Preparing for Certification under the HSQF and the external auditing process. Services who are funded under Community Services will be familiar with the Community Services Standards, and self-assessing against these standards. The new Human Service Quality Framework, which replaces these, will require some organisations to undergo certification and assessment by an external auditor. Services will be given notice of this requirement and provided time to prepare for this change, but it is wise to consider your preparation as early as possible. Some services who also receive funding from other programs, such as Disability Services or HACC/Community Care, will be familiar with external auditing. You can find useful information about the process of external auditing requirements here. (This Fact Sheet refers to Child Safety Services which require a License. However, the HSQF certification process is the same. The difference for Child Safety Services is that this forms only part of their Licensing requirements.) You can find some important information about things to consider when selecting a certification body here. It is important to note that certification is an ongoing process, so your organisation is likely to have an ongoing relationship with the certification body you contract to undertake your audit. 1. The first step in preparing your organisation for this process is always the self-assessment. This allows you to match various evidence you have against each standard and indicator to demonstrate that you comply. This process will also help you to identify any gaps or inconsistencies that need to be addressed. Most services will have self-assessed against the Community Services Standards already. The HSQF largely covers the same requirements which are covered under six standards instead of eleven) As a result, the information from your current self-assessment can be mapped to the HSQF Standards and Indicators to ensure all areas are covered. The HSQF standards comparison document maps the two sets of standards, to make it easier to locate your information. There is a HSQF self-assessment tool here into which you can gather your information. Prior to your first audit, you will be asked to provide copies of policies and procedures, and information about your self-assessment and any improvement actions you have taken/are taking in response to this. We suggest you start with your existing policies and procedures and map these against the relevant standard and indicator/s. At some point it will be helpful to number your existing policies and procedures so they are consistent with each HSQF Standard (more on this later). With only six standards, the HSQF is less prescriptive, and you may use your discretion to determine the best “fit” for some policies (and they may be relevant to more than one standard/indicator). 2. Your policies set down the “rules” or standards you aspire to. Auditors will also want to see evidence of how these are implemented and understood. This may include talking to staff to check their understanding and practice, and other paperwork which demonstrates implementation, such as forms you use to implement policy and documents you produce such as strategic plans, marketing materials and registers. List the examples that you have against the indicators but also look at your own policies to make sure that you have consistent information and evidence. For example, if your policy says you collect certain information from clients in order to provide the best service: do you have a referral/intake form? Does is seek information that is consistent with your policy? Is it up to date? Does it have a privacy statement on it consistent with that policy? Or do you do this via a separate notice? If your policy says you do a strategic plan every x years, can you produce one which is current? Note what you have and what is missing or needs checking. One way of keeping track of these consistencies is to make sure all relevant forms and documents are listed at the end of each policy (there is a space for this in the templates), and to have a clear process for updating policies (see the Information Management Policy template and guide for some ideas) that includes checking all associated documents for any necessary changes or updates. 3. This information can be added to your self-assessment and form the basis of an improvement plan that lists items to be completed in preparation for auditing. This step is important because one thing auditors will look for is not just evidence of compliance, but of improvement and moving towards compliance. Record the actions that are needed, and record the work taken towards achieving these actions. Auditors will look at these items and see that you are working towards compliance – this is particularly important if you are not likely to have everything in place for the initial audit. These may become items auditors look at again during the maintenance audits. Get in the habit of systematically keeping records with the audit in mind. For example, if you need to train staff in new policies keep an attendance sheet or a copy of the meeting minutes where this was discussed. Ideally you would maintain a training register, but even just putting a copy of these documents in a training folder will help show what you have done when it comes to audit time. If you get a trainer in, slip the program description into your folder. 4. In a similar vein to recording improvement actions is the development of a document control system. This allows you (and an auditor) to ensure you have the latest versions of key organisation documents, policies and procedures and demonstrate how you have improved your systems and documentation. The general principles of quality assurance relate to ensuring the quality of products and in the community services context, it is about the consistency referred to in point 2. The complexity of your systems should be appropriate to the complexity of your organisation. The Information Management Policy template and guide provides an example of a document control system you can use or adapt. Simple practices such as numbering policies and forms and using consistent file naming can help a lot in controlling key organisation documents. 