Risk Management

The ‘spiel’ is the text you will use in the body of your NDIS registration application. You need to understand it and change it if you are not able to do what it says.

Downloads

Why do I need this document?

The Risk Management Policy documents the rules and systems your business uses to identify and manage risks to your participants, yourself as the provider and anyone you have working for you. It includes:

• clinical risks e.g. client injury, breach of privacy
• compliance risks e.g. practising without AHPRA registration
• business risks e.g. financial viability
• risks to workers, visitors and contractors.

The Risk Management Policy demonstrates your business is operating in line with the NDIS Code of Conduct, in particular “Provide supports and services in a safe and competent manner with care and skill”.

Why the auditors like it

They can:

• see you have a documented system that guides your risk management

Next steps

• OPEN the Risk Management Policy – read is carefully and only adopt this policy if you can do what it says.
• REVIEW your Risk Management Policy annually

Downloads

Why do I need this document?

This policy shows the auditors you try to provide a safe environment for your participants, visitors, yourself as the provider and anyone you have working with you. It outlines the system you have in place to protect participants, yourself and those you have working for you from injury.

For those of you working in the community you need to recognise the extra challengers of providing a safe environment and managing the risks.

Why the auditors like it

They can:

• see you have a documented system for providing a safe environment for your participants, self and others you may have working with you
• see your practices are in line with the Risk Management Practice Standard and the NDIS Code of Conduct

Next steps

• OPEN the Safe Practice and Environment Policy – read it carefully – this policy will need more customisation than others. We have highlighted in yellow the areas we anticipate will need your attention and adaptation depending on where you deliver services e.g. in rooms or in the community, and the type of services you provide. When reviewing this document, also OPEN and consider the two associated checklists – Community and Safety Checklist and In-Rooms Safety Checklist
• MAKE SURE anyone you have working with you understands this policy and the related forms and can comply with it
• INCLUDE this policy in your induction package for new staff

Downloads

About risk management

We all manage risks every day (wear a seatbelt, safeguard client privacy, watch for traffic, reduce risk of falls for our clients). This document is about showing you have more formally assessed risks and put in place strategies to adequately minimise risks.

A risk matrix can help with risk management (a sample is at the end of the Risk Management Register). Matrices allow you to assess the probability and consequence of any given risk and give a rating of how high or low the risk is. You can also use the matrix to assess the level of risk if you had no strategies in place (initial risk rating) and then assess the ‘residual’ risk with your current strategies in place. This will indicate if you have sufficient strategies in place or if you need to do more to adequately manage your risk.

Why do I need this document?

This will provide you with one place to record any risk you identify in your business and outline how you manage the risk.

This document demonstrates you are providing services in line with the NDIS Code of Conduct, specifically “provide supports and services in a safe and competent manner with care and skill”.

Why the auditors like it

They can:

• see you have taken a proactive approach to risk management
• see you understand the risks to your participants, yourself and anyone you have working for you
• review the strategies you have in place to effectively manage your risks and comment on their suitability.

Next steps

• OPEN the Risk Management Register – read it carefully – and delete those risks that are not pertinent to your business
• Have a BRAINSTORMING SESSION with your team or peers to identify risks and mitigation strategies, then add them to the Risk Management Register
• COMPLETE the annual review of the Risk Management Register – it currently is listed on both the Compliance Calendar and the Annual Training Plan. If you are a solo AHP you will only need to do the Compliance Calendar action. If you have others working for you, you can decide if you will review the register with your team as you conduct refresher training or complete the review yourself, with or without advisors.

Downloads

Why do I need this document?

Ensuring you comply with the Principles of the Privacy Act 1988 and its subsequent amendments is mandatory when dealing with NDIS participants’ personal information. Some states (NSW, VIC) and territories (ACT) have additional legislative requirements.
Anyone providing services to NDIS participants also needs to do so according to the NDIS Code of Conduct – specifically you are obliged to “respect the privacy of people with disability”.

While this policy is not a strict requirement for Verification it is good practice as it helps demonstrate your compliance with the above. The policy outlines your understanding of your responsibilities and how you go about maintaining privacy not only of your NDIS participants but also other clients and staff.

