Stay audit pass ready
Use this page as the daily operating map for Stage 2 readiness. Start with the pass-ready checklist, keep the evidence pack current, and review gaps monthly so OCC is never building audit evidence in a rush.
Before each month ends, each item should be green or have an owner, due date, and recorded action.
Each sampled file shows consent, risk, service setup, worker screening, induction, training, and follow-up records where relevant.
Workers know where to find key guidance and can explain incidents, complaints, privacy, participant rights, and escalation steps.
Risks, complaints, incidents, training gaps, supervision actions, and corrective actions have owners, dates, outcomes, and review notes.
Board or management records show risk review, complaints and incident oversight, policy review, and improvement decisions.
Audit positions are checked against NDIS Commission pages first, with the internal source map used as a maintenance trail.
Reference pages stay reference-only. Formal records are exported or filed in the approved repository or backend when enabled.
Use these rows to prepare sample files and walkthroughs. Status labels describe the Hub surface, not final audit acceptance.
| Audit area | Owner | Hub evidence | Record destination | Status |
|---|---|---|---|---|
|
Governance and continuous improvement
Provider governance and operational management
|
Director | Board Meeting | Secure managed governance record store when backend is enabled | Backend required |
|
Staff onboarding
Human resource management, Code of Conduct, worker orientation
|
Operations / HR | Onboarding Overview | HR repository and onboarding records | Internal review only |
|
Worker screening and training
Worker screening, training records, supervision, capability
|
Operations / HR | Compliance Dashboard | Supabase staff compliance records and HR files | Live dashboard |
|
Participant intake
Rights, consent, service planning, risk, communication, privacy
|
Operations / Intake lead | Participant Intake Pack (open from Admin Portal episode) | Export and file to SharePoint or controlled repository | Controlled beta |
|
Incident management
Incident identification, escalation, reportable incident decisions, review
|
Management | Incident Register and staff incident reporting through the Staff Resource Hub | Hub metadata tracking plus SharePoint filed incident record | Register tracking |
|
Complaints and feedback
Participant rights, complaints handling, feedback, resolution
|
Management | Complaints Register and Participant Feedback | Hub metadata tracking plus SharePoint filed complaint or feedback record | Register tracking |
|
Training competency
Mandatory training, role-specific competency, renewal, evidence filing
|
Operations / HR | Training Competency Register | Hub metadata tracking plus SharePoint staff training evidence | Register tracking |
|
Supervision and capability
Worker competence, support, performance, learning needs
|
Team leaders / Management | Staff Supervision | Secure managed workforce record store when backend is enabled | Backend required |
|
Participant rights resources
Rights, privacy, complaints, advocacy, Easy Read resources
|
Quality and Compliance | Staff Resource Hub | Manifest-driven staff hub. Official links are public-safe; private OCC documents use signed delivery. | Reference |
Keep this rhythm light and repeatable. Each check should leave a short note, an owner for gaps, and a filed record where required.
Review incidents, complaints, worker screening expiries, open corrective actions, and participant file exceptions.
Review supervision, training completion, participant file samples, consent, risk profile, and service agreement currency.
Review policies, insurance certificates, training plan, staff resource links, and the pre-audit evidence pack.
Use this order for the next workstream. Each review should compare the actual OCC process with the evidence an auditor needs to see.
| Order | Review | Must prove |
|---|---|---|
| 1 | Staff onboarding | Recruitment, screening, role documents, Code of Conduct, privacy, orientation, training, and first supervision connect cleanly. |
| 2 | Participant intake | Consent, privacy, service agreement, risk, communication, rights, complaints, advocacy, resources, and file destination are complete. |
| 3 | Incidents and complaints | Each event can be traced through the register from report to response, participant support, notification decision, review, outcome, SharePoint filing, and improvement action. |
| 4 | Training competency | Mandatory and role-specific training can be traced from requirement to completion, renewal date, competency evidence, and SharePoint filing. |
| 5 | Governance and improvement | Management review, risk register, corrective actions, policy review, registration conditions, and renewal dates are current. |
Check NDIS Commission sources first whenever audit, compliance, worker, incident, complaint, or Practice Standards wording is being reviewed.
Audit types, certification stages, verification, mid-term audits, condition audits, and audit timing.
Main source for modules, outcomes, indicators, and provider obligations.
Governance, risk, human resource management, incident management, complaints, and continuous improvement.
Participant rights, privacy, consent, independence, informed choice, and complaints support.
Safe, competent, participant-centred support delivery and support planning expectations.
Systems for identifying, recording, managing, resolving, and reviewing incidents.
Official guidance on reportable incident categories and notification expectations.
Complaint-handling expectations for providers and the NDIS Commission complaint pathway.
Conduct expectations for NDIS providers and workers.
Worker screening guidance for registered NDIS providers.
NDIS Commission online learning modules, including worker orientation.
Provider guidance for identifying training needs and maintaining worker capability.