5. As we move into a certification system with JAS-ANZ, we can expect requirements that are generally consistent across industry sectors. These would include: Continuous Improvement, Risk Management, and Regulatory Compliance. These are referred to in the HSQF Standards, and policy templates are provided on Community Door. 6. Prepare for your site visit. Your auditor will request you to provide some documents before they visit. Auditors may have specific requests based on the desktop review of the documents you have provided. A useful process is to go back to your self-assessment and look at the evidence you have listed against indicators. For each item, ask yourself where it is and how can you access it. You may find you can gather some items and put them in a folder (or folders). This may seem like a lot of work, but remember the audit process will continue happening, so once you have your material together, you can add in new materials or replacements ready for the next auditing visit. You can set up your folders with dividers for each Standard, which makes it easier to find information during the audit visit. Sometimes this approach is not workable, or, in a small office, it may be easy to lay your hands on information in various formats. Another approach is to simply note the location of the information – the computer filename, the filing cabinet, storage containers, etc, and this as a reference during your audit visit. It can be useful to be on the front foot and have this list printed out before the audit, with a copy for the auditor. They can then indicate which items they would like to see and you will be able to find them efficiently and create a great impression. 7. Auditors will also look at Staff – being adequately qualified for the task, which includes performance management and ongoing training. Performance data – this may include the standard data you provide to your funders. Do you have other performance objectives and targets (consistent with the expectations of the Standards)? Can you provide data demonstrating how you are performing against these? The Board or Management Committee – governance is one of the Standards, but it is also important to demonstrate consistency and commitment across all levels of the organisation. Make sure your Board or Management Committee are aware of and understand the audit process, and have the necessary briefings beforehand. They will generally be required to meet with the auditors during the site visit. Clients/service users (usually a sample). This will necessarily vary depending on the nature of your service/s. Give consideration to how this may work for your organisation, and discuss this with your auditor. Consider how you will gain consent (if necessary) and protect the privacy of individuals. Client files – discuss requirements with your auditor. Make sure files are complete and up to date. It is also useful to conduct internal file audits at regular intervals. Keep records of these audits and any corrective actions taken. 8. Large organisations with multiple sites and services The HSQF allows for multiple site organisations to receive a single certification. The audit process includes a head office audit, as well as visits to different service sites so that the auditors can assess how well policies and procedures work in practice and whether service delivery is aligned to the standards. Auditors use a sampling processes to determine which service sites to visit. You should discuss how this sampling process works and what it means for your service with your certification body during the audit planning stage. This will o allow you to prepare and brief those sites who will be directly involved. Information about these requirements are included in the following documents from the JAS-ANZ site: http://www.jas-anz.com.au/images/stories/Documents/Procedures/HS_Scheme_Pt1.pdf and http://www.jas-anz.com.au/images/stories/Documents/Procedures/HSQFSchemePt2.pdf 9. Following the audit site visit You will be provided with a written report following your site visit and you have 5 days to respond to the facts/correctness of the report. Essentially, you must comply with all the Standards and Indicators. The report will identify any “non-conformities” and you will need to come to agreement with the auditors as to how these will be addressed. These might apply to some aspect of an indicator that you don’t currently meet adequately, and need to be closed out within 12 months of the audit. Auditors may also identify “major non-conformities”. These may be major noncompliance with an Indicator, but may also include: Non-conformities within 3 indicators or more in one Standard or Non-conformities across 3 or more of the Standards. Major non-conformities must be closed out or downgraded to a non-conformity within three months. Certification may be withheld or suspended while there are unresolved major nonconformities. Of course, you will need to keep records of all improvement actions you take to address nonconformities. Please Note: “If an auditor considers that a human service organisation’s processes for the periodic review of compliance with the prescribed requirements of relevant legislation, regulation or policy are inadequate, the auditor shall progress the issue as a major nonconformity to Standard 1.1, as well as to any other relevant standard.” http://www.jas-anz.com.au/images/stories/Documents/Procedures/HSQFSchemePt2.pdf (P27.4.9) 10. Maintenance Audits Certification audits are held every 3 years, with a maintenance audit held mid-cycle (18 months from certification). Maintenance audits will look at 4 Standards from HSQF. Auditors are to include the following in these audits: reviewing any changes to services, organisational structure or personnel reviewing the effectiveness of actions taken in response to consumer complaints a review of the effectiveness of actions taken in response to concerns raised by staff a review of the effectiveness of service or process controls and self-assessments a review of the effectiveness of responses to nonconformities identified during self assessments and external audit where applicable a review of the organisation’s practices to achieve the requirements of the standards within the scope of the audit interviewing the responsible managers and a sample of consumers