service agreement<\/a> and determines the level of support and supervision required.<\/p>\n\n\n\nWhen participant needs or circumstances change.<\/strong> Any significant change in a participant’s health, living situation, behaviour, medication, mobility, or social circumstances triggers a risk reassessment. Examples include a participant moving to a new residence, a change in medication that affects alertness or balance, a new diagnosis, or a change in the participant’s support network.<\/p>\n\n\n\nAfter an incident or near-miss.<\/strong> Every incident must prompt a review of the relevant risk assessment. If a participant falls during community access, the falls risk assessment must be reviewed and updated with new control measures if needed. Commission auditors specifically check whether incidents are linked back to risk assessments and whether control measures were updated following incidents. This incident-to-risk linkage is a key audit indicator.<\/p>\n\n\n\nDuring plan reviews.<\/strong> When a participant’s NDIS plan is reviewed or reassessed by the NDIA, the provider must review all associated risk assessments. Plan reviews often change funding levels, support types, or participant goals, all of which may affect the risk profile.<\/p>\n\n\n\nAs part of scheduled periodic review.<\/strong> Even without a triggering event, risk assessments must be reviewed on a regular schedule. The frequency depends on the risk level (see Review and Escalation section below).<\/p>\n\n\n\nSample NDIS Risk Assessment Framework<\/h2>\n\n\n\n
The following risk assessment template provides a structured format that satisfies Commission audit requirements. Adapt it to your registration groups and participant cohort.<\/p>\n\n\n\n
Section 1: Participant Information<\/h3>\n\n\n\n
Participant Name: [Full Name]
\nNDIS Number: [XXXXXXXXXX]
\nDate of Birth: [DD\/MM\/YYYY]
\nPlan Start Date: [DD\/MM\/YYYY] | Plan End Date: [DD\/MM\/YYYY]
\nPrimary Disability: [Description]
\nSupport Types: [e.g., Assistance with Daily Life, Community Participation, SIL]
\nAssessment Date: [DD\/MM\/YYYY]
\nAssessed By: [Staff Name, Role]
\nNext Review Date: [DD\/MM\/YYYY]<\/em><\/p>\n\n\n\nSection 2: Risk Category Checklist<\/h3>\n\n\n\n
Assess each of the following risk categories for the participant. For each identified risk, complete a full risk rating in Section 3.<\/p>\n\n\n\n
\n- Physical Safety<\/strong> – falls risk, manual handling, mobility limitations, skin integrity, swallowing\/choking, seizures<\/li>\n
- Mental Health and Wellbeing<\/strong> – anxiety, depression, self-harm risk, trauma history, psychosocial stressors<\/li>\n
- Behaviour of Concern<\/strong> – aggression, absconding, self-injurious behaviour, property destruction, sexually inappropriate behaviour<\/li>\n
- Medication Management<\/strong> – polypharmacy, medication side effects, self-administration capacity, PRN medication use, restricted practices involving medication<\/li>\n
- Social and Community Safety<\/strong> – vulnerability to exploitation, road safety, water safety, community navigation, online safety<\/li>\n
- Environmental Hazards<\/strong> – home environment risks, equipment maintenance, vehicle transport, community access locations<\/li>\n
- Financial Risk<\/strong> – vulnerability to financial abuse, capacity to manage personal funds, plan budget management<\/li>\n
- Mealtime and Nutrition<\/strong> – dysphagia, food allergies, nutritional deficiencies, mealtime supervision requirements<\/li>\n
- Communication<\/strong> – limited verbal communication, interpreter requirements, augmentative and alternative communication (AAC) needs<\/li>\n<\/ul>\n\n\n\n
Section 3: Detailed Risk Rating<\/h3>\n\n\n\n
For each identified risk, complete the following assessment:<\/p>\n\n\n\n
Risk Category:<\/strong> [e.g., Physical Safety – Falls Risk]
\nRisk Description:<\/strong> [e.g., Participant uses a walking frame for mobility. History of two falls in the past 6 months, both in the bathroom. Reduced balance when fatigued.]
\nLikelihood:<\/strong> [1-5] (1 = Rare, 2 = Unlikely, 3 = Possible, 4 = Likely, 5 = Almost Certain)
\nConsequence:<\/strong> [1-5] (1 = Insignificant, 2 = Minor, 3 = Moderate, 4 = Major, 5 = Catastrophic)
\nRisk Rating:<\/strong> [Likelihood x Consequence] = [Score] ([Low \/ Medium \/ High \/ Extreme])
\nExisting Control Measures:<\/strong> [e.g., Walking frame provided and maintained. Non-slip mats installed in bathroom. Grab rails installed beside toilet and shower. Staff trained in manual handling. Participant reminded to use walking frame at each visit.]
\nAdditional Controls Required:<\/strong> [e.g., Occupational therapy review for bathroom modifications. Night-light installation for overnight access.]
