Webinar Q&A - Getting Your NDIS Business Audit-Ready
Is there an internal NDIS audit checklist available so that we ensure that we are meeting the requirements?
If you are a registered provider, you are required to conduct internal audits (as per Outcome 13 Quality Management).
An internal audit will support you to review your as-is processes and systems and identify gaps.
You may have an Internal Audit Report Template in your documented system.
If you do not have an Internal Audit Report Template, ShiftCare has partnered with Audit Hub to create a downloadable 'Audit Preparation Checklist' (coming soon). You can use this template to review key process areas and verify you are meeting the NDIS Practice Standards outcomes and quality indicators.
Watch or re-watch the webinar
What is the requirement to get NDIS early and childhood registration to be added to the registration group?
This is a little complex, so we will try to simplify the steps to consider:
Step 1: Consider how you intend to deliver early intervention supports.
Generally, providers who register for 0118 Early Intervention Supports for Early Childhood are specialised therapists such as Speech Therapists, Occupational Therapists, Psychologists, Physiotherapists and early childhood educators.
Step 2: Ensure you satisfy the competency requirements to deliver early intervention support.
Early Intervention Supports for Early Child can be delivered without registration and the implementation of Therapeutic Supports; and
the NDIS Commission doesn't stipulate any qualification requirements for 0118.
Providers need to be aware, if you are delivering Early Intervention Supports through therapeutic services, there are certain line items under 0118 in the NDIS Support Catalogue that are required to be delivered by suitably qualified practitioners, including:
Suitably qualified allied health professional or early childhood educator
Allied Health Assistant working under the delegation and direct supervision at all times of a therapist.
We suggest contacting the NDIA if you have any further questions about the use of these lines items.
Step 3: Meet the NDIS Practice Standards
Review the NDIS Practice Standards and the outcomes that are applicable. The applicable Modules and related outcomes depend on your business type (e.g. Sole Trader, Trust or Pty Ltd); and the scope of your services
For Sole Trader and Trusts - the following NDIS Practice Standards are applicable:
Verification Module plus Outcome 10 - Freedom from violence, abuse, neglect, exploitation or discrimination
For Pty Ltd business - the following NDIS Practice Standards are applicable:
Core Module plus Module 3
You will need to submit a Variation to Registration request to the NDIS Commission, request to add Registration Group 0118 Early Intervention Supports for Early Childhood.
If you are already a registered provider and have previously been certified to the Core Module, you will be required to undertake an audit to Module 3.
Contact your AQA and inform them you want to add the registration group 0118. The AQA will provide guidance about the audit process and some options including, incorporating the additional Module 3 audit into your scheduled audit, or having an out-of-cycle audit.
Is there anywhere we can look at an example of a client emergency plan?
We couldn't find a publicly available Client Emergency Plan. You could develop a plan based on Audit Hub’s Individual Emergency Plan. Create a Table within, or as an attachment to the Service Agreement. The Plan should outline the following:
Associated Risk – for example, potential emergency scenarios such as COVID-19 infection, natural disasters, risks of homelessness
Preferred method of communication in emergency
Emergency contact details
Supports essential to daily health & wellbeing
Impact on health, wellbeing and everyday supports if services are disrupted
Points of escalation in an emergency
Risk treatment plan
Provider response, responsibility, and oversight in the event of an emergency, disaster or crisis.
Remember, the development of an Individual Emergency Plan is a collaborative process, led by the participant and the Plan itself should be provided to the Participant.
For the audit process do we need to have paper based policies/procedures available or is full electronic documentation okay?
You do not need to have paper-based policies/procedures. It is acceptable for Policies and Procedures to be fully electronic for the audit.
However, your question may be referring to more than your Policies and Procedures.
Let’s assume you are asking about all your documentation, that is the documented quality management system that includes Policies and Procedures, Forms and Templates.
The Auditor will be verifying that your documented management system is being implemented 'effectively'. An 'effective implementation' may mean, paper-based forms that are used by staff in the service environment. Ensure the Auditor can sight these paper-based documents too.
Does the individual risk management plan apply to participants accessing community access?
Yes, the requirement is for participant risks to be identified, assessed, and effective risk controls to be developed and evaluated across all of your services.
Risks that may be present for a person accessing community access can include but are not limited to the:
Physical environment - hazards and risks are present in the physical environment i.e. where the activity is being undertaken. Risks would include COVID-19 Infection risk, accessibility and hazards may include road traffic;
Participant’s individual needs – risks can include health-related risks, the risk of absconding, preference for quiet environments, handling of money etc.
A risk assessment for one service can be proportionate to the participant’s needs and the kinds of activities you are supporting. However, we suggest using a comprehensive risk assessment template that considers many possible risks and scenarios. You can evaluate and identify if the risk is applicable. If it is not applicable, remember to document ‘Not Applicable’ so there is a record that it has been considered.
