Real-Time PAYE has supported five years of streamlined tax compliance, but employers face expanding reporting demands in 2024. Olive O’Donoghue outlines key deadlines and requirements in 2024 Real-Time PAYE has been up and running for five years and many will agree that the real-time system has introduced tax compliance efficiencies for employers and employees alike. Employers still have significant reporting obligations that fall outside of the Real-Time PAYE, however. Further, the scope of real-time reporting is expanding with the introduction of Enhanced Reporting Requirements and there is an obligation for employers to operate PAYE on the exercise of stock options from the start of 2024. Below we outline key reporting deadlines and obligations employers need to put in this year’s calendar for timely action. 2023 Employer SARP return – February 2024 The deadline for employers to file a 2023 Employer SARP return is 23 February. The Special Assignee Relief Programme (SARP) provides personal income tax savings of up to 12 percent for employees who relocate to Ireland and meet certain conditions for up to five years. The return covers both local employees and expats and requires details of earnings and the value of the SARP deduction provided through payroll per employee. It also requires details of tax-free items, such as flights or school fees, which may not be readily available in the payroll data. Employers should factor in the time it takes to collate off-payroll information and information on employees who have relocated to other jurisdictions. It is essential to have a solid process for the timely collection of accurate information to avoid or minimise follow-up queries from Revenue. 2023 Employer Share Award Returns – March 2024 Employers are obligated to report details relating to various forms of share-based remuneration provided to employees in 2023 by 31 March this year. This includes all Revenue-approved schemes but also unapproved stock options, restricted stock units and various other direct share awards. Several different returns exist, so it is important for employers to report the right details on the right return. All matters relating to unapproved share options are reported in Form RSS1. However, the return with the widest application for employers is the Employer Share Award (ESA) return. The ESA is a catch-all return and covers all forms of share-based remuneration, including awards that are cash-settled and not specifically reportable on other share returns. Specific returns then exist for KEEP, an Approved Profit Share Scheme (APSS), and a save-as-you-earn (SAYE) scheme. Failure to comply with this mandatory filing obligation can result in a financial penalty for employers, so a timely review of share plans and cash-based incentive arrangements is crucial to determine if the employer has a reporting obligation. Enhanced Employer Reporting from 1 January 2024 2024 heralds the rollout of the Enhanced Reporting Requirements (ERR) which places an obligation on employers to file an additional electronic return with Revenue on or before any payment or reimbursement of in-scope reportable benefits to an employee. Reportable benefits include the remote working daily allowance of €3.20, certain categories of travel and subsistence payments, including vouched and unvouched payments, and benefits covered by the small benefits exemption. ERR will enable Revenue to undertake more targeted PAYE reviews into certain expenses and benefits provided to employees. Revenue has stated that it will not operate a compliance program or apply penalties for non-compliance with ERR until 30 June 2024. While employers must comply with ERR from 1 January 2024, they should use the respite period to the end of June to continue to review and align expense systems to establish a robust process for managing ERR. PAYE on stock options from 1 January 2024 Another significant change from the start of this year is the introduction of the requirement to operate PAYE when an employee exercises a stock option. This represents a significant shift from the previous tax collection system whereby income tax, USC and PRSI payable on stock options were settled by the employee directly with Revenue within 30 days of exercise. While the move to PAYE on the exercise of stock options will be welcomed by employees as it removes their obligation to settle their taxes, significant challenges may arise for employers who will be required to gather the necessary data to report the stock option gains via the payroll on a real-time basis. PAYE must be operated even where an option is exercised by a former employee, for example. This can give rise to practical challenges related to timing and the ability of the employer to collect taxes from the individual. Employers may also face challenges operating PAYE on stock options exercised by cross-border employees who worked in different countries throughout the vesting period. Employers will need to have access to accurate travel data to enable them to correctly determine the portion of any option gain that is taxable in Ireland. Olive O’Donoghue is a Tax Partner with KPMG’s People Services tax practice 

