An NDIS audit is not a test of how well you write. It's a test of whether your service does, day to day, what your documents say it does — and whether you can show it. For SIL, that test is more searching than for most supports, because SIL is intensive, often around-the-clock, and delivered inside someone's home. This article is written for the provider who has to act before the deadline: read it, then work the timeline.
Why SIL means certification, not verification
There are two NDIS audit pathways, and which one applies decides how much work preparation involves. Verification is the lighter, desktop-only document check for lower-risk supports. Certification is the full, two-stage independent audit for higher-risk, more complex supports — and SIL sits firmly on the certification side.
That means you are assessed against the full NDIS Practice Standards: the Core Module that every certified provider must meet, plus the new supplementary SIL module introduced for 2026. The four new SIL outcomes — covered in detail in our SIL Practice Standards explainer — are layered on top of the Core Module, and the audit covers both. If you've only ever prepared for a verification-style document review, certification will feel like a different exercise: the auditor doesn't just read your policies, they come into the home and check the policies are real. We break the two pathways apart in verification vs certification.
A certification audit tests three legs for every requirement: the policy (what you say you do), the record (proof it has been done over time), and observable practice (what the auditor sees and hears on site). A policy with no matching record reads as aspirational. Prepare all three legs, not just the documents.
The two-stage audit process, step by step
A certification audit is delivered by an approved quality auditor — an independent body, not the Commission itself — and certification audits require at least two auditors. The process runs in a defined sequence:
- Apply through the NDIS Commission and choose the registration groups (classes of support) you deliver — for SIL that includes the new 0138 — Assistance with supported independent living group.
- Complete a self-assessment against the Core Module and the SIL supplementary module. This is your own honest scoring of how you meet each outcome — and it's the document the auditor reads first.
- Engage an approved quality auditor and book the audit. Quotes and lead times vary; see how much NDIS compliance costs for current ranges.
- Stage 1 — the desktop audit. The auditor reviews your documents: policies, procedures, registers and self-assessment. They confirm your management system exists on paper and flag gaps to close before the site visit.
- Stage 2 — the onsite audit. The Stage 2 visit should take place within the three months after Stage 1. This is where the auditor samples files, visits SIL homes, interviews people, and observes practice. The focus deliberately shifts from what the policies say to what actually happens.
- Draft report and findings. After the onsite visit, the auditor drafts the formal audit report summarising the evidence gathered, the findings, and the rationale for each conclusion.
- Close non-conformities. If the auditor raises any, you address them within the required timeframe (more on scoring below).
- The Commission's decision. The Commission considers the auditor's report and decides your registration outcome and period.
The whole chain takes time — which is exactly why the deadline math matters. We map every step with current timing in the NDIS audit timeline and process guide, and the SIL provider registration guide 2026 walks the Commission application end to end.
Walk into Stage 1 with the paperwork already done
The SIL Rescue Kit is 74 editable Word policies, forms and registers, mapped to the Practice Standards an assessor works through for SIL — including an audit evidence checklist that ties each record to its outcome. $297 one-time, vs $4,400–$8,000 for a consultant. Read every page free before you buy.
See what's in the kit →What an auditor actually samples
The single most useful thing to understand about audit prep is what gets sampled. An auditor cannot read everything, so they pull a representative cross-section and test whether it holds together. The number of participants, workers and sites sampled isn't a fixed figure — it's set by the auditor using a proportionality formula based on the size and reach of your service. For a small provider that may be a handful of files and one or two homes; the principle is the same either way.
Here is what an auditor draws from, layer by layer:
| Evidence layer | What the auditor samples and tests |
|---|---|
| Policies & procedures | Your full suite — governance, risk, incident management, complaints, privacy, WHS, HR, medication, emergency and disaster management, restrictive practices (where used). Tested for whether they're customised to your real entity, not template placeholder text. |
| Registers | Incident, complaints, risk, worker screening, training, continuous improvement. Tested for whether they're current, dated, and show action taken — not just events logged. Empty or stale registers are the most-flagged issue. |
| Participant files | A selection of real files. The auditor follows the thread: signed, current service agreement linked to NDIS goals; progress notes that link support to those goals; and — under the new SIL outcomes — evidence of decisions made by the participant. |
| Worker files | A selection of staff files checked for current NDIS Worker Screening Check status, induction, training currency and supervision. The new SIL workforce-consistency outcome tests whether support quality stays the same across workers and shifts — see worker screening for SIL staff. |
| The SIL homes | Site visits to sampled homes: medication storage and records, per-home emergency and evacuation plans, environmental safety, and how overnight incidents are escalated. This is the layer generic policy libraries miss entirely. |
| Interviews & observation | Conversations with management, workers, and — with consent — participants, plus direct observation of practice. The auditor is checking that what people say matches what the documents show. |
Two SIL-specific layers deserve special attention because the Commission checks them first and a gap here is hard to argue away. The first is restrictive practice: if any restrictive practice is used in your homes it must be properly authorised and reported, and "we don't use any" is a legitimate, defensible answer when it's true — see restrictive practice authorisation for SIL providers. The second is tenancy versus service: your SIL service agreement must keep the participant's tenancy rights separate from the support arrangement, which we unpack in SIL tenancy vs service agreement. For the full picture of every document an assessor expects, the SIL audit survival guide maps the lot, and what auditors check for SIL providers goes deeper on the evidence layers.
