NDIS Audit Checklist
How to Prepare for Certification and Verification Audits
Preparing for an NDIS audit can feel overwhelming for many providers.
Whether you are undergoing your first NDIS certification audit or preparing for a verification audit, the process requires clear documentation, structured evidence, and strong alignment with the NDIS Practice Standards.
Auditors expect providers to demonstrate that their systems, policies, and operational practices meet the regulatory requirements set by the NDIS Quality and Safeguards Commission.
This guide provides a comprehensive NDIS audit checklist to help providers prepare for audits with confidence.
In this guide you will learn:
What an NDIS audit involves
The difference between certification and verification audits
The documentation auditors typically review
Common compliance gaps providers encounter
A practical checklist to prepare for your audit
Download
Fill out the form and receive your free NDIS Audit Checklist
What is an NDIS Audit?
An NDIS audit is an independent assessment carried out to determine whether a provider meets the requirements of the NDIS Practice Standards and the regulatory framework established by the NDIS Quality and Safeguards Commission.
Audits are required for providers seeking initial registration and for organisations renewing their registration. The purpose is to verify that providers are delivering safe, high-quality services, maintaining effective governance and risk management systems, protecting participant rights and wellbeing, and operating in line with NDIS provider compliance standards.
During the audit, assessors review policies, procedures, operational records, and supporting evidence across the relevant Practice Standards. What auditors are looking for is not just whether documentation exists, but whether it is current, consistent with actual practice, and structured to demonstrate compliance.
Certification Audits vs Verification Audits: What Is the Difference?
The type of audit your organisation undergoes depends on the support and services you deliver.
They involve a comprehensive assessment against the full NDIS Practice Standards, including both the core module and any additional modules relevant to the provider's registration groups. Certification audits are more intensive and typically take longer, depending on the organisation's size and the number of registration groups in scope.
Verification audits apply to providers delivering lower-risk supports. They are generally shorter and focus on the core module requirements. The scope is narrower, but the documentation expectations are still significant.
Understanding which pathway applies to your organisation is the first step in NDIS audit preparation. If you are unsure, the NDIS Commission's registration guidance sets out which supports require certification and which require verification.
The NDIS Audit Checklist: Every Area You Need to Cover
This NDIS provider checklist covers the key areas auditors review when assessing compliance with the NDIS Practice Standards. Work through each section ahead of your audit to identify gaps early and give your team time to address them properly.
Governance and Management
Auditors expect to see clear, documented governance and oversight structures. Leadership accountability and quality management processes are closely scrutinised in certification audits.
Your NDIS compliance checklist for governance should include:
Documented organisational governance structure
Clear leadership roles and responsibilities
A current risk management framework
Quality management system documentation
Continuous improvement processes with evidence of implementation
Board and leadership oversight of quality and compliance
Governance documentation needs to demonstrate that leadership is actively involved in overseeing compliance, not just nominally accountable for it.
Policies and Procedures
Policies must align with the NDIS Practice Standards and reflect how services are actually delivered. A policy that describes a process your organisation does not follow in practice is a compliance risk, not a compliance asset.
Key policies auditors typically review include:
Participant safeguarding policies
Complaints and feedback management procedures
Incident management policies
Risk management procedures
Privacy and confidentiality policies
Code of conduct
All policies should be version-controlled, regularly reviewed, and accessible to staff. Linking policies directly to the relevant Practice Standards requirements makes it significantly easier to demonstrate compliance during an audit.
Workforce Compliance
Providers must demonstrate that their workforce is appropriately screened, trained, and supported. This is one of the areas where non-conformities are most commonly identified.
Your NDIS provider compliance documentation should include:
Current worker screening check records for all relevant staff
Staff training records, including induction and ongoing training
Role descriptions for all positions
Supervision and performance management documentation
Evidence that staff understand the policies relevant to their roles
Auditors often probe this area by asking staff questions directly during site visits. Documentation alone is not sufficient if staff cannot demonstrate familiarity with key policies and procedures.
Incident Management
Incident management systems are a critical component of NDIS compliance requirements. Auditors look for evidence that incidents are captured consistently, investigated appropriately, and followed through with documented corrective actions.
Your incident management documentation should include:
Incident reporting procedures
Incident investigation processes
Incident registers with complete records
Corrective action and follow-up documentation
Evidence of pattern review and continuous improvement
Providers using structured incident management software are generally better positioned to demonstrate compliance in this area because incident records, evidence, and actions are maintained in one auditable system rather than spread across emails and shared drives.
Restrictive Practices
For providers supporting participants with behaviour support plans, restrictive practices compliance is one of the most closely scrutinised areas in a certification audit. Documentation requirements are specific and non-negotiable.
Auditors may review:
Behaviour support plans for relevant participants
Authorisation documentation for any restrictive practices in use
Monitoring and review processes
Reporting procedures and evidence of compliance with reporting obligations
This is an area where gaps in documentation carry significant consequences. If your organisation supports participants with behaviour support plans, ensure documentation is complete, current, and accessible before your audit date.
Participant Documentation
Participant records need to demonstrate that services are being delivered in accordance with the NDIS Practice Standards and each participant's individual plan and goals.
Documentation auditors typically review includes:
Participant service agreements
Consent documentation
Participant care records
Support plans and documented goals
Service delivery records
Records should be accurate, complete, consistently maintained, and stored securely. Incomplete or inconsistent participant documentation is one of the most common sources of non-conformities.
Complaints and Feedback Management
Providers must demonstrate that they have accessible, effective processes for managing complaints and feedback from participants and their representatives.
