This article is the final of three that will help you prepare for and undertake your NDIS Audit.

In this three-part NDIS Audit Preparation series, we have so far looked at how to complete your Self-Assessment against the NDIS Practice Standards (an important first step towards NDIS Audit) and answered common questions our clients ask about the NDIS audit process.

But what about the audit itself – what do you need to prepare for? What happens? And just as importantly, what happens if an auditor finds areas of non-compliance?

The Key Things Auditors Look For

The NDIS Auditor’s job is to assess how you comply with the requirements of the NDIS Practice Standards, or put another way, how you demonstrate compliance with the Standards. To do this, they’ll be looking for three key things:

1. Do you have a process in place?
2. Are you executing the process?
3. Do your clients agree that you are executing the process, and how well?

Do you have a process in place?

The most straightforward way to provide evidence that you have processes in place is through Policies and Procedures – however, it doesn’t end there.

Your auditor won’t just be looking for policies and procedures – they’ll want to make sure that:

• your policies and procedures comply with all relevant requirements (e.g. the NDIS Practice Standards, NDIS Act 2013 and related legislation and all other relevant Federal, State and Local Government legislation and requirements that apply to running a business);
• you understand the policies and procedures – and can speak to certain processes when asked about them;
• you actually implement your policies and procedures on the ground – that is, staff and participants know the policies and processes that apply to them and the business and staff follow the processes as they are set out; and
• your policies and procedures are reviewed and updated regularly.

Most importantly – your policies and procedures must be specifically tailored to your business and how it operates – off the shelf high level documents are not good enough. They need to set out who’s responsible for what in your business, as well as reporting, record keeping and review processes.

Are you executing the process?

As I’ve already emphasised, having policies and procedures does not mean you’re going to pass an NDIS Audit. A fundamental part of the Certification NDIS Audit process (where a 2^nd stage audit is conducted on site) is an assessment of whether you’re actually DOING what your policies and procedures SAY you’ll do. This comes down to awareness and training – all of your staff must be familiar with the policies and procedures that apply to them and be following the processes they set out in their day-to-day practise.

NDIS Auditors will ask you and your staff about your knowledge of your policies and procedures and the processes you follow on a daily basis.

Do your clients agree that you are executing the process, and how well?

The key purpose of the NDIS audit process is to determine whether your business can continuously provide quality and safe services to clients. Auditors will interview a selection of your clients to help them determine this. They’ll specifically be looking to understand:

• how clients can contribute to the improvement of policies and procedures that impact them;
• whether clients can – and feel comfortable to – make complaints about your service, without the fear of retribution or losing their service;
• whether feedback is regularly obtained from clients to gauge their satisfaction with your service delivery; and
• what continuous improvement practices are in place to ensure processes are regularly monitored, reviewed and updated to meet the needs of clients.

NDIS Audit Process

See Your Most Common NDIS Audit Questions Answered for detail on the processes leading up to audit and the difference between Verification and Certification Audits. Once you’ve chosen an auditor using your Initial Scope of Audit, you’ll need to book in your audit date. The NDIS audit process from there is as follows:

Verification

Certification

Audit findings

Standards have a large number of criteria (for instance, there are a total of 63 NDIS Practice Standards, each with an expected outcome and a number of indicators associated with them) and different findings can be determined for different criteria. The different NDIS Audit findings include:

Conformity with Elements of Best Practice

This is where you can clearly demonstrate that you conform with best practice (or exceed the set requirements) against the criteria being assessed. Best practice is demonstrated through innovative, responsive service delivery, underpinned by the principles of continuous improvement of the systems and processes used.

Met / Conformity

This is where no issues are identified, and your business is assessed to have met – or conformed with – the requirements of the specific criteria.

Minor Non-conformity

This is where there is a process in place but there are elements missing, or part of the process is not working as it should be (for example, complaints are not reported to the business’ governing body in a timely manner).

Severe / Major Non-conformity

This occurs where there is no process in place (for example, no complaints procedure) or the process that is in place is ineffective (for example, no one is following the complaints procedure that is in place, such as recording, reviewing and responding to complaints). Multiple minor non-conformities within the same criterion may also constitute a major non-conformity.

Notifiable Non-conformity

This is where there is a very serious breach of legislation or where auditors have serious concerns about harm to clients occurring. Notifiable non-conformities must be reported to the relevant government department. Criminal acts or child protection concerns must also be reported to relevant authorities such as the Police. It is unlikely that an audit would continue if a notifiable non-conformity were identified.

