How to Prepare for Your NDIS Registration Audit

Your Audit is Coming: Now What?

You've submitted your application, the Commission has reviewed it, and now it's time for your audit. For many providers, this is the most nerve-wracking part of the entire registration process.

Here's the truth: audits are structured and predictable. If you've done the work, you'll be fine. This guide helps you prepare effectively and understand what auditors are actually looking for.

---

Understanding Your Audit Type

Verification Audit

What it is: A desktop-based review of your documentation and evidence.

Cost: $800 - $1,500 Duration: Typically 1-2 weeks Format: No site visit - auditor reviews documents remotely

What happens:

1. Auditor receives your application and self-assessment
2. They review your policies, procedures, and evidence
3. They may request additional documents
4. They interview you (phone or video) about your practices
5. They write their report

Who gets verification:

• Lower-risk registration groups
• Support coordination
• Many allied health services
• Community participation
• Some assistance with daily life

Certification Audit

What it is: A comprehensive review including site visit and participant interviews.

Cost: $3,000 - $6,000+ Duration: 2-4 weeks Format: Desktop review plus on-site component

What happens:

1. Desktop review phase (similar to verification)
2. Site visit to your premises
3. Observation of service delivery (where possible)
4. Staff interviews
5. Participant interviews
6. Evidence review on-site
7. Audit report

Who gets certification:

• Higher-risk registration groups
• Specialist Disability Accommodation
• Specialist behaviour support
• High intensity daily personal activities
• Early childhood supports

---

Pre-Audit Preparation: The Weeks Before

4-6 Weeks Before: Document Review

Policies and Procedures:

• Are all your policies current (review dates within last 12 months)?
• Do policies actually reflect your practice?
• Are version numbers and dates consistent?
• Can you find everything quickly?

Evidence:

• Is your evidence organised and accessible?
• Does your evidence match what you claimed in self-assessment?
• Are there gaps in documentation?

Records:

• Are participant records complete?
• Are staff training records current?
• Is your complaints register up to date?
• Are incident records complete and appropriately managed?

2-4 Weeks Before: Staff Preparation

If you have staff:

• Brief them on the upcoming audit
• Review key policies together
• Practice answering questions about procedures
• Ensure they know where to find policies
• Confirm their worker screening is current

Even for solo providers:

• Review your own understanding of your policies
• Practice articulating your approach
• Prepare examples of how you implement your policies

1 Week Before: Final Check

Documentation:

• Final review of all required documents
• Create an evidence pack for easy access during audit
• Update anything that's become outdated
• Fill any remaining gaps

Logistics:

• Confirm audit timing with auditor
• Ensure you're available during scheduled times
• Have contact details readily available
• Prepare your workspace (for video calls or site visits)

---

What Auditors Are Actually Looking For

Auditors aren't trying to trick you. They're assessing whether you meet the NDIS Practice Standards. Understanding their perspective helps you prepare.

1. Policy-Practice Alignment

The Question: Do your documented policies match what you actually do?

What they'll check:

• Interview responses that match policy content
• Evidence that policies are implemented
• Consistency between what you say and what's documented

Red Flags:

• Staff who can't explain policies
• Policies that describe practices you don't actually follow
• Evidence that contradicts documented procedures

How to Prepare:

• Read your policies before the audit
• Be honest about actual practice
• Update policies if they don't reflect reality

2. Evidence of Implementation

The Question: Can you prove you do what you say you do?

What they'll check:

• Records that demonstrate policy implementation
• Documentation of actual events (complaints, incidents, feedback)
• Training records showing staff engagement with policies
• Meeting minutes, review records, improvement activities

Red Flags:

• Policies with no evidence of use
• Perfect records (suggests they're not real)
• Inability to provide examples

How to Prepare:

• Have specific examples ready
• Know where your evidence is located
• Be prepared to walk through real scenarios

3. Staff Understanding

The Question: Do people in your organisation actually understand the policies and procedures?

What they'll check (in certification audits):

• Staff can explain procedures in their own words
• Staff know where to find policies
• Staff understand their responsibilities
• Responses are consistent across different people

Red Flags:

• Staff who've clearly never seen policies
• Contradictory responses between staff members
• Inability to answer basic questions about procedures

How to Prepare:

• Train staff before the audit (but don't coach specific answers)
• Ensure policies are accessible
• Discuss key procedures so understanding is genuine

4. Participant Experience

The Question: What is the actual experience of the people you support?

What they'll check (in certification audits):

• Participant interview responses
• Complaints and how they were handled
• Feedback mechanisms and responses
• Respect for choice and control

Red Flags:

• Participants who feel unsafe or unheard
• No complaints ever (suggests people don't feel safe complaining)
• No evidence of participant input into services

How to Prepare:

• Don't coach participants on what to say
• Ensure participants know what an audit is and why it's happening
• Be genuinely confident in your service quality

5. Continuous Improvement

The Question: Do you learn and improve over time?

