Navigating the Midterm NDIS Audit

If you operate a registered business that provides small-scale service support or coordination, or a combination of both, here's what you can expect.

Late last year, a review recommended that all providers supporting NDIS participants must be registered. Even if you are not currently registered, time is ticking.

Whilst we are still awaiting the outcome of the NDIS Bill in Parliament, industry insiders are predicting that changes to the NDIS, including what is expected of providers, will come quickly, one the bill is passed.

Familiarising yourself with the current audit schedule. will enhance your knowledge of what may come.

What does the current midterm audit look like?

During a NDIS audit, it's essential to understand the documentation that will be reviewed.

The audit ensures compliance, quality, and effective management within your company.

One part of the audit involves interviews with your customers and staff. Your nominated auditor will usually require interviews with 4-5 people from each group. You'll need to get permission, either verbally or through a signed document.

These interviews will include key questions and feedback from your customers and staff.

The specific documents and processes reviewed depend on the services you provide and your chosen auditor.

However, auditors are bound by standards and will generally require similar information.

Core Documents

1. Policies

2. Core Procedures

3. Work Instructions

4. Forms

5. Registers
   

Completed Documents

Business and Operational Management:

• Business/Operational Planning: Your strategic and operational plans will looked be reviewed to make sure that your plans for the business align with the NDIS in general.

• Roles and Responsibilities of Management: Clear definitions and delegations of roles. Remember, if you nominate staff as managers. They are KEY personal and subject to mandatory training, just like your support workers.

• Organisation Chart: An updated organisational structure, show who is responsible for each portion of your company from your CEO/Director (owner) down to the support workers (if this is what your business provides)

• Delegation of Authority: Documented delegation processes. Who does what in your company.

• Conflict of Interest: Policies and registers – these can encompass your staff (if they are casual, they may work for another company) and you must keep a record of duality if you provide more than one service to your customers.

• Internal Audit Schedule: Planned internal audits. This can be a spread sheet that shows when you will audit your files, your processes towards them.

• Risk Register and Assessments: Comprehensive risk management documentation. How do you manage your customers and staff risk, which could include how your business is working towards mitigating risk, especially with your customers.

• Insurances: Proof of necessary insurance coverage.

• Pandemic and Disaster Management Plans: Preparedness plans for crises. This includes your customers and your business.

• Floor plans: and diagrams in your office (if you have office space) showing exits and proof of fire drills, equipment and first aid kits.

Team and Management:

• Position Descriptions: Detailed job descriptions. These include all your staff and what is expected from them. Typically, these evolve with your company and its size. If you add new positions, each one must be detailed in what they role and performance indicators are.

• Management Team Meeting Agendas/Minutes: Records of management meetings. If you have nominated staff as managers, you must show a fixed agenda meeting, which encompasses all the business operations.

• Internal Audit Reports: Findings from internal audits. Even if you don’t have a dedicated compliance manager and you have a small business, it is important to audit your files and do a report annually on what the findings were.

• Quality Management/Continuous Improvement Register: Ongoing improvement programs, you can read more in our previous post:  Continuous improvement and it shapes your NDIS business

Feedback and Risk Management:

• Feedback Forms: Mechanisms for receiving and addressing feedback – this encompasses your customers and staff. How are we doing? Is there anything we could be doing better?

• Participant Risk Assessments: What are the risks in the community, in their home and how do we better manage them to be sure our customers are safe.

• Information Management Systems: Data management protocols – are your documents in a cloud-based environment?

• Privacy and Confidentiality Declarations: How are your keeping your customers private information safe?

• Data Breach Processes: Procedures for managing data breaches, making sure that you are keeping everyone informed if you do have a breach.

• Participant Consent Forms: Consent documentation for your customers – every one of your customers pieces of information is privileged and if you need to talk to other agencies, the NDIS or other parties, your customer must be informed and consent to sharing their details.

• Complaints Management: Forms, registers, and participant information on handling complaints. Do you record a complaint? How is it handled? Even if it is about unsuitability of staff you have provided, you should follow a process that includes follow up.

