Understanding what is involved in an audit

Quality audits

To apply for or renew registration with the NDIS Commission, all providers undergo an audit against the NDIS Practice Standards. An independent approved quality auditor will assess your organisation against the components of the NDIS Practice Standards that are relevant to the services and supports you deliver. Auditors will also undertake their activities in a way that takes your organisation’s size, scope, and service delivery risk into consideration.

Your organisation will undergo either a ‘verification’ or ‘certification’ quality audit. The NDIS Commission will advise you of the type of audit you require, which is based on your registration group(s).

As part of the application for registration or renewal, it is the provider’s responsibility to engage an approved quality auditor to assess your organisation’s compliance with the NDIS Practice Standards.

Verification audits

Usually, providers requiring a verification quality audit deliver lower risk/lower complexity supports and services. Many providers requiring a verification audit are already subject to professional regulation as a requirement of doing business, e.g. through the Australian Health Practitioner Regulation Agency (AHPRA) and other professional bodies.

Professional regulation means a practitioner must already meet set standards and is subject to ongoing monitoring of their competency to practice, including through continuing professional development.

Because of the existing obligations of these providers to their relevant professional bodies, and the less complex support types delivered, the provider will engage an approved quality auditor to complete a desktop review of the required documentary evidence outlined for each profession in the Verification Module.

Providers must show evidence of:

  • relevant qualifications;
  • expertise and experience;
  • incident management processes/policies;
  • complaints management processes/policies; and
  • risk management processes/policies.

As the NDIS market develops, the NDIS Commission will continue to monitor the effectiveness of these profession-specific regulatory frameworks to meet the NDIS Commission’s requirements in relation to safe, quality services for NDIS participants.

Certification audits

Providers requiring a certification audit provide more complex or higher risk supports and services. In a certification audit, providers are assessed against the NDIS Practice Standards which may include assessment against the core module and any supplementary module relevant to the type of support they deliver. The registration requirements outline the compliance requirements for the core and supplementary modules by registration group.

Assessment includes core capabilities, such as:

  • risk management;
  • delivery of supports;
  • the delivery environment; and
  • governance and operational management

NDIS providers that deliver services and supports within the High Intensity Daily Personal Activities registration group will be assessed against the High Intensity Skills Descriptors.

The provider will engage an approved quality auditor to complete the certification audit. This will include document reviews, site visits and interviews with NDIS workers and participants.

Related resources

For NDIS providers who require verification, this document outlines the evidence that auditors must receive in order to assess conformity with the verification module of the NDIS Practice Standards.

This guide summarises the registration requirements for NDIS providers based on entity type and the supports and services they deliver.