Risk Management

Why do I need this document?

The Risk Management Policy documents the rules and systems your business uses to identify and manage risks to your participants, yourself as the provider and anyone you have working for you. It includes:

• Clinical risks e.g. client injury, breach of privacy
• Compliance risks e.g. practising without AHPRA registration
• Business risks e.g. financial viability
• Risks to workers, visitors and contractors.

The Risk Management Policy demonstrates your business is operating in line with the NDIS Code of Conduct, in particular “Provide supports and services in a safe and competent manner with care and skill”.

Why the auditors like it

They can:

• See you have a documented system that guides your risk management

Next steps

• OPEN the Risk Management Policy – read is carefully and only adopt this policy if you can do what it says.
• REVIEW your Risk Management Policy annually

Downloads

Why do I need this document?

This policy shows the auditors you try to provide a safe environment for your participants, visitors, yourself as the provider and anyone you have working with you. It outlines the system you have in place to protect participants, yourself and those you have working for you from injury and the spread of infection.  

For those of you working in the community you need to recognise the extra challenges of providing a safe environment and managing the risks. 

This document is the key document addressing the ‘Emergency and disaster management and related matters’ changes introduced during 2021 in response to the COVID pandemic. You need to make sure the ways of working suggested in this document are relevant to your work environment, the services you provide and types of participants you work with. When using this document to address these aspects please note: 

• The infection prevention and control procedures are clear and based on clinical evidence produced by NHMRC.  
• However, there are likely many different ways of addressing the other aspects of the emergency and disaster management aspects laid out in the NDIS Legislation Amendment (Quality Indicators) Guidelines 2021 which will meet the auditors expectations.  
• The examples provided in this document are suggested based on the experience of successfully registered providers who have undergone Verification audit and their response to the Covid pandemic. 
• You should read the detail in the guidelines 2021 document and adjust / expand this policy to your ways of working as required.  
• You must also ensure this policy compliments the rest of your system and policies, including any broader profession and/or State/Territory based health and safety requirements. 

Why the auditors like it

They can: 

• See you have a documented system for providing a safe environment for your participants, self and others you may have working with you 
• See your practices are in line with the Risk Management Practice Standard, the NDIS Code of Conduct and standard infection prevention and control procedures relevant to all health professionals and services 
• What you will do in the event of an emergency or disaster in the community. 

Next steps 

• OPEN the Safe Practice and Environment Policy and NDIS Legislation Amendment (Quality Indicators) Guidelines 2021 (see part 3). Read these carefully together and adapt the policy document depending on where you deliver services e.g., in rooms or in the community, and the type of services you provide.  
• ENSURE this document compliments the two associated checklists which will help your staff remain compliant with the policy – Community and Safety Checklist and In-Rooms Safety Checklist. 
• ENSURE this policy compliments the rest of your system and policies, including any broader profession and/or State/Territory based health and safety requirements. 
• ENSURE anyone you have working with you understands this policy and the related forms and can comply with it 
• INCLUDE this policy in your induction package for new staff and annual training related to infection prevention and control, hand hygiene and use and provision of Personal Protective Equipment (PPE) 

Downloads

About risk management

We all manage risks every day (wear a seatbelt, safeguard client privacy, watch for traffic, reduce risk of falls for our clients). This document is about showing you have more formally assessed risks and put in place strategies to adequately minimise risks.

A risk matrix can help with risk management (a sample is at the end of the Risk Management Register). Matrices allow you to assess the probability and consequence of any given risk and give a rating of how high or low the risk is. You can also use the matrix to assess the level of risk if you had no strategies in place (initial risk rating) and then assess the ‘residual’ risk with your current strategies in place. This will indicate if you have sufficient strategies in place or if you need to do more to adequately manage your risk.

Why do I need this document?

This will provide you with one place to record any risk you identify in your business and outline how you manage the risk.

This document demonstrates you are providing services in line with the NDIS Code of Conduct, specifically “provide supports and services in a safe and competent manner with care and skill”.

Why the auditors like it

They can:

• See you have taken a proactive approach to risk management
• See you understand the risks to your participants, yourself and anyone you have working for you
• Review the strategies you have in place to effectively manage your risks and comment on their suitability.

Next steps

• OPEN the Risk Management Register – read it carefully – and delete those risks that are not pertinent to your business
• Have a BRAINSTORMING SESSION with your team or peers to identify risks and mitigation strategies, then add them to the Risk Management Register
• COMPLETE the annual review of the Risk Management Register – it currently is listed on both the Compliance Calendar and the Annual Training Plan. If you are a solo AHP you will only need to do the Compliance Calendar action. If you have others working for you, you can decide if you will review the register with your team as you conduct refresher training or complete the review yourself, with or without advisors.