Do boards truly understand the risks and opportunities AI presents? Ryan McCarthy explains why many are ill-prepared for this game-changing technology There can be no doubt that the era of artificial intelligence (AI) has arrived. Barely more than a year since ChatGPT landed with a bang, investment has poured into the sector. Google has launched its Gemini system and Elon Musk’s X has introduced Grok, an AI modelled on the Hitchhiker’s Guide to the Galaxy. Spurred by the proliferation of AI tools in the EU, the European Council and Parliament have reached provisional agreement on the world’s first comprehensive AI law. Given all this, you might expect that AI must surely be on the agenda at every board meeting. This is not quite the case, however. We’re not yet seeing AI discussed around boardroom tables in any meaningful way. When it is discussed, it is generally with very little depth. This needs to change. Every board member must take it upon themselves to understand the issues and implications of AI now and in the future – don’t leave it to someone else. Threat and opportunity On the occasions AI does come up at board meetings, the discussion invariably turns to the emerging threat or risks it may pose. What hasn’t been discussed yet are the business opportunities it may also present. AI tends to be viewed as an external factor that could affect an organisation rather than an operational item to be examined from the inside. Thematically, we are seeing continued focus on AI as a broad, external and conceptual threat. Board room discussion remains very much at the surface level. Risk: rules vs principles Boards have become focused on risk primarily from a corporate governance, rather than a practical, point of view. The risk section in a typical annual report is getting thicker and thicker – not without reason, but it can contain a lot of ‘cookie-cutter’ risks: cyber-attacks, supply chain challenges and climate change, for example – and now, AI. There has been a steady drift over time towards rules rather than principles. People ask whether the risk is written down and documented, as opposed to asking, ‘What’s really going to sink the ship?’ You rarely find a strong example of a business identifying a risk that is clearly explained alongside an outline of how it has been contained or overcome. Advising the experts So, if boardroom discussions about AI are still only skin-deep, what will move it onto the business agenda? You have to look at modern governance structure, which involves companies drawing on specialists in areas including audit, risk, nomination/remuneration matters and, more recently, sustainability. Some companies, particularly in the US, have created the dedicated role of Chief AI Officer. There may be a gap for a technology or ‘emerging tech’ committee at board level. There are already requirements regarding the correct number of financial experts needed on a board. Should every board now also have technology experts? Diversity behind the boardroom door This leads to a broader point: given the close correlation between youth and emerging technology, does the typical top-level boardroom have the right demographic to deal with AI? We have come a long way in terms of boardroom diversity, but there is another layer to diversity that is exposed here: do we have young people?  Do boards have people from different educational and skill backgrounds, particularly when it comes to technology and innovation? I would say that many don’t. Outside the boardroom, a company’s executive – including the HR function – should also be getting to grips with AI. If something like the AI opportunity is not coming up through the organisation to the board level, then you’ve probably got to ask whether you have an executive that is tuned in. In the same way you need day-to-day skills to fully embrace environmental, social and governance requirements, do you have the right skills for AI? The workforce question What I haven’t yet discussed with any client is the opportunity AI could potentially present for the workforce. Part of the reason is that we haven’t yet fully figured out use cases. It looks as if these use cases will become more apparent in 2024 and beyond. One Dublin hospital has begun using AI to assess radiology scans, for example, while the National Weather Service has an academic collaboration in place to explore the use of AI and data science in weather and climate services.  The medical profession is producing more and more diagnostic information yet there is a worldwide shortage of people to review it. Could AI provide a possible solution? Companies with large customer service operations have been through the cycle of using onshore customer service teams to moving some elements offshore and then introducing bots or some combination of all three. Could AI provide a better option? Curiosity is key I expect AI to feature more prominently in boardroom discussions in the future. The best board members – and by extension, the best boards – have an innate curiosity. Right now, there are two things in the world we should be curious about now: one is geopolitics, and the other is technology – more specifically, AI. If you sit on a board and you’re not curious about these two things and their potential impact on your business, you may be in trouble. Ryan McCarthy is Audit Partner and Board Leadership Centre Lead at KPMG

As finance leaders grapple with the Corporate Sustainability Reporting Directive and its complex demands, IT collaboration will become increasingly important, writes David Codd Finance Directors and Financial Controllers are working hard to understand the implications of the Corporate Sustainability Reporting Directive (CSRD) and to put the necessary reporting in place in their businesses. But their colleagues in IT also have a vital part to play. This is an unusual challenge for IT, and it’s important to consider how to collaborate effectively. What are the pitfalls to avoid? And how can you build a strong partnership to deliver your sustainability reporting programme? The CSRD, finance teams and IT The CSRD will expand sustainability reporting which will become mandatory for publicly listed companies (plcs) in 2025 for 2024 performance and a year later for all large companies. Finance teams are now performing double materiality assessments and assessing what new measures and information will be required. However, the underlying data itself must be identified and sourced, its reliability established, and processes put in place to extract and interpret the data and report accurately on an ongoing basis. This has the potential