The Healthcare Recruitment Specialists

Audit Procedure

Amare Health has structured internal and external audit procedures to ensure ongoing compliance.  Audits include both pre-placement checks and ongoing checks to ensure compliance of workers throughout the duration of their assignments.

Responsibilities

All staff involved in recruiting workers have responsibility for undertaking their part in our compliance process, however it is the overall responsibility of our Compliance Manager, Fiona Nalwogu (supported by the Compliance Team) to ensure pre-assignment compliance, conduct spot checks, schedule monthly internal audits and prepare for/support external client/framework audits.

Our Compliance Team operates separately to our Recruitment Team and compliance staff are targeted purely on ensuring 100% compliance of candidate files.

The Compliance Manager is responsible for:

  • Maintaining current knowledge of legislative changes and updates to NHSE standards and minimum process requirements applied within the wider public sector.
  • Managing and reviewing compliance procedures.
  • Establishing the sample size and selecting candidate files for monthly internal audits.
  • Running monthly internal audits.
  • Compliance risk assessment.
  • Managing non-compliance and continuous process improvement processes.
  • Compliance training for operational staff.
  • Internal audit reporting.
  • Auditing subcontractors at specified frequencies.

Compliance, Spot Checks and Internal Audit Procedure

All staff involved in recruitment and compliance are trained in NHS Employers’ Standards, CSTF requirements, framework/call-off contract requirements and the internal audit process.

The candidate’s initial information/documentation is compiled and checked in person by the Recruiter who conducts the interview.  This includes:

  • Checking the application form has been fully completed, signed and dated.
  • Verifying original documentation to legislative/procedural standards face-to-face, copying original documents in a format that cannot be subsequently amended, stamping them as “original seen”, noting the full name of the person who undertook the check, signing and dating them, uploading them to the system and completing/updating the audit checklist for the following checks:
  1. Identity and address (including issuance of an ID card for all workers).
  2. Right to work in the UK.
  3. Employment history and referencing (with employment history interrogated and gaps in employment validated and documented).
  4. Professional registration and qualifications.
  5. Work health assessment.
  6. Criminal records and barring (and overseas police check if applicable) using the check relevant to the country that the candidate is working in (DBS for England and Wales, PVG membership for Scotland and AccessNI for Northern Ireland).
  7. Statutory & mandatory and clinical/care core training.
  8. English language proficiency.
  9. Recruitment process (including the application form and face-to-face interview process).
  10. Induction/orientation procedures (including receipt of the agency worker’s handbook).
  • Ensuring all procedures align with the requirements set out in the:
  1. Agency Workers Regulations.
  2. Working Time Regulations.
  3. Employment Agencies Act.
  4. Conduct Regulations 2003.

A checklist to ensure that each audit requirement has been reviewed and evidence has been supplied/checked to ensure compliance covering all points specified above is used prior to assignment.  The checklist also confirms evidence of NI, signed T&C, and GDPR permissions has been obtained.  This ensures consistency and maximises control.

After the interview, candidate files are passed to the Compliance Team to conduct checking and follow up missing information. References are sent and as documentation is returned, it is checked, uploaded to the candidate’s file and the checklist is updated accordingly. Once the Compliance Team has completed all points on the checklist and everything is uploaded to the system, the candidate is ready to work pending a final file audit and induction.

Prior to assignment, we provide the candidate with a copy of the Agency Staff Handbook (declaration signed to confirm receipt) and an ID badge. The checklist and compliance documentation is then audited and signed off by the Compliance Manager/Team prior to each assignment.  Candidates may not start work until this file audit has taken place.

All records are uploaded to our system and are date/time stamped together with an identifier of the person who completed the upload. Expiry dates on documents/process elements that need rechecks/refreshers are added and automatic prompts are sent to the Compliance Team who then liaise with the candidate to ensure they are completed in time.

Candidates must provide written consent for us to share their personal data with Framework Authorities, Contracting Authorities and any external/third party auditors.  Copies of all documentary evidence is retained on file in a format that can’t be altered and stamped to confirm the original was seen/verified and dated to confirm when the check was undertaken.

Any compliance documentation received in a foreign language will be translated in line with Security Industry Authority (SIA) standards.  Translation will be undertaken by an individual or translation company that is professionally accredited.  Individuals must be accredited members of the Institute of Translation and Interpreting (ITI) or the Chartered Institute of Linguists (CIOL).  Companies should be accredited by either the Chartered Institute of Linguists (CIOL) or the Association of Translation Companies (ATC).  The translation must be presented by the individual or company on headed paper showing the ATC or CIOL logo or carrying the ITI “seal”.  Translations will also be accepted from embassies and High Commissions.

