Risk Management Policy

 

Company Name: Drivetek Recruitment Limited
Policy Title: Risk Management Policy
Effective Date: 5^th May 2025
Review Date: 5^th May 2028
Approved by: John Scott / Managing Director

1. Purpose

This policy outlines the approach Drivetek recruitment Ltd takes to identify, assess, and manage risks associated with our operations as a UK-based temporary recruitment agency. It aims to protect our candidates, clients, employees, business operations, and reputation.

2. Scope

This policy applies to all employees, contractors, and stakeholders involved in the recruitment and placement of temporary workers across all sectors in which we operate.

3. Objectives

• Ensure risks are proactively identified and managed.
• Protect the health, safety, and welfare of all candidates and employees.
• Safeguard company assets, including data, financial resources, and brand reputation.
• Ensure legal and regulatory compliance, particularly under:
  • The Employment Agencies Act 1973
  • Conduct of Employment Agencies and Employment Businesses Regulations 2003
  • The Health and Safety at Work etc. Act 1974
  • GDPR and Data Protection Act 2018

4. Key Risk Areas

The following risks are specific to temporary recruitment:

1. Compliance Risk

• Breach of employment, tax, or immigration laws.
• Failure to conduct Right to Work checks.
• Non-compliance with agency regulations.

1. Operational Risk

• Miscommunication between client, agency, and candidates.
• Disruption in placement processes.
• Inaccurate timesheets or payroll errors.

1. Financial Risk

• Non-payment by clients.
• Invoicing errors or fraud.
• Overreliance on a small number of clients.

1. Reputational Risk

• Mismatched placements.
• Poor candidate or client experience.
• Negative publicity or online reviews.

1. Health & Safety Risk

• Failure to assess or respond to hazards in client workplaces.
• Lack of training or PPE for candidates.

1. Data Protection Risk

• Breach of candidate or client confidentiality.
• Insecure data storage or transmission.

5. Risk Management Approach

We adopt a five-step risk management process:

1. Identify risks across all functions.
2. Assess risks in terms of likelihood and impact.
3. Control by implementing mitigation strategies.
4. Monitor risks continuously.
5. Review controls regularly and after any incident.

6. Responsibilities

Role	Responsibility
Directors/Management	Oversee risk strategy, ensure resources are allocated, and review this policy.
Compliance Officer	Monitor regulatory compliance and manage audits.
Recruitment Consultants	Ensure accurate placements, conduct checks, and report any concerns.
Payroll/Finance Team	Ensure financial accuracy, invoice management, and fraud controls.
Health & Safety Lead	Conduct site risk assessments, maintain safety procedures.

7. Control Measures

• Standardised onboarding and vetting procedures.
• Right to Work and reference checks.
• Contracts clearly outlining responsibilities and liabilities.
• Client site assessments where necessary.
• Regular staff training on legal updates and internal policies.
• Cybersecurity measures including encrypted data storage, MFA, and GDPR protocols.
• Business continuity plans and insurance coverage.

8. Incident Reporting

All staff and temporary workers must report any risk-related incidents or near misses immediately to their line manager or designated officer. Incident forms must be completed and investigated within 48 hours.

9. Training and Communication

Risk awareness training is mandatory for all employees and provided during onboarding and via annual refreshers. Changes to this policy will be communicated through internal briefings and emails.

10. Monitoring & Review

This policy is reviewed annually or following any major incident or regulatory change. Performance indicators include:

• Number of incidents reported
• Compliance audit results
• Feedback from clients and candidates
• Financial and operational performance metrics

Signed:
John Patrick Scott
Managing Director
5^th May 2025