LSCA End-Hirer's Audit Dashboard
Start, complete, revisit, analyse, store, print or send your essential Agency LSCA Audits by choosing from the menu below.
End-Hirer Umbrella CIS Audit
Important Information
This checklist supports end-hirers in auditing CIS umbrella suppliers to ensure transparency, tax compliance, and risk mitigation.
It covers:
- Corporate structure and director legitimacy
- CIS status assessments and SDC compliance
- Accurate CIS tax deduction and reporting
- Alignment with CFA 2017 and CIS340
- Controls against mini umbrella fraud and supply chain layering
- Prevention of “purported umbrella” risk under 2026 PAYE debt rules — where self-employment is misrepresented or misunderstood
End-hirers should demonstrate:
- Robust due diligence on all CIS umbrella providers
Clear evidence of worker status, payments, and controls - Escalation of non-compliant practices (e.g. disguised employment or misuse of CIS)
- That the self-employed status is clearly communicated to avoid PAYE liability triggered by assumption
High-risk models (e.g. substitution clauses, hybrid PAYE/CIS, third-party payroll) require enhanced scrutiny.
Assertions without evidence may fail HMRC standards.
Unless specified otherwise, evidence must be dated within the last 12 months; reconciliations and CIS submissions must be monthly; insurance must be in force with ≥ 6 months remaining or broker confirmation of renewal.
Evidence Expectations
In an HMRC audit, superficial responses will not meet compliance standards.
Agencies may be asked to provide:
- Contracts, KIDs, onboarding scripts, pay breakdowns
- Risk assessments, IR35/SDS logs, onboarding due diligence
- Third-party audit outcomes, governance records, and escalation logs
- Mini umbrella red flag checks, VAT/Kittel assurance, and group structure disclosures
By using the form, you acknowledge acceptance of OPRaaS LTD’s data handling policies and terms and conditions of use.
User and Company Details
Please enter the company details for the entity you are auditing. If you are performing a Self-Assessment, please insert your own company details here.
Section 1 – Corporate & Director Integrity
This section verifies that the CIS umbrella company engaged by the end-hirer has a legitimate corporate structure and fit-and-proper leadership. HMRC expects transparency in ownership, accurate tax registration, and assurance that those running the business are not disqualified, financially unstable, or linked to previous misconduct.
Ensuring legal identity and ethical leadership is essential for end-hirer supply chain assurance.
Section 2 – Tax Registrations & Supply-Chain Mapping
This section ensures the CIS umbrella company has active and accurate tax registrations (UTR, VAT if applicable), declares all group entities, and discloses any subcontractors in the labour supply chain.
It provides the end-hirer with a single, transparent view of who engages and pays CIS subcontractors, preventing fraud, disguised employment, phoenix activity, and weak links in the chain.
HMRC expects due diligence to extend beyond the umbrella itself to all subcontractors and affiliates, with documented evidence of CIS deductions, VAT, and tax remittance.
Section 3 – Banking, Money Flows & Outsourcing
This section tests financial transparency, the exclusive use of UK business bank accounts in the umbrella’s legal entity name, and disclosure of any outsourced CIS/payroll services.
HMRC flags phoenixing, hidden intermediaries, offshore accounts, and third-party banking as key indicators of fraud. Independent review of overrides and segregation of duties (payroll vs sales) are critical for CIS assurance.
Section 4 – Payroll & Financial Assurance (CIS)
This section ensures CIS deductions are calculated and remitted accurately, reconciled with HMRC submissions, and supported by timely reporting. It checks whether the umbrella has been subject to HMRC CIS audits and how findings were addressed.
Payroll assurance in a CIS context means confirming that subcontractors’ tax deductions match filings, funds are not misapplied, and no disguised remuneration models are in use.
These controls protect workers, maintain supply chain integrity, and ensure the end-hirer is not exposed to hidden liabilities under HMRC or the 2026 JSL regime.
Section 5 – Worker Pay & Protections (CIS)
This section ensures CIS subcontractors are clearly informed of their financial responsibilities, payment terms, and deductions. HMRC and the 2026 JSL rules emphasise that end-hirers must prevent disguised employment, mis-selling of CIS, or wage skimming disguised as deductions.
Red flags include: lack of margin disclosure, misleading payslips, coercion into CIS without informed choice, or expenses used to mask taxable income.
Section 6 – Employment Status Assessment (CIS)
This section verifies that CIS umbrellas are correctly assessing employment status before paying workers. HMRC requires CIS status checks, retained evidence, and periodic reviews to avoid misclassification.
Red flags include workers treated as employees (e.g. fixed hours, direction, statutory rights) while under CIS, or no evidence of SDC reviews.
Section 7 – Assignment Suitability & Worker Monitoring
This section ensures all CIS assignments meet the HMRC CIS340 definition of “construction operations” and are monitored for ongoing compliance.
End-hirers are accountable if workers are misclassified or continue in CIS despite failing supervision/direction/control (SDC) checks.
Red flags include CIS used for non-construction roles, underpaid subcontractors, or lack of periodic re-checks.
Section 8 – Contract Terms (CIS)
This section ensures umbrella CIS contracts clearly establish self-employment and exclude employment-style rights.
HMRC expects contracts to reflect actual working practices.
Red flags include missing substitution clauses, entitlement to holiday pay, or contracts that resemble PAYE terms.
Section 9 – Payments, Returns & Insurances
This section ensures CIS umbrellas deduct and remit CIS tax correctly, file CIS returns on time, and maintain insurance to cover risks.
