NDIS Audit Checklist

How to Prepare for Certification and Verification Audits

Preparing for an NDIS audit can feel overwhelming for many providers.

Whether you are undergoing your first NDIS certification audit or preparing for a verification audit, the process requires clear documentation, structured evidence, and strong alignment with the NDIS Practice Standards.

Auditors expect providers to demonstrate that their systems, policies, and operational practices meet the regulatory requirements set by the NDIS Quality and Safeguards Commission.

This guide provides a comprehensive NDIS audit checklist to help providers prepare for audits with confidence.

In this guide you will learn:

What an NDIS audit involves

The difference between certification and verification audits

The documentation auditors typically review

Common compliance gaps providers encounter

A practical checklist to prepare for your audit

Download

Fill out the form and receive your free NDIS Audit Checklist

What is an NDIS Audit?

An NDIS audit is an independent assessment carried out to determine whether a provider meets the requirements of the NDIS Practice Standards and the regulatory framework established by the NDIS Quality and Safeguards Commission.

Audits are required for providers seeking initial registration and for organisations renewing their registration. The purpose is to verify that providers are delivering safe, high-quality services, maintaining effective governance and risk management systems, protecting participant rights and wellbeing, and operating in line with NDIS provider compliance standards.

During the audit, assessors review policies, procedures, operational records, and supporting evidence across the relevant Practice Standards. What auditors are looking for is not just whether documentation exists, but whether it is current, consistent with actual practice, and structured to demonstrate compliance.

Certification Audits vs Verification Audits: What Is the Difference?

The type of audit your organisation undergoes depends on the support and services you deliver.

They involve a comprehensive assessment against the full NDIS Practice Standards, including both the core module and any additional modules relevant to the provider's registration groups. Certification audits are more intensive and typically take longer, depending on the organisation's size and the number of registration groups in scope.

Verification audits apply to providers delivering lower-risk supports. They are generally shorter and focus on the core module requirements. The scope is narrower, but the documentation expectations are still significant.

Understanding which pathway applies to your organisation is the first step in NDIS audit preparation. If you are unsure, the NDIS Commission's registration guidance sets out which supports require certification and which require verification.

Audit Type

Audit Type

Who Requires It

Who Requires It

Scope

Scope

Certification Audit

Certification Audit

Providers delivering higher-risk supports

Providers delivering higher-risk supports

Full NDIS Practice Standards

Full NDIS Practice Standards

Verification Audit

Verification Audit

Providers delivering lower-risk supports

Providers delivering lower-risk supports

Core module only

Core module only

The NDIS Audit Checklist: Every Area You Need to Cover

This NDIS provider checklist covers the key areas auditors review when assessing compliance with the NDIS Practice Standards. Work through each section ahead of your audit to identify gaps early and give your team time to address them properly.

Governance and Management

Auditors expect to see clear, documented governance and oversight structures. Leadership accountability and quality management processes are closely scrutinised in certification audits.

Your NDIS compliance checklist for governance should include:

Documented organisational governance structure

Clear leadership roles and responsibilities

A current risk management framework

Quality management system documentation

Continuous improvement processes with evidence of implementation

Board and leadership oversight of quality and compliance

Governance documentation needs to demonstrate that leadership is actively involved in overseeing compliance, not just nominally accountable for it.

Policies and Procedures

Policies must align with the NDIS Practice Standards and reflect how services are actually delivered. A policy that describes a process your organisation does not follow in practice is a compliance risk, not a compliance asset.

Key policies auditors typically review include:

Participant safeguarding policies

Complaints and feedback management procedures

Incident management policies

Risk management procedures

Privacy and confidentiality policies

Code of conduct

All policies should be version-controlled, regularly reviewed, and accessible to staff. Linking policies directly to the relevant Practice Standards requirements makes it significantly easier to demonstrate compliance during an audit.

Workforce Compliance

Providers must demonstrate that their workforce is appropriately screened, trained, and supported. This is one of the areas where non-conformities are most commonly identified.

Your NDIS provider compliance documentation should include:

Current worker screening check records for all relevant staff

Staff training records, including induction and ongoing training

Role descriptions for all positions

Supervision and performance management documentation

Evidence that staff understand the policies relevant to their roles

Auditors often probe this area by asking staff questions directly during site visits. Documentation alone is not sufficient if staff cannot demonstrate familiarity with key policies and procedures.

Incident Management

Incident management systems are a critical component of NDIS compliance requirements. Auditors look for evidence that incidents are captured consistently, investigated appropriately, and followed through with documented corrective actions.

Your incident management documentation should include:

Incident reporting procedures

Incident investigation processes

Incident registers with complete records

Corrective action and follow-up documentation

Evidence of pattern review and continuous improvement

Providers using structured incident management software are generally better positioned to demonstrate compliance in this area because incident records, evidence, and actions are maintained in one auditable system rather than spread across emails and shared drives.