Conditions

Audit reports may also include conditions that your business must meet in order to be recommended for full certification. Audit reports may also identify opportunities for improvement, which should be acted upon in the way and timeframe recommended by the Audit Team.

The post The NDIS Audit Process and Responding to Audit Outcomes appeared first on Amergin.

NDIS Audit Preparation

NDIS audit preparation can often be daunting and overwhelming. Under the new NDIS Quality and Safeguarding Framework, all NDIS Providers applying for NDIS Registration or undertaking their NDIS Registration Renewal with the NDIS Quality and Safeguards Commission must undergo an NDIS Audit.

NDIS Audit is relatively new and even the most experienced of our clients find the process – from finding an auditor to understanding the different types of audits and what’s involved – daunting to say the least.

So, let’s get clear on the ins and outs – it’s the best way to prepare and get through your audit with confidence. To help you do this, I’ve answered our clients’ most common NDIS Audit questions below.

1. What on earth is an Initial Scope of Audit?

The first step in applying to be a Registered NDIS Provider or undertaking your NDIS Registration Renewal is to submit an online application to the NDIS Quality and Safeguards Commission. Part of this application is a self-assessment, which I covered in detail in my last article in this series, called “3 Tips for Completing Your NDIS Self-Assessment.”

Once you’ve completed and submitted your application, within 24 hours you’ll receive an automatically generated ‘Initial Scope of Audit’ letter via email. I’ve provided an example of this letter below. As you can see, the letter sets out your business’ details, the NDIS Registration Groups you are registering to deliver and, circled in red in the example, the type of audit you need to undergo as well as which standards you will be audited against. The letter is, in effect, setting out the scope of the audit you need to undergo.

The Initial Scope of Audit provides prospective auditors with the information they need to give you an initial quote for your specific audit. The letter itself states: This scope of audit is based on the information provided on the Application form and should not be considered final. What this means is that, once your auditor has spoken to you and identified your exact audit needs, the scope of the audit could change. This is why the letter provides the initial scope – it provides you and auditors the information needed to start a conversation about what your audit will look like

2. What are Verification and Certification – and what’s the difference between them?

The terms Verification and Certification relate to the type of NDIS Audit you need to undergo, to demonstrate how you comply with the NDIS Practice Standards. The type of audit you need to do will depend on the NDIS Services and Supports you want to provide.

Verification audits are smaller-scope audits conducted on businesses delivering lower risk NDIS supports. In these audits, no face-to-face contact is required – auditors review documents that provide evidence of how you comply with the Verification Module (comprised of 4 Standards) of the NDIS Practice Standards. Documentary evidence includes policies and procedures, supporting documents such as registers and report templates and copies of staff qualifications and criminal history checks. Verification audits are conducted every 3 years.

Cerification audits are more intensive than Verification audits, comprised of a desktop review of documentation, as well as an onsite assessment. At the moment, some onsite assessments may be conducted remotely (due to the impacts of COVID-19) and you can also request remote assessment from the NDIS Quality and Safeguards Commission if you meet certain criteria. You can talk to your auditor about whether this option is available to you.

Certification audits apply to businesses delivering higher risk supports. In a Certification audit, auditors will be looking for both documentary and practical evidence of how you comply with the NDIS Practice Standards that apply to the NDIS supports and services you intend to deliver. In most cases, this will be at least 22 ‘Core’ NDIS Practice Standards (known as the Core Module).

Businesses delivering the highest risk NDIS services (think High Intensity Daily Personal Activities or Positive Behaviour Support) will have to comply with additional ‘Modules’ of Standards. The only exception to this is Specialised Disability Accommodation (SDA). In this case, if your business is delivering only SDA (i.e. no other NDIS supports or services), you will only have to comply with the SDA Module of the NDIS Practice Standards, which is comprised of five Standards.

Certification audits are conducted every 3 years, with a smaller scope, mid-term audit conducted at the 18-month mark in between.

3. How do I choose an auditor?

There are (currently) 16 organisations across Australia that have been appointed as NDIS Approved Auditing Bodies – meaning their auditing staff can undertake NDIS Audits (Verification or Certification). Their contact details are provided on the NDIS Quality and Safeguards Commission’s website.

