The risk was invisible until it wasn’t
The issue did not present itself as a failure. Exports were moving. Customers were receiving goods. Revenue was being recognised. From an operational perspective, the system appeared to function.
The risk sat beneath that surface. Evidence supporting VAT zero-rating was inconsistent. Documentation existed in places, but it was fragmented, incomplete, and not systematically linked to transactions. Over time, this absence of structure had become normalised.
When the position was quantified across several years, the potential exposure was approximately £2.4 million.
The risk was not created by a single decision. It accumulated quietly as complexity increased.
When routine masks fragility
Exports were processed correctly in practice. Goods left and reached their destinations. Operational work continued without interruption.
VAT zero-rating, however, is evidential rather than contextual. Authority sits with proof rather than intent. Where evidence is incomplete, the position remains fragile regardless of outcome.
The operating model relied on assumption rather than control. Documentation was treated as supporting material rather than as a structural requirement. What had once been manageable through experience and judgement no longer held at scale.
Recognising the nature of the problem
Once the exposure was understood, it became clear that the issue extended beyond individual transactions.
Responsibility for evidential completeness had diffused across logistics, finance, operations, and external partners. No single point in the system carried explicit authority for ensuring that proof existed, was retained, and was auditable.
Judgement had substituted for structure. As scale increased, that substitution created material risk.
Reconstructing evidence at scale
The immediate priority was to restore control.
Working with freight forwarders, carriers, archive teams, and customers, export audit trails were reconstructed going back several years. In many cases, the required evidence still existed. It had simply not been retained, linked, or governed as part of a coherent system.
Where proof was recovered, the position was corrected. Where it could not be recovered, the exposure was addressed. This process reduced the overall risk profile and clarified the limits of the existing operating model.
Where authority had drifted
The core issue was not technical VAT knowledge. It was authority over evidence.
Ownership of proof had become implicit rather than explicit. Evidence requirements sat between functions rather than within them. No single role or system carried end-to-end accountability.
As the organisation grew, this gap widened. What had once been tolerable drift became structural fragility.
Embedding control into the operating system
Addressing historical exposure was insufficient without redesigning the system.
The export compliance framework was rebuilt so that evidential requirements were embedded directly into operations. Document control was systemised. Evidence checks moved upstream into shipment authorisation rather than being applied after the fact.
Teams outside compliance were aligned on what evidence mattered and where it sat within the flow of work. Compliance ceased to operate as a downstream review function and became part of how shipments were released.
Authority over proof was made explicit.
Outcome: risk neutralised, system stabilised
The original exposure was neutralised. Some VAT was recovered. Residual risk was removed.
More importantly, the organisation emerged with a system capable of tolerating growth, change, and acquisition without relying on memory or assumption.
Control no longer depended on individual judgement. It was carried by structure.
What this reinforced
This case reinforced a familiar pattern. Material risk rarely emerges from deliberate action. It accumulates through small, reasonable assumptions that go unchallenged as complexity increases.
Systems drift quietly when authority is implicit rather than designed.
Restoring control is rarely about fixing a single issue. It is about realigning authority, evidence, and execution before scale turns routine into risk.
Ryan Hill 
Leave a comment