Quality Assurance > Internal Audit Schedule Procedure
Authorised by Chief Executive Officer
Revised Date: 18 September 2022
Purpose
The purpose of this procedure is to provide instructions for conducting internal audits and updating the Quality Management System (QMS) as required.
This procedure supports Kyeema Support Services to apply Standard 2: Provider Governance an Operational Management – Quality Management
Related legislation and policy
NDIS Practice Standards & Quality Indicators
Extract from NDIS Practice Standards and Quality Indicators - Quality Management
• The provider’s quality management system has a documented program of internal audits relevant (proportionate) to the size and scale of the provider and the scope and complexity of supports delivered
• The provider’s quality management system supports continuous improvement, using outcomes, risk related data, evidence-informed practice and feedback from participants and workers
Definitions
Internal Audit: to check the internal procedures are being followed, paperwork is up to date and set actions have occurred. Usually designed and completed by Kyeema. Results are reported internally and may highlight areas of improvement.
Auditor: The person completing the auditor
Audit Schedule: planned time to complete audit (s) – usually set on an annual basis
Continuous Improvement: Ongoing improvements made to reduce risks and improve compliance
Desktop audit: the auditor uses written work to assess compliance – such as notes, registers, files etc.
Scope: where the audit will take place and what it will cover
Root cause: the factors that lead up to and resulted in a non-conformance occurring
Corrective action: what is planned to be done to solve the problem or prevent reoccurrence
Corrective action request (CAR): documents an identified problem and the action needed to remove the root cause of a non-conformity
Non-conformance: a failure to follow expected practice or the documented procedure
Minor non-conformance: a failure that may be one off in nature, occurred in isolation or will not result in a significant risk. Could lead to a major non-conformance if not resolved
Major non-conformance: a non-conformance that is potentially more serious and could put the organisation or the safety of workers and/or participants at risk.
Source: NDS
Scope & timing – the schedule
Determine what procedures and processes to audit
The audit schedule (plan) should be developed based on risk and the available time to complete. Focus on areas of higher risk first eg. risk register, incidents register, complaints register, compliance obligations.
Determine internal audit scope
It may be unrealistic to review each document or file so prioritise based on risk, changes in the operating environment (such as government policies and guidelines) or time since last reviewed.
Determine frequency Consider how often each audit type will be completed
First calculate how long each audit will take:
•How in depth is the audit – will time be required to gather evidence?
•Is it a desktop audit or will the auditor be required to travel to sites?
•Is input from staff, participants or others required?
Use the Kyeema Internal Audit Schedule QAF-07 to record when the audit will be conducted i.e., every 6 months, annual etc.
Procedure
Prior to the internal audit:
• list chosen area to audit in the Internal Audit Schedule Year Planner QAF-07
• confirm dates and times with relevant workers
• review relevant policies, procedures, forms.
• review relevant legislation, standards, and rules
During the internal audit:
• consider:
o does practice comply with expected process?
o if not, what is the reason for this?
o have outstanding matters been followed up and closed off?
o is the correct paperwork being used and is it up to date?
o do staff understand the importance of the required process and why they are expected to follow it?
• ask questions and observe behaviours.
• ask for suggestions and feedback- including the relevance and suitability of current procedures and training.
• complete the Audit Tool QAF-08:
o rate identified gaps against Kyeema’s Risk Matrix. This will assist you to prioritise actions with the allocation of resources (Low/Medium/High/Very High)
After the audit
• provide feedback to the CEO/manager
• report any risks which you have rated as high or extreme as per Kyeema’s risk management process.
• develop an Action Plan QAF-09 for any actions arising. This should include who is responsible for actions
o ensure the person assigned to address any actions is aware of the issue(s) identified, and what is expected of them, including timelines and how they are to provide updates and close action(s)
Audit example – Participant Supports
Step 1
Decide what the audit will focus on:
• eg. participant files - hard copy and electronic
• gather the internal documents on the QMS that relate to the area being audited eg. participant hard copy file– CCF-84 Support Planning Process, CCF-26 Participant File Contents Guide, Participant Intake Pack
Step 2
List the questions:
• do participant files (hard copy and electronic) have all the relevant forms?
• are forms filed the current versions?
• are forms signed and dated by participant/nominee, team leaders and workers where required
• do forms need reviewing?
• do any forms need updating?
