Searchshow menu

On 11 April 2019 the Australian Government assumed a caretaker role, with an election to be held 18 May 2019.
Information on websites maintained by Comcare will be published in accordance with the Guidance on Caretaker Conventions until after the election and conclusion of the caretaker period.

Auditing Rehabilitation Management Systems FAQs

What is the purpose of the audit?

In order for rehabilitation authorities to be compliant with the Guidelines for Rehabilitation Authorities 2012 (the Guidelines) they must develop and implement a rehabilitation management system (RMS) based on the Performance Standards and Measures contained in the Guidelines, conduct an audit of that RMS and compete the Certificate of Compliance.

In the developmental stages of a RMS, the audits will assist an employer in identifying any gaps or weaknesses that need to be addressed with the aim of being compliant with the Guidelines' requirements. As the system matures, the audits are a useful method for employers to measure, evaluate and improve on the management and delivery of rehabilitation.

Comcare has been auditing licensees for many years. The audits assist the licensee to ensure that their RMS is operating at optimal levels. In contrast, recent audits of premium paying agencies have shown poorer management systems which may be either a reflection of, or the cause of, poorer rehabilitation performance.

Comcare's Compliance Program

From 1 July 2013, Comcare may require details of the audit results or conduct its own audit of an employer to assess if the employer is compliant. You will be advised if you have been selected for audit or are required to submit documentation for desktop review.
Audits for licensees will continue as per the licensee audit program.

How is the audit undertaken?

To help rehabilitation authorities comply, Comcare has developed a rehabilitation management system audit tool, workbook and report template. These documents address legislative compliance and the requirements under the Guidelines.

The introduction to the audit tool provides more information on how to carry out a rehabilitation management system audit. The accompanying workbook has information on the type of evidence that could be used to address each of the 27 criteria in the tool. Further, pages 14–15 of the tool have tables that map the criteria in the tool to all the requirements under the Guidelines. This also provides assurance that the performance standards and measures referred to in the Guidelines are being addressed.

Who may perform an audit?

Audits for the purpose of certifying compliance with the Guidelines must be undertaken by competent personnel. The Rehabilitation Management System Audit Tool defines competent personnel as 'people with knowledge of the Safety, Rehabilitation and Compensation Act 1988 (SRC Act) and relevant experience. Relevant experience in this case would include audit training and experience'.

Competent personnel must be independent of the rehabilitation area. Audits may be completed by an employer's internal auditor, if they have one, or by an external auditor who has the appropriate audit qualifications and experience.

Confidence in this audit process and the ability to administer its objectives depends on the competence of those individuals who are involved in planning and conducting audits. Guidance on assessing the competence of an auditor can be obtained from the International Standard ISO 19011 – Guidelines for auditing management systems, Chapter 7-Competence and evaluation of auditors.

Agencies may also consider pooling resources, exchanging personnel or seeking assistance from their portfolio department if they lack appropriate competent personnel in-house.

The information obtained from the audit will be used to complete the Certificate of Compliance in Attachment B of the Guidelines.

How often must an audit be completed?

Comcare recommends best practice is auditing on an annual basis. Auditing may occur less frequently in 'low-risk' agencies; however a risk assessment must be undertaken to ensure annual auditing is not required. Comcare recommends that agencies do not audit less frequently than every three years.

For agencies deciding to conduct an audit less than annually, Comcare recommends that the agency conducts a 'self-assessment' using the Rehabilitation Management System audit workbook in the years between. This is to ensure the agency maintains a mechanism for identifying any weakness within the system in between audits. The self-assessment can be conducted by the case manager. However, the results could not be used for the purposes of certifying compliance against the Guidelines.

What is the scope of the file audit?

Files selected for audit must have had some rehabilitation activity in the 12 months prior to the commencement of the audit. The sample size is dependent on the number of files with rehabilitation activity. A table setting out the sampling methodology is contained in the Rehabilitation Management System Audit Tool.

What is the 'reporting period'?

The reporting period is the financial year in which the audit was undertaken. For clarity, this means that:

  • The audit should occur at some time during the financial year
  • The Certificate of Compliance should be signed as close as reasonably practicable to the end of the financial year
  • Where the audit took place some months prior to the signing of the Certificate of Compliance, the certificate should include information on the progress or closure of corrective actions in the schedule attached to the certificate.