Once you have your Initial Scope of Audit, you can contact any number of these 16 bodies to find out how they would conduct your audit and what they would charge. You are responsible for engaging your own auditor, and while this can be daunting, it is as simple as shopping around until you find the auditing body you’d prefer to work with.

4. Do I have to pay for my audit – and how much?

In short, yes. Businesses applying to be a Registered NDIS Provider or undertaking NDIS Registration Renewal are required to pay for their initial and all following NDIS Audits.

There are no fixed costs for NDIS Audits because every business and the scope of audit they require are different (quotes take into account your business’ size, number of NDIS participants, number of staff and number of delivery sites). However, the Initial Scope of Audit ensures that all auditing bodies can quote based on the same information. All Approved Auditing Bodies must provide quotes on a ‘no-obligation’ basis and free of charge, so you have the flexibility to find the right auditor and auditing fees for your business.

I recommend getting at least three or four quotes to ensure you receive value for money, based on your business’ specific auditing needs.

5. Once I’ve chosen an auditor, what happens?

Once you’ve engaged an auditor, you will work together to identify a suitable date for your audit. They will also request access to your registration or renewal application in the NDIS Quality and Safeguards Commission’s portal. From there, they’ll be able to review your application, self-assessment responses and documentary evidence, to develop an audit plan and identify any additional information or documentation they require from you.

The post NDIS Audit Preparation – Your Most Common NDIS Audit Questions Answered appeared first on Amergin.

This article is the first of three that will help you prepare for and undertake your NDIS Audit.

If you’re applying for NDIS Registration or undertaking your NDIS Registration Renewal with the NDIS Quality and Safeguards Commission, you’ll be required to complete the NDIS Self Assessment as part of your online application.

Depending on the types of NDIS Services and Supports you provide, you’ll be required to complete anywhere from 4 questions (for Verification providers delivering lower risk services) to 22 – or more – questions (for Certification providers delivering higher risk services).

In our experience, many of our clients initially find the NDIS Self-Assessment process confusing and overwhelming. But it doesn’t have to be that way. The following three tips will help you complete your self-assessment with confidence.

1. Understand the Purpose of the Self-Assessment

As a Registered NDIS Provider, you are required to comply with the NDIS Quality and Safeguarding Framework (the Framework), and within that, the NDIS Practice Standards (the Standards). Under the Framework, you need to undergo either a Verification or Certification Audit, to practically demonstrate how you comply with the Standards.

Self-assessment is the first step in any audit process, and in the NDIS registration and renewal processes, it takes place within your registration or renewal application. Self-assessment is, as the name suggests, an assessment you undertake of your own business and how it currently complies with the Standards.

Self-Assessment serves two main purposes:

• It helps you identify any ‘gaps’ in compliance – areas where you currently aren’t meeting the Standards, or where you could be doing something more or different in order to meet – or even exceed – the Standards. This is a fundamental part of Continuous Improvement, which is good business for any business. For this reason, even if you’re not being audited every year, it’s best practice to conduct a self-assessment at least annually.
• It helps your auditor to more quickly identify whether you’re meeting minimum requirements. One of the chief ways you demonstrate your understanding of your compliance obligations and make sure your business meets them is through comprehensive Policies and Procedures. However, auditors already have a big job to do in making an assessment of whether your business is complying with all the relevant requirements – they don’t have time to read through your Policies and Procedures word for word.

Your self-assessment acts as a guide for auditors – it shows that you understand the specific requirements you’re responding to and guides them to the particular documentation you have in place to make sure you comply. So, even though you’ll complete your self-assessment during your registration or renewal application, it will have direct implications for your audit. For this reason, it’s incredibly important to make sure your responses make sense and are helpful for your auditor.

2. Understand What You’re Responding To

This is an example of what a self-assessment question looks like in the online NDIS Registration application. NDIS Registration Renewal is undertaken in a different portal, so the questions look quite different – however they are the same.

The questions you are required to respond to will depend on whether you need to undergo a Verification or Certification Audit, and if you do need to undergo Certification, whether you are delivering any higher risk services that mean you’ll need to address additional Standards (for instance, High Intensity Daily Personal Activities, Specialist Behaviour Support, Implementing Behaviour Support Plans, Early Childhood Supports, Specialised Support Coordination and Specialist Disability Accommodation).

The above example is the first Standard from the Core Certification Standards; however, the below guidance applies to any of the self-assessment responses.

Each self-assessment question is essentially each Standard that your business is required to comply with. There is no guidance or explicit ‘question’ – simply the Standard and a box where you can write your response.

