What is NDIS Practice Standard Outcome 2.1?

Practice Standard Outcome 2.1 — Governance and Operational Management — is one of the six outcomes within the Governance and Operational Management cluster of the NDIS Practice Standards Core Module. It requires that providers have effective governance structures, clear leadership responsibilities, and the operational systems needed to deliver safe, quality supports. It is assessed during both initial certification audits and ongoing surveillance audits.

Who are 'key personnel' under the NDIS framework?

Key personnel are individuals who have a significant role in the management or operation of a registered NDIS provider. Under the NDIS (Registered Providers of Supports) Rules 2013, key personnel typically include company directors, company secretaries, partners, trustees, senior managers responsible for NDIS service delivery, and any person who exercises or could exercise significant influence over the management of the organisation. All key personnel must be assessed for suitability under the NDIS key personnel suitability requirements.

Do sole trader NDIS providers need a governance framework?

Yes. The NDIS Practice Standard Outcome 2.1 applies to all registered NDIS providers regardless of size or structure. A sole trader or micro-provider may have a simpler governance framework than a large organisation, but the framework must still exist as a documented system. At minimum, a sole trader needs to document how key decisions are made, how conflicts of interest are managed, how financial oversight works, and how compliance with NDIS requirements is monitored and maintained.

How often must the governance framework be reviewed?

The NDIS Practice Standards do not specify a mandatory review frequency for governance frameworks, but best practice — and what auditors typically expect — is an annual review as a minimum. The governance framework should also be reviewed whenever there is a significant change to the organisation's structure, key personnel, scope of registration, or applicable legislation. Governance framework review should be recorded in your Document Control Register.

NDIS Governance Requirements: What the Practice Standards Require

Practice Standard Outcome 2.1 Explained

The NDIS Practice Standards are organised into outcomes — each outcome describes the result that a registered provider must achieve. Outcome 2.1 — Governance and Operational Management sits within the Governance and Operational Management cluster (Outcomes 2.1 through 2.6) of the Core Module.

The quality indicator for Outcome 2.1 states that participants and other people can expect that the provider has effective governance structures that support the delivery of safe, quality supports. In practice, this means the NDIS Commission — and your auditor — will assess whether your organisation has documented, operational governance systems that meet the requirements of the NDIS Practice Standards and relevant legislation.

Outcome 2.1 is assessed by looking at five key dimensions:

Leadership and accountability — are roles and responsibilities clearly defined and enacted?
Strategic planning — does the organisation have documented goals and plans for achieving them?
Risk management — are risks identified, assessed, and managed systematically?
Quality management — are quality systems in place and operating?
Regulatory compliance — is the organisation meeting its legal obligations as an NDIS registered provider?

Audit tip

Auditors assess Outcome 2.1 through document review, interviews with key personnel, and observation of operational systems. Having a governance framework document is necessary but not sufficient — auditors will probe whether leaders understand the framework and whether it is actually operating, not just written.

What Constitutes Adequate NDIS Governance

The term "governance" in the NDIS context refers to the system by which your organisation is directed and controlled. It encompasses the structures, policies, processes, and relationships that determine how decisions are made, how accountability is maintained, and how the organisation pursues its objectives — which, for an NDIS provider, are centred on delivering safe, quality supports to people with disability.

A governance framework document (Document 05 in the SIL Rescue Kit) is the primary evidence of your governance system. It should cover:

The legal structure of the organisation (company, incorporated association, sole trader, trust)
The roles and responsibilities of the governing body (board, directors, or owner/operator)
How strategic decisions are made and documented
How operational decisions are delegated and managed
Conflicts of interest policy and register
How the organisation monitors compliance with NDIS requirements
Reporting lines and accountability structures
How key performance indicators are defined and monitored
How the organisation responds to significant changes (new services, significant incidents, regulatory changes)

The framework must be a live document — reviewed at least annually and updated whenever there are changes to the organisation's structure, leadership, or scope of services. Evidence of review (version history, sign-off dates, meeting minutes) is required for audit purposes.

Board and Director Responsibilities

For companies and incorporated associations, the governing body (board of directors or management committee) has specific responsibilities under both NDIS legislation and corporate governance law. Under the NDIS Practice Standards, the governing body is responsible for:

Setting strategic direction

The board must approve and regularly review the organisation's strategic plan, mission, and values. For NDIS providers, strategic direction must be consistent with the NDIS quality and safeguarding framework and the organisation's obligations to participants.

Financial accountability

The governing body is ultimately accountable for the organisation's financial integrity. This includes approving budgets, reviewing financial reports, ensuring adequate financial controls, and ensuring NDIS funding is used appropriately and as claimed.

Risk oversight

The board must ensure the organisation has a risk management framework, receives regular risk reports, and takes action on significant risks. Under Core Module Outcome 2.2, the risk management system must be documented and operational.

Compliance oversight

The board must ensure the organisation meets its obligations as an NDIS registered provider — including compliance with the NDIS Act 2013, the NDIS (Registered Providers of Supports) Rules 2013, the NDIS (Code of Conduct) Rules 2018, and all applicable Practice Standards. If significant compliance failures occur, the board must be informed and take corrective action.

Key personnel decisions

The board is responsible for appointing, supervising, and (where necessary) removing key personnel, including the CEO or General Manager. All key personnel must be assessed for suitability under the NDIS key personnel framework.

For sole traders and small family-owned operators, the "governing body" is effectively the owner/director. The same responsibilities apply — but the governance framework document must demonstrate that these responsibilities are exercised systematically rather than ad hoc.

Key Personnel Suitability Requirements

Under the NDIS (Registered Providers of Supports) Rules 2013, all key personnel of a registered NDIS provider must be assessed as suitable to carry out their role. The NDIS Commission can refuse, suspend, or cancel registration if key personnel are assessed as unsuitable.

