Managing Notifications When Audit Findings Reveal Serious Care Failures
The issue is rarely that audits find problems — it is the gap between finding risk and acting on it quickly enough. Providers need clear audit-linked statutory reporting controls so serious findings trigger CQC notification review where required.
Audit evidence must not sit separately from incident management. Strong providers use robust assurance evidence to connect audit findings, care records, harm review, duty of candour and governance action.
This article forms part of the wider CQC compliance knowledge hub for adult social care, where audit must lead to accountable improvement.
Why this matters
Audits often reveal missed care, poor records, unsafe practice or delayed escalation. If these findings are treated only as quality issues, reporting duties may be missed.
Inspectors will expect providers to show how serious audit findings were reviewed, escalated and acted upon. Commissioners will expect evidence that audits protect people, not just measure paperwork.
A clear framework for audit-triggered notification review
Providers should identify the finding, assess whether harm or serious risk occurred, check affected records, decide whether notification or duty of candour applies and record all actions.
The review should link audit tools, care records, staff practice, communication logs and improvement plans.
Operational example 1: Medication audit reveals repeated missed doses
Baseline issue: Medication audits identified missed signatures, but harm review was not always completed. Improvement focused on fewer missed doses, clearer MAR evidence, stronger audits, staff feedback and competency checks.
Step 1: The medication auditor records missed dose evidence in the audit tool, including medicine, person affected, date, time and whether administration can be confirmed.
Step 2: The medication lead checks MAR charts, stock records and daily notes, recording whether the medicine was missed or only poorly documented.
Step 3: The Registered Manager reviews harm, repeated risk and reporting duties, recording notification and candour rationale in the notification tracker.
Step 4: The deputy manager completes staff competency review and records supervision, retraining or restriction of duties in staff records.
Step 5: The medication lead records corrective actions and outcome monitoring in the medication governance report and improvement plan.
What can go wrong is that missed signatures are corrected without checking whether medicines were actually given. Early warning signs include repeated gaps, stock discrepancies or staff uncertainty. Escalation moves to the Registered Manager and pharmacy advice where harm is possible. Consistency is maintained through audit-to-incident review.
Governance audits medication findings monthly against MAR charts, stock records, competency files and notification decisions. The Registered Manager reviews findings, with provider oversight quarterly. Action is triggered by confirmed missed doses, repeat gaps, unclear evidence or competency concerns.
Operational example 2: Care plan audit reveals unsupported high-risk needs
Baseline issue: Care plan audits identified outdated risk plans, but impact on delivered care was not always assessed. Improvement focused on faster updates, safer delivery, audit evidence, feedback and staff practice observation.
Step 1: The quality lead records the outdated care plan in the audit tool, including risk area, date last reviewed and people affected.
Step 2: The team leader checks daily care records and records whether staff were delivering support that matched current known needs.
Step 3: The Registered Manager assesses whether outdated guidance caused harm or serious risk and records the notification decision in the tracker.
Step 4: The care plan lead updates the care plan and records revised instructions in the care planning system and handover notes.
Step 5: The deputy manager observes staff practice and records whether revised guidance is being followed in quality observation records.
What can go wrong is that outdated plans are treated as document issues rather than care risks. Early warning signs include staff giving different answers, repeated incidents or family concern. Escalation goes to the Registered Manager, with immediate interim guidance issued. Consistency is maintained through high-risk care plan alerts.
Governance audits high-risk care plan updates monthly, checking care records, incident links, staff observations and notification rationale. The quality lead reports to the Registered Manager. Action is triggered by outdated plans, missed care, repeated risk events or poor staff understanding.
Operational example 3: Infection control audit reveals unsafe practice
Baseline issue: Infection audits produced actions, but serious practice failures were not always reviewed for notification or candour. Improvement focused on safer practice, clearer audit escalation, feedback and staff competency evidence.
Step 1: The infection control lead records the unsafe practice in the audit tool, including area observed, people affected and immediate control required.
Step 2: The shift lead implements immediate corrective action and records changes in the infection control action log.
Step 3: The Registered Manager reviews whether exposure, harm or outbreak risk requires notification and records the rationale in the tracker.
Step 4: The deputy manager records staff supervision or competency checks in training records and the infection control governance file.
Step 5: The infection control lead completes follow-up observation and records improvement evidence in the audit closure report.
What can go wrong is that audit actions are closed before exposure risk is understood. Early warning signs include repeated poor practice, missing PPE checks or infection clusters. Escalation moves to the Registered Manager and infection control lead, with immediate staff briefing and enhanced monitoring. Consistency is maintained through serious audit finding escalation.
Governance audits infection control action closure monthly against audit tools, observation records, training evidence and notification decisions. The Registered Manager reviews higher-risk findings. Action is triggered by exposure risk, repeat failures, incomplete training or infection-related harm.
Commissioner expectation
Commissioners expect audits to identify risk and drive action. They will want assurance that serious findings are escalated, not left as routine improvement actions.
They also expect measurable improvement. Evidence may include fewer repeat findings, faster action closure, improved staff practice, stronger care records and clearer feedback from people and representatives.
Regulator and inspector expectation
Inspectors will compare audit findings with incident records, care plans, medication records, staff files, communication logs and notification trackers. They will expect clear escalation where findings indicate harm or serious risk.
They will also consider whether duty of candour was required where audit findings reveal avoidable harm, missed care or unsafe practice.
Conclusion
Serious audit findings must be treated as governance triggers, not just quality assurance tasks. Providers need to show what the audit found, who was affected, whether harm or serious risk occurred and whether CQC notification or duty of candour duties applied.
Good governance links audit tools, care records, incident evidence, staff competency, communication logs, improvement plans and notification trackers. This makes audit a live safety system rather than a retrospective paperwork exercise.
Outcomes are evidenced through reduced repeat findings, stronger audit closure, improved staff practice, clearer care records and better feedback. Consistency is maintained through audit escalation rules, high-risk finding review, Registered Manager oversight and provider-level sampling.
For commissioners and inspectors, strong audit-linked notification governance shows that the provider acts on evidence quickly and protects people through accountable improvement.