Restrictive Practices

For providers supporting participants with behaviour support plans, restrictive practices compliance is one of the most closely scrutinised areas in a certification audit. Documentation requirements are specific and non-negotiable.

Auditors may review:

Behaviour support plans for relevant participants

Authorisation documentation for any restrictive practices in use

Monitoring and review processes

Reporting procedures and evidence of compliance with reporting obligations

This is an area where gaps in documentation carry significant consequences. If your organisation supports participants with behaviour support plans, ensure documentation is complete, current, and accessible before your audit date.

Participant Documentation

Participant records need to demonstrate that services are being delivered in accordance with the NDIS Practice Standards and each participant's individual plan and goals.

Documentation auditors typically review includes:

Participant service agreements

Consent documentation

Participant care records

Support plans and documented goals

Service delivery records

Records should be accurate, complete, consistently maintained, and stored securely. Incomplete or inconsistent participant documentation is one of the most common sources of non-conformities.

Complaints and Feedback Management

Providers must demonstrate that they have accessible, effective processes for managing complaints and feedback from participants and their representatives.

Documentation to prepare includes:

Complaints management policy and procedures

Complaints register with complete records

Evidence of complaint investigation and resolution

Feedback mechanisms and evidence of participant awareness

Auditors look for evidence that complaints are not just recorded but acted on and used to drive improvement.

Emergency and Disaster Management

Providers are expected to have documented plans for managing emergencies and business continuity events that could affect service delivery.

Relevant documentation includes:

Emergency management plans

Business continuity documentation

Evidence of staff training on emergency procedures

Review history for emergency management documentation

Common NDIS Audit Non-Conformities to Address Before Your Audit

Understanding what commonly goes wrong in NDIS audits helps providers prioritise their preparation. 

The most frequently identified non-conformities include:

Incomplete or missing staff training records. Training is completed but not documented, or records are stored inconsistently across systems.

Inconsistent incident documentation. Incidents are recorded, but investigation processes, corrective actions, or follow-up evidence are missing or incomplete.

Policies that do not reflect current practice. Policies exist but have not been reviewed recently, or do not match how services are actually delivered.

Limited evidence of governance oversight. Leadership accountability for quality and compliance is stated but not demonstrated through documented processes or review activity.

Gaps in restrictive practices documentation. Authorisation records, behaviour support plan reviews, or reporting evidence is incomplete or inaccessible.

Fragmented evidence across multiple systems. Evidence exists but is spread across folders, spreadsheets, and disconnected platforms, making it difficult to present coherently during an audit.

Addressing these areas before your audit significantly improves the likelihood of a positive outcome and reduces the risk of receiving corrective action requests that require follow-up after the assessment.

Understanding the NDIS Compliance Framework

The NDIS regulatory system follows a structured framework that auditors use when assessing providers. Understanding this structure helps teams organise their evidence and documentation in a way that maps clearly to audit expectations.

The framework follows this hierarchy:

Framework

Standard

Requirement

Evidence

Assessment

Action

In practice, this means providers need to be able to demonstrate that their policies, operational processes, and documentation align with each relevant requirement within the applicable Practice Standards modules.

For a detailed breakdown of the standards and requirements relevant to your registration scope, the NDIS Practice Standards and Quality Indicators published by the NDIS Commission are the authoritative reference.

How Compliance Software Helps With NDIS Audits

Many providers manage NDIS compliance requirements using spreadsheets, shared folders, and manual tracking systems. For smaller providers with a single registration group and limited complexity, this can work. For providers with multiple registration groups, multiple sites, or a growing participant base, it tends to break down.

Dedicated NDIS compliance software gives providers a structured way to manage the full compliance workload, including evidence management, policy governance, incident tracking, action management, and audit preparation, in one connected environment.

Key capabilities that support NDIS audit preparation include:

Evidence centralisation. Bring documentation from existing systems together into one compliance environment, so evidence is accessible and structured when auditors ask for it.

Practice Standards mapping. Map evidence and policies directly to the relevant NDIS Practice Standards requirements, with AI-assisted classification that reduces manual effort.

Gap identification. Surface missing or insufficient evidence before an audit, rather than discovering gaps during one.

Action tracking. Convert compliance gaps into tracked actions with owners, due dates, and evidence links, so remediation is managed and documented.

Audit pack generation. Compile evidence, assessments, and action records into structured audit packs that can be shared with auditors efficiently.

NDIS Audit Checklist: Preparation for Multi-Site Providers

Providers operating across multiple locations face an additional layer of complexity in audit preparation. Evidence standards, policy implementation, and incident documentation need to be consistent across sites, not just at the location an auditor happens to visit.