Documentation to prepare includes:
Complaints management policy and procedures
Complaints register with complete records
Evidence of complaint investigation and resolution
Feedback mechanisms and evidence of participant awareness
Auditors look for evidence that complaints are not just recorded but acted on and used to drive improvement.
Emergency and Disaster Management
Providers are expected to have documented plans for managing emergencies and business continuity events that could affect service delivery.
Relevant documentation includes:
Emergency management plans
Business continuity documentation
Evidence of staff training on emergency procedures
Review history for emergency management documentation
Common NDIS Audit Non-Conformities to Address Before Your Audit
Understanding what commonly goes wrong in NDIS audits helps providers prioritise their preparation.
The most frequently identified non-conformities include:
Incomplete or missing staff training records. Training is completed but not documented, or records are stored inconsistently across systems.
Inconsistent incident documentation. Incidents are recorded, but investigation processes, corrective actions, or follow-up evidence are missing or incomplete.
Policies that do not reflect current practice. Policies exist but have not been reviewed recently, or do not match how services are actually delivered.
Limited evidence of governance oversight. Leadership accountability for quality and compliance is stated but not demonstrated through documented processes or review activity.
Gaps in restrictive practices documentation. Authorisation records, behaviour support plan reviews, or reporting evidence is incomplete or inaccessible.
Fragmented evidence across multiple systems. Evidence exists but is spread across folders, spreadsheets, and disconnected platforms, making it difficult to present coherently during an audit.
Addressing these areas before your audit significantly improves the likelihood of a positive outcome and reduces the risk of receiving corrective action requests that require follow-up after the assessment.
Understanding the NDIS Compliance Framework
The NDIS regulatory system follows a structured framework that auditors use when assessing providers. Understanding this structure helps teams organise their evidence and documentation in a way that maps clearly to audit expectations.
The framework follows this hierarchy:
Framework
Standard
Requirement
Evidence
Assessment
Action
In practice, this means providers need to be able to demonstrate that their policies, operational processes, and documentation align with each relevant requirement within the applicable Practice Standards modules.
For a detailed breakdown of the standards and requirements relevant to your registration scope, the NDIS Practice Standards and Quality Indicators published by the NDIS Commission are the authoritative reference.
How Compliance Software Helps With NDIS Audits
Many providers manage NDIS compliance requirements using spreadsheets, shared folders, and manual tracking systems. For smaller providers with a single registration group and limited complexity, this can work. For providers with multiple registration groups, multiple sites, or a growing participant base, it tends to break down.
Dedicated NDIS compliance software gives providers a structured way to manage the full compliance workload, including evidence management, policy governance, incident tracking, action management, and audit preparation, in one connected environment.
Key capabilities that support NDIS audit preparation include:
Evidence centralisation. Bring documentation from existing systems together into one compliance environment, so evidence is accessible and structured when auditors ask for it.
Practice Standards mapping. Map evidence and policies directly to the relevant NDIS Practice Standards requirements, with AI-assisted classification that reduces manual effort.
Gap identification. Surface missing or insufficient evidence before an audit, rather than discovering gaps during one.
Action tracking. Convert compliance gaps into tracked actions with owners, due dates, and evidence links, so remediation is managed and documented.
Audit pack generation. Compile evidence, assessments, and action records into structured audit packs that can be shared with auditors efficiently.
NDIS Audit Checklist: Preparation for Multi-Site Providers
Providers operating across multiple locations face an additional layer of complexity in audit preparation. Evidence standards, policy implementation, and incident documentation need to be consistent across sites, not just at the location an auditor happens to visit.
Common challenges for multi-site NDIS providers include:
Inconsistent documentation practices across locations
Difficulty confirming that all sites have current, reviewed policies
Workforce compliance records that are managed locally rather than centrally
No single view of compliance status across the organisation
Multi-site providers benefit most from structured compliance platforms that provide site-level visibility alongside organisation-wide reporting, so leadership can identify where compliance is strong and where it needs attention before an audit reveals it.
After the Audit: Managing Non-Conformities and Corrective Actions
Receiving non-conformities during an NDIS audit does not automatically mean a negative outcome. What matters is how the organisation responds.
When non-conformities are identified, providers are typically required to implement corrective actions within a specified timeframe and provide evidence demonstrating that the issues have been addressed. The quality of the corrective action response, including the documentation provided and the systemic changes made, is part of the overall compliance assessment.
Managing corrective actions through structured incident management or dedicated aged care compliance software gives providers a more organised way to track remediation, link evidence to specific non-conformities, and demonstrate follow-through to the auditing body.
How Often Do NDIS Providers Undergo Audits?
NDIS providers typically undergo audits during initial registration and periodically during registration renewal. Audit frequency can vary depending on the type of support delivered and the provider's compliance history.
Providers should not treat audits as isolated events. Maintaining continuous NDIS provider compliance means the documentation, evidence, and governance systems required for a successful audit are in place year-round, not assembled under pressure when a renewal date approaches.
For a broader picture of how compliance management works across the NDIS and other regulated care environments, see our SIRS reporting tools, or explore blogs on completing NDIS audits in 2026 or NDIS practice standards checklists.
Related Compliance Resources
You may also find these resources helpful:
NDIS Compliance Software
ACQS 2025 Explained
Aged Care Compliance Software
Healthcare Compliance Frameworks
Download the NDIS Audit Preparation Checklist
Working through audit preparation without a structured checklist is harder than it needs to be. Download the free NDIS compliance checklist to get a practical, organised reference covering every key area auditors review, from governance and workforce compliance to incident management and participant documentation.
The checklist covers:
Governance preparation
Compliance documentation
Workforce requirements
Incident management processes
Participant record management