What they'll check:

• Records of reviews and improvements
• Response to feedback
• Changes made based on incidents or complaints
• Quality improvement activities

Red Flags:

• No evidence of any changes or improvements
• Complaints with no documented response
• Incidents with no corrective actions
• Policies never reviewed or updated

How to Prepare:

• Document improvements you've made
• Show how feedback has influenced your practice
• Be able to discuss what you've learned and changed

---

Common Audit Pitfalls (And How to Avoid Them)

Pitfall 1: Over-Promising in Self-Assessment

The Problem: Claiming compliance you can't demonstrate.

Example: Your self-assessment says you have a comprehensive training program, but you can only show staff read an email.

Solution: Be honest in your self-assessment. If you're partially compliant, say so and explain your approach.

Pitfall 2: Outdated Documents

The Problem: Policies with old review dates or superseded information.

Example: A complaints policy that references the old NDIS Commission phone number, or a privacy policy that doesn't mention current legislation.

Solution: Review all documents before the audit. Update dates, check details, ensure currency.

Pitfall 3: Disorganised Evidence

The Problem: Not being able to find documents when asked.

Example: Auditor asks for your risk register. You spend 10 minutes searching through folders while they wait.

Solution: Organise everything in advance. Create an evidence pack. Know where everything is.

Pitfall 4: Inconsistent Responses

The Problem: You say one thing, your policies say another, your staff say something else.

Example: You describe your complaints process one way, but your policy documents a different process, and your staff describe yet another approach.

Solution: Ensure everyone understands the same procedures. Align your policies with actual practice.

Pitfall 5: No Evidence of Complaints or Incidents

The Problem: Claiming you've never had a complaint or incident.

Why it's a problem: This isn't credible. Everyone has complaints and incidents. If you have none recorded, it suggests your systems aren't working.

Solution: Even minor complaints and incidents should be documented. Having them shows your systems work.

---

On Audit Day: What to Expect

For Verification Audits

Typical Schedule:

• Initial phone/video call (30-60 mins)
• Document review (auditor works independently)
• Follow-up questions via email or call
• Draft findings discussion

Your Role:

• Be available for scheduled calls
• Respond promptly to document requests
• Answer questions honestly and specifically
• Ask for clarification if you don't understand something

For Certification Audits

Typical Schedule:

Day 1 (Desktop Review):

• Similar to verification audit
• Document review and initial assessment

Day 2 (Site Visit):

• Arrival and introduction
• Facility tour
• Document review on-site
• Staff interviews
• Observation of service delivery

Day 3+ (if needed):

• Participant interviews
• Additional document review
• Exit meeting with findings summary

Your Role:

• Welcome the auditor professionally
• Have documents accessible
• Allow staff to be interviewed privately
• Don't hover or try to influence conversations
• Take notes on feedback

---

Handling Non-Conformances

Non-conformances aren't failure. They're improvement opportunities that need to be addressed before registration.

Types of Non-Conformances

Minor: Small gaps that don't significantly impact participant safety or service quality.

• Missing documentation
• Minor policy gaps
• Record-keeping issues

Major: Significant gaps that could affect participant safety or represent systematic issues.

• Fundamental policy failures
• Evidence of harm or risk
• Multiple related issues suggesting systematic problems

Resolution Process

1. Receive written findings - The auditor documents what needs to be addressed
2. Develop corrective action - You create a plan to address each non-conformance
3. Implement changes - Make the required improvements
4. Provide evidence - Demonstrate to the auditor that issues are resolved
5. Auditor verification - Auditor confirms corrective action is adequate

Timeline for Resolution

• Minor non-conformances: Usually 30-90 days to resolve
• Major non-conformances: May require longer timeframes and potentially a follow-up audit

Tips for Resolution

• Address non-conformances promptly and thoroughly
• Don't argue about findings - focus on solutions
• Provide clear evidence of corrective action
• Ask for guidance if you're unsure what's required

---

After Your Audit

If Successful

1. Auditor submits report to NDIS Commission
2. Commission reviews audit report
3. Registration decision made
4. Certificate issued
5. You appear on the public provider register

Timeline: 4-12 weeks after audit completion

Preparing for Ongoing Compliance

Registration is the beginning, not the end. Prepare for:

• Mid-cycle review (usually Year 2)
• Renewal audit (Year 3)
• Ongoing compliance monitoring
• Continuous improvement expectations

---

Final Preparation Checklist

Documentation Ready

• All policies current and reviewed
• Evidence organised and accessible
• Records complete and accurate
• Self-assessment responses verifiable

People Prepared

• Staff briefed on audit process
• Key procedures reviewed
• Worker screening current
• Contact details available

Logistics Confirmed

• Audit dates and times confirmed
• Space prepared (for site visits)
• Technology tested (for video calls)
• Key documents easily accessible

Mindset Ready

• Understand what auditors are looking for
• Prepared to be honest and specific
• Ready to demonstrate, not just describe
• Viewing audit as improvement opportunity

---

The Bottom Line

Audit preparation isn't about creating an impressive show. It's about genuinely meeting the NDIS Practice Standards and being able to demonstrate that compliance.

If you've done the work - developed appropriate policies, implemented them properly, and maintained good records - the audit is simply an opportunity to showcase your compliance.

Prepare thoroughly, be honest, and trust in the work you've done. Good luck!