Key personnel are defined as individuals who have, or could have, significant influence over the management or operation of the registered provider. This includes:

Company directors and secretaries
Partners in a partnership
Trustees of a trust
Senior managers with direct responsibility for NDIS service delivery
Any person with significant operational or financial authority

Suitability assessment for key personnel considers:

Suitability Factor	Evidence Required
Criminal history	National Police Check or NDIS Worker Screening Check; key personnel must disclose any relevant convictions
NDIS Worker Screening	For key personnel who are also support workers, NDIS Worker Screening clearance is required
Previous registration actions	Disclosure of any previous NDIS or aged care registration cancellations, suspensions, or enforceable undertakings
Bankruptcy or insolvency	Disclosure of undischarged bankruptcy or company insolvency matters
Qualifications and experience	Evidence of relevant qualifications and experience appropriate to the role

The Key Personnel Suitability Assessment (Document 57 in the SIL Rescue Kit) is a formal document that records the suitability assessment process for each key person. This document is reviewed by auditors during certification audits and must be kept current — updated whenever key personnel change.

Notification requirement

NDIS registered providers must notify the NDIS Commission within 90 days of a key personnel change (new key person, or existing key person leaving). Failure to notify the Commission of key personnel changes is a compliance breach that can trigger a compliance audit.

Organisational Chart Requirements

An organisational chart (org chart) is a mandatory governance document for NDIS registered providers. Under Outcome 2.1, the org chart serves as evidence that the provider has clear accountability and reporting structures. Auditors use the org chart to understand:

Who holds governance authority (board/directors)
Who is responsible for operational management (CEO, Director of Services)
How support delivery roles relate to management roles
Where key compliance functions sit (Quality Manager, HR Manager, etc.)
Whether reporting lines are clear and logical

The Organisational Chart Template (Document 58 in the SIL Rescue Kit) provides a starting framework. Your org chart should include all positions within the organisation (not just those currently filled), with clear reporting lines. For small providers, a simple two- or three-tier chart is perfectly adequate — auditors are not looking for complexity, they are looking for clarity.

Important: the org chart must reflect the actual operating structure, not an aspirational one. If the CEO is also the sole support worker, say so. An org chart that claims multiple senior managers when they don't exist will be identified in interviews.

Document Control and Record Keeping

Outcome 2.4 (Information Management) specifically addresses document control, but the governance framework (Outcome 2.1) requires that the document control system itself is governed. This means the governance framework should reference and authorise the document control policy, specify who is responsible for maintaining the document register, and establish minimum standards for policy review cycles.

The Document Control Register (Document 48 in the SIL Rescue Kit) is the central record of all organisational policies, procedures, forms, and registers. It must record, for each document:

Document title and reference number
Version number
Date of issue
Date of last review
Date of next review
Document owner (the role responsible for maintaining the document)
Approval authority (who has the authority to approve this document)
Location of the current version

A document control system is not just about having a register — it is about ensuring that outdated documents are not in circulation, that all relevant staff have access to current versions, and that policy changes are communicated and understood across the organisation.

Financial Oversight Under Outcome 2.1

Adequate financial oversight is a component of governance that auditors assess under Outcome 2.1, supplemented by the Financial Management Policy which maps to Core Module Outcome 2.5. From a governance perspective, the requirements include:

Separation of duties

Where possible, financial responsibilities should be separated — the person who raises purchase orders should not also approve them; the person who processes payroll should not also review payroll reports. For small providers, complete separation of duties is often impossible, but compensating controls (such as monthly reconciliation reviews by a director, or external bookkeeper verification) must be in place.

NDIS claims integrity

Providers must have processes to ensure that NDIS claims are accurate, are for supports actually delivered, are within the participant's plan budget, and are consistent with the service agreement. The governance framework should establish who is responsible for claims integrity and what oversight processes are in place.

Financial reporting to the governing body

The governing body must receive regular financial reports — at minimum quarterly for most providers. These reports should include profit and loss, balance sheet, NDIS claims reconciliation, and budget versus actual performance. For small sole traders, this may be a simplified monthly review of income and expenses against budget.

Budget management and sustainability

Governance requires that the organisation operates within its means and can demonstrate financial sustainability. NDIS auditors are alert to financial models that suggest a provider is over-claiming, under-delivering, or financially unsustainable — all of which are risk indicators for participant safety.

What Auditors Look For Under Outcome 2.1

Based on common audit findings reported by NDIS registered auditors, the following are the most frequently assessed points under Outcome 2.1:

Document review

A current, signed Governance Framework (reviewed in the last 12 months)
Current Organisational Chart
Current Key Personnel Suitability Assessments for all key personnel
A Document Control Register with all policies listed
Evidence of board/management committee meeting minutes (showing governance is active, not just documented)
A Strategic Plan (even a simple one-page plan for small providers)

Interviews with key personnel

Auditors will interview at least the CEO/director and a frontline manager. Common interview questions for Outcome 2.1 include:

"How do you ensure your organisation is complying with NDIS requirements?"
"What is your process for managing a significant compliance issue?"
"How does your board/management committee receive information about the organisation's performance?"
"Who is responsible for keeping your policies up to date?"
"What happens when a key person leaves the organisation?"

System observation

Auditors may request to see the document management system in action — including how staff access current policies and how old versions are archived. They may also check that the Document Control Register matches the actual documents held.

SIL Rescue Kit: Governance Documents Included

The SIL Rescue Kit includes the Governance Framework (Doc 05), Key Personnel Suitability Assessment (Doc 57), Organisational Chart Template (Doc 58), and Document Control Register (Doc 48) — all mapped to NDIS Practice Standard Outcome 2.1.

Get the SIL Rescue Kit — $297

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.