Prepared for Morgan Sindall. Please enter the access password to continue.
A two-step programme for Morgan Sindall: a risk assessment that maps how every supplier actually engages its workers, then targeted Workforce Assured Prequalification of the medium and high-risk tier — proportionate, evidenced and defensible.
Every unmonitored relationship beneath a contractor creates direct legal, tax and reputational exposure at the top. From April 2026 that exposure is no longer theoretical — it cascades by statute.
Failure to prevent the facilitation of tax evasion by an associated person — anywhere in the chain.
Carousel and missing-trader fraud is common in labour-only supply chains operating beyond first-tier visibility.
Right-to-work obligations extend across the subcontract chain, not just to your direct payroll.
New Finance Act 2026 penalties for non-compliance, against a backdrop of increased HMRC enforcement.
Umbrella non-compliance can flow unpaid PAYE liability back up to the engaging contractor.
Rising governance expectations — evidence of supply-chain due diligence is now the standard, not the policy alone.
What our audits already find — across 183 initial Workforce Assured audits
A standardised, low-burden assessment of every active supplier: how they source labour, how their spend concentrates, and where exposure sits. The figures below are from our Subcontractor Risk Pilot across 385 active UK trade contractors and £503m of monthly labour spend — the same methodology we would run across the Morgan Sindall supply chain.
A standardised questionnaire from each supplier, covering how labour is actually engaged.
Each supplier scored independently on exposure and reliance, 0–100 each.
Action tier is the most conservative of all three scores — a single high component can't be offset elsewhere.
Subcontract packages dominate spend but tell you nothing about how the workers behind them are engaged. Labour-only and CIS intermediaries carry a small share of spend but the highest concentration of compliance exposure.
You don't full-audit everyone. The risk assessment tells you where to spend assurance effort. Prequalified is the entry-tier desktop assessment that takes the medium and high-risk suppliers and tests whether the governance and tools to manage that risk actually exist — independently verified, supplier by supplier.
Each tier deepens the assurance and carries the evidence forward — every answer, artefact and verification from Prequalified becomes the starting point for an Accredited audit.
Remote, evidence-based desktop assessment of employment-compliance and ethical-recruitment governance.
This proposalOn-site audit with worker interviews, payroll sampling, document verification and sub-tier mapping.
Periodic worker-compliance assessments at an agreed cadence — sustained, ongoing assurance.
Every Yes triggers evidence; every Yes is independently verified by a Workforce Assured auditor before it scores. There is no automatic pass. Same governance shape for a sole trader or a Tier 1 — the auditor calibrates what "adequate" means by company size and risk exposure.
A structured front-of-form declaration that drives the entire assessment — activating only the relevant routes and calibrating auditor severity. Verified against Companies House. Not scored.
The three themes that flow up the chain. 29 questions, 14 auditor checklists, always shown.
FIVE DELIVERY ROUTES · 95 QUESTIONS · 20 CHECKLISTS · ACTIVATED BY SCOPE
Workers engaged directly as individuals — PAYE temporary/fixed-term, or directly engaged self-employed (CIS sole traders, sole traders, PSCs). No sub-tier. Self-employed sub-blocks unlock conditionally from the scope declaration.
Defined work packages let to a limited company with its own employees, labour, materials and supervision. The welfare group splits between principal-contractor and non-PC perspectives, driven by the CDM 2015 status declared in scope.
The supply chain's most common vehicle for front companies and mini-umbrella schemes. Tests the labour-only-specific controls that distinguish a legitimate subcontract from a disguised employment business, with elevated PQQ, contract and monitoring checklists sitting alongside Route 2.
Workers sourced through a labour agency under contract with the contractor. Where the agency runs its own payment sub-tier (e.g. umbrella), that sub-tier is tested as part of the route — declared in scope, surfaced through attestation and contractual switch rights.
A payroll intermediary engaged directly for the contractor's own workforce, with no agency in the chain. Finance Act 2026 Joint & Several Liability exposure is acute here, so JSL governance — indemnities, debt monitoring and escalation triggers — is tested explicitly.
Maturity is a clean, automated percentage. Flags are independent, calibrated by the auditor against company size, risk exposure and materiality — so a sole trader and a Tier 1 are held to proportionate standards.
Governance largely absent or undocumented
Some governance, inconsistent; cycles often missing
Documented, named ownership, defined cycles
Continuous improvement, board reporting, supply-chain cascade
Clear legal failures — the contractor's own declaration amounts to a statutory non-compliance. Block directory listing until remediated within 30 days.
High-risk findings — absent governance, missing templates or self-declared weaknesses that raise exposure. Visible to mandating primes and feed procurement decisions; they don't block listing.
A single 0–100 score per supplier, published to the directory.
Three Section 0 topic bands plus a band for each in-scope route.
Every Critical and Major flag with auditor narrative and source.
A clear route to improvement — and to the next assurance tier.
A single, transparent price per supplier for the full remote assessment — every Yes independently verified by a Workforce Assured auditor, with no automatic pass.
Workforce Assured isn't a one-off questionnaire that dies in an inbox. Prequalified suppliers join a shared directory of assured contractors that every mandating prime can filter and trust — which is where the real return sits for Morgan Sindall.
Assurance effort lands where the risk concentrates — the medium and high tier — not spread thinly across suppliers who don't warrant it. Every prioritisation decision is evidenced.
The directory listing is independently verified, not self-attested. And every answer carries forward into an Accredited audit — assurance compounds rather than restarts.
Suppliers prequalify once and are visible to every prime that mandates the standard. That replaces the duplicate-PQQ treadmill that suppliers — and your own teams — spend so long maintaining.
As more primes mandate Workforce Assured, the assured-supplier pool grows and the sector floor rises. Good suppliers get rewarded with recognition; the risky tail gets visible.
Route 4 tests Finance Act 2026 JSL governance explicitly. When liability cascades, you hold evidenced, supplier-level due diligence — not a folder of unread policies.
The same governance shape works for a micro gang-leader business and a Tier 1, calibrated by the auditor. No supplier is locked out; none is let off lightly.
Illustrative listing. Supplier identities, scores and flags are populated only from completed, auditor-verified assessments.
What it means specifically for Morgan Sindall
Audit rights and flow-down that reach the workers actually doing the work.
Choose and re-tender suppliers on verified maturity and flag count, not gut feel.
For HMRC, the Fair Work Agency and clients — proportionate due diligence, documented.
Shared recognition compounds the value of every supplier you prequalify.
Start with a defined slice of the Morgan Sindall supply chain. Risk-assess it, prequalify the medium and high tier, and review the findings together — before scaling across the wider portfolio.
Agree a representative supplier population and the data we'll draw on.
Run the risk assessment; return a tiered, prioritised view of the chain.
Prequalify the medium/high tier and walk the directory output together.