Cyber security is an important consideration for both small and larger organisations, recommended reading is Essential 8 Cyber Mitigation Strategies, one really easy recommendation to implement is multi-factor authentication.

Why the auditors like it

They can see:

• you have an understanding of the legislative requirements associated with privacy
• you have recognised there are different consents required for different purposes
• you have a policy that is accessible to your participants
• you have systems in place to keep participants’ information safe
• they can see you are aware of risks associated with maintaining privacy of information and are implementing appropriate mitigation strategies.

Next steps

• OPEN the Privacy and Information Management Policy – read it carefully and ADAPT as needed. We have highlighted in yellow some aspects that may particularly need to be reviewed.
• DETERMINE if your State or Territory you have additional legislative requirements. Add these to your policy.
• REVIEW carefully the section on ‘Managing Privacy of Client Information Storage’ in this Policy. Make sure you customise this to reflect what you do.
• RECORD any training for staff on this policy, including who attended – this is your EVIDENCE.
• ADD upcoming training dates on privacy and information management to your training calendar.

Downloads

Why do I need this document?

Working in the community and working in isolation poses risks to you and your workers.
This checklist provides you with a list of things to consider to assist with your safety when working in the community. Remember, it needs to be read and used in conjunction with the Safe Practice and Environment Policy.

Why the auditors like it

They can see:

• you have given thought and put procedures in place to assist with your safety when working in the community

Next steps

• OPEN the Community and Safety Checklist – read it carefully and adjust to suit your business
• REVIEW the Checklist – consider having a team meeting or meet up with a colleague if you work alone to customise it to your service
• CONSIDER if you now need to further ADAPT your safe practice and environment policy.

Downloads

Why do I need this document?

This is a checklist to enable you to conduct your own safety inspections. The checklist provides you with a list of things to consider to help make your working environment safe for you, your participants, anyone working for you, and visitors.

If something was ever to go wrong you will be able to show your insurer you had a system in place whereby you took the time to undertake regular safety inspections.

Why the auditors like it

They can see:

• you have given thought and put procedures in place to assist with maintaining the safety of NDIS participants, yourself, and anyone working for you
• you have documented any follow up required from the inspection and it has been completed.

Next steps

• OPEN the In-Rooms Safety Checklist – read it carefully and adjust to suit your business
• CUSTOMISE it to your service – consider having a team meeting to get everyone’s input
• CONSIDER if you now need to further ADAPT your Safe Practice and Environment Policy.

Downloads

Why do I need this document?

This is a vital document to embrace! It provides evidence you are doing what you say you are doing in your Service Delivery Model and policies.

Every field on the NDIS Support Plan is there for a reason. When completing the NDIS Support Plan do not leave any fields blank as it will look like you have just left it out. If there are no cultural considerations or risks say ‘nil identified’. Completing the form fully will help with the completion of any future quality audits – including the Goal Attainment QI Activity that we will introduce next.

The participant’s NDIS Service Agreement refers to their Support Plan for a breakdown of costs, you can think of this as a ‘quote’. Some providers choose to have the full breakdown of costs in the Service Agreement – that is OK but remember you will need to issue a full new Service Agreement every time you update their Support Plan. We suggest you reference the current Support Plan as the detailed quote.

It is not the intention of the Support Plan to summarise the participant’s clinical assessment. Remember it is to keep you and the participant focused on the what the participant wants to achieve and how you will allocate their resources to meet their goals.

Why the auditors like it

They can see:

• who has contributed to developing the plan
• you are aware of the participants’ goals and your intervention is directed to achieving these
• you have considered the cultural needs of the participant
• you identify and focus on the strengths of the participant
• you have communicated clearly to your participant the intended services to be provided to meet their goals
• you have identified any risks in relation to the implementation of the plan
• you review the plan and identify the reason for any goals not being achieved
• the plan has been accepted by the participant and/ or their decision maker

Next steps

• OPEN the Support Plan – read it carefully and adjust to suit your business
• CUSTOMISE the document to reflect your practice
• ADOPT the document

Downloads

Why do I need this document?

