This article is the second of three that will help you prepare for and undertake your NDIS Audit.
NDIS Audit Preparation
NDIS audit preparation can often be daunting and overwhelming. Under the new NDIS Quality and Safeguarding Framework, all NDIS Providers applying for NDIS Registration or undertaking their NDIS Registration Renewal with the NDIS Quality and Safeguards Commission must undergo an NDIS Audit.
NDIS Audit is relatively new and even the most experienced of our clients find the process – from finding an auditor to understanding the different types of audits and what’s involved – daunting to say the least.
So, let’s get clear on the ins and outs – it’s the best way to prepare and get through your audit with confidence. To help you do this, I’ve answered our clients’ most common NDIS Audit questions below.
1. What on earth is an Initial Scope of Audit?
The first step in applying to be a Registered NDIS Provider or undertaking your NDIS Registration Renewal is to submit an online application to the NDIS Quality and Safeguards Commission. Part of this application is a self-assessment, which I covered in detail in my last article in this series, called “3 Tips for Completing Your NDIS Self-Assessment.”
Once you’ve completed and submitted your application, within 24 hours you’ll receive an automatically generated ‘Initial Scope of Audit’ letter via email. I’ve provided an example of this letter below. As you can see, the letter sets out your business’ details, the NDIS Registration Groups you are registering to deliver and, circled in red in the example, the type of audit you need to undergo as well as which standards you will be audited against. The letter is, in effect, setting out the scope of the audit you need to undergo.
The Initial Scope of Audit provides prospective auditors with the information they need to give you an initial quote for your specific audit. The letter itself states: This scope of audit is based on the information provided on the Application form and should not be considered final. What this means is that, once your auditor has spoken to you and identified your exact audit needs, the scope of the audit could change. This is why the letter provides the initial scope – it provides you and auditors the information needed to start a conversation about what your audit will look like
2. What are Verification and Certification – and what’s the difference between them?
The terms Verification and Certification relate to the type of NDIS Audit you need to undergo, to demonstrate how you comply with the NDIS Practice Standards. The type of audit you need to do will depend on the NDIS Services and Supports you want to provide.
Verification audits are smaller-scope audits conducted on businesses delivering
Cerification audits are more intensive than Verification audits, comprised of a desktop review of documentation, as well as an onsite assessment. At the moment, some onsite assessments may be conducted remotely (due to the impacts of COVID-19) and you can also request remote assessment from the NDIS Quality and Safeguards Commission if you meet certain criteria. You can talk to your auditor about whether this option is available to you.
Certification audits apply to businesses delivering higher risk supports. In a Certification audit, auditors will be looking for both documentary and practical evidence of how you comply with the NDIS Practice Standards that apply to the NDIS supports and services you intend to deliver. In most cases, this will be at least 22 ‘Core’ NDIS Practice Standards (known as the Core Module).
Businesses delivering the highest risk NDIS services (think High Intensity Daily Personal Activities or Positive Behaviour Support) will have to comply with additional ‘Modules’ of Standards. The only exception to this is Specialised Disability Accommodation (SDA). In this case, if your business is delivering only SDA (i.e. no other NDIS supports or services), you will only have to comply with the SDA Module of the NDIS Practice Standards, which is comprised of five Standards.
Certification audits are conducted every 3 years, with a smaller scope, mid-term audit conducted at the 18-month mark in between.
If you’re not sure whether you have to undergo a Verification or Certification audit, you can use our Vericert Tool to find out.
3. How do I choose an auditor?
There are (currently) 16 organisations across Australia that have been appointed as NDIS Approved Auditing Bodies – meaning their auditing staff can undertake NDIS Audits (Verification or Certification). Their contact details are provided on the NDIS Quality and Safeguards Commission’s website.
Once you have your Initial Scope of Audit, you can contact any number of these 16 bodies to find out how they would conduct your audit and what they would charge. You are responsible for engaging your own auditor, and while this can be daunting, it is as simple as shopping around until you find the auditing body you’d prefer to work with.
4. Do I have to pay for my audit – and how much?
In short, yes. Businesses applying to be a Registered NDIS Provider or undertaking NDIS Registration Renewal are required to pay for their initial and all following NDIS Audits.
There are no fixed costs for NDIS Audits because every business and the scope of audit they require are different (quotes take into account your business’ size, number of NDIS participants, number of staff and number of delivery sites). However, the Initial Scope of Audit ensures that all auditing bodies can quote based on the same information. All Approved Auditing Bodies must provide quotes on a ‘no-obligation’ basis and free of charge, so you have the flexibility to find the right auditor and auditing fees for your business.
I recommend getting at least three or four quotes to ensure you receive value for money, based on your business’ specific auditing needs.
5. Once I’ve chosen an auditor, what happens?
Once you’ve engaged an auditor, you will work together to identify a suitable date for your audit. They will also request access to your registration or renewal application in the NDIS Quality and Safeguards Commission’s portal. From there, they’ll be able to review your application, self-assessment responses and documentary evidence, to develop an audit plan and identify any additional information or documentation they require from you.
I’ll cover the audit process itself, and responding to audit outcomes, in my next article in this series. If you want more information or need help with your ndis audit preparation, get in touch – with an Provider Institute Membership you can book a consult with our specialist auditor to discuss your preparation requirements, purchase our Simple Guide to your NDIS Audit and maintain compliance, all in one place.