Each Standard has two parts. I have detailed these below, and provided examples (and interpretations) to help you break these down:

• Participant Outcome – this is the overall outcome you are expected to demonstrate in order to meet the Standard. Given the person-centred focus of the NDIS and the Standards, each Outcome is written from the perspective of how Participants benefit as a result of your business complying with the Standard. You’ll see from the example that the Outcome for the Person-Centred Supports Standard is:

  Each participant accesses supports that promote, uphold and respect their legal and human rights and is enabled to exercise informed choice and control. The provision of supports promotes, upholds and respects individual rights to freedom of expression, self-determination and decision-making.

  In layman’s terms, this means that when delivering supports to NDIS Participants, you and your staff:

  • understand participants’ rights (their legal rights, human rights and rights under the NDIS);
  • respect those rights; and
  • actively work to ensure those rights are enforced and protected.

• Quality Indicators – these provide more detail about the specific actions or processes you should be undertaking, in order to meet the requirements of the overall Outcome and therefore, the Standard. Some Outcomes have 2 or 3 Quality Indicators associated, while others have up to 8 or 9. They are really valuable to understanding the specifics of what you are required to do to meet the Standard. Again, Indicators are written from the perspective of how Participants benefit. The three Quality Indicators associated with the Person-Centred Supports Standard are:

  • Each participant’s legal and human rights are understood and incorporated into everyday practice.

    This means that your day-to-day service delivery includes processes to ensure participants’ rights are understood, respected, enforced and protected.

  • Communication with each participant about the provision of supports is responsive to their needs and is provided in the language, mode of communication and terms that the participant is most likely to understand.

    This means that when you communicate with participants (at any point), the way you communicate with them caters to their needs. For instance, do they need an interpreter or translator? Assistive technology? Easy English? It is the participant’s right to have information provided to them in a way they understand, so they can make informed decisions.

  • Each participant is supported to engage with their family, friends and chosen community as directed by the participant.

    This means that when you deliver services, you support participants to engage with their family, friends and community in a way that the participant wants. Of course, the way you do this, and the extent to which you do this, will depend on the type of support your business is providing.

3. Include the Relevant Information in Your Response

Self-assessment responses need to detail how you meet the requirements of each Outcome and its Indicators. To do this, consider:

• the policies and procedures you and your staff follow to meet the requirements;
• any forms and documents that support your policies and procedures to help you comply;
• how staff know what they have to do to comply;
• how you monitor your business’ compliance; and
• Any gaps you need to fill in order to fully comply.

The key to being able to easily respond to the self-assessment is having good quality policies and procedures in place – that you actually follow! – which you can refer to.

Continuing the example of the Person-Centred Supports Standard, the Policies and Procedures you have in place might include a:

• Participant Charter – setting out participants’ right and responsibilities and that is consistent with your business’ Vision, Mission and Values, the Standards and relevant legislation and international obligations;
• Participant Rights and Responsibilities Policy and Procedure – detailing how the Charter will be implemented and communicated to participants;
• Service Access Policy and Procedure – outlining how participants are advised of their rights and provided with the Charter when they access your services, as well as how information is communicated in a way that participants understand; and
• Other service delivery-related policies and procedures, such as Assessment, Planning and Review; and Decision Making and Choice Policies and Procedures, that cover the above requirements and also ensure that staff support participants to engage with their family, friends and chosen community in the ways they prefer.

When you’re completing your self-assessment, refer to your policies and procedures directly – detail the documents you have and briefly summarise how they meet the compliance requirements of the Standard you’re responding to. If you’re already operating, respond in terms of what you and your staff do day-to-day, but also refer back to your policies and procedures. And importantly, be succinct – you only have 300 words to respond to each Standard. Remember too that you’ll need to upload examples of the documents you refer to at the end of the self-assessment.

I’ve provided an example response to the Person-Centred Supports Standard below:

Now, this is of course an example, and while you’ll no doubt be tempted to copy and paste it into your own response to this Standard, I strongly encourage you to follow the steps I’ve outlined above, so you actually understand and are empowered to confidently write your own responses to all the Standards that apply to you. Self-assessment will be required prior to every audit you undergo as a Registered NDIS Provider, so it’s worth the time and effort to understand the requirements from the get-go.

The post NDIS Self Assessment: 3 Tips for Completing Yours with Confidence appeared first on Amergin.