to become very onerous. IT support will be critical to an effective and efficient process, i.e. high-quality reporting with minimum manual intervention. An unusual IT challenge This is an unusual challenge for IT departments for various reasons: The scope is exceptionally broad The activities that impact the environment are conducted across an organisation’s operations and – for Scope 3 emissions – through multiple steps in the supply chain. So, the systems and datasets your IT colleagues will have to work with are unusually disparate and will even fall outside the boundaries of the technology estate they control. The standards are still being rolled out IT project managers like clear definitions at the start of a project. However, the first sustainability reporting standards have only recently been released, and the taxonomy for digital reporting is a work in progress. Plus, the “limited assurance” concept will give rise to different interpretations of the quality of the audit trail needed. This is a big project without a conventional monetary business case Chief Information Officers usually have many more attractive-sounding initiatives in the pipeline than they can deliver at once. So, they work with their finance and functional colleagues to prioritise, and resources are allocated based on financial payback or loss avoidance. Your CSRD-driven reporting programme does not neatly fit these criteria.      How to manage risks There are several risks when working with an IT team on sustainability reporting. Confused responsibilities You usually work with a financial systems team, but IT business partners for supply chain or manufacturing operations will already have been partnering with sustainability managers to develop scorecards. Muddled ownership and communications can result in lost time. In a large business, reporting is a full-blown programme consisting of several streams. It needs experienced management to coordinate it and manage the relationship with you. I would also recommend that accountability for IT delivery sits with the head of financial systems, and the IT project manager should sit on the team. This keeps the ownership and lines of communication as simple as possible. Your IT team can’t resource the project Since the 2000s, IT resource has shifted from enterprise systems to ecommerce, data analytics and security. Enterprise resource planning systems teams have been staffed to make incremental changes on the basis that resources can be contracted in as needed. However, consulting firms are now experiencing heavy demand for their sustainability reporting expertise as deadlines approach. The work should be scoped out with IT as early as possible. Most of the scope can be clarified now. Finance and IT should accept that adjustments will be needed, but it’s wise to use resources now and make progress. In this case, perfect is the enemy of good. Motivation The tech community loves stimulating work – through either buying into a goal or working with innovative technology (and preferably both). You need enthusiastic professionals volunteering for this project, but you’re competing with exciting fields such as artificial intelligence and the possibility of going to other employers. The people you need have lots of options. Be aware of the nuanced differences between finance and tech culture and accept that you’re competing for talent. Reach out to the IT community in your business, explain that CSRD prevents greenwashing and that high-quality reporting is a noble undertaking that will help your business to show the world what you’re doing. True partnership is key Recognise the significant challenge presented for both IT and finance by the imperative to develop a quality, efficient sustainability reporting process at pace. A true partnership between finance and IT is the key to successful reporting. David Codd is a Non Executive Director and Strategy and Transformation Consultant

Kevin Empey explores the three phases of flexible work adoption, from foundational steps to future-focused strategies As we enter a new year, there is still a noticeable gap between desired employer policy and employee practice and expectations as to how flexible work arrangements should operate. This gap narrowed in 2023, with both employers and employees taking steps to make flexible working fit-for-purpose more standard practice, but the evolution of more flexible work models is far from over. The employment market in 2024 looks set to be split between two types of employers. First, there will be the employers who continue to be open about how and where work is done with an eye to emerging influences such as artificial intelligence (AI) and the four-day work week. Second, there will be those who revert to more ‘fixed’, pre-COVID work models and mindsets with minor concessions to demands for some form of hybrid working offering.  While other business and employment priorities take over the agenda in 2024, it doesn’t mean flexible work design is done and there is further change ahead.  In our experience, there are three distinct phases in the transition to flexible work models and how organisations are adapting to new and emerging realities. Phase 1: Base camp Some organisations (not many) are still in the early stages of settling on their flexible working vision. They are continuing to lay the groundwork for establishing new work models that cater to evolving work patterns and demands as well as organisational priorities. This phase involves embracing the basics, getting the framework up and running and also considering their flexible working strategy for frontline roles and work that cannot be done remotely. Phase 2: Integration Most businesses find themselves in this second phase. They have spent 12 to 24 months adapting to their declared approaches (the ‘what’) and are now in a position to refine and integrate their flexible models (the ‘how’) with the demands of their business. This involves addressing specific challenges encountered in recent months, bridging gaps between employer policies and employee preferences, and adapting legacy processes and definitions of productivity. The opportunity presented by this phase is to ensure that work redesign will be an ongoing expectation and reality and is just not about getting hybrid right. The risk of this phase is that employers allow poor habits and practices to set in and that the expectation and need for ongoing reform and improvement is not made clear.   