• Incident Reports and Registers: Incident documentation should be a standard document in your business. Is the incident reportable to the NDIS? This is where a register is invaluable in determining each plan of action and its course to conclusion and modifying risk to staff and customers.

• Emergency Response Plans: Preparedness for emergencies. Do your customers live in a bush fire zone, do they live where cyclones frequently occur, or floods? What will they do, how will your staff support them.

Human Resources:

• Identification: 100 points of identification for all key personnel, including Registered Nurses and Support Workers.

• Employee Clearances and Qualifications: Verified clearances and qualifications.

• Mandatory Trainings: Completion of the NDIS Worker Orientation Module, Infection Prevention, and Control training, PPE.

• Working with Children Checks – all staff, including Key Personnel

• Training and Development: Ongoing professional development documentation.
  

NB: Key personnel can include, the CEO, Director, managers and members of any board attached to your company. 

Participant File Review:

Intake/Assessment Forms: Documents used to collect initial information about your customers and can include things like how the customer came to you (which assists in your management of referral sources).

Consent Forms: Forms your customers or their guardians sign to give permission for services and sharing of personal information with other providers.

Service Agreement: A formal contract outlining the services you will providing, responsibilities of each party, and terms of service and how much funding will be required to complete the services.

Individual Support Plan : The process of creating a tailored plan to address the individual needs and goals of your customer and how you will towards them as either a support business.

Reviews of the support plan:  Are you regularly updating as your customers needs change. Ideally you will reassess a support plan a) need arises such as goals changing or b) at the end of a plan c) minimum of every 12 months

Individual Risk Assessments: Evaluations of potential risks specific to an individual customer in and around their home environment and the wider community. A risk assessment would also be conducted before you meet your customer for the first time. This seeks to minimise your staff risk in a new venue.

Transition Support Plan: A plan to assist your customers in moving smoothly from one phase of care or service to another. If they exit, the feedback about service is also valuable information.

Participant Handbook/Information: A document provided to participants that includes essential information about services, rights, and responsibilities.

Participant Rights: The rights of participants to receive services in a respectful, safe, and supportive manner.

Emergency Planning: ideally you will have an Emergency Preparedness plan in place from the beginning of service. Preparation and procedures to ensure participant safety and continuity of care during emergencies. It also allows your customers to think about their risk in the wider community and what they would do in the event of a natural disaster.

Behaviour Support Plans: Strategies and interventions designed to support your customers in managing challenging behaviours and allowing you to follow strategies that assist your customer in best practice.

Reporting of Authorised Restrictive Practices: Documentation and reporting of any restrictive practices used with participants, ensuring they are authorised by a behaviour support practitioner and monitored.

Staff Training in Implementing Behaviour Support Plans: Any training provided to staff to ensure they can effectively employ behaviour support plans.

Exit forms – how are your customers exited? Have they provided you with information, do they need assistance to transition. Have you prepared a handover report for the next provider or have they simply disappeared with no contactable information. (this does happen regularly within the sector).

Midterm audits are designed to show that your company is responding to the quality and safeguards commissions guidelines in best practice.

While there's no formal pass or fail, the reality is clear: you're either meeting the standards or you're not. Without a dedicated person managing these tasks, the responsibility falls on you, adding significantly to your admin workload.

Although some audit requirements may seem unnecessary for a small business, they are important for ensuring customer safety and smooth organisational operations and currently it doesn't matter if you are a 200 staff strong or a small business of 20.

Once you've established the necessary registers and documentation, future audits—18 months from the midterm—will be much easier to handle.

What happens after the stress laden 2-day audit?

You will receive a report from your auditor highlighting any nonconformities. Multiple minor nonconformities can add up to a major nonconformity. If this occurs, you must address the issues and respond within the time frame you have nominated at the audit, usually 30 days.

If you have several major nonconformities, you will be required to undergo another audit to prove that the problems have been resolved, usually within 90 days.

In the coming months, we'll dive into various audit categories in detail. While hiring expert consultants can be beneficial, it can also be expensive.

If your budget is tight, follow our posts as we explore some of the less obvious aspects of audits.

We wish you well, as always

The Lama Care Team