Your essential guide to a successful NDIS Internal Audit

LMS TRG’s technical manager, Maz Nabavi, provides guidance on effectively conducting NDIS Internal Audits and leads you through the process to ensure a successful outcome.

If your business is involved in the National Disability Insurance Scheme (NDIS), you may wonder whether it is important to conduct an NDIS Internal Audit. What is the NDIS Internal Audit and how can it benefit your organisation? 

Internal audits are effective tools to understand gaps in your compliance and organisational requirements, prepare for mid-term or re-certification audits, identify areas for improvement, and save you time and money in the long-run. 

This post will explain exactly how NDIS Internal Audits are effectively conducted and will guide you through the process so your own audit is successful. 

There are five areas you should focus on when conducting an NDIS Internal Audit:

1. Studying the NDIS Quality Indicators Guidelines, its requirements and your applicable modules.
2. Going over your NDIS policies, procedures, forms and templates.
3. Analysing your organisational structure and its complexity.
4. Calculating the number of NDIS participants and complexity of delivered services.
5. The number of offices and outlets.

The first step is knowing the complexity of the services you offer. Here are the steps you can follow to plan an effective NDIS Internal Audit:

1. Map out your organisation. You should understand the organisational structure and complexity of services. The points below can help guide you:

a) Your applicable modules
b) The number of departments/managers/functions
c) The number of NDIS participants
d) The number of staff
e) The number of offices/outlets 

2. Get to know your NDIS internal auditor. How many NDIS internal auditors are in your team? Do they have a proper understanding of the NDIS Internal Audit? For more information, take LMS TRG’s online/Self-Paced course.

3. How many members of staff do you have? Is your staff turnover high? Could an incompetent staff member be assigned a task that cannot be delivered safely and correctly?

With the mapping complete, the next step is to consider the following four areas for the internal audit.

Documentation and your NDIS management systems

• Sampling approach: Not applicable.
• Risk-based approach: Not applicable.
• Consent: Not applicable.
• How often should it be audited? Any change in your policies, procedures, forms, and processes can trigger the NDIS Internal Audit. If your documentation and applicable legislation are in-date, then the audit should be carried out annually. Otherwise, you can audit a third of your processes each year. All processes and documentation shall be audited over a three-year cycle.
• Who should audit this section? Someone familiar with NDIS Quality Indicator Guidelines and auditing processes.
• Audit objective: To evaluate NDIS policies, procedures, forms, and templates for compliance with NDIS Quality Indicator Guidelines.
• Audit criteria: NDIS Quality Indicator Guidelines and other related legislation.

Participants and their related processes

• Sampling approach: Audit procedures vary depending on the circumstances. For example, auditing five participants after obtaining their consent is recommended, while a sampling approach may be used for more than 15 participants. Prioritising the highest risk participant with a risk-based approach is advised.
• Risk-based approach: Applies to 15 participants or more.
• Consent: Partially relevant; consent may not be required if an internal reviewer is examining the participant’s record, as consent should have been obtained during intake.
• How often should it be audited? For less than 15 participants, audit all related processes annually. For over 15, prioritise higher risk participants and audit across all risk levels within 12 months.
• Who should audit this section? Key staff or managers who are knowledgeable about the NDIS Internal Audit.
• Audit objective: To assess compliance with NDIS policies and procedures related to participant processes.
• Audit criteria: a) your NDIS policies, procedures, forms and templates b) the results of the participants’ interviews.

Staff, managers and their related processes

• Sampling approach: If the total number of staff is less than 15, review and audit their processes. If greater than 15, use a sampling-based approach.
• Risk-based approach: For less than 15 employees, use Risk-Assessed Roles method and prioritise auditing high-risk service deliveries staff.
• Consent: The auditor needs both NDIS internal auditing knowledge and access to staff files. Notify staff and emphasise that the audit is focused on the process, not the individual.
• How often should it be audited? If you have less than 15 members of staff, audit their related processes annually. For over 15 members of staff, prioritise high-risk processes and follow a risk-based approach. New staff and high-risk service deliveries should be audited more frequently.
• Who should audit this section? A key staff member or manager with NDIS Internal Audit knowledge.
• Audit objective: To evaluate your HR processes against NDIS policies, procedures, forms, and templates.
• Audit criteria: a) your NDIS policies, procedures, forms and templates b) the results of the staff interviews.

Physical premises, including offices and outlets

• Sampling approach: Not applicable. All sites must be safely managed.
• Risk-based approach: Not applicable.
• Consent: Not applicable.
• How often should it be audited? A biannual inspection is recommended.
• Who should audit this section? An auditor who is knowledgeable about safe practices and workplace housekeeping.
• Audit objective: To ensure a safe working environment for staff and participants to prevent harm or injury.
• Audit criteria: a) WHS practices, b) Emergency plan and vigilance, c) Security practices, d) SWMS.

To conduct an effective NDIS Internal Audit, it’s important to consider all the factors mentioned above regarding staff, management, the physical premises and your documentation. Utilising the right tools available on our online course is crucial for a successful audit. Additionally, researching the audit process, including planning, execution, and reporting, is essential for achieving your desired outcomes. 

Who we are

At our core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses.

We Care for each other, our members, and our society.

We Dare to discover and experiment, aiming to be different, fearless, and innovative.

We Share our knowledge and experience by working together and continuing to support our team members.