Employees are also considering whether their employer’s flexible working models align with what they want. Continued flexibility and ongoing dialogue will be critical to keeping people on board.  Phase 3: Beyond hybrid Organisations that have reached this stage have moved beyond the hybrid conversation. They have integrated hybrid working into a broader flexible work model. Their experiences and approaches provide valuable insights into how this transition can best be managed. A critical theme in this phase is the shift in narrative, where the focus is not solely on the hybrid debate but on achieving work flexibility and adaptability more broadly across the organisation. This will include open work design conversations involving AI solutions, four-day work week options and other influences on how and where work can be done better and faster. This encompasses reforming processes, enhancing employee experiences, reconfiguring workplaces and aligning change with ongoing cultural and transformational agendas. In this phase, the emphasis also shifts to enabling teams to drive changes and improvements collaboratively rather than imposing them from the top down. Furthermore, continuing support for managers to lead ongoing change becomes paramount in ensuring sustained success. It is also quite common to see some organisations shift from one phase to another and back again, as they re-set strategies and solutions with employees and their people leaders. The future agenda  As we move forward into 2024 and beyond, the perspective is shifting beyond the mere transition to hybrid working models. Building on recent hybrid working experiences and fostering a culture of adaptability and agility will be transformative for both employers and employees, narrowing the gap between what employers offer and employees want. The journey towards a flexible and adaptive workplace is ongoing and will continue at pace, with new chapters and milestones on the horizon. Those organisations that prioritise learning from recent experiences and adapting to change as an ongoing habit will be best-equipped to succeed and minimise the employer/employee gap. Kevin Empey is the Managing Director of WorkMatters

Trusted data is becoming a cornerstone of competitiveness as more organisations embrace analytics and AI. Eoin O'Reilly explains why Data plays a crucial role in almost every aspect of our lives. How our food is produced, how we interact with public services, how we manage our finances, how healthcare is delivered—all are critically dependent on data and how organisations use it. While the ability to leverage data is rapidly becoming a competitive differentiator for organisations, their challenge lies in the degree to which they can trust the data they use. Trust in information is becoming increasingly important as a new wave of artificial intelligence (AI) innovation blurs the lines between internal and external data. Published in December, The EY Ireland Trusted Data Report 2023, surveyed eight public and private sector organisations to establish how far advanced they are on data usage, AI adoption and data trust. Irish organisations demonstrated a strong understanding of the need for trust across the data lifecycle, the survey found, while progress had been made on key elements of the trust journey. Data that isn’t subject to continuous oversight cannot be fully trusted. It must be subject to constant verification and validation from the point of collection all the way along its journey to its use in analytics and AI. Data trust continuum As organisations embrace the increased use of analytics and AI, more must be done to extend and formalise the data trust continuum. With the rise of AI and generative AI (GenAI), in particular, the issue of data trust has assumed even greater significance. A breach of trust at any point on the continuum can have potentially devastating consequences for the organisation and society. Strong governance and data management are critical for data trust. There needs to be a more holistic approach to building data trust in organisations. This starts with determining how data aligns with business strategy and runs through to data control across the data lifecycle and its responsible use. Organisations need to develop a comprehensive framework that balances strategic vision with the appropriate management of risks and controls. EY’s survey reveals that organisations are at various points on their data trust journeys, with the strategic focus shifting to how data can be leveraged to add value to the business. They have robust data governance and compliance frameworks in place, but there is acceptance that these are merely the starting point on their journey along the data trust continuum. Irish organisations recognise and appreciate the crucial importance of data trust for their business operations. While there is a significant variation in the data maturity of organisations, they understand the need for continuous management and data monitoring at every point along the trust continuum. They are taking a wait-and-see attitude to AI, but they must take care that this does not mean they miss out on valuable opportunities. Eoin O'Reilly is Partner and Head of Data, Analytics & AI at EY Ireland. You can more about the EY Ireland Trusted Data Report 2023 here.