As a start-up that does't yet have clients; do we need to have a Mealtime Preparation and Delivery Plan, overseen by health practitioner?
The Auditor will expect to see you have a documented process and supporting systems in place to:
identify the risks related to mealtime management
support the participant to connect with a Health Practitioner, if a risk has been identified
ensure your staff are competent in the delivery of the Plan
support the delivery of safe mealtime management including monitoring and responsiveness to risks or changes.
A Mealtime Preparation and Delivery Plan Template, while not specifically required, would be evidence that you are prepared to support mealtime management.
The Participant’s Mealtime Management Plan will be written by the Participant’s health professional/practitioner, usually a speech pathologist. The Plan will outline the person’s:
nutrition and swallowing;
seating and positioning requirements for eating and drinking; and
mealtime management needs
A Health Practitioner will be involved in monitoring and oversight of the Mealtime Preparation and Delivery Plan, but the degree of involvement will depend on the level of risk, including dysphagia. The participant’s Mealtime Management Plan and/or their Health Practitioner will provide guidance about the risk and monitoring requirements.
With Medication administration, one client has a webster pack and sign-in sheet as they are complex. Do we need sign in sheets for all clients or Doctors Summary and document in ShiftCare is enough?
The Management of Medication quality indicators require the following:
Records clearly identify the medication and dosage required by each participant, including all information required to correctly identify the participant and to safely administer the medication.
All workers responsible for administering medication understand the effects and side-effects of the medication and the steps to take in the event of an incident involving medication.
All medications are stored safely and securely, can be easily identified and differentiated, and are only accessed by appropriately trained workers.
The risk of medication errors in the community setting is high. Given the high-risk, it is good practice to provide very strong systems to help support workers control this risk.
We would suggest:
Implementing a Medication Administration Chart for all Participants who require medication support. The Medication Administration Chart is more than a sign-off chart, it can provide guidance and additional information, including: consent, the “Rights” of Medication Administration; observations of possible side-effects, PRNs, and what to do in the event of an incident.
Continuing to report medication support activities in ShiftCare Progress Notes, as well. It can be something like, ‘Prompted medication at lunchtime. Observed medication taken from Webster Pack. Medication Chart completed.’
With the risk assessment should this be done based on the Participant's environment or the Participant's behaviours/requirements, or both?
Both and more.
Risk assessments should be comprehensive and cover many inter-related areas including, but not limited to:
the Participant's environment – including the hazards and risks in the home or service environment,
the risks applicable to behaviour and communication,
the person’s social context,
health needs and connections to formal networks including allied health related supports,
the person’s cultural and sexual identity,
risks to access supports,
risks when a person transitions into the service,
risks that may impact on the supports provided supporting the participant to progress towards identified goals and outcomes,
risks that impact on the person exiting your service and transitioning to another service provider.
In addition, the updated Practice Standards require risks to be identified in Support Planning to ensure the following risks are identified and controlled:
the degree to which participants rely on the provider’s services to meet their daily living needs;
the extent to which the health and safety of participants would be affected if those services were disrupted.
It's frustrating waiting for the NDIS to approve the registration after passing the certification audit. What can we do about it?
It can be difficult to effectively plan when the timeframe for certification is unknown.
The best advice we can give is to be aware of the extended timeframe and incorporate this into your business planning process.
Remember, you are able to provide services to participants who are self-managed or plan-managed. There are some exceptions, you must be registered to provide behaviour support and be an implementing provider of positive behaviour support.
Are online modules for manual handling and medication acceptable for workers to complete?
Industry recognised online training modules are acceptable, but they are more likely to provide theory-based knowledge training. Therefore, they only form part of your competency requirements for manual handling and medication management.
As an extension to your question 😊 Providers are required to verify Support Worker’s competency.
The verification of competency involves a few elements:
Verifying Knowledge - this may be in the form of an online training module (preferably offered by a registered training organisation or industry recognised provider);
Verification of skills – a competent person will observe and evaluate the Support Worker’s skills and knowledge in practice;
Ongoing evaluation of knowledge and skills – a competent person should check the effectiveness of training and identify gaps for additional training, if required.
If you implement the above, you will be confident your Support Workers are competent.
Extra notes on the management of medication - if you have not done so already, I suggest you:
Identify the kinds of medication support you deliver
Engage a registered training provider of medication management and discuss the requirements and the competencies required of your Support Workers
Develop a process to verify your Support Workers’ medication management competency
Ensure the boundaries of medication management are well defined, along with the competencies required to support within your documented Policies and Procedures
Identify and record competency (training and experience) in your Human Resource management system.
