NDIS audit outcomes: How you can prevent 3 common non-conformities

When you are on your NDIS registration journey, getting non-conformities on your audit report can often be a confusing and stressful experience.  

In this post, we provide guidance for how you can prevent three non-conformities commonly identified by auditors that work with new service providers. 

Non-conformity 1: Risks have not been properly identified, analysed, prioritised and treated 

As a disability service provider, you are responsible for managing risks across all areas of your organisation. 

To avoid non-compliance in this area and develop a proactive risk management culture, you must have a fully completed risk register before you begin providing services under the NDIS. 

The risk register must always be kept up-to-date and include details of risks that relate to: 

• participants 

• workers; and  

• the organisation (including risks relating to finances, work health and safety and disasters). 

Your risk register can be in the form of an MS Excel spreadsheet, or a more robust IT-based solution. 

Non-conformity 2: There is no system of internal audit 

Internal audits are a key part of ongoing quality management within your organisation.  

The relevant requirement of the NDIS Practice Standards and Quality Indicators  states that providers must have “…a documented program of internal audits relevant (proportionate) to the size and scale of the provider and the scope and complexity of supports delivered.” 

To avoid non-compliance with this requirement we recommend: 

• having an internal audit policy 

• setting up a schedule of internal audits aimed at evaluating different facets of your organisational practice 

• having a clear record of internal audit results 

• having evidence of policy/process/practice changes that were made in response to internal audit results. 

Our NDIS-specific internal audit system will ensure you avoid this non-conformity.

Non-conformity 3: Evidence of worker checks are not available 

During your audit, the auditor will want to verify that your workers (in particular, those working in risk assessed roles) have all the relevant worker checks.  

Worker checks that must be sighted by the auditor include both security checks and other evidence of professional competency.  

To avoid this non-compliance, workers undertaking a risk-assessed role will need to have evidence of the following mandatory documents: 

• proof of identity 

• all relevant worker screening checks

• professional qualifications, such as a copy of a relevant degree or diploma 

• two or more references 

• membership of a professional association related to their line of work 

• completion of the NDIS Worker Orientation Module  

• completion of internal workplace induction and training (or a training plan/checklist). 

In addition, the following are also be required in some circumstances:  

• a state-specific working with children check (for any workers who will be providing support to people under 18 years old) 

• completion of any other relevant government training modules, such as COVID-19 infection control training. 

The requirements above can also be applied to roles that are generally not risk-assessed, such as administrative staff. You have the right to request some or all the listed evidence from all your workers, regardless of position.

Centro BUSINESS includes an integrated risk management feature which will help you avoid non-conformity one. Get it touch with us today to learn how Centro BUSINESS can help your organisation.

More resources on NDIS compliance