What must an NDIS continuous improvement policy include?

An NDIS continuous improvement policy must include: the organisation's commitment to systematically improving service quality; the CI cycle used (typically identify-plan-implement-evaluate); the sources of improvement information (incidents, complaints, audits, participant feedback, staff suggestions); how CI actions are recorded in the CI register; roles and responsibilities for driving improvement; how the effectiveness of CI actions is evaluated; and how CI outcomes are reported at the governance level.

What is NDIS Practice Standard Outcome 2.3?

Outcome 2.3 (Quality Management) requires that the provider has a systematic approach to continuously improving the quality of its services. This includes monitoring service quality, identifying areas for improvement, implementing changes, and evaluating whether those changes have been effective. Providers must demonstrate that improvement is an ongoing, evidence-based process — not a periodic review exercise.

What does the NDIS continuous improvement register need to contain?

The CI register must contain: a unique ID for each improvement action; the source of the improvement opportunity (incident, complaint, audit finding, participant feedback, staff suggestion, or other); a description of the issue or opportunity; the proposed improvement action; who is responsible for implementing it; the target completion date; the status (open, in progress, completed, deferred); the actual completion date; and an evaluation of whether the action achieved the intended improvement.

How often must an NDIS provider conduct internal audits?

The NDIS Practice Standards do not prescribe a specific internal audit frequency, but auditors expect to see an internal audit program that covers all Practice Standards outcomes within a defined cycle — typically annually. Most auditors expect to see evidence of at least one internal audit completed per year, with findings documented and fed into the CI register. Providers approaching their certification renewal audit should schedule an internal audit in the 6 months before the external audit.

NDIS Quality Management and Continuous Improvement: Policy Requirements and Audit Evidence

What Outcome 2.3 Requires

Outcome 2.3 in the NDIS Practice Standards Core Module requires NDIS providers to have and operate a quality management system. The emphasis is on the word "system" — a structured, documented approach to identifying and addressing quality issues, not an informal or ad hoc response to problems as they arise.

The quality indicators under Outcome 2.3 require providers to demonstrate:

A documented quality management and continuous improvement policy is in place
Quality of services is monitored on an ongoing basis
Improvement opportunities are systematically identified from multiple sources (incidents, complaints, audits, participant feedback, staff feedback)
Improvement actions are planned, implemented, and their effectiveness evaluated
A continuous improvement register is maintained and regularly updated
Internal audits are conducted against the Practice Standards
Quality performance is reported to the governing body
Participants and workers are involved in identifying improvement opportunities

The legal basis for quality management requirements is the NDIS (Provider Registration and Practice Standards) Rules 2018, and the framework draws on quality management principles consistent with ISO 9001:2015 (Quality Management Systems), though formal certification to ISO 9001 is not required.

What a Continuous Improvement System Means in Practice

Many NDIS providers interpret "continuous improvement" as responding to problems when they occur. The Practice Standards require something more systematic: a proactive, ongoing process of identifying and pursuing improvements even when services appear to be running smoothly.

In practice, a functioning CI system means:

Every significant incident generates a review question: "What could we do differently to prevent this happening again?"
Every complaint is examined not just as an individual issue to resolve, but as a potential signal of a systemic problem
Participant satisfaction data is reviewed regularly and compared over time
Workers are encouraged and have a mechanism to suggest improvements without fear of negative consequences
Internal audits are used to identify gaps before external auditors do
Improvement actions are tracked through to completion — not just identified and forgotten

The key distinguishing feature of a mature CI system is the evaluate step: not just implementing changes, but checking whether those changes actually resulted in improvement. This is the element most commonly missing from NDIS providers' CI systems.

The CI Cycle: Identify, Plan, Implement, Evaluate

The CI cycle used in most NDIS quality management systems is based on the Plan-Do-Check-Act (PDCA) cycle, adapted for disability service delivery. The four steps are:

Step 1: Identify

Identify improvement opportunities from all available sources:

Incident reports and post-incident reviews: Each incident is an opportunity to improve systems, training, or procedures
Complaint analysis: Patterns across multiple complaints may reveal systemic issues
Participant feedback: Survey results, check-in conversations, and expressed preferences
Internal audit findings: Gaps against Practice Standards identified by internal review
External audit findings: Corrective actions from certification audits
Worker feedback: Staff suggestions through meetings, supervision, or formal suggestion processes
Benchmarking: Comparing practice against sector guidelines, NDIS Commission guidance, or peer organisations

Step 2: Plan

For each identified improvement opportunity:

Define the specific improvement action to be taken
Identify who is responsible for implementing it
Set a realistic target completion date
Define what "success" looks like — how will you know if the improvement has been achieved?
Record the action in the CI register

Step 3: Implement

Carry out the improvement action as planned. Update the CI register as progress is made. Where implementation is delayed, update the register with the revised timeline and the reason for the delay.

Step 4: Evaluate

After implementation, assess whether the improvement action achieved the intended outcome:

Did incidents of the relevant type decrease?
Did participant satisfaction improve?
Was the audit finding addressed?
Did the complaint pattern change?

Record the evaluation outcome in the CI register and close the action with a brief summary of what was achieved. If the action did not achieve the intended improvement, start the cycle again with a revised approach.

CI Register Requirements

The continuous improvement register is the central document of your quality management system. It should be a live working document — not a document that is only updated immediately before an audit.

