NDIS Practice Standards Module 4 Explained
Module 4 of the NDIS Practice Standards covers operational management: finance, staff, and systems. It's the least exciting module, but auditors spend significant time here because operational failures undermine the entire service. From our Enrichment Care audits, Module 4 failures typically involve invoicing errors, missing payroll documentation, or poor record-keeping. The good news: this module has concrete, measurable requirements that are straightforward to implement. If you invoice accurately, pay staff fairly, train them properly, and maintain organized records, you'll pass Module 4. Understanding what auditors test will help you build bulletproof operational systems.
Invoicing and Finance: Where Auditors Look
Auditors test your invoicing accuracy by reviewing 5-10 recent invoices and cross-referencing them against support plans and timesheet records. They ask 'How do you ensure invoices match the participant's approved supports?' They're checking for: (1) Invoice matches support plan hours and rates. (2) Invoice matches actual support delivered (timesheet verification). (3) Invoice is submitted to the correct participant plan type (NDIA-managed, plan-managed, self-managed). (4) GST is handled correctly (you should NOT be charging GST to NDIA-managed participants). From our experience, the most common failure is invoicing discrepancies—you invoice for 20 hours but timesheets show 18, or you bill at the wrong rate. Keep an invoicing SOP that documents your process: support plan review → timesheet collection → invoice preparation → submission. Use ShiftCare or Lumary to automate this and reduce manual errors. Auditors also review your financial records to verify you're billing appropriate rates and not overcharging.
Staff Management and Training: The Systems Auditors Test
Module 4 requires that you have current records for every staff member: job descriptions, contracts, induction documentation, and training records. Auditors ask 'Show me the training records for your support team.' They want to see: (1) Induction training completed (covered your service, policies, safeguarding). (2) Ongoing training on Practice Standards and disability support. (3) Training relevant to participant needs (e.g., training on autism support, or communication with non-verbal participants). (4) Records of performance management (supervisions, feedback, performance reviews). Most providers have training haphazardly—a worker completes a course and it's filed somewhere, or training is only done when something goes wrong. Auditors want to see proactive, systematic training. Keep a training register with every staff member's name, training completed, date completed, and expiry (where relevant). Conduct quarterly team meetings where you cover Practice Standards modules or service-specific topics.
Record-Keeping and Data Management
Module 4 also covers how you maintain participant records and ensure data security. Auditors ask 'How do you keep participant information secure?' and 'How do you ensure records are kept confidential and accessible only to authorized staff?' They review your systems for: (1) Secure storage of participant files (physical or digital). (2) Access controls (who can view which participant records). (3) Backup and disaster recovery (if your system crashes, can you recover records?). (4) Data retention and disposal (how long do you keep records after the participant leaves?). Most providers use a mix of paper and digital records without clear protocols. Auditors see this and flag it as a safeguarding risk. Migrate to a single system (ShiftCare, Lumary, or similar) where all participant, financial, and staff records are in one place with clear access controls.
Building Your Module 4 System
Start by documenting your invoicing process: support plan review → timesheet collection → invoice prep → billing. Train your admin team on this process and have someone review every invoice for accuracy before submission. Second, create a staff training register and begin documenting induction and ongoing training for every team member. Set a goal of 4 hours of training per staff member per year minimum. Third, audit your record systems. If records are scattered across paper files, emails, and spreadsheets, consolidate into a single system. Use ShiftCare ($159/month) or Lumary ($30K+ per year depending on size) to centralize participant, financial, and staff records. Fourth, create a backup and disaster recovery plan: how do you recover if your computer crashes?
Your Module 4 Compliance Timeline
Week 1: Audit your invoicing accuracy. Pick 5 recent invoices, cross-check against support plans and timesheets. Look for discrepancies. Week 2-3: Document your invoicing SOP and train your billing team. Week 4-5: Create a staff training register and backfill records for all current team members. Week 6-8: If using paper or scattered records, begin migrating to a centralized system. Week 9-12: Test your backup and disaster recovery process. By Certification audit, you'll have three months of evidence showing organized, accurate operations. Provider Scale's Free Compliance Health Check includes an operational audit to identify your specific Module 4 gaps.