\nResponsible Person:<\/strong> [Staff Name, Role]
\nReview Date:<\/strong> [DD\/MM\/YYYY]<\/em><\/p>\n\n\n\nRisk Matrix: Likelihood vs Consequence<\/h2>\n\n\n\n
Use the following 5×5 risk matrix to calculate the risk rating for each identified risk. Multiply the Likelihood score by the Consequence score to determine the overall Risk Rating.<\/p>\n\n\n\n| Likelihood \/ Consequence<\/th> | 1 – Insignificant<\/th> | 2 – Minor<\/th> | 3 – Moderate<\/th> | 4 – Major<\/th> | 5 – Catastrophic<\/th><\/tr><\/thead> |
|---|
5 – Almost Certain<\/strong><\/td>| 5 (Medium)<\/td> | 10 (High)<\/td> | 15 (Extreme)<\/td> | 20 (Extreme)<\/td> | 25 (Extreme)<\/td><\/tr> | 4 – Likely<\/strong><\/td>| 4 (Medium)<\/td> | 8 (High)<\/td> | 12 (High)<\/td> | 16 (Extreme)<\/td> | 20 (Extreme)<\/td><\/tr> | 3 – Possible<\/strong><\/td>| 3 (Low)<\/td> | 6 (Medium)<\/td> | 9 (High)<\/td> | 12 (High)<\/td> | 15 (Extreme)<\/td><\/tr> | 2 – Unlikely<\/strong><\/td>| 2 (Low)<\/td> | 4 (Medium)<\/td> | 6 (Medium)<\/td> | 8 (High)<\/td> | 10 (High)<\/td><\/tr> | 1 – Rare<\/strong><\/td>| 1 (Low)<\/td> | 2 (Low)<\/td> | 3 (Low)<\/td> | 4 (Medium)<\/td> | 5 (Medium)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Risk Rating Definitions:<\/strong><\/p>\n\n\n\n\n- Low (1-3):<\/strong> Risk is acceptable with current controls. Monitor through standard review processes.<\/li>\n
- Medium (4-6):<\/strong> Risk requires documented control measures and regular monitoring. Review at standard intervals.<\/li>\n
- High (7-12):<\/strong> Risk requires active management with enhanced controls. Supervisor oversight required. Escalate if controls are insufficient.<\/li>\n
- Extreme (13-25):<\/strong> Risk requires immediate action. Senior management must be notified. Consider whether services can be safely delivered. May require NDIS Commission reporting.<\/li>\n<\/ul>\n\n\n\n
Review Frequency and Escalation Procedures<\/h2>\n\n\n\nThe frequency of risk assessment reviews depends on the risk rating. Commission auditors check review dates against the documented schedule, so consistent, timely reviews are essential audit evidence.<\/p>\n\n\n\n Low risk (rating 1-3):<\/strong> Review every 12 months, or when the participant’s NDIS plan is reviewed. Document review outcome even if the risk level has not changed.<\/p>\n\n\n\nMedium risk (rating 4-6):<\/strong> Review every 6 months. Ensure control measures remain effective and are being consistently applied by all support staff. Document any changes to controls.<\/p>\n\n\n\nHigh risk (rating 7-12):<\/strong> Review every 3 months, or sooner if an incident occurs. Supervisor must sign off on each review. Control measures must be communicated to all staff working with the participant. Document staff acknowledgement of updated controls.<\/p>\n\n\n\nExtreme risk (rating 13-25):<\/strong> Requires immediate escalation to senior management. The risk must be reassessed within 24 to 48 hours of identification. A risk mitigation plan must be documented and approved by a senior manager before services continue. If the risk involves a reportable incident (death, serious injury, abuse, neglect, or unauthorised restrictive practice), it must be reported to the NDIS Quality and Safeguards Commission<\/a> within 24 hours for immediate notification incidents, or within 5 business days for other reportable incidents.<\/p>\n\n\n\nEscalation pathway for all risk levels:<\/strong><\/p>\n\n\n\n\n- Support worker<\/strong> identifies or observes the risk during service delivery<\/li>\n
- Team leader or coordinator<\/strong> reviews the risk and determines if control measures are sufficient<\/li>\n
- Service manager<\/strong> approves updated risk assessment and allocates resources for additional controls<\/li>\n
- Senior management or compliance officer<\/strong> reviews extreme risks and approves risk mitigation plans<\/li>\n
- NDIS Commission reporting<\/strong> for reportable incidents as defined under the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018<\/li>\n<\/ol>\n\n\n\n
Build an Audit-Ready NDIS Risk Management System<\/h2>\n\n\n\nEvery registered NDIS provider must maintain a documented NDIS risk assessment<\/strong> for each participant they support. The NDIS Quality and Safeguards Commission<\/a> treats risk management as fundamental to safe service delivery. Commission auditors do not simply check that an NDIS risk assessment template<\/strong> has been completed. They assess whether your risk management system is embedded in daily operations, regularly reviewed, and connected to your incident management processes.<\/p>\n\n\n\nYour risk assessment framework is one component of a broader compliance documentation suite. It must align with your NDIS policies and procedures<\/a>, integrate with your complaint management process<\/a>, and inform the risk disclosures in your service agreements<\/a>. HCPA builds all of these as an integrated compliance framework, not isolated templates.<\/p>\n\n\n\nFor operational tools that support risk documentation, our best NDIS software comparison<\/a> evaluates platforms with incident logging and compliance dashboard features. Providers preparing for their first audit should also review our NDIS audit support<\/a> services.<\/p>\n\n\n\n | | | | | |