By Sharon Floyd, Director of Engels Floyd

What do the changed requirements to NDIS Registration Rules mean for providers undergoing audits?

Changes to the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 (the Rules) came into effect from 1 January 2020.

The changes aim to reduce the regulatory burden on registered providers by providing:

  • a verification audit pathway for all providers delivering low risk supports regardless of legal entity, replacing certification audit pathways for bodies corporate. This effectively means a more streamlined online process for bodies corporate (through the Commission’s portal), in place of onsite audits, and;
  • a mid-term audit within 18 months of registration approval in place of yearly surveillance audits. This ultimately reduces the overall amount of auditing from two surveillances in each certification/registration cycle to one.

What will verification audits look like for body corporates?

The updated NDIS (Approved Quality Auditors Scheme) Guidelines 2018 state that auditors need to refer to the ‘current document published by the Commission which outlines the evidence that auditors must receive to assess conformity with the verification module.’ This is the NDIS Practice Standards: Verification Module – Required documentation document which is available at: NDIS Commission Verification Module.

There is a new section in this document which outlines requirements for body corporates undertaking verification. This section reads:

Bodies Corporate (excluding government providers) seeking registration for verification only registration groups are required to demonstrate the following:

Human Resource Management

  • Pre-employment checks in accordance with workers screening requirements.
  • Qualifications and/ or experience
    • In order to meet this requirement, the provider must provide evidence that one staff member who will deliver supports has met the requirements for each profession(s) the provider intends to deliver under each registration group(s). (See Requirements by Profession within the verification module)

Where a requirement includes the words ‘or equivalent’, this means an institute of a similar status to that which is referred. Factors to be taken into consideration include the relevant industries’ acknowledgement of the institute as a body, which maintains the reputation and quality of the profession, as well as the experience and qualifications required for professionals in the industry to gain membership of the institute.

Where a provider has multiple staff working with the same profession it is the ongoing responsibility of the provider to ensure staff achieve the same standard.

  • Provide the certificate of completion of the NDIS worker orientation program (mandatory training) for each staff member
  • Personal accident insurance or worker’s compensation insurance. A certificate of currency for current insurance that meets the minimum level of cover commensurate to the scope of the provider. Providers should seek professional advice as to the type and amount of insurance that is necessary.

Incident Management

  • Describe how the provider manages incidents, or provide a copy of your incident management process, as relevant to the supports delivered for this registration group, including any relevant material provided to participants.

The process must meet the requirements of the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018. The process should be relevant (proportionate) to the size and scale of the provider and to the scope and complexity of the supports being delivered.

Complaints Management

  • Describe how the provider manages complaints, or provide a copy of your complaints process, as relevant to the supports delivered for this registration group, including any relevant material provided to participants.

The process must meet the requirements of the National Disability Insurance Scheme (Complaints) Rules 2018 and follows principles of fairness and natural justice. The process should be relevant (proportionate) to the size and scale of the provider and to the scope and complexity of the supports being delivered.

Risk Management

  • Describe or provide a copy of the providers work health and safety policies and procedures relevant to the supports delivered for this registration group, including any relevant material provided to NDIS participants.

The policies and procedures should be relevant (proportionate) to the size and scale of the provider and to the scope and complexity of the supports being delivered.

  • Public liability insurance. A certificate of currency for current insurance that meets the minimum level of cover commensurate to the scope of the provider. Providers should seek professional advice as to the type and amount of insurance that is necessary.
  • Professional indemnity insurance. A certificate of currency for current insurance that meets the minimum level of cover commensurate to the scope of the provider. Providers should seek professional advice as to the type and amount of insurance that is necessary.[1]

There is still a proportional approach to processes, policies and procedures for verification, which means that body corporates with a larger workforce and large numbers of NDIS participants would be expected to have systems addressing risk management, complaints management and incident management which are commensurate with the size, scale and scope of those providers.

What is the impact of mid-term audits for registered providers?

The mid-term (18 month) audit has replaced the yearly ‘surveillance’ audit for registered providers. It appears that the mid-term audit will now include assessment of:

  • Division 3 of the Core Module – Governance and Operational Management as a mandatory requirement;
  • Any Standard which was identified in the previous audit as needing to implement a Corrective Action Plan; and
  • Any Standard specified by the NDIS Commission.

What does this mean for registered providers that have already had their first ‘surveillance’ monitoring audit in NSW and SA?

The updated NDIS (Approved Quality Auditor) Guidelines has a new clause to address these situations, and basically it is good news for this category of providers. Another mid-term audit is not required, if the original surveillance monitoring audit:

  • Was carried out by an Approved Quality Auditor (certification body) using certification no later than 18 months after the beginning of the provider’s registration period;
  • Assessed the Standards relating to Governance and Operational Management;
  • Assessed any specific Standards which were previously identified in the initial certification as requiring the provider to implement a corrective action plan.

It is likely in many cases that the original surveillance monitoring audit would have addressed these requirements, which means that these providers are not due for another audit until the time of the three yearly re-certification. Note: Engels Floyd has assisted a number of providers address corrective actions, so if this is an area of concern for you, please feel free to contact them.

We do encourage providers to contact their certification body to review their quote for the certification cycle, as the original quote would have been based on yearly surveillance audits.

For questions about the NDIS registration rules, comment or compliance support contact Engels Floyd, [email protected] or 0478 616 207.

 

[1] Reproduced from NDIS Practice Standards Verification Module – required documentation, January 2020 (pages 2 to 4)