HMRC expects accurate deduction, timely filing, and transparent remittance.
Red flags include late or missing returns, deductions not passed to HMRC, missing insurance cover, or disguised remuneration routed through CIS.
Section 10 – Tax Risk (IR35, Disguised Remuneration, DRC VAT)
This section ensures CIS umbrellas are not facilitating disguised remuneration, VAT misuse, or phoenix fraud.
HMRC applies the Kittel principle (denying VAT claims if fraud was “known or should have been known”), and the 2026 JSL regime means end-hirers can be liable for downstream misconduct.
Red flags include invalid VAT numbers, phoenix activity, disguised PAYE through CIS, or MUC-linked invoices.
Section 11 – Criminal Finances Act 2017 (CFA) Compliance
This section checks whether the umbrella has robust measures to prevent the facilitation of tax evasion, as required under Section 45 of the Criminal Finances Act 2017.
It validates risk assessments, anti-facilitation controls, escalation routes, and whistleblowing mechanisms.
These measures protect end-hirers from joint liability if umbrellas or their subcontractors enable tax evasion.
Section 12 – Identity, RTW & Core GDPR (CIS)
This section confirms that the umbrella performs compliant Right to Work (RTW) checks, secures worker identity data, and manages GDPR obligations lawfully.
It also integrates Modern Slavery Act safeguards and checks that workers are employed directly by the umbrella (not hidden entities).
Under the JSL regime (2026), end-hirers remain jointly responsible for worker protection and lawful engagement — so auditable evidence is critical.
Section 13 – Business Continuity, Cybersecurity & Exit Planning
Ensures umbrellas can maintain payroll/data integrity, withstand disruptions, and transfer records securely if they cease trading.
Section 14 – Modern Slavery Risk Management (CIS)
This section tests whether the umbrella identifies and mitigates risks of labour exploitation, trafficking, or coercion in its CIS operations. HMRC, the GLAA, and the Modern Slavery Act 2015 expect proactive due diligence.
Red flags include missing policies, no RTW checks, recruitment fee charging, or lack of escalation channels.
Section 15 – Expenses, Lodge & CITB (sector-specific)
This section ensures the umbrella handles sector-specific obligations (CITB levy and lodge payments) and does not misuse expenses to disguise pay.
HMRC and CITB audits focus on levy compliance, temporary workplace tests, and genuine expense evidence.
Red flags include levy evasion, over-claimed lodging, or home-to-work travel disguised as business expenses.
Section 16 – Employment Intermediary Reporting Requirements (EIRR) & Mini Umbrella Company (MUC) Risk
This section ensures umbrellas comply with quarterly HMRC EIRR submissions and are not involved in Mini Umbrella Company (MUC) fraud.
EIRR gives HMRC visibility over worker supply chains, while MUC abuse (PAYE fragmentation, multiple schemes, or Employment Allowance misuse) is a high-risk area.
Red flags include missing EIRRs, multiple unexplained PAYE schemes, or HMRC warnings about MUC activity.
Section 17 – Hybrid & Purported Umbrella Risk
This section checks whether the umbrella operates CIS and PAYE models transparently and avoids creating “purported umbrella” arrangements under draft 2026 Joint & Several Liability (JSL) rules.
HMRC warns that if it is reasonable to assume PAYE applies, debt can be transferred to the end-hirer.
Red flags include CIS workers under SDC, employment-style benefits, misleading terminology, or hybrid models without legal sign-off.
Section 18 – Financial Stability & Resilience
End-hirers need assurance that CIS umbrellas are financially stable, able to pay workers on time, and resilient to shocks.
HMRC and the FCA flag insolvency/phoenix risk as key indicators of fraud.
Red flags include late filing of accounts, repeated losses, reliance on subcontractor credit, or lapsed insurance cover.
Section 19 – End-hirer Governance, Attestations & Escalation
This section tests whether the end-hirer has a formal due diligence framework and enforces dynamic oversight of CIS umbrellas.
HMRC and the draft 2026 JSL rules expect evidence-led assurance (not declarations alone), contractual audit rights, quarterly attestations, and clear escalation/remediation if risks are identified.
Red flags include no written policy, no audit rights in contracts, reliance solely on supplier declarations, or lack of escalation logs.
Section 20 – Final Declaration and Signoff
Captures accountability and sign-off from the end-hirer, confirming that the audit covering both Umbrella CIS engagements has been completed, reviewed, and authorised by a suitably responsible individual.
This declaration signifies the end-hirer’s commitment to transparency, lawful engagement, tax compliance, and ethical labour supply practices.
Final Declaration and End-Hirer Signoff
I, the undersigned, hereby confirm the following on behalf of the end-hirer that the information provided in this self-audit of our umbrella and CIS labour supply chain is, to the best of my knowledge, accurate, complete, and a fair reflection of our internal due diligence, risk controls, and operational compliance.
I confirm that:
1) Supporting documentation referenced in this audit can be made available upon legitimate request.
2) We have taken reasonable steps to ensure that umbrella and CIS providers within our supply chain operate in line with UK employment law, HMRC tax regulations, and supply chain transparency obligations.
3) This declaration signifies our commitment to:
i) Preventing disguised remuneration, tax evasion, and labour exploitation
ii)Upholding the rights and entitlements of all workers in our supply chain
iii)Meeting obligations under the Criminal Finances Act 2017, Modern Slavery Act 2015, and other relevant legislation
iv) Continuously improving our supply chain governance