From assurance to proof: how the new Aged Care Act is reshaping governance

Governance in aged care has entered a new phase – boards are no longer being asked for assurance, but for proof. 

The Act’s early months are already reshaping what governance looks like in practice. 

If workforce is the operating engine of the reforms, governance is the hinge that now connects frontline care, data and board accountability. 

That shift was a central theme during DCM Group’s recent webinar examining the first 120 days of the Act, where sector leaders discussed how the reforms are already moving from policy to practice. 

Moderated by DCM Group CEO Chris Baynes, the panel featured: 

• Lahn Straney, Chief Scientific Officer, Health Metrics
• Cynthia Payne, Founder, Anchor Excellence
• Michael Wild, Chief Operating Officer, Southern Cross Care Queensland
• Lana Richards, Chief Quality Officer, Catholic Healthcare

For Michael, the arrival of the registration renewal process was the moment reform moved from theory to reality. 

“It made it real very quickly,” he told the audience. “It forced us to step back and ask: how confident are we that what’s happening at service level matches what we’re reporting?” 

 That question increasingly defines governance under the new Act. 

Lahn said it is exposing a deeper issue for providers: whether their systems can actually produce reliable evidence rather than fragmented assurance. 

“We’re working hard for this data,” he said. “How can we make that data and information work harder for us?” 

The first 120 days have shown that registration renewal, graded standards, strengthened enforcement and public transparency are not simply bureaucratic hurdles. They represent a significant shift in how providers are assessed. 

Boards are no longer asked whether they believe quality is being delivered – they are expected to demonstrate how they know. 

Governance as enterprise risk 

As explored in Part 1, the Act’s early impact is being felt on shift. The next question is how boards govern that reality. 

The Aged Care Quality and Safety Commission’s move toward risk-based regulation means that identifying early warning signals and trends is critical. 

Boards must now see beyond simple reporting and understand whether the data beneath it stands up – and whether the systems producing that data are capable of revealing risk early. 

Cynthia (pictured top) believes this is where many organisations will be tested. 

“Governance can’t just be a compliance project,” she said. “It has to be treated as enterprise risk.” 

A compliance project can be delegated – but risk to the organisation and its strategy cannot be an individual responsibility. 

Risk needs to be a live discussion across board debates, audit committees and executive dashboards. 

With graded standards and public reporting now embedded in the new Act, reputational exposure is a real challenge. Star Ratings and enforcement actions will be visible to consumers, families and financial backers alike. 

From narrative to evidence 

Lana said the practical implication is that boards need sharper line of sight into service-level performance – something that increasingly depends on how information is captured, connected and reported across the organisation. 

“It’s about moving from narrative to evidence,” she stated. “We can’t rely on assurances that everything is fine. We need to know what’s happening and why.” 

 That does not mean overwhelming directors with more reports – it means refining reporting so the indicators presented genuinely signal risk. 

“We had to ask ourselves whether the data we were presenting was helping the board see what matters,” she explained. “If it doesn’t change a decision, why are we reporting it?” 

That is where technology becomes critical. If care data, incidents, complaints and workforce metrics sit in different systems, the board’s view of risk will always be incomplete. 

In simple terms, volume does not create visibility. 

Seeing risk earlier 

This means that incident management, complaints, workforce metrics, care minutes and financial sustainability can no longer sit in separate silos. 

For example, a spike in agency staff usage may signal workforce strain, which may in turn result in documentation gaps that could drive reportable incidents. 

Cynthia argues that connecting those threads is now core governance work. 

“We don’t want the Commission to be the one identifying our risk patterns,” she said. “Boards should already have that visibility.” 

Michael describes a similar shift in admissions decisions, recognising that accepting residents whose needs outweigh the ability of the workforce can create downstream risk. 

“Decision-making around admissions needs to be more robust,” he underlined. “It’s about being honest about capacity and capability.” 

Technology now sits at the centre of governance 

Lahn believes governance effectiveness now rests heavily on data integrity. 

“If the underlying data isn’t clean or standardised, you can’t get reliable insight,” he stressed. “And if you can’t get reliable insight, governance becomes guesswork.” 

 As regulatory reporting becomes increasingly structured and digital, disconnected systems can create blind spots and make it harder for boards to see risk emerging in real time. 

Lahn said many providers are discovering that governance confidence depends on the quality and consistency of the data generated at the frontline. 

“When information flows from the point of care through to reporting without duplication, it gives confidence,” he said. “It means what the board sees reflects what’s actually happening.” 

“But collecting accurate data at the frontline also depends on staff understanding how that information will be used and seeing that it creates value for care delivery as well as governance.” 

The lesson therefore is that governance must be embedded as a daily operational practice rather than a quarterly review. 

With tighter registration cycles, greater transparency and sharper enforcement, boards are not required to be omnipresent – but they must be informed, and that now depends on clarity rather than volume. 

In this new era, governance will not be measured by the number of policies on file, but by whether directors can answer a simple question with confidence: how do we know? 

Because in the Act’s new framework, assurance is no longer enough – providers must be able to prove it.