NDIS Audit Process & Audit Findings

Many NDIS providers going for an external audit wonder what will happen if the auditors find something wrong in the audit. What will be the consequences? Will they stop the audit? Will they refuse to recommend the organisation for approval or certification? Will they continue the audit?

Here are some hints about how audit findings work, when the auditors may stop auditing, what nonconformities mean, and what you need to do about them.

What do the auditors do?

What happens in an audit is that the auditor takes a set of criteria, such as the NDIS Quality Indicator guidelines requirements, along with your policies and procedures and gathers evidence to verify if the criteria are being met. Auditors are looking for verifiable evidence such as records, documents, policies, processes, service agreements and etc.

During the audit, the auditors will check the evidence to make sure that they meet all of the audited criteria to gather evidence, compare it to the criteria, and determine if they were met.

When do the auditors stop auditing?

The auditor must complete their assessment based on the criteria specified in the audit plan. Auditors have the right to stop the audit if there is no support from the business their auditing to accommodate their needs, for example, the audit guide, the key staff not attending during the audit or refusing to share the required evidence with the auditor.

Also, the auditor can stop any audit and leave the site if they find the site unsafe to stay in. Auditors, like any other worker, have to remove themselves from work situations that they consider to present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so. In this case, the auditor must leave the site immediately.

Apart From the two above reasons, auditors continue their audit as per the provided audit plan and their report must include feedback on all criteria supposed to be audited.

Audit Findings and their consequences

Providers coming into the scheme may not be equipped for the level of documentation required to meet the standards. If this is discovered during the audit, businesses will receive non-conformities that can be useful for improvement purposes.

Generally, as the auditors progress through the audit, questions are asked about the evidence that links to the standards and stated requirements. If the evidence isn’t there or doesn’t meet the full intent of the element or mandatory requirement, then a non-conformity would be raised.

Regarding audit findings, the provider must address the non-conformities. There are two categories of non-conformities; Major non-conformity and Minor nonconformity.

In the case of receiving minor non-conformities:

Certification may be recommended where minor non-conformities have been identified; however, the NDIS Provider must demonstrate to the AQA evidence of an acceptable corrective plan, before the recommendation is made.

The corrective action plan must include the following:

• Correction (how will you fix the non-conformance?)
• Root cause analysis (why did the non-conformance occur?)
• Corrective action (how will you fix the root cause of the non-conformance to prevent it from reoccurring?)
• Timeframes and responsible people who will action the plan 

Minor non-conformities are required to be closed out within twelve (12) months of the assessment. Failure to close minor non-conformities within twelve (12) months of the date of issue will result in a major non-conformity being raised. 

In the case of receiving major non-conformities:

Major Non-Conformity prevents a certification.

Things you should do to back to the certification track:

Major Non-conformances are raised where the provider is unable to demonstrate quality and safety system process to meet the outcomes and indicators of the applicable NDIS Practice Standards and/or the gaps present a high risk. Three (3) Minor Non-Conformances within the same module may also constitute a Major Non-Conformance.

All major non-conformances must be closed out before a recommendation is made to the NDIS Commission for initial certification, continued certification or renewal. Where the major non-conformance does not place a participant at risk of significant harm, the NDIS provider is required to:

Submit a corrective action plan to the audit team leader within five (5) days of the assessment. The plan must meet include the information and be accepted by the audit team leader.

Undergo a “follow-up audit” of the implemented corrective action plan within three (3) months to close out or downgrade the non-conformance(s)

Follow up audits (only for the major non-conformity)

By definition, a Follow-up Audit is an audit designed to evaluate the effectiveness of corrective action. The Follow-up Audit is the evaluation of the adequacy, effectiveness, and timeliness of actions taken by management or responsible organisation on reported observations and recommendations, including those made by auditors.

The AQA may conduct the follow-up audit remotely or onsite. This is determined based on the complexity and nature of the non-conformance. Any costs associated with a follow-up audit, are the responsibility of the organisation undergoing the audit. These can be negotiated and are not included in the initial quote.

What should you do as a provider?

As a provider, you should not fear getting audit non-conformities. Auditors must complete their assessment as per specified criteria and their reports indicate your organisation's compliance with the assessed criteria. The auditor reports highlighting compliance and non-conformities. You must prepare your organisation to avoid any non-conformity. You may consider the internal audit as one of the most effective ways to ensure your preparedness, but non-conformities are normally unavoidable due to many known and unknown reasons.

Knowing the fact that audit non-conformities are part of an auditing process. Get yourself familiar with the audit non-conformity categories and follow the process as instructed above. Verify such steps prior to any audit with your AQA.

Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.