With tech-enabled fraud on the rise in Ireland, businesses must carefully assess and manage potential risks, writes Sara McAllister Ireland is a hub for data storage and technology organisations and, as such, we are at the fore of innovation and transformation. There is a flipside, however. As this industry grows and technology evolves, so too do risks associated with fraud. Businesses and organisations in Ireland have become a greater target for fraudulent activity by criminals looking to exploit vast amounts of data created, shared and uploaded every single second. The challenge now is how best to identify, monitor and manage this risk. The National Risk Assessment 2023, published by the Irish government earlier this year, points to Ireland being especially vulnerable due to the scale of technological infrastructure developed here. Its exploitation by bad actors could cause significant disruption. A rise in the volume of fraudulent attacks carried out in Ireland speaks to the appetite of those looking to exploit weaknesses in infrastructure, industry or organisations. With this heightened focus on Ireland, business and organisational leaders here may find themselves under pressure to assess, manage and prepare for risks attached to operations, both in-house and outsourced. Artificial intelligence As new technologies come on stream, the focus on risk reduction will need to move at a faster pace. Advances in artificial intelligence (AI) have helped scale businesses via real-time automation, but this technology comes with its own risks. Ultimately, it is a double-edged sword. On the one hand, AI has been a game-changer in areas like audit and forensics, allowing businesses to deploy ‘needle in a haystack’ algorithms to identify anomalies and exposures. This is one of the reasons we are seeing an improvement in the detection of fraudulent activity. On the other hand, AI has allowed bad actors to identify new opportunities to carry out fraudulent attacks, penetrating weaknesses in the new and novel AI technology businesses are learning to use. Hybrid and remote work Most businesses have introduced remote and hybrid working processes in recent years, and many will continue to review these policies in line with changing business needs. A key consideration in this context is the risk associated with social engineering threats, which rely on human error and can be much more difficult to detect than other fraud-related risks. Where employees work remotely, evidence suggests they are less likely to consider the legitimacy of communications they receive by email, for example, and may be more inclined to respond to fraudulent requests that appear to have been sent by colleagues or superiors within their organisation, creating vulnerabilities across entire business networks as a result. Security training and awareness is the first line of defence against social engineering, yet many organisations fail to sufficiently consider the risks associated with employees working on-site and remotely. Fraud trends Several other trends are raising concern for businesses, too, beyond AI and hybrid working. Synthetic identity theft uses legitimate and fabricated information to exploit vulnerabilities and remains problematic for businesses as it is increasingly difficult to detect. Account takeover fraud remains prevalent and, as the number of personal online and social media accounts increase, so too do attacks by criminals attempting to gain access to personal data or bank details, often through stolen information. Crypto currency fraud, albeit less mainstream, also fundamentally exploits technology control weaknesses to attempt to steal coins, such as Binance Smart Chain, Ethereum and Bitcoin. Necessary risk assessment The heightened risk landscape is part of a changing cybersecurity picture where digital technology is constantly being attacked and weaknesses are identified and accessed by criminals to exploit data and information for their own gain. Fraud risk must always be a key factor for consideration when managing shared infrastructure, data breaches, preventing unauthorised access and engaging with third-party providers, among others. Industry and political stakeholders are acutely aware of the challenges in this space. Without the proper risk assessment, governance and control mechanisms in place, any single attempt at fraud could potentially put a business at the centre of a perfect storm with a highly damaging aftermath.  Sara McAllister is Partner and Head of Business Risk Services at Grant Thornton