Required Fields

Field	Description
CI Action ID	Unique reference number for tracking
Date identified	When the improvement opportunity was first identified
Source	Where the improvement opportunity came from: incident, complaint, audit, participant feedback, staff feedback, external audit, other
Reference	The incident ID, complaint ID, or audit finding reference that generated this CI action
Description of issue or opportunity	What was identified — specific enough to understand the problem without reading the source document
Practice Standard reference	Which Practice Standard outcome this improvement relates to (e.g., Outcome 1.1, 2.4)
Improvement action	What will be done to address the issue — specific and actionable
Responsible person	Named individual accountable for implementing the action
Target date	When the action should be completed
Status	Open / In progress / Completed / Deferred / Closed (not achieved)
Completion date	When the action was actually completed
Evaluation outcome	Whether the improvement was achieved, and the evidence for this assessment

Common Mistake

A CI register that only records actions as "completed" with no evaluation of whether they were effective does not satisfy Outcome 2.3. The evaluate step is essential. Auditors specifically look for evidence that the organisation has checked whether improvements worked — not just that actions were taken.

Internal Audit Requirements

Internal auditing is the mechanism by which providers assess their own compliance against the NDIS Practice Standards. It is distinct from the external certification audit — it is conducted by or on behalf of the organisation itself, typically annually.

Why Internal Audits Matter

Internal audits serve several important functions in an NDIS quality management system:

They identify compliance gaps before external auditors find them
They generate CI register entries that demonstrate systematic quality improvement
They provide governance assurance that the organisation is meeting its Practice Standards obligations
They prepare staff for external audits by familiarising them with the audit process

Internal Audit Program Requirements

A compliant internal audit program must:

Cover all Practice Standard outcomes applicable to the provider's registration groups over the audit cycle
Be scheduled in advance — ad hoc audits conducted only when problems arise do not satisfy the requirement for a systematic program
Assign audit responsibilities — who conducts which audits and when
Define the scope and methodology for each audit
Produce written audit reports with findings categorised (compliant / minor gap / non-conformance)
Generate CI register entries for all findings requiring action
Be reviewed at the governance level

Who Conducts Internal Audits

For small NDIS providers, internal audits are typically conducted by a senior manager or director — someone with authority to require corrective action and access to all records. The key requirement is independence from the area being audited: the manager responsible for a particular service should not audit their own service without an independent reviewer involved. For very small providers, engaging an external consultant to conduct internal audits is a legitimate approach and often provides more credibility.

Internal Audit Report

Each internal audit should produce a written report that includes:

Audit scope and date
Documents reviewed, staff interviewed, and areas observed
Findings against each Practice Standard outcome in scope
A rating for each finding (compliant, minor gap, non-conformance)
Recommended actions for each gap or non-conformance
An overall assessment and summary of priorities

How to Demonstrate CI to Auditors

The most effective way to demonstrate a functioning CI system to an auditor is to be able to trace a complete cycle: from a source event (incident, complaint, or audit finding) through to an improvement action in the CI register, through to implementation, through to an evaluation of whether the improvement worked.

Prepare two or three examples of completed CI cycles you can walk the auditor through. For example:

"In November 2025, we had two incidents involving medication errors at the same house. We identified the root cause as our medication handover procedure — there was no structured check between shifts. We added a double-check step to the handover procedure, trained all staff, and updated the MAR template. We have had no further medication errors at that house since December 2025."

That narrative — source, action, evaluation, result — is exactly what auditors look for. It demonstrates that CI is not theoretical, but is actively driving improvement in participant outcomes.

Need a Complete NDIS CI Policy and Register?

The SIL Rescue Kit includes Document 09 (Quality Management Policy), Document 43 (Continuous Improvement Register), Document 51 (Internal Audit Program), and Document 52 (Internal Audit Report Template) — all audit-ready and mapped to Outcome 2.3.

Get the SIL Rescue Kit — $297

Common CI System Failures

1. CI Register That Is Only Updated Before Audits

A register with a cluster of entries dated in the weeks before an external audit, and gaps of many months before that, clearly signals that CI is not a genuine ongoing practice. Auditors check the date patterns in the register.

2. No Internal Audit Program

Many small providers confuse the external certification audit with an internal audit. An internal audit is a separate, self-initiated review conducted between external audits. Providers with no internal audit program or evidence of internal auditing are consistently flagged.

3. Incidents and Complaints Not Generating CI Actions

If the incident register shows 12 incidents in the past year but the CI register shows no improvement actions arising from incidents, auditors will ask why. Every significant incident should prompt at least consideration of a CI action.

4. CI Actions Completed But Not Evaluated

Actions marked "completed" with no evaluation of effectiveness do not demonstrate genuine quality improvement. The evaluate step is where the CI cycle closes.

Quality Management and CI Policy is current, approved, and references Outcome 2.3
CI register is maintained with recent entries from multiple sources (incidents, complaints, audits)
CI actions have named responsible persons and target dates
Completed actions include an evaluation of effectiveness
Internal audit program covers all applicable Practice Standard outcomes
Internal audit reports are documented with findings and action items
CI register entries can be cross-referenced to source incidents, complaints, or audits
Governance meetings show CI performance is reviewed at board/management level
Participant and worker feedback mechanisms feed into the CI process

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.