Common challenges for multi-site NDIS providers include:

Inconsistent documentation practices across locations

Difficulty confirming that all sites have current, reviewed policies

Workforce compliance records that are managed locally rather than centrally

No single view of compliance status across the organisation

Multi-site providers benefit most from structured compliance platforms that provide site-level visibility alongside organisation-wide reporting, so leadership can identify where compliance is strong and where it needs attention before an audit reveals it.

After the Audit: Managing Non-Conformities and Corrective Actions

Receiving non-conformities during an NDIS audit does not automatically mean a negative outcome. What matters is how the organisation responds.

When non-conformities are identified, providers are typically required to implement corrective actions within a specified timeframe and provide evidence demonstrating that the issues have been addressed. The quality of the corrective action response, including the documentation provided and the systemic changes made, is part of the overall compliance assessment.

Managing corrective actions through structured incident management or dedicated aged care compliance software gives providers a more organised way to track remediation, link evidence to specific non-conformities, and demonstrate follow-through to the auditing body.

How Often Do NDIS Providers Undergo Audits?

NDIS providers typically undergo audits during initial registration and periodically during registration renewal. Audit frequency can vary depending on the type of support delivered and the provider's compliance history.

Providers should not treat audits as isolated events. Maintaining continuous NDIS provider compliance means the documentation, evidence, and governance systems required for a successful audit are in place year-round, not assembled under pressure when a renewal date approaches.

For a broader picture of how compliance management works across the NDIS and other regulated care environments, see our SIRS reporting tools, or explore blogs on completing NDIS audits in 2026 or NDIS practice standards checklists.

Related Compliance Resources

You may also find these resources helpful:

NDIS Compliance Software

ACQS 2025 Explained

Aged Care Compliance Software

Healthcare Compliance Frameworks

Frequently asked questions

Frequently asked questions

Find answers to common questions about Willow and how it can benefit your business

Find answers to common questions about Willow and how it can benefit your business

What is the difference between a certification audit and a verification audit for NDIS providers?

Certification audits apply to providers delivering higher-risk supports and involve a comprehensive assessment against the full NDIS Practice Standards. Verification audits apply to lower-risk support providers and focus on the core module only. The scope and duration of each audit type differ significantly, so understanding which pathway applies to your organisation is an important first step in preparation.

What is the difference between a certification audit and a verification audit for NDIS providers?

Certification audits apply to providers delivering higher-risk supports and involve a comprehensive assessment against the full NDIS Practice Standards. Verification audits apply to lower-risk support providers and focus on the core module only. The scope and duration of each audit type differ significantly, so understanding which pathway applies to your organisation is an important first step in preparation.

What documentation do NDIS auditors typically review?

Auditors commonly review governance documentation, policies and procedures, staff training and screening records, incident registers and investigation records, participant service agreements and care records, restrictive practices documentation where applicable, and complaints management records. Documentation needs to be current, consistent with actual practice, and accessible during the audit.

What documentation do NDIS auditors typically review?

Auditors commonly review governance documentation, policies and procedures, staff training and screening records, incident registers and investigation records, participant service agreements and care records, restrictive practices documentation where applicable, and complaints management records. Documentation needs to be current, consistent with actual practice, and accessible during the audit.

How long does an NDIS certification audit take?

Certification audit timelines vary depending on the size of the organisation, the number of registration groups in scope, and the number of sites being assessed. Larger providers with multiple registration groups and locations should expect a more extended audit process. Verification audits are generally shorter, given their narrower scope.

How long does an NDIS certification audit take?

Certification audit timelines vary depending on the size of the organisation, the number of registration groups in scope, and the number of sites being assessed. Larger providers with multiple registration groups and locations should expect a more extended audit process. Verification audits are generally shorter, given their narrower scope.

How can compliance software help with NDIS audit preparation?

Dedicated NDIS compliance software helps providers centralise documentation, map evidence to Practice Standards requirements, identify gaps before an audit, track remediation actions, and generate structured audit packs. 

This supports continuous compliance management rather than reactive preparation, which reduces both the workload and the risk associated with upcoming audits.

How can compliance software help with NDIS audit preparation?

Dedicated NDIS compliance software helps providers centralise documentation, map evidence to Practice Standards requirements, identify gaps before an audit, track remediation actions, and generate structured audit packs. 

This supports continuous compliance management rather than reactive preparation, which reduces both the workload and the risk associated with upcoming audits.

Download the NDIS Audit Preparation Checklist

Working through audit preparation without a structured checklist is harder than it needs to be. Download the free NDIS compliance checklist to get a practical, organised reference covering every key area auditors review, from governance and workforce compliance to incident management and participant documentation.

The checklist covers:

Governance preparation

Compliance documentation

Workforce requirements

Incident management processes

Participant record management