One of the risks providers accept is that their services will not assist the participant to achieve their goals. This activity also assists with demonstrating your ‘competence’ as per the NDIS Code of Conduct.

This is an Excel spreadsheet to assist you to determine how many of your participants’ ‘intervention goals’ have been achieved, and the reasons why any were not achieved. Knowing why goals are not achieved will assist you to improve your practice.

The Excel document attached has formula inserted into the fields to assist you to quickly undertake a quality improvement (QI) activity. There is sample data inserted into the spreadsheet to show you how it works.

The source data you will need to collect is on your participants’ NDIS Support Plan.

Unless you have been collecting your goal attainment outcomes in a way that can be readily accessed, you may need to wait until you have used the NDIS Support Plan we have provided to complete this audit.

It is very difficult in small services to get ‘statistical level samples’. For a small practice (2-3 allied health professionals (AHPs)), we suggest a sample size of 10 randomly selected participants’ information per AHP in your team will be enough to give you a feel how effective your services are. If you have 6 AHPs then 3 x 10 will probably alert you to any trends. If you do this once a year and take note of any shifts in your general outcomes you should have confidence your services are on track.

Why the auditors like it

They can see:

• you are undertaking QI activities to improve the services you provide to NDIS participants
• the services you are providing are assisting NDIS participants to achieve their goals

Next steps

• OPEN the Goal Attainment QI Activity Form – look at the Sample Data inserted
• CONSIDER when you will be able to complete the audit and how many participant files you will need to include (noting above comment re: timing).
• INSERT your own data collected from the NDIS Support Plans you have completed
• DETERMINE follow up action required and document it has been completed
• SET date for future Goal Attainment Audit

Downloads

Why do I need this document?

NDIS need to know you have appropriate insurances in place, including:

• professional indemnity
• public liability
• accident insurance.

Why the auditors like it

They can see:

• quickly and easily that you have appropriate insurances for your business and they are current

Next steps

• OPEN the Insurance Document Cover Sheet
• CUSTOMISE the list of insurances to reflect your business
• FIND all your insurance certificates and insert into the document

Downloads

Why do I need this document?

The Document Control Register helps you to manage policies, forms and assessments and ensures you are working on the most recent edition (not a photocopy of some form that is three years out of date!).

It is not an absolute requirement but auditors’ feedback is that it is very good idea. Having this register and keeping it up to date will really help with your next audit. It gives you a comprehensive list of all your QMS documents for audit. This not only means you can easily check if documents are up to date, but the auditor can see what documents you have and can readily request them as needed. It saves a lot of time at audit (and likely some cost).

To make this system work you need to make sure you:

• have document footers showing the date the document was developed. The dates will need to be updated once you do your annual reviews (refer to your Compliance Calendar and Annual Training Plan). This will mean you are ready for your next audit in three years’ time.
• decide on a numbering system that makes sense to you and your team. This becomes more important once a service starts to grow and/or if you decide to add current assessments etc. to the Register

If there is more than one person on your team, the Document Control Register becomes more important as it will assist all providers to be using the correct form. This is good practice for all documents but critical for documents you give your participants (e.g. Service Agreement and Support Plans) as these need to comply with NDIS Rules and Terms of Business (which tend to change).

The Register enables a provider on your team to register a document and have it available to all your team members. This will provide consistency across your team and prevent providers reinventing forms that already exist.

Why the auditors like it

They love registers!

They can see:

• you have a system to keep track of different versions of your documents
• you regularly review policies and other documents
• you are serious about quality management

Next steps

• OPEN the Document Control Register
• CUSTOMISE it to reflect the policies and forms your organisations uses. You can expand it to include your assessments as well
• EDUCATE your team on the process of introducing a new form or assessment
• UPDATE the register it when you do your annual reviews – refer to your Compliance Calendar and Annual Training Plan
• UPDATE all your team if/when changes occur – and make sure they delete old copies
• ARCHIVE your old copies for possible future reference – this may prove critical if a complaint arises or any litigation commences

Downloads