All candidate documents will be retained securely for a minimum of 6 years after the end date of the candidate’s last assignment.  Thereafter electronic documentation will be erased/deleted from our system and original paperwork securely destroyed in alignment with our GDPR/privacy policy.

Internal Spot Audit Sample Sizes

As part of our compliance and audit procedure we undertake regular internal checks on candidate files.  For internal spot audits, we select a sample of files at random from our list of candidates. Our Compliance Team will have access to all relevant candidate documentation.

Subcontractor Selection, Compliance & Audit Procedure

Where we use subcontractors (including other businesses within our group of companies) to support any material part of the service, we will enter into a binding contract with them.  As part of this they will be required to mirror our compliance and audit procedure as specified within this policy.  Their recruitment process must mirror our documented recruitment procedures and comply with NHSE checking standards and they will be required to provide evidence of this during the subcontractor selection process and by undergoing a pre-award audit.  Documentary evidence including tender responses, checklists and spot audits will be used during the subcontractor selection process to ensure they meet our stringent standards.  They will also be required to sign a back-to-back contract that replicates the compliance and audit obligations outlined in each framework prior to commencing supply.

Whilst all subcontractors must complete compliance checks and internal audits as specified below, we, as the supplier have ultimate responsibility for ensuring that all workers assigned/placed have completed checks in alignment with NHSE and framework standards, and to achieve this, we will maintain management oversight of the subcontractor by:

  • Selecting subcontractors and checking their compliance procedures before commencing supply:  this will be done by operating a supplier selection procedure which includes evaluating documentary evidence that the subcontractor has in place policies, procedures, process controls, checklists and fail-safes to ensure that each worker that they place via our company meets NHSE and framework compliance standards before commencing an assignment.  During this process we will also evaluate and audit their recruitment, compliance and audit procedures to ensure that follow-up checks are completed throughout the assignment to maintain ongoing compliance.  Should any of their processes fail to meet these standards, they will be provided with written details of where their procedures fall short, and they will be re-evaluated by our Compliance Manager before receiving a contract to supply via our company.
  • Contractual obligations:  all subcontractors will sign a contract that mirrors that between our company and the Authority, which includes compliance obligations in alignment with NHSE standards before being allowed to supply.  Their recruitment documentation will also be required to mirror our own including their recruitment and induction procedure, forms, checklists and documentary evidence recorded on their CRM and other systems.
  • Pre-assignment compliance checks:  this will be done by requiring the subcontractor to audit each candidate file prior to assignment or placement and provide us with a completed and signed copy of the compliance checklist (which must mirror our own and align with NHSE and the relevant framework’s standards) to demonstrate this process has been undertaken before the worker will be allowed to start.
  • Monthly spot audits:  to achieve this we will select files of workers who have worked through us within the preceding month at random (sample size calculated based on the calculation method specified above) and request that the subcontractor conducts an internal spot audit using our audit checklist for these workers.  The subcontractor will then be required to provide us with the completed audit checklist for each selected candidate within 24 hours of such a request.  This will be checked by our Compliance Manager, who will reserve the right to request documentary evidence in addition to the completed audit checklist to prove that the selected files meet NHSE and framework compliance standards.
  • Annual audits:  Our Compliance Manager will conduct a full annual audit of each subcontractor’s candidate files in alignment with the relevant framework’s audit procedure.  Files will be selected from the list of candidates who have worked via us during the preceding 12 months at random and the subcontractor will be required to provide access to the full candidate file with all documentary evidence, compliance checklists that they have filled in for each assignment, and copies of their policies and procedures.  Our Compliance Manager will then conduct a full audit of these files.

Subcontractor audits will be subject to the same audit records and reporting standards specified in the section below including actions to resolve any non-compliances found and a remedial action plan.

Managing subcontractor compliance using the same process, checklist and audit procedure as candidates who are supplied directly from our company will enable us to ensure that all workers supplied via subcontractors consistently meet the NHSE check and framework standards and that any remedial action is undertaken in alignment with NHS procedures and timescales.

Audit Records/Reporting

Records of audit outcomes, comments and recommendations (including subcontractor audits) are retained for at least 6 years after the date the audit has been completed.  These are analysed by the Compliance Manager to identify weaknesses in our processes/opportunities for improvement, and staff training is provided accordingly.

