How often do NDIS providers have to be audited?

Registered NDIS providers are audited at least twice within each three-year registration period: a full certification audit at registration or re-registration, and a mid-term verification audit approximately eighteen months in. High-risk providers such as SIL operators may face additional or unannounced audits if the NDIS Commission identifies compliance concerns.

Can the NDIS Commission conduct an unannounced audit?

Yes. The NDIS Commission has the power to initiate compliance audits at any time, including unannounced visits. These are typically triggered by reportable incidents, participant or family complaints, patterns in incident data, or broader regulatory monitoring activities.

What is the difference between a certification audit and a verification audit?

A certification audit is a comprehensive, on-site assessment against all relevant NDIS Practice Standards and is required for providers delivering higher-risk supports, including SIL. A verification audit is a less intensive desktop-based review used for providers delivering lower-risk supports, or as a mid-cycle check for certification pathway providers.

What happens if a provider fails an NDIS audit?

If an auditor identifies major non-conformances, the NDIS Commission may impose conditions on the provider's registration, require a corrective action plan, suspend registration, or in serious cases cancel it entirely. Minor non-conformances typically require a documented improvement response within a specified timeframe.

Do SIL providers face more frequent audits than other NDIS providers?

SIL providers are on the certification pathway, which means they undergo the most rigorous form of audit. While the formal cycle (three years, with a mid-term check) is the same, SIL providers are at higher risk of reactive or unannounced audits because they deliver complex, 24-hour supports where incidents and complaints are more likely to arise.

How do the strengthened 2026 NDIS Practice Standards affect audit requirements?

The strengthened standards increase expectations around individualised support planning, governance accountability, workforce competency, and the reduction of restrictive practices. Auditors are now expected to look for evidence that these stronger requirements are embedded in day-to-day practice, not just reflected in policy documents.

How Often Are NDIS Providers Audited? (2026 Guide)

NDIS Audit Frequency: What Providers Need to Know in 2026

One of the most common questions disability support providers ask when preparing for registration — or re-registration — is simply: how often will we actually be audited? The answer depends on the type of supports you deliver, your registration group, and your ongoing compliance track record. With the strengthened NDIS Practice Standards coming into full effect in 2026, understanding the audit cycle has never been more important for SIL and other high-intensity support providers.

The Standard Audit Cycle

Registered NDIS providers are subject to audits conducted by NDIS Commission-approved quality auditors. The standard registration period is three years. Within that period, most providers will face two audits:

Certification audit — conducted at or before initial registration and again at re-registration (every three years). This is a comprehensive, on-site assessment of your entire suite of policies, procedures, and evidence of practice against the relevant NDIS Practice Standards.
Mid-term verification audit — conducted approximately eighteen months into the registration period. This is a desktop or limited on-site review that checks whether your systems and practices remain compliant between full certification cycles.

Not every provider faces the same scope. The NDIS Commission assigns providers to a certification pathway or a verification pathway depending on which registration groups they hold. Providers delivering higher-risk, higher-intensity supports — including SIL, specialist disability accommodation (SDA), behaviour support, and early childhood supports — must follow the certification pathway and undergo the full on-site certification audit. Providers delivering lower-risk supports may only require verification, which is less extensive.

When Audits Can Happen Outside the Standard Cycle

The three-year registration and mid-cycle structure is the minimum audit rhythm, not a guarantee that you will only hear from an auditor twice. The NDIS Commission holds powers to initiate additional audits at any time, including unannounced audits, in response to:

Reportable incidents, particularly those involving serious injury, death, or use of restrictive practices
Complaints from NDIS participants, their families, or advocates
Intelligence gathered through the Commission's regulatory monitoring, including tip-offs or media reports
Patterns identified in a provider's incident or complaint data
Concerns raised during a mid-term verification that warrant deeper investigation

The Commission also conducts compliance audits — sometimes sector-wide, sometimes targeted at specific provider types — as part of its proactive regulatory work. These are separate from the standard audit cycle and can occur without prior warning.

