Audio Coursesby JellypodLesson 07 of 11
Overview
Will, EnableUs Community: Alright, welcome back to the EnableUs Community Podcast, everyone. I’m Will, and I’m here with Winter. Today, we’re diving into the top reasons NDIS providers fail audits—and, more importantly, how to actually fix those issues before they become a real headache.
Winter, EnableUs Community: Hey folks! This is such a big topic. I mean, audits can feel like this looming cloud, but honestly, most of the stuff that trips people up is totally avoidable. Like, we’re not talking about some secret trapdoor—just basic things that get missed, right?
Will, EnableUs Community: Yeah, exactly. And I think the first thing to get your head around is what a non-conformity actually is. Basically, it’s when you don’t fully meet one or more of the NDIS Practice Standards. There’s minor non-conformities—like, say, a policy that’s a bit out of date. And then there’s major ones, which are, you know, missing a whole policy or not having proof of staff qualifications. Those are the ones that can really stall your registration or renewal.
Winter, EnableUs Community: And the wild thing is, it’s usually the little things that snowball. Like, you forget to update a policy, or you’ve got a staff file missing a First Aid certificate, and suddenly you’re scrambling. Outdated or missing policies are probably the most common, right?
Will, EnableUs Community: Oh, for sure. I’ll never forget my first audit. I thought I had everything sorted, but I’d missed updating our complaints policy after a change in the regs. It was just one document, but the auditor picked it up straight away. I remember thinking, “How did I miss that?” It was a minor non-conformity, but it could’ve easily become a major one if we hadn’t fixed it quickly.
Winter, EnableUs Community: That’s so relatable. And it’s not just policies—staff documentation is a biggie too. Like, if you don’t have up-to-date Worker Screening Checks or CPR certificates, that’s a red flag. I’ve seen providers with amazing services, but they get tripped up by expired paperwork.
Will, EnableUs Community: Yeah, and it’s not about bad intentions. Most of the time, it’s just a lack of preparation or, honestly, not having a system to keep track of all the moving parts. If you’re not regularly checking your files, stuff slips through the cracks.
Winter, EnableUs Community: And then there’s the complaint and incident processes. If your team doesn’t know what to do when something goes wrong, or if you don’t have a clear, documented process, that’s another common reason for non-conformities. It’s all about having those basics in place and making sure everyone’s on the same page.
Will, EnableUs Community: So, let’s talk about how to actually stay audit-ready. I reckon the biggest game-changer is personalising your policies. Like, don’t just grab a template off the internet and call it a day. Make sure it actually fits your service, your staff, your participants. And then, set a schedule to review them—at least once a year, but honestly, more often if things are changing fast.
Winter, EnableUs Community: Absolutely. And I’d add, keep a live staff compliance register. That’s just a fancy way of saying, have a system—could be a spreadsheet, could be software—where you track everyone’s qualifications, checks, and when they expire. I’ve seen providers use digital calendars to set reminders for when things are due. It sounds simple, but it saves so much stress.
Will, EnableUs Community: Yeah, and don’t just set and forget. Do quarterly file audits. I know it sounds like a lot, but if you check every three months, you catch stuff before it becomes a problem. I’ve seen what happens when you don’t—suddenly, you’re a week out from audit and you realise half your staff have expired First Aid certificates. Not fun.
Winter, EnableUs Community: I actually worked with a provider who avoided a massive headache by using a digital risk register. They’d had a close call with a staff qualification expiring, so they set up a system to track risks and scheduled regular staff training. When the auditor came, they could show not just the register, but also the actions they’d taken—like, “Here’s the training we did, here’s when we updated our process.” It made a huge difference.
Will, EnableUs Community: That’s such a good example. And it’s not just about ticking boxes—it’s about showing you’re actually living your policies, not just writing them down. If you can show evidence—like training records, updated risk registers, or even just meeting notes—it goes a long way.
Winter, EnableUs Community: And don’t forget staff training. It’s not enough to hand someone a policy and hope for the best. Do proper inductions, use checklists, and run refresher sessions. Keep records of who’s done what, so you can prove it if you need to.
Will, EnableUs Community: Alright, let’s get into complaints, incidents, and risk management. This is where a lot of providers get caught out, because it’s not just about having a policy—it’s about having a process that everyone actually understands and follows.
Winter, EnableUs Community: Yeah, and the key is clarity. Your complaints and incident management procedures need to be detailed—like, who does what, what’s the timeline, how do you escalate things. And then, you’ve gotta train your staff so they’re not just nodding along, but actually know what to do if something happens.
Will, EnableUs Community: And when it comes to risk management, having a live risk register is non-negotiable. It’s not enough to say, “Oh, we manage risks.” You need to show the auditor your register, your mitigation actions, and that you’re reviewing and updating it regularly. Otherwise, it’s just words on paper.
Winter, EnableUs Community: Totally. And let’s talk about storing records securely, because that’s another area where people slip up. I’m a big fan of secure cloud-based storage with proper access controls. It’s just safer, and you can track who’s accessed what. But I know some people still prefer physical files—what do you think, Will?
Will, EnableUs Community: Look, I get the appeal of a locked filing cabinet, but honestly, with the Privacy Act and all the data protection requirements, cloud storage with encryption is just easier to manage. Plus, you can set permissions so only the right people have access. But, if you’re sticking with paper, you’ve gotta make sure it’s locked up and only authorised staff can get to it. No leaving files on the desk overnight, that’s for sure.
Winter, EnableUs Community: Yeah, and regular reviews of your data security protocols are a must. Auditors will ask how you protect participant information, so you need to be able to show your process—whether it’s digital or physical. And, honestly, it’s just good practice for peace of mind.
Will, EnableUs Community: Alright, I think that’s a good place to wrap up. If you take anything away from today, it’s that most audit issues are totally avoidable with a bit of planning and the right systems. Don’t wait for audit day to get your house in order—make it part of your regular routine.
Winter, EnableUs Community: Couldn’t agree more. And if you do hit a snag, just fix it quickly, show your evidence, and keep the lines of communication open with your auditor. We’ll be back next time with more tips to help you ace your NDIS audits. Thanks for joining us!
Will, EnableUs Community: Thanks, Winter. And thanks to everyone listening. Catch you next episode!
Winter, EnableUs Community: See you then, Will. Bye everyone!