Each audit report includes:

  • An overall assessment on the audit.
  • Findings from the audit.
  • A list of actions and the date by which these must be completed.
  • An overview of the effectiveness of the current process and lessons learnt.
  • Proposed new strategies, practices and changes to processes.
  • Any training required (including who should receive the training and by when).
  • Progress on completion of actions identified in the previous report.
  • A remedial action plan.

Audit reports are shared at board level, and compliance is an agenda point for discussion/review at senior management team meetings and subcontractor review meetings where they are engaged.  The results of internal and subcontractor audits are written into a report format and made available to Framework Authorities, Contracting Authorities and relevant third parties as required to support performance review and continuous improvement.

External/Framework Audits

We will engage with any third-party auditor appointed by each Framework on an annual basis to review our administration, processes, policies, IR35 assurance and worker files.

In preparation for an external audit, we provide the auditor with the specified number of files from the relevant work group as per the contract/framework guidelines.

The Compliance Manager is responsible for preparing the selected candidate files for external auditors.  Candidate files to be audited will be selected by the auditor, and we will:

  • Provide hard copies of compliance files for onsite audits.
  • Upload documentation to the audit portal for online audits.

Additional files may be requested during the audit.  No unscheduled updates are allowed to take place on selected files prior to the audit taking place.

For manual audits, this process includes downloading and printing the full candidate file including all compliance documentation/checklists, and presenting these in a compliance file for the auditor.  The  auditor is also given a hard copy of our sales ledger (containing only  details of candidates relevant to the specified framework), payroll/invoicing records, company policies and access to our CRM as appropriate.  Each worker has a unique reference number on our system and this identifier and/or their name is pulled through to the booking, timesheet and subsequent invoice to link them together for the auditor. We provide a private work area for auditors and our Compliance Manager is available throughout the audit to ensure that they have access to all records needed.

For online audits, we upload all relevant documentation to the audit portal within the timescale specified by the Framework.  This includes all the compliance documentation/ checklists for each candidate and a copy of the framework-specific sales ledger, payroll/invoicing records and company policies.

Non-Compliances and Management Controls

If a non-compliance is found at any stage of an audit process (internal, subcontractor or external), the client will be made aware of the non-compliance and this may result in the suspension of the candidate until the issue is resolved.

All non-compliances are reported to the Compliance Manager who will investigate the issue to identify how the error occurred and record the details, liaising with relevant staff as appropriate.

The Compliance Manager will also conduct monthly analysis to identify if there are any patterns of non-compliances.  If a pattern is identified, this immediately triggers a process review.  Any changes to policies/procedures to prevent recurrence are documented and cascaded back to both the Recruitment and Compliance Teams.

 Escalation of Audit Results

To ensure transparency, accountability, and continuous improvement within our compliance framework, Amaré Health has implemented a structured escalation process for audit findings.

Escalation of Testing and Audit Results to Senior Management

All audit findings—whether from internal audits, spot checks, subcontractor audits, or external reviews—are formally documented and escalated to senior management. This ensures that all results of completed testing are reviewed at the appropriate leadership level for action and oversight. A central audit log is maintained to track escalation activities and outcomes.

Documented Escalation Procedures

The following escalation process is applied:

  • Audit results must be submitted to the Compliance Manager within 2 working days of audit completion.
  • Significant non-compliances must be escalated to the Senior Management Team within 24 hours of discovery.
  • Monthly compliance summaries and trend analyses are presented at senior leadership meetings.

Management Escalation:

A dedicated Audit Escalation Log is maintained within the company’s secure internal system.

Reports are submitted via secure shared drives and communicated through formal internal emails.

Logging Escalation Activities:

Each escalated compliance issue is recorded in the audit escalation log including:

  • The nature of the issue
  • Date identified
  • Staff involved
  • Actions taken
  • Resolution process
  • Final sign off by management

Thresholds for Escalation Response Time:

  • Internal Thresholds: High-risk non-compliances must be addressed within 48 hours. Medium-risk issues within 5 working days.
  • External Thresholds: Any findings that could impact client compliance or framework obligations must be reported to the relevant authority within 3 working days.

Coordination and Approval of Remedial Actions:

  • Senior management must review and approve all remedial action plans for escalated audit findings.
  • Meetings between the Compliance Manager and relevant department heads are scheduled to align on corrective actions.
  • Approval must be recorded in the Audit Escalation Log along with the date and signature of the approving officer.

Failed Audit/Reaudit Procedure

In the unlikely event that we fail a Framework audit, remedial action must be undertaken within the timescale set by the auditor and this may include scheduling a reaudit.

Review

Our audit procedure will be reviewed at least annually and in response to changes in Framework requirements, process, legislation or best practice.