Downloads

Why do I need this document?

Ensuring you comply with the Principles of the Privacy Act 1988 and its subsequent amendments is mandatory when dealing with NDIS participants’ personal information. Some states (NSW, VIC) and territories (ACT) have additional legislative requirements.

Anyone providing services to NDIS participants also needs to do so according to the NDIS Code of Conduct – specifically you are obliged to “respect the privacy of people with disability”.

While this policy is not a strict requirement for Verification it is good practice as it helps demonstrate your compliance with the above. The policy outlines your understanding of your responsibilities and how you go about maintaining privacy not only of your NDIS participants but also other clients and staff.

Cyber security is an important consideration for both small and larger organisations, recommended reading is Essential 8 Cyber Mitigation Strategies, one really easy recommendation to implement is multi-factor authentication.

Why the auditors like it

They can see:

• You have an understanding of the legislative requirements associated with privacy
• You have recognised there are different consents required for different purposes
• You have a policy that is accessible to your participants
• You have systems in place to keep participants’ information safe
• They can see you are aware of risks associated with maintaining privacy of information and are implementing appropriate mitigation strategies.

Next steps

• OPEN the Privacy and Information Management Policy – read it carefully and ADAPT as needed. We have highlighted in yellow some aspects that may particularly need to be reviewed.
• DETERMINE if your State or Territory you have additional legislative requirements. Add these to your policy.
• REVIEW carefully the section on ‘Managing Privacy of Client Information Storage’ in this Policy. Make sure you customise this to reflect what you do.
• RECORD any training for staff on this policy, including who attended – this is your EVIDENCE.
• ADD upcoming training dates on privacy and information management to your training calendar.

Downloads

Why do I need this document?

Working in the community and working in isolation poses risks to you, your workers and participants and their support network. This checklist provides a list of things to consider to assist with everyone’s safety when working in the community. It can be used as a quick reference guide to help workers ensure they are following all processes and procedures. 

 Remember, it needs to be read and used in conjunction with the Safe Practice and Environment Policy. 

 This is a key document to demonstrate evidence you are complying with the Safe Environment legislative changes made in 2021 with the introduction of Emergency and disaster management and related matter requirements. 

Why the auditors like it 

They can see: 

• You have given thought to and put procedures in place to assist with your safety when working in the community 

Next steps 

• OPEN the Community and Safety Checklist – read it carefully and adjust to suit your business 
• REVIEW the Checklist – consider having a team meeting or meet up with a colleague if you work alone to customise it to your service 
• CONSIDER if you now need to further ADAPT your safe practice and environment policy. 

Downloads

Why do I need this document?

This is a checklist which serves two purposes: 

1. Workers to use as a daily reminder when providing services on premises what constitutes a safe environment, what they should be aware of and check and what to report if any concerns they cannot address themselves 
2. To enable you to conduct your own safety inspections in an audit style manner on a regular basis, to ensure compliance with your Safe Practice and Environment policy with the intention of ensuring your working environment is safe for you, your participants, visitors and anyone working for you. 

If something were to ever go wrong, you will be able to show your insurer you had a system in place whereby you took the time to undertake regular safety inspections. 

This is a key document to demonstrate evidence you are complying with the Safe Environment legislative changes made in 2021 with the introduction of Emergency and disaster management and related matter requirements. 

Why the auditors like it

They can see: 

• You have given thought and put procedures in place to assist with maintaining the safety of NDIS participants, yourself, and anyone working for you 
• You have documented any follow up required from the inspection and it has been completed and/or addressed elsewhere within your risk management system. 

Next steps

• OPEN the In-Rooms Safety Checklist – read it carefully and adjust to suit your business 
• CUSTOMISE it to your service – consider having a team meeting to get everyone’s input 
• CONSIDER if you now need to further ADAPT your Safe Practice and Environment Policy. 

Downloads

Why do I need this document?

This document is designed to ensure (and provide evidence) that you are doing what you say you are doing in your Service Delivery Model and policies. 

It is designed to keep you and the participant focused on what the participant wants to achieve and how you will allocate their resources to assist them with meeting their goals.  

When completing the NDIS Support Plan do not leave any fields blank, if there is nothing to note write ‘nil identified’ to clearly demonstrate the relevant factor has been considered.  

As noted within Incident Management – Service Agreement, depending on the type of services you provide, participants you work with and systems within your workplace, it may be more applicable to use the Service Agreement document and/or other documents and systems included in this risk management section for some of the information contained in this Support Plan. It is therefore critical you consider this document in conjunction with your Service Agreement as the two need to be complementary to ensure all relevant pieces of information for compliance with registration requirements are included. 

