Why NDIS Audits Matter More Than Ever in 2026
The NDIS Commission's strengthened registration and audit framework — progressively rolled out from 2024 through 2026 — has significantly raised the bar for registered NDIS providers, particularly those delivering Supported Independent Living (SIL) and other high-intensity supports. Audits are no longer a formality. They are a rigorous, evidence-based assessment of whether your organisation genuinely operates in alignment with the NDIS Practice Standards and the NDIS Code of Conduct.
Failing an audit — or receiving conditions on your registration — can result in suspension of registration, mandatory corrective action plans, or referral to the NDIS Commission's compliance and enforcement team. For SIL providers especially, the stakes are high: non-registration means you cannot deliver SIL supports at all.
This guide explains, step by step, how to prepare so that audit day feels like a review of what you already do — not a scramble to plug gaps.
Step 1: Identify Which Practice Standards Apply to You
Not all NDIS Practice Standards apply to every provider. Your audit scope is determined by the registration groups you hold or are seeking. All registered providers are assessed against the Core Module. SIL providers and those delivering high-intensity daily personal activities are also assessed against the Specialist Supports Module and, where relevant, the Module on Implementing Behaviour Support Plans.
- Download the current NDIS Practice Standards from the NDIS Commission website.
- Cross-reference each Practice Standard with your registration group list.
- Note which standards are applicable, which are not, and document your reasoning — auditors expect you to understand your own scope.
The 2026 strengthened framework has introduced refined outcome indicators and increased scrutiny of evidence quality. Merely having a policy is no longer sufficient — auditors want to see that policy operating in practice, reflected in records, staff knowledge, and participant experience.
Step 2: Conduct a Thorough Internal Self-Assessment
Before your approved quality auditor sets foot in your organisation, conduct an honest internal audit against each applicable Practice Standard. This is the single most effective preparation step.
- Map evidence to each standard. For every Practice Standard outcome, identify the documents, records, and observable practices that demonstrate compliance.
- Check currency. Policies must be reviewed regularly and reflect current legislation and Commission guidance — not a version from several years ago.
- Interview your own staff. Auditors will speak directly to support workers. If your team cannot explain the complaints process, the incident reporting pathway, or what a restrictive practice is, that is a finding waiting to happen.
- Review participant records. NDIS support plans, risk assessments, consent records, and progress notes must be complete, contemporaneous, and accessible.
- Walk through a simulated audit scenario. Pick a random participant file and ask: could an auditor see, end-to-end, how this person's goals are being supported and how their safety is being maintained?
Step 3: Organise Your Evidence Portfolio
Auditors work from an evidence file — a structured collection of documents and records you provide. Organise this clearly and logically before audit day.
Core Module Evidence (all providers)
- Policies and procedures for rights and responsibilities, privacy, complaints, and incident management
- A register of incidents, complaints, and their resolution outcomes
- Worker screening clearances and records of currency for all staff
- Staff training records, including induction, safeguarding, and mandatory reporter training
- Evidence of participant feedback and co-design in service delivery
- Insurance certificates of currency
SIL and High-Intensity Support Additional Evidence
- Individual Support Plans aligned to each participant's NDIS plan goals
- Risk assessments specific to the living environment and each participant's support needs
- Health care plans and medication management protocols where applicable
- Behaviour Support Plans (BSPs) provided by a registered behaviour support practitioner, and evidence that all staff implementing a BSP have completed required training
- Restrictive practice authorisation documentation from the relevant state or territory oversight body
- Reports submitted to the NDIS Commission on regulated restrictive practices
- Transition plans and emergency/contingency arrangements for each SIL property
Step 4: Ensure Incident and Complaint Systems Are Airtight
Incident and complaint management is one of the most scrutinised areas in any NDIS audit, and one of the most common sources of non-conformances. The NDIS Commission requires that all reportable incidents — including unexpected deaths, serious injury, abuse, neglect, and unauthorised use of restrictive practices — are reported within the mandatory timeframes.
Before your audit:
- Confirm every reportable incident in your register has been reported to the Commission via the NDIS Commission Portal within the required timeframe.
- Ensure follow-up reports and final outcomes are completed where required — open incidents with no follow-up action are a red flag.
- Review your complaints register to confirm every complaint received a response, was investigated appropriately, and that the complainant was informed of the outcome.
- Check that your complaints policy is accessible to participants in plain English and, where needed, Easy Read or translated formats.
Step 5: Verify Worker Screening and Training Compliance
Every worker or volunteer who has more than incidental contact with NDIS participants in a risk-assessed role must hold a current NDIS Worker Screening Clearance. This is a mandatory, non-negotiable requirement.
- Audit your staff list against your worker screening register. Any gaps are immediate findings.
- Confirm screening clearances are current — they are not indefinite and must be renewed.
- Ensure all workers have completed the NDIS Worker Orientation Module ("Quality, Safety and You") and retain evidence of completion.
- For SIL, confirm that workers implementing behaviour support strategies have completed training verified by your behaviour support practitioner.
Common Non-Conformances Auditors Find (and How to Avoid Them)
| Common Finding | How to Prevent It |
|---|---|
| Policies exist but are not implemented in practice | Conduct staff interviews and check records against your written procedures before audit day |
| Reportable incidents not notified to the Commission within required timeframes | Maintain a real-time incident register and assign a designated staff member to monitor reporting obligations |
| Restrictive practices used without authorisation or without a current BSP | Audit every SIL property for any use of regulated restrictive practices; ensure each has state/territory authorisation on file |
| Worker screening clearances missing, expired, or not recorded | Maintain a live register with expiry dates and set calendar reminders for renewals |
| Participant support plans not updated following NDIS plan reviews | Build a workflow that triggers an internal plan review within a defined period after each participant's NDIS plan is renewed |
| Inadequate evidence of participant consultation in service delivery | Document participant feedback formally — meeting notes, signed support agreements, satisfaction surveys — not just verbal confirmation |
Step 6: Engage Your Approved Quality Auditor Early
Once you have submitted your audit application through the NDIS Commission portal, you will be matched with or select an Approved Quality Auditor (AQA) — an independent body approved by the Commission to conduct NDIS audits. For most SIL providers, this will be a certification audit (a more intensive two-stage process) rather than a verification audit.
Contact your AQA as early as possible to:
- Clarify exactly what evidence they will require and in what format
- Understand the audit timeline and any desktop review requirements prior to the on-site visit
- Ask about common findings they encounter in SIL audits — reputable AQAs are forthcoming on this
Practical Tip: Build a Standing Audit-Readiness File
The best-prepared providers treat audit readiness as an ongoing operational practice, not a once-every-three-years project. Maintain a living folder — digital or physical — containing your current policies, staff training certificates, incident register, worker screening register, and a rolling self-assessment checklist. Update it quarterly. When audit time arrives, you are not preparing from scratch.
If you are building your SIL compliance documentation from the ground up, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit — covering policies, procedures, registers, and templates aligned to the current NDIS Practice Standards — which can significantly reduce the time needed to get your evidence portfolio in order.
Final Checklist Before Audit Day
- All applicable Practice Standards mapped to your registration groups
- Internal self-assessment completed with evidence gaps addressed
- Incident and complaint registers reviewed and all required Commission notifications confirmed
- Restrictive practice authorisations on file and BSPs current
- Worker screening clearances verified for all risk-assessed roles
- Staff training records collated and accessible
- Participant support plans current and signed
- Evidence portfolio organised and indexed
- AQA engaged and audit logistics confirmed
Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.