Keeping tabs on the auditors


The NDIS Commission recently released a set of guidelines, called the Approved Quality Auditors Scheme, to regulate the auditing of registered service providers.

An instrument of the National Disability Insurance Scheme Act 2013, the scheme gives a legal framework to the process of assessing providers for compliance against the NDIS Practice Standards.

It includes guidelines on who can become an auditor, their interactions with providers, and how and when assessments must be carried out.

Nationally there are only ten NDIS-approved independent auditors. Clearly, this number is set to grow exponentially to keep apace of the requirement for annual audits, as the NDIS rolls out across the states in coming years.

For service providers, the auditing process begins after their initial registration has been accepted. They’ll receive a scope-of-audit document, which is emailed to them by the Commission’s system on acceptance of their registration.

This document outlines the relevant registration groups for the services they are registered to provide, based on the information they entered in the application. The provider will be audited on these services, according to the relevant Practice Standards and other requirements under the NDIS Rules.

Depending on whether they are offering services that are considered to entail low or high potential risk to the participant, the provider will need to undergo either a ‘verification’ or a ‘certification’ quality audit. A note of warning, it pays to be sensible about the number and sort of services you provide, since you may have to do the Certification process which is considerably more expensive and rigorous.

Verification is an annual one-stage audit of the documents and self-assessment responses the provider submitted in their application.

Certification has a second stage, which takes place on-site (except in some certain circumstances) and entails a detailed examination of the provider’s systems, records and performance.

When engaging an auditor, the provider should ask for a quotation on the cost based on the scope of the audit. The quotation must be given for free and with no-obligation to purchase.

The guidelines state that an audit’s scale has to be appropriate to the provider’s size and services.

The auditor needs to take account of the provider’s intended registration groups, their participants (e.g. age and ethnic groupings) and location, and the number of sites and workers they have.

For individuals and small businesses delivering low-risk services and supports for NDIS participants:

  • There is more flexibility on the number of auditors required for site inspections and interviews for Certification Audits

  • There is more flexibility on the minimum time required to undertake a Certification Audits

  • Off-site auditing is permitted for some Certification Audits depending on the circumstance

  • there is no requirement for annual follow up audits during the three year registration period (known as Surveillance Audits)

If the cost of a verification audit would exceed the cost of a certification audit, then the auditor should make the provider aware of this and supply quotes for both audits, so that the provider can have the option of going with the certification.

Once the auditor has been engaged, the provider needs to give them a unique reference number so that the auditor can access the relevant sections of the NDIS provider’s record on the Commission’s system.

The auditor can only make changes to the NDIS provider’s record on the Commission’s system with written approval.

The frequency and type of audit that the provider must undergo - known as their ‘audit program’ - are set out in the conditions on their Certificate of Registration.

The guidelines require the audit team to have an identified leader, have the suitable technical qualifications and reflect the ‘characteristics’ of the participants receiving the services (e.g. nature of the disability and cultural background). In exceptional circumstances the Commissioner may request that a particular auditor undertakes an audit.

For help with navigating your business through the NDIS auditing process, refer to Centro’s Compliance section. It provides valuable advice on the requirements of the National Quality and Safeguarding Framework and the steps to take in order to comply with conditions of NDIS registration.

Centro CORE also has audit-ready policy documents available to subscribers.

Updated 11th July 2019

Julie Wucompliance