Design and implement strong in-service medication systems that provide risk control for your workers.
Record medication support activities and monitor for risks and changes.
Record events related to medication management including near misses and incidents in a system that supports analysis and preventative corrective actions.
Like medication management, verifying your workers have effective manual handling competency will include participant-centred training. This should be delivered in the service environment, as a buddy-shift, for example, so training on the participant’s manual handling needs and equipment being used can be delivered and evaluated by a competent person.
What can you share about COVID tracing and compliance?
As each jurisdiction’s requirements are different and are susceptible to change, I will direct you to the NDIS website for providers – Coronavirus (COVID -19) Page.
In regards to meeting the requirements for the audit, your human resource system will need to provide evidence of the following for each worker:
details of their secondary employment (if any)
COVID-19 vaccination status
completion of mandatory infection prevention and control training for all workers providing supports to participants
induction to your own internal policies and procedures
This can be done directly within ShiftCare by uploading your staff's vaccine certificates.
In addition, your system should be supporting you to record COVID-19 events. This could be within your incident management system.
The updated NDIS Practice Standards require you to also have the following:
Workers with capabilities that are relevant to assisting in the response to an emergency or disaster (such as contingency planning or infection prevention or control) identified; and
Plans in place to identify, source and induct a workforce in the event that workforce disruptions occur in an emergency or disaster
How do we remove conflict for provider and support coordinator in the same organisation?
It is not possible to remove this conflict of interest. You must manage this perceived and actual conflict of interest to safeguard the participant’s decision-making and ensure people are provided with choice and control.
To effectively manage the conflict of interest present within this scope of services, we suggest the following:
Identify the perceived and actual conflict of interest – you could do this within your risk management system, for example, your Risk Register.
Assess the risk associated with that conflict of interest – this assessment would be based on the likelihood of the conflict of interest occurring and the impact on the participant;
Develop a risk management plan to control or reduce the risk – this could include the following, as examples:
ensure participants are informed and understand the conflict of interest;
ensure participants are provided choice and control over the services they receive. That is, they are supported to have full choice about if they want both Support Coordination and Direct Supports provided by your organisation or just one services;
When a participant selects to receive both support coordination and direct support services, ensure there are different people providing this support. That is, the Support Coordinator does not also provide direct supports, and vice-versa;
Keep information about a participant’s support coordination and direct supports services separate.
Risks associated with the conflict of interest and the effectiveness of the risk controls should continue to be monitored and treated. This could be documented in your Risk Register and reviewed in your Management Meeting for example.
Provide open and robust feedback mechanisms to ensure any participant concerns are heard and handled effectively.
Identify delegations to safeguard objectivity and impartiality.
Evidence of the above controls should be documented in your systems. Evidence can include, for example,
Information about conflict of interest covered in the Service Agreement.
Document that participants were provided with choice and control including the names of other service providers within the intake process.
Conflict of Interest Form that verifies that the participant has understood the conflict of interest, the risks, their rights and your responsibilities and has decided to receive both support coordination and direct supports.
Record when a conflict of interest does occur – this could be in a Conflict of Interest or Issues Register.
Review, evaluate and treat the controls you have in place as a standing agenda item on a management meeting.
Identify Delegations to manage Conflict of Interest in your Continuity Plan
As a note – some providers think that a conflict of interest can be removed by establishing a separate business. The potential and perceived conflict of interest remains, in fact, the risk may be higher because now, there is less transparency, and the participant has less clarity about the conflict.
While there are scenarios where organisations do provide both support coordination and direct supports to participants, this is not a preferred service model due to the conflict of interest and the risk to participants.
Can we use ShiftCare software to manage all our documents to stay compliant and does this software assit with financial management like payroll, invoices, etc?
ShiftCare provides a powerful platform to support you meet your compliance requirements in many areas including:
Governance - reporting dashboards provide data on service activity that can be used to support business planning, including resource and continuity planning, monitoring and evaluation activities.
Information Management – ShiftCare supports the control of information management by providing a cloud-based platform. Personal information and documentation about your workers and participants is access controlled. So, information is not being shared with Support Workers via personal emails, for example.
Human Resource Management - Within the [Compliance] Area, ShiftCare provides a consolidated register of all workers and control over NDIS mandatory worker screening and training.
Service Provision - ShiftCare provides a platform to share current service documentation such as Policies and Procedures and participant service records including Support Plans, Participant Reports and Assessments and Progress Notes that support continuity in supports.
There are parts of your documented quality management system that will be stored outside of the ShiftCare Platform, in your OneDrive or DropBox, for example. This documentation will include, for example, your Business Risk Register, Internal Audit Program, Complaints and Incident Registers, Meeting Minutes, and records of worker Performance Evaluation.