LSCA End-Hirer's Audit Dashboard
Start, complete, revisit, analyse, store, print or send your essential Agency LSCA Audits by choosing from the menu below.
End-Hirer Umbrella PAYE Audit
Important Information
This checklist helps end-hirers audit umbrella companies operating PAYE models in their labour supply chain.
It supports compliance with current legislation and prepares for the upcoming Joint and Several Liability (JSL) regime effective April 2026.
It addresses key risk areas, including:
- Umbrella legitimacy, director conduct, and tax registrations
- PAYE accuracy, margin transparency, and statutory employment rights
- Mini umbrella company (MUC) detection and payroll fragmentation
- Alignment with the Criminal Finances Act 2017, Modern Slavery Act 2015, and GDPR
- Worker onboarding, grievance handling, and data protection
End-hirers must demonstrate that:
- Umbrella due diligence is documented and risk-based
- Legal obligations are enforced through contract
- PAYE and employment law compliance is evidenced and auditable
🚩Red Flags (e.g. disguised remuneration, excessive deductions) are identified and addressed
Note: Unsupported responses will not satisfy HMRC or commercial audits.
This tool embeds accountability and assurance across your umbrella supply chain — now essential under the evolving compliance landscape.
Evidence Expectations
In an HMRC audit, superficial responses will not meet compliance standards.
By using the form, you acknowledge acceptance of OPRaaS LTD’s data handling policies and terms and conditions of use.
User and Company Details
Please enter the company details for the entity you are auditing. If you are performing a Self-Assessment, please insert your own company details here.
Section 1 – Corporate Identity, Directors & Group Structure
This section ensures the umbrella company is a legally constituted, active business with transparent trading identity, tax registrations, and accountable directors.
Verifying incorporation, PAYE/VAT details, ownership, and director integrity enables the end-hirer to screen for shell companies, phoenix operations, or fraudulent structures — essential to HMRC due diligence expectations under the Criminal Finances Act 2017, Modern Slavery Act 2015, and the 2026 JSL regime
Section 2 – Tax Registrations & Supply-Chain Mapping
This section ensures the umbrella company has active and accurate tax registrations (VAT, PAYE, UTR), declares all group entities, and discloses any subcontractors in the pay chain.
It provides the end-hirer with a single, transparent view of who employs and pays workers, preventing fraud, disguised remuneration, and weak links in the supply chain. HMRC expects due diligence to extend beyond immediate suppliers to the whole chain, with documented evidence of PAYE, NIC, and VAT remittance
Section 3 – Banking, Money Flows & Outsourcing
Tests financial transparency, use of own UK accounts, and disclosure of outsourced CIS/payroll services.
HMRC warns that phoenixing, hidden intermediaries, or third-party bank accounts are red flags for fraud.
Section 4 – Payroll & Financial Assurance (Worker Pay, PAYE, RTI Integrity)
This section ensures fairness, transparency, and compliance in all worker pay-related areas — including pensions, salary sacrifice schemes, holiday pay, Agency Workers Regulations (AWR), and expenses.
It confirms that Employer NIC savings are not disguised as deductions, workers are not pushed below NMW thresholds, and statutory entitlements (holiday pay, pensions, expenses) are correctly applied and explained.
This protects workers, ensures supply chain integrity, and prevents disguised remuneration or wage skimming.
Section 5 – Worker Pay & Protections
This section ensures fairness, transparency, and compliance in all worker pay-related areas — including pensions, salary sacrifice schemes, holiday pay, Agency Workers Regulations (AWR), and expenses. It confirms that Employer NIC savings are not disguised as deductions, workers are not pushed below NMW thresholds, and statutory entitlements (holiday pay, pensions, expenses) are correctly applied and explained.
This protects workers, ensures supply chain integrity, and prevents disguised remuneration or wage skimming.
Section 6 – Identity, Right-to-Work & Core GDPR
This section confirms that the umbrella performs compliant Right to Work (RTW) checks, secures worker identity data, and manages GDPR obligations lawfully.
It also integrates Modern Slavery Act safeguards and checks that workers are employed directly by the umbrella (not hidden entities).
Under the JSL regime (2026), end-hirers remain jointly responsible for worker protection and lawful engagement — so auditable evidence is critical.
Section 7 – Worker Rights & Earnings Transparency
This section verifies umbrella compliance with statutory employment rights, including Working Time Regulations (WTR), Agency Workers Regulations (AWR), and statutory holiday pay.
It ensures workers receive accurate entitlements, that pay transparency is maintained, and that outdated or unfair contracting practices are avoided.
By covering onboarding (KIDs, Conduct Regs), in-life protections (holiday pay, AWR), and exit processes (offboarding, reconciliations), this section strengthens end-hirer accountability and mitigates joint employment risk.
Section 8 – Dispute, Complaint Handling & Record-Keeping
This section ensures the umbrella company has robust procedures to log, investigate, and resolve complaints fairly and transparently.
It also checks whether records are properly maintained and fed into continuous improvement.
Strong grievance and dispute-handling processes reduce worker dissatisfaction, prevent escalation to tribunal or reputational damage, and demonstrate that the end-hirer has effective oversight under CFA 2017, JSL (2026), and ACAS guidance.