Where a 'low risk' agency has varied the frequency of audits following a risk assessment, the reporting period will be for the final financial year of their audit cycle. 'Low risk' agencies are defined below.

How do I determine that my agency is 'low-risk'?

There is no hard and fast rule for determining if an agency is low-risk. It is necessary to undertake a documented risk assessment to establish the level of sophistication your agency needs in its RMS. Attachment A of the Guidelines states:

"In developing or maintaining a system to provide appropriate rehabilitation services to its injured employees the employer may undertake a risk assessment of its workplaces to gauge the nature and level of resources required to deliver effective rehabilitation."

The risk assessment process will be unique for each agency but you should consider such things as:

What is our FTE and is it likely to change in the future?

As a starting point, the lower the number of employees, the less sophisticated the RMS needs to be. If you have more than 300 FTE, it is unlikely you would be considered a low-risk agency. Further, if the FTE is likely to fluctuate significantly – either by increasing, or by a rapid decrease, then the risk of injury increases and your agency would need to have a more sophisticated RMS in place.

What type of work is undertaken? Where are our workers located?

If your agency has employees doing work other than office-based work, then it is unlikely that you are low-risk. This would include field officers, workers undertaking manual handling tasks, laboratory work, remote workers and the like.

What types of injuries do our workers have - physical or psychological?

You need to evaluate your injury data. If there have been psychological injuries reported, then you would likely need a more sophisticated RMS and would not be low-risk.

How many rehabilitation cases do we manage in a year on average?

If you have very few cases (say 1-2) per year, and this has remained fairly static over time, then you may only require a basic RMS.

What is our premium rate? Is it increasing more than the average?

Whilst the premium rate is multifactorial, if it is above-average or increasing more than average, it may be an indicator that your RMS is not functioning optimally and it is unlikely that you are a low-risk agency.

Are we getting our people back to work in a safe and timely manner? How does our performance compare with other agencies?

Early and safe return to work is the key indicator of a well-functioning RMS. If this is not occurring, then it is likely your agency needs to have a more sophisticated RMS in place. Additionally, comparing performance with other like agencies can be a useful indicator in deciding whether your RMS is working optimally or needs improving.

Do we have a documented and accessible rehabilitation policy in place? Are our rehabilitation case manager(s) trained and competent?

If the answer to either question is 'no', then you are not a low-risk agency.

What level of oversight is required to ensure we continue to meet our legislative obligations under the SRC Act 1988 and the Guidelines?

If, after undertaking the risk assessment, it is established that you are a low-risk agency and only require a RMS with a low level of sophistication, then you may also establish the frequency of audits to be undertaken of the system. This should not exceed three years in any case.

Documenting the risk assessment

If a rehabilitation authority does deviate from the recommended annual audit process, it must be able to produce the risk assessment upon which such a deviation was based should Comcare ask for it. The risk assessment should be documented, endorsed by senior executive, and available upon request.

Comcare will continue to review claims and rehabilitation data from time to time to identify any small premium-paying agencies with poor performance. Comcare may ask such agencies to submit their Certificate of Compliance and/or risk assessment for review.

Who can sign the Certificate of Compliance?

The Guidelines specify that the Certificate of Compliance must be signed by the rehabilitation authority, being the principal officer or CEO of the agency.

What is reported in the schedule attached to the Certificate of Compliance?

All non-compliances identified during the reporting period, the related corrective actions and confirmation of completion (or proposed date of completion) need to be listed in the schedule. For clarity, this means all 'non-conformances' and 'observations' contained in the audit report.

Do I need to send the Certificate of Compliance to Comcare?

The rehabilitation authority should keep the Certificate of Compliance with the audit report. You only need to send it to Comcare if requested to do so. Comcare will be requesting certificates and audit reports for desktop review from a selection of rehabilitation authorities each year. You will be advised in writing if you have been selected for review.

What other guidance is available?

Information on rehabilitation management systems, audits and related guidance can be found on the following pages:

Page last updated: 24 Jul 2015