By Sharon Floyd, Director of Engels Floyd

In this time of uncertainty, many providers have been concerned about how COVID-19 will affect the rollout of planned NDIS audits.

The NDIS Commission has recognised that both providers and auditing bodies may experience significant disruption, which will impact on audit engagement activities.

The NDIS Commission recently issued advice recognising that the priority for infection management and continuity of support during the COVID-19 pandemic is likely to affect ‘the readiness and capacity of some providers to engage with any registration renewal audits, particularly on-site activities.’

The NDIS Commission has advised auditing bodies to:

  • review their audit practices to ensure these are provided in a way that minimises the risk of exposure to COVID-19 for participants, providers and auditors.
  • where audits are scheduled to occur, engage with providers to confirm their availability to continue where practicable to do so.
  • where going ahead in agreement with the provider, establishing clear arrangements for conducting a Stage 2 audit activities in a way that minimises risk.
  • delay or reschedule audit dates where providers are not in a position to proceed with these. Decisions to suspend or delay completion of a Stage 2 audit beyond three months (as provided in the NDIS Auditing Scheme Guidelines), should be recorded in audit reports.

The Commission plans to provide targeted advice to registered NDIS providers, including arrangements for varying conditions of registration, where necessary, to allow an extended period of time to complete the registration process, including audits.

The latest COVID-19 restrictions involving social distancing will mean that remote audits are the only practical method for conducting Stage 2 audits until these restrictions are lifted. Auditing bodies need to meet certain accreditation requirements to be able to conduct remote audits.

So, what will remote audits look like in practice?

Remote auditing presents some challenges and audit teams and providers alike will no doubt learn new approaches/methods to enhance the audit processes and outcomes over time. It is a requirement that audit teams provide an audit plan to the NDIS provider for the Stage 2 onsite audit, and this equally applies where a Stage 2 audit is conducted remotely.

Audit teams need to follow the same processes during the conduct of a remote audit, which would include:

  • having an opening and closing meeting with the NDIS provider
  • being respectful to participants and their family, and minimising disruption to service delivery
  • collecting a range of audit evidence demonstrating implementation of procedures and practices, which includes participant and staff files, registers, minutes, brochures, records etc. through ‘triangulation’ of evidence
  • specifying how long the audit will take (audit duration)
  • interviewing required ‘samples’ of participants (which are randomly selected by the audit team)
  • interviewing a representative number of workers
  • multisite sampling.

The Audit Plan should identify clearly how and when the interviews will be facilitated, and how information/records will be accessed. This could be through a variety of technologies:

  • videoconferencing (Skype, Facetime, GoTo, Zoom)
  • telephone meetings
  • web based meetings
  • electronic file transfer
  • systems access (cloud based CRM databases)
  • screen sharing.

It is a good idea to have a trial run of the technology before the day of the audit to make sure both the Audit Team and provider can access the technology easily – the same would apply to participants if they are being interviewed via videoconferencing. In the case of CRM databases, the audit team will need access to relevant information which would need to be time-limited.

If the provider has certain records only in hard copy, then the provider will need to think through how these are best made available to the audit team. This could include scanning relevant documentation. Noting this can be time-consuming and may impact on time otherwise spent managing or providing direct service delivery to participants, it may be reasonable to seek advice from the NDIS Commission and your audit body about the practicalities of a remote audit in those cases.

Observation is usually a type of evidence obtained during an onsite audit, and there may be ways that the provider can ‘walk’ the audit team through their premises via Skype, Facetime etc.

Confidentiality is an area that needs to be managed carefully – both for workers and participants. This should be planned appropriately to ensure that the worker or participant is able to speak freely without the presence of others (if that is their choice) so that feedback provided to audit teams remains confidential.

The NDIS Code of Conduct, Continuity of Support and Safe Environments are mandatory compliance requirements for NDIS providers, and in the current COVID-19 environment, it would be an expectation that NDIS providers have evidence to demonstrate how they are providing a safe environment, managing infection control, risks and business continuity. We encourage providers to access the useful resources available from the NDIS Commission’s website as in addition to essential practice, these are great sources of evidence for the audit, in particular:

These are certainly challenging times for us all. We continue to conduct ‘preparatory’ audits for providers, albeit in a remote environment, which are a great way of identifying any potential areas of non-conformance, plus to show how the remote audit will work in practice.

If you would like to discuss how you can best prepare for a remote audit, or to chat about how your Continuity of Support policy and procedure address pandemic requirements, please feel free to contact Engels Floyd, [email protected] or 0478 616 207.