Understanding what is involved in an audit

Quality audits

To apply for or renew registration with the NDIS Commission, all providers undergo an audit against the NDIS Practice Standards. An independent approved quality auditor will assess your organisation against the components of the NDIS Practice Standards that are relevant to the services and supports you deliver. Auditors will also undertake their activities in a way that takes your organisation’s size, scope, and service delivery risk into consideration.

Your organisation will undergo either a ‘verification’ or ‘certification’ quality audit. The NDIS Commission will advise you of the type of audit you require, which is based on your registration group(s).  The applicable NDIS Practice Standards and audit types are set out in Part 6 – NDIS Practice Standards of the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 and summarised in a registration requirements document.

As part of an application for registration or renewal, it is the applicant’s responsibility to engage an approved quality auditor to assess your organisation’s compliance with the NDIS Practice Standards.

It is the responsibility of the approved quality auditor to prepare the audit report in a way that enables the NDIS Commissioner to use the information to inform their decision in determining an applicant’s suitability. Approved quality auditors are guided by the National Disability Insurance Scheme (Approved Quality Auditors Scheme) Guidelines 2018 and the Principles for Audit Reports which can be found in the Quick Reference Guide: Principles for Audit Reports.

Proportionality applies to registration requirements

Registration requirements and the NDIS Practice Standards apply in proportion to the size, scale and type of supports and services your organisation delivers. This means, for example, that a provider with only a few workers and a small number of participants needs to present a different level of evidence to meet requirements, compared to a national provider with a large workforce and many participants.

Verification audits

Usually, providers requiring a verification quality audit deliver lower risk or lower complexity supports and services.

Many providers requiring a verification audit are already subject to professional regulation as a requirement of doing business, e.g. through the Australian Health Practitioner Regulation Agency (AHPRA) and other professional bodies. 

Professional regulation means a practitioner must already meet set standards and is subject to ongoing monitoring of their competency to practice, including through continuing professional development.

Because of the existing obligations of these providers to their relevant professional bodies, or the less complex support types delivered, the provider will engage an approved quality auditor to complete a desktop review of the required documentary evidence outlined for each profession in the Verification Module.

Providers must show evidence of:

  • relevant qualifications;
  • expertise and experience;
  • incident management processes/policies;
  • complaints management processes/policies; and
  • risk management processes/policies.

Certification audits

Providers requiring a certification audit provide more complex or higher risk supports and services. In a certification audit, providers are assessed against the NDIS Practice Standards which may include assessment against the core module and any supplementary module relevant to the type of support they deliver. The registration requirements outline the compliance requirements for the core and supplementary modules by registration group.

Assessment includes core capabilities, such as:

  • risk management;
  • delivery of supports;
  • the delivery environment; and
  • governance and operational management.

NDIS providers that deliver services and supports within the High Intensity Daily Personal Activities registration group will also be assessed against the High Intensity Supports Skills Descriptors (HISSD).

The provider will engage an approved quality auditor to complete the certification audit. This will include document reviews, site visits and interviews with NDIS participants and workers.

Mid-term audits

NDIS providers are generally registered for a period of three years.  Registered NDIS providers who deliver higher-risk and more complex supports requiring a certification audit are required to undergo a mid-term audit as a condition of their registration

A mid-term audit must commence no later than 18 months after the beginning of the period of registration (unless otherwise specified by the Commissioner), and a report must be given to the Commissioner as soon as practicable after the audit is completed. 

A mid-term audit includes an assessment of the NDIS Practice Standards relating to provider governance and operational management; as well as any standard which was previously assessed as requiring a corrective action plan; and may include additional NDIS Practice Standards, if specified by the Commissioner in writing. 

The requirement for the mid-term audit does not apply to:

  • a provider that is an individual or partnership and early intervention supports for early childhood is the only registration group they are registered for that requires a certification audit; or
  • a provider who is only registered to provide specialist disability accommodation; or
  • a provider that is a transitioned provider.

Audits outside of the three year registration cycle

A requirement to undertake an audit and the timing of an audit may be imposed as a condition on any registered NDIS provider under section 73G of the NDIS Act.  The NDIS Commission undertakes monitoring of compliance with these audit requirements.

This includes a condition of registration imposed on new providers requiring them to complete elements of a quality audit that involves NDIS participant engagement, within a specified time of the provider commencing service delivery to participants. 

Providers may also organise an audit at any time to support an application to vary their registration, for example when seeking to add registration groups or expand service delivery. 

Related Resource

Related resources

For NDIS providers who require verification, this document outlines the evidence that auditors must receive in order to assess conformity with the verification module of the NDIS Practice Standards.

This guide summarises the registration requirements for NDIS providers based on entity type and the supports and services they deliver.

These principles for audit reporting form the AQA audit reporting requirements as per section 16(1) of the National Disability Insurance Scheme (Approved Quality Auditor Scheme) Guidelines 2018 (AQA Guidelines).