers so for the same budget the level of security delivered is significantly higher. Equally, failing to tackle them would put the provider totally out of business, so there's a stronger incentive to make it a top priority than in an organisation where IT is a back office rather than core business function.
I was using "opinion" in the legal sense - advice from a barrister etc is generally referred to as an opinion [even where the law and the facts are clear].
Indeed even a precedent is quite often described in terms of being the court's opinion (both when set and when subsequently referred to).
In other words per http://www.dictionary.com/browse/opinion?s=t I was using it as "the formal expression of a professional judgement" than "a belief or judgement that rests on grounds insufficient to produce complete certainty".
I agree wholeheartedly with your cartoon (which I assume should say "uninformed" rather than "uniformed"), but it refers to the latter of those definitions.
I realise I could have picked clearer words.
Sorry, yes, my wording wasn't clear. I certainly didn't mean to imply that HMRC guidance would be in any way enforceable where it departs from the underlying law.
I absolutely (now! ;) ) agree with you stepurhan that there's a very clear and unambiguous meaning to Section 7.
However, while I don't think there's any ambiguity it appears HMRC either think there is or have knowingly chosen to over-reach.
So there may be a difference of opinion, regardless of whether or not any sensible reading of the legal framework allows it.
From experience I know that it can be deeply tedious, time consuming and potentially expensive to be mired in the HMRC process where they have incorrectly applied the law - even if ultimately successful - and much simpler and quicker when there is a Tribunal ruling against them.
So I was just interested to know if the point had been tested anywhere. I can't see how it would be anything other than an open and shut case if it were...