Do you need an NDIS governance framework? Provider requirements

Who needs an NDIS governance framework?

Every registered NDIS provider is required to have a governance framework. This is not optional, and it is not something you build only when an auditor is at the door. The NDIS Practice Standards — which form the core quality benchmarks against which all registered providers are assessed — contain an entire module dedicated to governance arrangements.

The requirement applies regardless of your organisation's size. A small sole-operator running a few SIL places and a large multi-site disability support organisation are both required to have documented governance structures, accountability mechanisms, and evidence that leadership is actively managing the organisation in the interests of participants.

Under the strengthened NDIS Practice Standards that came into effect progressively from 2024 and continue to be refined heading into 2026, governance obligations have become more explicit. Providers can no longer point to informal arrangements or verbal agreements as evidence of compliance. Governance must be documented, implemented, monitored, and improved.

What the NDIS Practice Standards actually require

The NDIS Quality and Safeguards Commission publishes the Practice Standards, which sit alongside the NDIS Code of Conduct as the two pillars of provider quality obligations. The governance and operational management section of the Practice Standards sets out the following core requirements:

• Defined organisational structure: Your organisation must have a clear structure showing who holds decision-making authority, who is accountable for what, and how leadership oversight works in practice.
• Roles and responsibilities documented: Position descriptions, delegation frameworks, and reporting lines must be in writing and kept current. Staff must know who they report to and what decisions they can make independently.
• Risk management system: You must have a systematic approach to identifying, assessing, and managing risks — including risks to participant safety, service continuity, and organisational sustainability. A risk register updated at defined intervals is a standard component.
• Human resources management: Governance extends to how you recruit, screen, supervise, and develop staff. This includes NDIS Worker Screening, mandatory reporting obligations, and performance management processes.
• Financial management: The Practice Standards require registered providers to demonstrate financial viability and sound financial management. For SIL providers, this includes budget oversight at both the house and organisational level.
• Continuous improvement: You must have a process for monitoring your own performance, identifying issues, and making improvements — not just when problems arise, but as a routine organisational function.
• Feedback, complaints, and incidents: Your governance framework must connect to your incident management system, your complaints handling process, and your restrictive practices procedures. These cannot sit as standalone documents disconnected from how decisions are made at the top of the organisation.

Why governance matters more for SIL providers

Supported Independent Living is classified as a higher-risk support category under the NDIS registration system. Providers of SIL are required to be registered under the NDIS and undergo an approved quality audit — either a certification audit or a verification audit, depending on the scope of supports delivered.

For SIL providers specifically, auditors will scrutinise governance arrangements with particular attention to:

• How the organisation oversees the daily management of SIL houses, including after-hours and emergency protocols
• Whether there is genuine board or leadership oversight of participant safety outcomes, not just administrative compliance
• How restrictive practices are authorised, monitored, and reported within the governance chain
• Whether the organisation has sufficient staff at leadership level to actually implement its governance commitments
• How incidents are escalated from frontline staff to leadership and, where required, to the NDIS Commission

The 2026 registration reform changes — which require all previously exempt providers to register if they deliver certain supports — have brought a new cohort of smaller SIL-adjacent providers into the registered system. Many of these organisations have strong care practices but underdeveloped governance documentation. That gap creates real audit risk.

What a governance framework should contain: a practical checklist

A compliant NDIS governance framework is not a single document. It is a set of interrelated policies, procedures, and structures that together demonstrate your organisation is managed responsibly. At minimum, your framework should contain or reference the following:

1. Governance policy: A high-level statement of your governance model, including the role of the board or governing body, how decisions are made, and how leadership is accountable to participants and the NDIS Commission.
2. Organisational structure chart: Current, dated, and showing real reporting lines — not an aspirational chart that does not match how the organisation actually works.
3. Delegations register: Who can authorise what, to what financial or operational limit, and under what circumstances decisions must escalate.
4. Risk management policy and risk register: A live document, reviewed at defined intervals, covering strategic, operational, participant safety, and compliance risks.
5. Conflict of interest policy: How conflicts are declared, recorded, and managed, including at board level.
6. Continuous improvement register: A log of improvement actions, their status, and the person responsible — connected to complaints, incidents, audits, and staff feedback.
7. Workforce governance procedures: Screening, induction, supervision schedules, and performance review processes with documented completion evidence.
8. Financial governance documents: Budget approval processes, financial reporting schedules, and controls over participant funds and SIL house budgets.
9. Policy review schedule: Every governance document must have a nominated review date and an owner responsible for keeping it current.

Consequences of not having a governance framework

The NDIS Commission has broad powers to act against registered providers that cannot demonstrate compliance with the Practice Standards. Consequences for inadequate governance can include:

• Audit non-conformances: An auditor who finds inadequate governance will raise a non-conformance. Depending on severity, this can delay your registration renewal, require corrective action within a short timeframe, or result in conditions on your registration.
• Conditions or suspension: The Commission can impose conditions on a provider's registration, restrict the types of supports they can deliver, or in serious cases suspend or revoke registration entirely.
• Banning orders: Where governance failures contribute to participant harm, individuals in leadership positions can face banning orders preventing them from working in the NDIS sector.
• Civil penalty provisions: Certain failures — particularly in relation to incident reporting and restrictive practices — carry civil penalty provisions under the NDIS (Providers Registration and Practice Standards) Rules.

Beyond regulatory consequences, poor governance creates real operational risk: undetected safeguarding issues, inconsistent participant outcomes, staff turnover driven by unclear expectations, and financial instability.

Building or strengthening your governance framework

If your organisation does not yet have a formal governance framework, or if your existing documents are outdated or incomplete, the most practical starting point is a gap analysis against the NDIS Practice Standards. Map every standard against what you currently have in writing, identify what is missing or needs updating, and prioritise based on audit risk and participant safety impact.

For providers preparing for a certification audit, governance documents will be among the first materials an auditor requests. Having a complete, coherent, and consistently implemented governance framework — rather than a collection of unconnected policy documents — significantly reduces audit stress and demonstrates organisational maturity.

Providers who want a head start on documentation can find it useful to work from an audit-ready template set. The 74-document SIL compliance kit available at ndiscompliant.com.au covers governance policies, risk registers, workforce procedures, incident frameworks, and restrictive practice documentation built to the current Practice Standards — useful as a reference base to adapt for your own organisation's context.

Whatever approach you take, ensure your governance framework is a living system, not a filing exercise. The NDIS Commission expects providers to demonstrate that governance documents are actively used — that staff know they exist, that leadership acts on them, and that the organisation improves because of them.