How the Strengthened 2026 Practice Standards Change the Landscape

The NDIS Commission introduced the strengthened NDIS Practice Standards progressively, with 2026 representing the year by which most registered providers should be demonstrably meeting the updated requirements. The strengthened standards place greater emphasis on:

The quality and safety of individualised supports, particularly for participants with complex needs
Provider governance, including board and leadership accountability
Workforce capability — formal training, supervision, and competency verification
Rights-based approaches and the reduction and elimination of restrictive practices
Robust incident management and a genuine culture of continuous improvement

For SIL providers specifically, auditors will scrutinise whether support plans are genuinely individualised, whether incident and near-miss data is being used to drive practice improvements, and whether the physical and emotional safety of each participant in the living arrangement is being actively maintained. Common non-conformances identified by approved quality auditors in SIL settings include incomplete or outdated behaviour support plans, gaps in the documentation of restrictive practices, and insufficient evidence that participants have been meaningfully involved in decisions about their own support.

What an Approved Quality Auditor Actually Checks

During a certification audit, an NDIS Commission-approved quality auditor will assess your organisation against each Practice Standard relevant to your registration groups. For SIL providers, this typically includes the Core Module as well as the High Intensity Daily Personal Activities and Specialist Behaviour Support modules where applicable. The auditor will:

Review documentary evidence: policies, procedures, support plans, incident records, complaints registers, training logs
Interview staff at multiple levels, from frontline support workers to managers and leaders
Interview participants and, where appropriate, their nominees or family members
Observe the environment, including how participants' homes are presented and maintained
Test the robustness of your quality management system, including how you identify, respond to, and learn from non-conformances

The auditor will issue a report that classifies findings as conformant, non-conformant (minor or major), or not applicable. A major non-conformance can result in conditions being placed on your registration or, in serious cases, suspension or cancellation.

Practical Steps to Stay Audit-Ready Between Audits

Given that audits can occur outside the standard cycle, operating as though an auditor could arrive at any time is not paranoia — it is sound practice. The following steps help SIL and other high-intensity support providers maintain ongoing readiness:

Maintain a live document register. Every policy and procedure should have a review date, an owner, and version control. Auditors frequently identify out-of-date documents as a non-conformance.
Run internal audits quarterly. Use the NDIS Practice Standards as your checklist. Assign internal audit responsibilities to a senior staff member and act on findings before the external auditor does.
Keep incident and complaints records current and analysed. The Commission expects to see not just that incidents were recorded, but that the data was reviewed for trends and used to improve practice.
Document participant involvement. For SIL, evidence that participants actively contributed to decisions about their own support — including the people they live with and the routines they follow — is scrutinised closely under the 2026 strengthened standards.
Verify restrictive practice authorisations are current. Expired or unauthorised behaviour support plans and restrictive practices are among the highest-risk non-conformances and can trigger reactive audits independently of the standard cycle.
Prepare your workforce. Staff should be able to articulate the rights of participants, your organisation's complaints process, and their own reporting obligations — not just read from a policy document.

A Note on Audit Costs and Resourcing

Providers bear the cost of approved quality auditor fees, which vary depending on the size of the organisation, the scope of the audit, and whether it is a certification or verification audit. Planning for these costs as part of your annual budget — rather than treating them as a surprise expense — is part of operating a sustainable, compliant organisation. The NDIS Commission publishes guidance on approved quality auditors, including how to select one and what to expect from the process.

Building a Culture of Continuous Compliance

The most audit-resilient providers do not treat compliance as something that happens in the weeks before an auditor arrives. They build it into daily operations: incident reviews in team meetings, regular supervision conversations that reference Practice Standards, and leadership that models rights-based language and decision-making. When the auditor does arrive — on schedule or unexpectedly — there is nothing to scramble for because the evidence of good practice is simply what the organisation does every day.

If your organisation is preparing for a certification audit or wants to close gaps ahead of the 2026 strengthened standards, the ndiscompliant.com.au 74-document audit-ready SIL compliance kit provides a structured, policy-level foundation aligned to the current NDIS Practice Standards — a practical starting point for providers who want to get their documentation in order without starting from scratch.

Key Takeaway

For most registered NDIS providers, the audit rhythm is a certification audit every three years with a mid-term verification audit at roughly the halfway point. For SIL and high-intensity support providers, the stakes at each audit are higher, the documentation requirements are more extensive, and the risk of a reactive or unannounced audit is real. Treating audit readiness as an ongoing discipline — not a periodic scramble — is the approach that the strengthened 2026 Practice Standards are designed to reward.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.