NDIS Internal Audit, How to run it?

 

As a registered provider, you should conduct NDIS internal audit to evaluate your compliance with the NDIS and your organisational requirements. Internal audit is an effective tool helping you understand your gaps and prepare you for your NDIS mid-term or re-certification audit. Conducting NDIS internal audit can help you understand your business processes and gaps, identify areas that need improvement, and save you time and money. This post focuses on the NDIS internal audit and how you can conduct it most effectively and efficiently.

 

There are five levels you should consider when you plan to conduct an NDIS internal audit:

  1. NDIS Quality Indicators Guidelines and, its requirements and your applicable modules
  2. Your NDIS policies, procedures, forms and templates
  3. Your organisational structure and its complexity
  4. Your NDIS participants, number of participants and complexity of delivered services
  5. Number of your offices and outlets

The first step to planning an effective NDIS audit is knowing the complexity and context of your organisation. Here are the steps you can follow to plan and conduct a proper and effective NDIS internal audit:

 

1- Map out your organisation. You should clearly understand the organisational structure and complexity of delivered services. The below questions can help you to map out your initial NDIS audit schedule: a) Applicable modules, b) Number of departments/managers/functions, c) number of participants, d) number of staff, e) Number of offices/outlets 

2- Knowing your internal auditor resources. How many NDIS internal auditors do you have in your team? Do they have a proper understanding of NDIS internal audit? Do they know how to conduct the audit and how to report the audit nonconformities?

3- Understand the complexity of your services. For example, do you have any high-risk participants? Is your business continuity plan established and supports the continuity of your service?

4- How many staff do you have? Is your staff turnover high? Could an incompetent staff be assigned a task that cannot be delivered safely and correctly?

5- Knowing the number of your sites and outlets. 

 

Knowing the answers to the above items will give you the ingredients to plan your internal audit. After understanding the context of the organisation is now time to focus on planning. 

There are four areas to consider when conducting an NDIS internal audit. Documentations, participants and their related processes, staff and their related process and physical premises and offices. Here is a quick guide on how you should approach when planning to audit any of the below topics:

 

Documentation and your NDIS management systems

 

  • Sampling approach: Not applicable
  • Risk-based approach: Not applicable
  • Consent: Not applicable
  • How often should it be audited? Any change can trigger the NDIS internal audit. Change in your policies, procedures, forms, processes, etc. If your documentation and applicable legislation are still the same, then it is suggested to be done at least once every three years, or you can pick a third of your processes and audit the third of them yearly. All processes and documentation shall be audited over the cycle of three years.
  • Who should audit this section? Someone with a good understanding of NDIS quality indicator guidelines and the audit essentials.
  • Audit objective: To evaluate the compliance of your NDIS policies, procedures, forms and templates against the NDIS quality indicator guideline.
  • Audit criteria: NDIS quality indicator guidelines and other related legislation  

 

 

Participants and their related processes

 

  • Sampling approach: Depends. For example, if you only have five participants, you should audit all of them, considering their consent. If your participant number is greater than 15, then you can follow a sampling approach. It is recommended to follow a risk-based approach and start with the one with the higher risk.
  • Risk-based approach: Applicable if you have 15 or more participants.
  • Consent: Partially applicable; however, you do not need to ask for their consent if an internal person is reviewing their file, as you should have already obtained their consent during their intake. 
  • How often should it be audited? It depends on the number of participants. If you have less than 15, then you should audit all of their related processes once every year. If you have over 15 participants, you can pick the higher risk one first, some from med risk, and some from low risk, and consider auditing all levels over 12 months.
  • Who should audit this section: To audit your participants and their related processes, it is recommended to use a resource that has essential knowledge about NDIS internal audit and is one of your key staff or managers.
  • Audit objective: To evaluate your implementation against your NDIS policies, procedures, forms and templates relevant to the participants' related processes
  • Audit criteria: a) your NDIS policies, procedures, forms and templates b) the result of the participant’s interview.

 

Staff/Managers and their related processes

 

  • Sampling approach: Depends on the number of your staff. If you have less than 15 staff, it is recommended to review and audit their related processes, and if you have greater than 15 staff, then it is recommended to follow the sampling-based approach.  
  • Risk-based approach: Applicable if you have more than 15 staff. Follow the Risk Assessed Role method and start with the staff that fall under the high-risk service deliveries.
  • Consent: Applicable. Not only should the auditor have a good understanding of the NDIS internal audit, but they should also have permission to access the staff files and records. Please inform your staff before the interview. Explain the process of the NDIS internal audit and explain that the NDIS internal audit intent is about auditing processes, not individuals.
  • How often it should be audited: It depends on the number of your staff. If you have less than 15, then you should audit all of their related processes once every year. If you have greater than 15, then you can pick the higher-risk one first and follow a risk-based approach. Note: The new staff and their related processes or the ones delivering high-risk services are the ones suggested to be audited more frequently.
  • Who should audit this section: To audit your staff and their related processes, it is recommended to use a resource that has essential knowledge about NDIS internal audit and is one of your key staff or managers.
  • Audit objective: To evaluate your implementation against your NDIS policies, procedures, forms and templates relevant to your staff and HR processes
  • Audit criteria: a) your NDIS policies, procedures, forms and templates b) the result of the staff interview.

 

Physical premises, including offices and outlets

 

  • Sampling approach: NA. All sites must be safely managed.
  • Risk-based approach: NA.
  • Consent: NA
  • How often should it be audited: It is recommended to be inspected twice yearly.
  • Who should audit this section: An auditor understands safe practices and working housekeeping.
  • Audit objective: To ensure the working and service environment is safe and secure and protect the staff and participants from injuries.
  • Audit criteria: a) WHS practices, b) Emergency plan and preparedness, c) Security practices. 

 

It would be best if you considered all the above matters to conduct a practical adding value NDIS internal audit. The availability of tools is essential in helping you run a successful NDIS internal audit. Knowledge about the audit process and how to plan, run and report it is a recipe you need to know in order to make a perfect dish that suits your needs.

 

 Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.

 

Join The Community

Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.

Close

50% Complete

You are almost there! 

Kindly complete the form below and confirm your email address. We will keep you updated with news, articles and promotions.