This article discusses how non-compliance with requirements of the NDIS Practice Standards are identified and managed.
BY KAI SINOR
This article discusses how non-compliance (“non-conformities”) with the NDIS Practice Standards is identified and the requirements under the NDIS Approved Quality Auditor Scheme Guidelines (Auditor Scheme Guidelines) that providers must take to resolve compliance problems. This article should be read alongside our guidance note ‘Methods for auditing the NDIS Practice Standards’.
Details of the legislation and other resources cited in this article are available in the full text guidance note here.
At a minimum, the auditor will examine documents and records that are relevant to the scope of audit, review the provider’s responses to the self-assessment and where available, the NDIS quality audit history (prior outcomes, corrective actions and reports). The auditor may also gather information from interviews, observations or feedback.
Refer to our guidance on the MPS Law website for more information about how auditors assess compliance with the NDIS Practice Standards.
How is ‘conformity’ with the NDIS Practice Standards evaluated?
The NDIS Quality Indicators Guidelines (Quality Indicator Guidelines) list criteria for the quality indicators that auditors use to evaluate compliance with the NDIS Practice Standards. The methods for gathering audit evidence depend on whether the audit is for certification or verification, the defined audit objectives, scope and criteria (as defined in the scope of audit), as well as the duration and location of the audit.
At a minimum, the auditor will examine documents and records that are relevant to the scope of audit and review the provider’s responses to the self-assessment and where available, the NDIS quality audit history (prior outcomes, corrective actions and reports). The auditor may also gather information from interviews, observations or feedback.
Where required, information related to interfaces between functions, activities and processes, will be collected using the sampling methodologies set out in the Quality Auditor Guidelines. Generally, only information that can be verified (to some degree) is acceptable as audit evidence.
Refer to our guidance on the MPS Law website for more information about how auditors assess compliance with the NDIS Practice Standards is evaluated.
What happens when a non-conformity is identified?
Compliance problems that the auditor identifies are notified to providers in writing during the course of the audit. Auditors are expected to review any identified non-conformities with the provider in order to obtain acknowledgement that the audit evidence is accurate and that the non-conformities are understood. Once notified of a non‑conformity, the provider has seven days to present a plan to the auditor that sets out how the problems will be corrected (a “corrective action plan”).
The Auditor Scheme Guidelines specify timeframes within which different kinds of non‑conformities must be “closed out” or “downgraded”, when reviews of corrective actions must be undertaken and when failure to close out or downgrade a non-conformity will result in suspension of the provider’s certification. This information is detailed in the table available in the full text version of this guidance note.
The impact of major non-conformities
On first glance, a major non-conformity appears fatal; if a major non-conformity is found a certification decision cannot be issued. However, the Auditor Scheme Guidelines state that, for any major non-conformity raised during recertification or reverification, the auditor shall specify time limits for correction and corrective action. This suggests that major non-conformities identified during audit are not fatal if corrections are implemented and verified before to expiration of the provider’s certification (the registration expiry date).
It is therefore important to lodge the renewal application promptly (renewals can be lodged from six months before registration expires) and to engage an auditor as soon as possible after lodging the application.
Withdrawals, suspensions and termination of certification
The heading to s 24 of the Quality Auditor Guidelines refers to “reduction”, “suspension” or “withdrawal” of certification or verification decisions, yet the Guidelines only discuss suspension. The Guidelines do not specify when a certification or verification decision may be reduced or withdrawn.
This is because decisions to reduce or withdraw certification are the discretion of the auditors. Under ISO 17065 (which sets out the requirements for certification bodies) the auditors are responsible, and retain authority for, decisions relating to certification. This means that, where there is a substantiated non-conformity, the audit body can consider and decide on the appropriate action. Actions the audit body may take are:
- continuation of certification under conditions specified by the audit body,
- reduction in the scope of certification to remove non-conformities
- suspension of certification pending remedial action, or
- withdrawal of certification.
Consequences of a suspension
Suspension occurs automatically where corrective actions to downgrade or close out not taken within required timeframes. If certification is suspended, the audit body will communicate what corrective actions are needed to restore certification. The auditor will collaborate with the Commission when formulating corrective actions. Activities by the auditor to verify corrective actions that are taken in response to a suspension are carried out according to the same procedures that were required for the original certification audit.
Refer to the full text version of this article for further commentary on suspension of certification decisions. General guidance on certification is available on the MPS Law website.
Auditors must keep records of all relevant, disclosable information to substantiate findings of non-conformities and provide this information to the NDIS Commission, on request. This enables the NDIS Commission to review relevant records before making significant decisions about a provider’s registration.
Decisions to refuse to register, impose registration conditions or suspend or revoke registration are reviewable. If an internal review is requested, the internal reviewer will review the auditor’s records and determine if they are satisfied that records or evidence kept by the auditor establish the non-conformity. As a general rule, the reviewer does not need to be satisfied beyond reasonable doubt, but they must be ‘reasonably satisfied’. Regulatory action that has an adverse impact on a provider is not considered lightly and cannot be evidenced by inexact proofs, indefinite testimony or indirect inferences.
For more information, contact Michael Pagsanjan (firstname.lastname@example.org).