The NDIS audit cycle is the repeated process in which NDIS-approved auditors review your organisation's compliance with the NDIS Commission Practice Standards. These are carried out at planned intervals. The audit cycle will vary depending on if you are a verified or certified provider.

Verified Providers

Those providers delivering low risk registration groups, will undertake an initial Verification audit (post registration application submission) and then every 3 years to have their Registration renewed. These providers are required to demonstrate compliance to the NDIS Practice Standards Verification Module. 

Certified Providers 

Those providers delivering medium to high risk registration groups, will undertake a Certified audit consisting of, an initial audit (post registration submission), a Midterm audit (an audit within 18 months post registration approval), and a re-certification audit every 3 years. The initial audit is broken down into Stage 1 and Stage 2 addressing 24 or more NDIS Practice Standards. 

Remaining Elements of Certification Audit 

Following initial registration, providers may have outstanding elements that were unable to be assessed during the initial audit, the NDIS Commission may impose conditions on the provider’s registration requiring the provider may need to complete an additional audit to demonstrate compliance to these conditions. For example, a new provider may not have had any participants at the time of their initial registration audit, therefore once service delivery commences to a participant, the provider must engage an Approved Quality Auditor to address the remaining elements of certification which includes reviewing participant files and conducting participant interviews to demonstrate compliance with the condition. 

Mid-term Audits

A midterm audit is a mandatory quality check that occurs midway through an NDIS Certified  provider’s 3-year registration cycle.

It’s designed to ensure that the provider continues to meet the NDIS Practice Standards and is maintaining good governance, risk management, and participant safeguarding within their registration period. 

Midterm audits must be conducted within 18 months after the registration date. It’s an on-site check-in audit where auditors focus mainly on Division 2 of the Core Module, which addresses governance and operational management. 

The Midterm audits purpose is to confirm that your organisation is still operating safely, ethically, and in line with NDIS quality and compliance requirements. An Approved Quality Auditor will review selected policies, procedures, staff records, incidents and complaints, and your evidence of continuous improvement to make a recommendation to the NDIS Commission for continued registration. If gaps are identified, a certified provider will be required to complete a Corrective Action Plan which may also lead to an additional audit known as a Corrective Action Audit to demonstrate rectification of gaps identified.

The 3-yearly audit cycle - Recertification Audit 

If you wish to remain registered under the National Disability Insurance Scheme (NDIS), you need to renew your Registration every three years before your registration period ends. Renewal may commence six months prior to the expiry date, noting that if the registration renewal process is not commenced within this time frame your registration may lapse This is a requirement for all registered providers.

For Certified providers, the registration renewal cycle is comprised of both Stage 1 and Stage 2 audits. The Stage 1 audit is an off-site, desk-top audit that determines your readiness for the Stage 2 audit, the Stage 2 audit is then conducted within three months of the Stage 1 audit and is conducted on-site. An onsite audit will consist of auditors coming to your place of business and any outlets, such as disability group homes or day centres, to evaluate the NDIS Practice Standard under Division 4: Provision of Support Environment, ensuring that locations where services are provided are safe for participants. 

In contrast, NDIS providers undertaking a verification audit will have their verification audit conducted off-site, therefore providers are required to prepare all their documentation via an online drive or platform by which the auditor is granted access to in order to assess the providers documentation. 

Both Stage 1 and Stage 2 audits, and Verification audits, are performed by a NDIS approved quality auditor who will examine the evidence you provide against the relevant modules of the NDIS Practice Standards.

NDIS AUDITING – FAQs

What is the difference between a NDIS verification audit and an NDIS certification audit?

NDIS verification audits are for organisations that wish to register for low-risk support activities. Verification audits are conducted off-site, which means that they are less expensive than certification audits.

NDIS certification audits are for organisations that are registered or wish to register for complex or higher-risk supports. Certification audits are usually more complex and can take months to complete as they involve both on-site and off-site stages. They often also involve staff and client interviews as a part of the process.

What are the NDIS audit requirements?

The requirements of an NDIS audit will vary on the type of NDIS audit undertaken, and the size, and scope of your organisation.

For an NDIS verification audit, the provider will be required to show evidence of:

• Relevant qualification
• Expertise and experience
• Incident management policies and processes
• Complaint management policies and processes
• Risk management

NDIS certification audits are more complex and involve both a documentation audit, as well as an on-site audit. Certification audits are assessed against the core module as well as any supplementary modules related to the supports provided to participants. Your Scope of Audit document will indicate the modules required to be assessed during the audit.

A certification audit of the core module assesses:

• Participants Rights
• Emergency Management 
• Risk management
• Incident & Complaints Management 
• Support Planning
• Delivery of supports
• The delivery environment
• Prevention of Violence, Abuse, Neglect, Exploitation or Discrimination 
• The delivery environment
• Governance and operational management

A Certified provider may also provide supports under supplementary modules which include:

• Module 1: High Intensity Daily Personal Activities
• Module 2: Specialist Behaviour Support, or
• Module 2a: Providers Implementing Behaviour Support Plans
• Module 3: Early Childhood Supports
• Module 4: Specialised Support Coordination, and 
• Module 5: Specialist Disability Accommodation

How much does an NDIS verification audit cost?

It can be difficult to estimate the cost of an NDIS verification audit as the final cost will depend on a number of factors. These factors include the size and scope of your organisation, and the Approved Quality Auditor (AQA) doing the auditing.

Since the NDIS Commission does not dictate the prices that auditing bodies can charge, the price for an NDIS audit can vary wildly. It is often a good idea to approach multiple AQAs for quotes.

What is the NDIS auditing process?

The NDIS auditing process will differ depending on whether a provider requires a verification or a certification audit. But the audit process will include the same steps:

The NDIS auditing process includes:

1. Confirmation of your audit scope, which will include confirming your registration groups, participants and workers and sites where services are provided.
2. The AQA will develop the Audit plan and provide this to you prior to the audit.
3. The audit will be completed as per the audit plan.
4. If there are non-conformances identified, you will be required to complete a non-conformance report detailing corrective actions to address the gaps - a follow up audit may be required.
5. The auditor will prepare a report based on the findings and submit their recommendation to the NDIS Commission.
6. The NDIS Commission will then provide their registration decision.