Step 3
• refer to CCF-26 Participant File Contents Guide to check all forms are filed in the participants hard copy file
• create a spreadsheet or table with a list of the participant names (eg. check 50% of all files) and all the forms that must be included in each file (use CCF-26)
• populate spreadsheet
• use the Kyeema Audit Tool QAF-08 to capture data obtained during the internal audit
Step 4
• once all above steps have been finalised document in the Kyeema Action Plan QAF-09
• discuss with manager if needed
Step 5 - following the audit:
• complete documentation including rating the risk of any identified gaps on QAF-09
• use the organisations risk management process (risk matrix) to rate the risk of an event occurring if nothing is done to close the gap
• provide feedback to the service team leader/manager
• report any high risks to management – as per the organisations risk management system.
• for example, a high risk may be that reportable incidents have not been reported to NDIS Quality and Safeguards Commission.
• wherever possible identify the root cause of why the non-conformance occurred in the first place.
• care should be taken to not jump to conclusions, for example that the staff members were lazy or incompetent. Consider if the same non-conformance is common across the service type or is unique to this team.
• investigate further as other factors may be the root cause such as:
o changes or unusual additional burdens on the staff such as staff turnover, new participants etc.
o the processes in place are too complex or are insufficient
o staff were not made aware of changes to the procedure
• if actions where identified which could not immediate be resolved - develop an action plan in consultation with the team leader/manager and assign responsibility closure
Add/Edits
If the internal audit reveals the need for an update, revision or deletion of a form or procedure, the auditor/manager completes Document Add/Edit Form QAF-01
with the relevant changes required. The Add/Edit form is then placed in the appropriate location for the admin staff to refer to when next updating the QMS.
QAF-05 Quality Improvement Plan
Actions arising, which are at an organisational level, such as if a policy, procedure, or training needs to be reviewed and updated then use QAF-05 Quality Improvement Plan spreadsheet to capture and monitor actions and their closure eg. new standards, practice alerts, updating procedures and forms. This spreadsheet is not used for Internal Audits
Spreadsheets/forms to use during the internal audit
•Kyeema Internal Audit Schedule - K:\Compliance Quality & Audit\Internal Audit Schedule
•QAF-07 Kyeema Internal Audit Schedule – use this spreadsheet to prioritise according to risk and organise schedule using the year planner
•QAF-08 Kyeema Audit Tool – use this spreadsheet to aid an internal audit if needed. Using set questions and areas to focus on will reduce the likelihood of missing to check something and to ensure consistency.
•QAF-09 Kyeema Action Plan – use this spreadsheet to document what actions are being taken, by whom and status arising from both external and internal audits
Additional and ad hoc audits
A one-off audit may be competed for a specific event or activity or as part of an investigation such as due to a specific incident or complaint.
The planned schedule may be amended through the year due to changes such as new or emerging risks.
Review and Evaluation
The Internal Audit Schedule QAF-07, is used to plan a year in advance when internal audits are due for review.
Raising a Continuous Quality Improvement Request may be documented using the Quality Improvement Request Form QAF-02
Responsibilities
Management team and QA Officer prioritise internal audits depending on current risk. This may be conducted informally or in CQI group meetings.
The management team is responsible for reviewing the effectiveness of internal and external audits at meetings as scheduled.
The admin staff who maintain the Quality Management System are responsible for ensuring the requirements of this procedure are adhered to, and for maintaining records of Add/Edits and, where used, continuous quality improvement requests.
Internal audits may be done by any staff member or Board Director reviewing procedures and topics in the QMS. Add/Edit forms are to be signed off by those with authority to do so, usually managers or their delegates.
The Quality Insurance Officer maintains the Internal Audit Schedule and Quality Improvement Plan QAF-05, noting status and responding if needed to any improvements that are off track or need further input from relevant staff.
Record keeping
Internal audits are documented and saved on K:\Compliance Quality & Audit\Internal Audit Schedule.
Related Policies, Procedures and Documents
NDS Course Handbook – Internal Auditing
Document Add/Edit Form QAF-01
Quality Improvement Request Form QAF-02
Quality Improvement Plan QAF-05
Kyeema Internal Audit Schedule QAF-07
Kyeema Audit Tool QAF-08
Kyeema Audit Action Plan QAF-09
Internal Audit Report Template QAF-12
Risk Analysis Matrix SF-08