For example, the guidelines indicate the risk assessment information should be recorded in the support plan – however, we are aware of some providers who have successfully combined the support plan and service agreement information to reduce documentation. You should carefully consider the below requirements as per the guidelines and determine where these aspects fit best within the system you are using and the way you document information and share with participants and their support networks to ensure everyone is aware of what should occur in these situations should they arise: 

“In collaboration with each participant:                              

(a)  risk assessments are regularly undertaken, and documented in their support plans; and
(b)  appropriate strategies are planned and implemented to treat known risks to them. 

(2A)  Risk assessments include the following: 

(a)  consideration of the degree to which participants rely on the provider’s services to meet their daily living needs; 

(b)  the extent to which the health and safety of participants would be affected if those services were disrupted. 

9)  Each participant’s support plan: 

(a)  anticipates and incorporates responses to individual, provider and community emergencies and disasters to ensure their safety, health and wellbeing; and 

(b)  is understood by each worker supporting them.  

(5)  Service agreements set out the arrangements for providing supports to be put in place in the event of an emergency or disaster.  

These requirements were included in the legislative changes related to Emergency and disaster management. Therefore, it is critical you can demonstrate where the following is addressed in your system if not using this document: 

• Risk assessments are occurring in collaboration with participants 
• Risk assessments are documented and easily drawn upon as required, particularly in the event of an emergency or disaster 
• How risks related to disrupted services will be managed by your service 
• How these management strategies have been communicated to the participant and how they will know what to do and expect. 

Why the auditors like it

They can see: 

• who has contributed to developing the plan 
• you are aware of the participants’ goals and your intervention is directed to achieving these 
• you have considered the cultural needs of the participant 
• you identify and focus on the strengths of the participant 
• you have communicated clearly to your participant the intended services to be provided to meet their goals 
• you have identified any risks in relation to the implementation of the plan 
• the participant and their support network are aware of what will happen and/or what to do if planned services are interrupted 
• you review the plan and identify the reason for any goals not being achieved 
• the plan has been accepted by the participant and/ or their decision maker 

Next steps

• OPEN the Support Plan – read it carefully and adjust to suit your business in line with your Service Agreement and Safe Practice and Environment policy 
• CUSTOMISE the document to reflect your practice 
• ADOPT the document 

Downloads

Why do I need this document?

One of the risks providers accept is that their services will not assist the participant to achieve their goals. This activity also assists with demonstrating your ‘competence’ as per the NDIS Code of Conduct.

This is an Excel spreadsheet to assist you to determine how many of your participants’ ‘intervention goals’ have been achieved, and the reasons why any were not achieved. Knowing why goals are not achieved will assist you to improve your practice.

The Excel document attached has formula inserted into the fields to assist you to quickly undertake a quality improvement (QI) activity. There is sample data inserted into the spreadsheet to show you how it works.

The source data you will need to collect is on your participants’ NDIS Support Plan.

Unless you have been collecting your goal attainment outcomes in a way that can be readily accessed, you may need to wait until you have used the NDIS Support Plan we have provided to complete this audit.

It is very difficult in small services to get ‘statistical level samples’. For a small practice (2-3 allied health professionals (AHPs)), we suggest a sample size of 10 randomly selected participants’ information per AHP in your team will be enough to give you a feel how effective your services are. If you have 6 AHPs then 3 x 10 will probably alert you to any trends. If you do this once a year and take note of any shifts in your general outcomes you should have confidence your services are on track.

Why the auditors like it

They can see:

• you are undertaking QI activities to improve the services you provide to NDIS participants
• the services you are providing are assisting NDIS participants to achieve their goals

Next steps

• OPEN the Goal Attainment QI Activity Form – look at the Sample Data inserted
• CONSIDER when you will be able to complete the audit and how many participant files you will need to include (noting above comment re: timing).
• INSERT your own data collected from the NDIS Support Plans you have completed
• DETERMINE follow up action required and document it has been completed
• SET date for future Goal Attainment Audit

Downloads

Why do I need this document?

NDIS need to know you have appropriate insurances in place, including:

• professional indemnity
• public liability
• accident insurance.

Why the auditors like it

They can see:

• quickly and easily that you have appropriate insurances for your business and they are current

Next steps

• OPEN the Insurance Document Cover Sheet
• CUSTOMISE the list of insurances to reflect your business
• FIND all your insurance certificates and insert into the document

Downloads

The ‘spiel’ is the text you will insert when completing the self-assessment to apply for registration via the Commission’s portal. You will need to have confirmed your ways of working, which documents you will utilise and what you will call them before completing this ‘spiel’ so do this task last in each section. 

Downloads