Your QMS, not your spreadsheet.
From 1 July 2025 the TPB Code requires every registered tax practitioner to have a Quality Management System. ICB members already do. Most "QMS products" just sell you templates. Onestop QMS gives you the working system — live registers, version-controlled documents, auto-generated manual, every change audit-logged.
The TPB Code raised the bar. Most practices are still using templates and a shared drive.
A folder of Word docs no one updates. A risk register that hasn't moved since the partner first opened it. Audit-day panic.
From 1 July 2025, every registered tax practitioner needs a QMS that covers governance, risk, training, documentation and supervision. Documented.
Show your QMS in operation. Every risk reviewed, every incident closed, every doc current, every staff member trained. Proof, not promises.
Four things, working together. Not 50 tabs.
A manual that writes itself.
Your QMS Manual is generated from the live system — org details, registered services, professional memberships, insurance, current registers, current procedures. Every export is versioned and audit-stamped. Underlying documents have version control, approval workflows, scheduled review dates and supersession tracking. Update once, the manual updates everywhere.
- Auto-generated QMS manual with version history
- Document version control + supersession
- Approval workflows for new versions
- Scheduled review reminders before docs go stale
Five live registers, not five spreadsheets.
Risks, incidents, complaints, breaches and conflicts of interest. Each register is a live system with status, owner, controls, treatment and review cadence. Risks score themselves on a 5×5 likelihood-impact matrix. Complaints calculate SLA deadlines on Australian business days. Nothing slips because nothing relies on someone remembering.
- Risk register — 5×5 matrix, auto-scored, controls + treatment tracked
- Incident log — injuries, near misses, IT/security events, with investigations
- Complaints register — SLA deadlines (1/3/5/10 business days)
- Breach register — data, privacy, compliance breaches with severity scoring
- Conflict register — declarations and management
The system runs the rhythm.
Staff log incidents. Mandatory sign-offs (code of conduct, cyber, WHS, conflict declarations) are tracked per person with expiry dates. Training records carry their own expiry dates. The system flags every overdue review, every expiring qualification, every breaching SLA — before they become an audit finding.
- Staff competency & mandatory sign-offs (code of conduct, cyber, WHS)
- Training records with auto-expiry detection
- Insurance + professional membership expiry tracking (PI, ICB, IPA, CPA, CA ANZ)
- Scheduled reviews for risks, documents, competencies
Audit-ready by default, not by panic.
Every create, every update, every approval, every status change — logged with who did it, when, and what changed. Export the audit trail. Export a current QMS Manual. Export every register as PDF or CSV. The TPB asking "show me your QMS" goes from a six-week project to a one-click PDF.
- Complete change history on every record
- One-click export of the QMS manual + supporting registers
- PDF and CSV formats — the regulator's expected shape
- Multi-year retention — the audit goes back as far as the org does
An operational QMS. Not a folder of templates.
founder
"I've spent 30+ years in IT watching practices try to operate a QMS out of a Word doc and a goodwill spreadsheet. The TPB Code finally forced the conversation. Onestop QMS is the working answer — built by someone who's seen what an audit actually looks like, not someone who's only sold templates."
The TPB asked for a QMS.
Give them a working one.
One month free to start. Cancel anytime. Australian-owned and operated.