Section 9 – Tax Risk (IR35, Disguised Remuneration, DRC VAT)
This section ensures umbrellas are not engaged in VAT fraud, disguised remuneration, or payroll manipulation that could expose end-hirers to liability under the Kittel principle, Criminal Finances Act 2017, or the upcoming Joint & Several Liability (JSL) regime (2026).
End-hirers must go beyond umbrella assurances to actively test VAT compliance, tax remittance, and hybrid PAYE/CIS risks.
Section 10 – Expenses, Subsistence & Reimbursement
This section confirms that umbrella reimbursement processes align with ITEPA 2003 and HMRC guidance.
It ensures expenses are genuine, evidenced, and not used to disguise remuneration. It also validates that workers are clearly informed of what is (and isn’t) reimbursable.
This is critical for end-hirers to defend against HMRC challenges under the Criminal Finances Act 2017, the Kittel principle, and upcoming JSL (2026) obligations.
Section 11 – Criminal Finances Act 2017 (CFA) Compliance
This section checks whether the umbrella has robust measures to prevent the facilitation of tax evasion, as required under Section 45 of the Criminal Finances Act 2017. It validates risk assessments, anti-facilitation controls, escalation routes, and whistleblowing mechanisms.
These measures protect end-hirers from joint liability if umbrellas or their subcontractors enable tax evasion.
Section 12 – Modern Slavery Risk Management
This section ensures the umbrella is actively identifying, managing, and mitigating the risk of labour exploitation, trafficking, or coercion within its supply chain — including via umbrella and subcontractor operations.
Under the Modern Slavery Act 2015 and the 2026 JSL regime, end-hirers must demonstrate that reasonable steps were taken to prevent worker abuse and criminal facilitation of exploitation.
Section 13 – Business Continuity, Cybersecurity & Exit Planning
Ensures umbrellas can maintain payroll/data integrity, withstand disruptions, and transfer records securely if they cease trading.
Section 14 – Complaints & Worker Grievances (Strengthened)
Although governance sections already touch on this, HMRC expect clear evidence of worker voice.
This mirrors the Agency audit requirements.
Section 15 – Insurance & Financial Resilience
End-hirers need assurance that CIS umbrellas are financially stable, able to pay workers on time, and resilient to shocks.
HMRC and the FCA flag insolvency/phoenix risk as key indicators of fraud.
🚩Red Flags
Red flags include late filing of accounts, repeated losses, reliance on subcontractor credit, or lapsed insurance cover.
Section 16 – Mini Umbrella Company (MUC) Fraud Controls
This section protects the supply chain from risks linked to mini umbrella company (MUC) fraud, which involves fragmented PAYE schemes, misuse of Employment Allowance, or VAT threshold manipulation.
Such practices expose end-hirers to reputational damage, HMRC enforcement, and JSL (2026) liabilities. Strong MUC controls demonstrate a clean labour supply chain and proactive fraud prevention.
Section 17 – Hybrid PAYE/CIS Model Risk Assessment
This section helps end-hirers identify if the umbrella is using hybrid PAYE/CIS or mixed-status models that could trigger misclassification, JSL exposure, or “purported umbrella” risks under s.61Z1 of the 2026 legislation.
It ensures that the payroll model matches both the end-hirer’s understanding and HMRC’s expectations, and that any deviation is disclosed, justified, and evidenced.
Section 18 – 2026 Umbrella Legislation Readiness & Joint and Several Liability (JSL) End-Hirer Controls7 – Hybrid PAYE/CIS Model Risk Assessment
From April 2026, umbrella companies will fall under new UK regulation, and Joint & Several Liability (JSL) will hold end-hirers accountable for supply chain non-compliance — even where breaches occur downstream.
End-hirers can no longer rely on umbrella assurances alone: they must evidence active preparation, preventative controls, and audit rights.
This section ensures end-hirers are:
- Assessing readiness for the 2026 reforms
- Embedding preventative measures to detect fraud, disguised remuneration, or worker exploitation
- Enforcing transparency and auditability across agencies and umbrellas
- Demonstrating governance that mitigates strict liability exposure
Section 12 – Final Declaration and Signoff
Captures accountability and sign-off from the end-hirer, confirming that the audit covering both Umbrella PAYE engagements has been completed, reviewed, and authorised by a suitably responsible individual.
This declaration signifies the end-hirer’s commitment to transparency, lawful engagement, tax compliance, and ethical labour supply practices.
Final Declaration and Agency Signoff
I, the undersigned, hereby confirm the following on behalf of the end-hirer that the information provided in this self-audit of our umbrella and CIS labour supply chain is, to the best of my knowledge, accurate, complete, and a fair reflection of our internal due diligence, risk controls, and operational compliance.
I confirm that:
1) Supporting documentation referenced in this audit can be made available upon legitimate request.
2) We have taken reasonable steps to ensure that umbrella and CIS providers within our supply chain operate in line with UK employment law, HMRC tax regulations, and supply chain transparency obligations.
This declaration signifies our commitment to:
i) Preventing disguised remuneration, tax evasion, and labour exploitation
ii) Upholding the rights and entitlements of all workers in our supply chain
iii) Meeting obligations under the Criminal Finances Act 2017, Modern Slavery Act 2015, and other relevant legislation
iv) Continuously improving our supply chain governance