This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Compliance Operational Guidance

Supporting Guidance: employer compliance: guidance by subject: large business: risk assessment

Risk Assessment of Large businesses is essential to ensure a consistent and proportionate approach across the population of Large Business.

An effective Risk Assessment will determine engagement with the employer and will be dependant on whether the business is considered to be

  • low risk or
  • not low risk.

The Risk Assessment (RA) will be carried out by the Employer Compliance Tax Specialist (ECTS) and feed into the overall risk assessment of the business.

The risk Assessment is open ended and can be based on

  • data held, and
  • information available

from the following sources.


  • Utilising data already held by HMRC.

In order to achieve this you should

  • review ECS/CORE system/Caseflow for results of any previous compliance activity
  • examine the case papers to

    • establish the level of compliance previously exhibited by the employer
    • identify errors where recovery was sought
    • consider the proportionality and materiality (COG905690)
    • consider whether the errors were a mistake, careless or deliberate
    • establish the employer’s attitude to the risk by its willingness to correct previous errors.
  • review systems templates to

    • establish systems examined using RBSA where the employer was compliant
    • establish areas of weakness where education was provided
    • establish employer strengths.
  • consider other tools and systems available to help understand the business (COG905550).

These activities should not be considered exhaustive and you should tailor research to suit the business under consideration.

Top of page


  • Utilising authorised data from other government bodies.
  • Utilising data held in the public domain.
  • Utilising data gained from direct engagement with the business.

The ECRA will cover all PAYE schemes operated by the business. You will be responsible for

  • maintaining an up to date record of all PAYE schemes linked to the business on all relevant systems (COG905550).

When undertaking a Risk Assessment you must take care to ensure that social risks are addressed and that the contributory principle is maintained. Risks involving part time and/or low paid employees earning at/or around the Lower Earnings Level should always be fully considered. The monetary amounts of NIC involved may be modest but the potential adverse impact on the employees future benefit entitlement could be significant. See NIM00003.

Once the above has been considered, you should review the employment taxes risk in conjunction with Risk Assessments of other tax regimes for the business in conjunction with the CCM where appropriate.

Top of page

Tools available to assist you

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)