From spreadsheets to sightlines: Why NDIS boards must rebuild for visibility

The insights in this article come from a recent strategic webinar on NDIS governance and visibility, exploring why the NDIS is hitting a governance turning point, featuring:

• Rachel Riley: Co-Founder, Drova; Board Member and Risk Committee Chair, Interaction Disability Services
• Ivan McKay: Feedback & Compliance Manager, Spinal Life Australia
• Phil Grindley: GM, Enterprise Risk & Business Assurance, New Horizons
• Brett Thompson: CEO, Interaction Disability Services
• Dennis J Clark: CEO, Clark Corporate Consulting

Many NDIS providers are doing governance the way people run a small business in a hurry: a few spreadsheets, a few registers, and a lot of human glue. In short: unsustainably.

The sector is under financial strain and regulatory pressure at the same time. StewartBrown's FY24 Disability Services Financial Benchmark found 67.1% of benchmark participants were operating at a loss, and total staff costs consumed 81.5% of operating revenue.

When margins are thin, the cost of slow decisions goes up. When scrutiny is rising, the cost of blind spots goes up faster.

Boards feel this first. Not because directors do not have information, but because the information arrives late, fragmented, and hard to trust. Too many organisations are trying to steer using a rear-view mirror - delayed reporting, manually consolidated, and disconnected from what is happening day-to-day across services.

The problem is not that providers lack registers. Most have plenty. The problem is that those registers do not talk to each other.

The hidden risk: Governance by "human integration"

In many providers, risk, compliance, incidents, audits, workforce issues and operational performance are maintained in separate tools and documents. Someone then has to stitch it together for the board pack.

In Drova's recent strategic webinar, Spinal Life Australia's Feedback & Compliance Manager Ivan McKay described that reality candidly: the registers exist, but they are separate - and making them coherent depends on a person who knows how to connect the dots. He likened himself to "a spider on a spiderweb," moving between systems that do not integrate.

That is a governance model with a single point of failure. It also turns reporting into a production line. McKay said the board report can be two to three weeks old by the time directors see it, after manual steps to export, sanitise and reformat data.

In a sector where incidents, workforce pressures and financial performance can shift quickly, that lag matters.

The board's job is to ask the uncomfortable questions early: Where are risks trending? Which controls are working? Where are we drifting outside appetite? What is the next intervention that actually changes the trajectory?

Those questions are hard to answer when the data is scattered, or when the only reliable "integration layer" is a handful of staff working from memory.

Why more reporting is not the answer

Boards are already drowning in paper. New Horizons' GM Enterprise Risk & Business Assurance Phil Grindley shared a familiar warning: board reporting can become a compliance artefact - thick documents that meet the requirement but do not drive decisions. He recalled directors referring to the heavy audit/risk/compliance papers as the next "Yellow Pages" instalment.

This is where governance fails quietly. It is possible to have an immaculate board pack and still miss the point: the board needs a clear narrative of what has changed, what it means, and what management is doing about it - backed by evidence.

Dennis Clark, CEO of Clark Corporate Consulting, put it simply: this is not "the vibe"; boards need evidence.

Evidence means trend lines, not anecdotes. It means leading indicators, not post-mortems. And it means clarity about accountability: who owns the risk, what is being done, and whether it is working.

The shift boards are pushing for: A single source of truth

The strongest theme from the webinar was: stop running governance on disconnected islands.

Drova co-founder Rachel Riley - also a board member and risk committee chair in the NDIS sector - argued that risk appetite statements often become shelfware: written, approved, and forgotten.

But appetite only matters when it is connected to day-to-day decisions. And that requires visibility into what is actually happening: incidents, audit findings, control performance, workforce pressures, financial sustainability and service-level outcomes - linked, not scattered.

Integration changes the nature of oversight. It moves boards from periodic, delayed snapshots to something closer to a live instrument panel. Instead of spending meeting time validating the numbers, directors can spend it debating actions, trade-offs and priorities.

It also changes what management can do. Interaction Disability Services CEO Brett Thompson described the difference when leaders can drill down by cost and profit centre: loss-making services are visible, drivers like overtime and staffing patterns become clearer, and the monthly rhythm shifts from reporting to problem-solving.

He summed up the common before-state: lots of data in many systems, but not converted into useful information.

In a sector where the workforce is the business, boards cannot afford "data-rich, information-poor" operations. They need the ability to see signals early - especially where participant safety, workforce stability and financial viability intersect.

The real friction: Cost optics and culture

The hard part is that better governance can look like overhead. McKay acknowledged the common barrier: organisations see the cost increase, but struggle to link it to how it is funded and what the benefit is - especially if GRC is perceived as something that "only benefits compliance."

Boards are increasingly challenging that framing. Riley's point - by implication - is that no one expects finance to run on manual ledgers; governance should not be run on manual stitching either.

And technology does not remove the need for leadership. Thompson was explicit that software supports process, but is not the process; it still requires cultural ownership across the organisation.

That is the board-level takeaway: this is not a tooling debate. It is an operating model decision.

If directors want earlier warning, clearer accountability, and fewer surprises, the path is not another spreadsheet or another register. It is building a connected system where risk, compliance, incidents and performance are visible in one place - so the board can govern with sightlines, not hindsight.