Not sure which of these layers you're weakest on? Run the free SIL Readiness Scorecard — it asks ten quick questions across the exact domains an auditor samples and shows you, in about 90 seconds, where your gaps are before you ever book an auditor.
How findings are scored — and what to do about them
Auditors don't give a vague pass/fail. Each requirement is rated, and where you fall short the gap is recorded as a non-conformity with one of two severities. Knowing the difference removes most of the fear, because it tells you exactly what a finding will cost you.
| Rating | What it means for you |
|---|---|
| Major non-conformity (0) | A serious gap. You typically have three months to fix it, and your registration will not progress until the issue is addressed and the audit is successfully completed. |
| Minor non-conformity (1) | A lesser gap. You get a longer window to fix it, and you can continue the registration process while you do. |
When the auditor raises a non-conformity, you're generally required to provide a corrective action plan — describing how you'll fix it — within seven calendar days of their request. The auditor explains the classification and the corrective-action expectations at the time, so you're not guessing. A practical takeaway: a single major non-conformity can stall your whole registration, so the documents that map to the highest-risk outcomes (restrictive practice, worker screening, incident management, medication, emergency planning) are the ones to get airtight first. We cover the recovery path in detail in the audit non-conformance guide and what happens if you fail an NDIS audit.
A week-by-week preparation timeline
The worst way to prepare is to manufacture a year of evidence the week before the auditor arrives — it's obvious, and it fails. The best way is a steady rhythm that builds a defensible trail. Here's a realistic sequence for a small provider racing the 1 July 2026 deadline. Compress it if you're tight on time, but don't skip the registers step — that's where most providers lose marks.
Weeks 1–2 — Foundation
- Confirm your registration groups and whether you're in scope for mandatory SIL registration (start with 0138).
- Get your full policy suite in place and customised — your real entity name, ABN, key personnel, and the specific homes you operate. Placeholder text is an instant credibility problem.
- Run the readiness scorecard to find your biggest gaps fast.
Weeks 3–4 — Map to the standards
- Map every document to the Practice Standard outcome it covers, so the auditor doesn't have to hunt — our mapping guide shows how.
- Build out the SIL-specific evidence: service agreements with tenancy separated from support, per-home emergency and evacuation plans, medication records, supported-decision-making evidence.
- Confirm restrictive-practice and worker-screening positions are documented and current — the two the Commission checks first.
Weeks 5–8 — Make the registers live
- Open and start using your registers now, so by audit they have a real history. Each week, review five records — one participant file, one worker file, one risk entry, one training record, one incident or complaint — and check each proves the system works.
- Log every review in a continuous-improvement record, even when the answer is "no action required". This is the time-series proof that management is monitoring the service.
- Complete your self-assessment honestly. Where you score yourself short, fix the gap rather than inflate the score — the auditor will find the truth on site.
Weeks 9–10 — Dry run and book
- Engage your approved quality auditor early; lead times stretch as the deadline nears.
- Walk one full participant file and one full worker file end to end as if you were the auditor. Can you produce a signed current service agreement, goal-linked notes, screening currency, and training records in minutes? If not, that's your punch list.
- Brief your team so interview answers match the documents — the consistency test is real.
Don't build 74 documents from scratch under deadline pressure
The SIL Rescue Kit gives you the entire policy-plus-register base already mapped to the SIL outcomes, with an audit evidence checklist so you know what to have ready for Stage 1 and Stage 2. Inspect every page free, then decide. $297 one-time — keep your weeks for evidence, not drafting.
Preview the kit →The mistakes that turn a pass into a flag
From the auditor's side of the table, the gap between a clean pass and a non-conformity is usually one of a handful of avoidable things:
- Empty or stale registers. The most common single flag. A register with no entries says the system exists on paper only. Keep them current, dated, and showing action taken.
- Generic, uncustomised documents. Placeholder text and another provider's name in your policy reads as "downloaded, never implemented".
- Policies with no matching record. The fastest non-conformity is a policy describing a process nobody can show happening.
- Notes that don't link to goals. For SIL, progress notes must show the participant's own choices and connect support to their NDIS goals — not just "assisted with shower".
- Inconsistency across workers. The new SIL workforce outcome tests whether support quality holds across shifts. Handover gaps and untrained casual staff show up here.
- Last-minute evidence. A burst of records all dated the week before audit is a red flag, not a save.
The common thread: auditors reward services that are genuinely run, not services that were dressed up for a day. The top five reasons SIL providers fail audits goes deeper on each.
After the audit: mid-term and renewal
Passing your first certification is not the finish line. A successful certification is generally valid for three years, but the audit cycle continues. Around the 18-month mark you have a mid-term audit, which focuses on governance and operational management and still includes onsite visits with participant and worker sampling. Before your certificate expires, you complete a renewal audit. The practical lesson runs straight back to the timeline above: the weekly evidence rhythm that gets you through the first audit is the same rhythm that carries you through the mid-term and renewal without a scramble. Keep the registers live the whole way through.
Frequently asked questions
What kind of audit do SIL providers need — certification or verification?
Certification, not verification. SIL is higher-risk, complex support, so it's assessed against the full NDIS Practice Standards (Core Module plus the new SIL supplementary module) through a two-stage independent audit by an approved quality auditor. Verification is a desktop-only check reserved for lower-risk supports.
What does an NDIS auditor actually sample in a SIL audit?
A cross-section of your evidence: policies, registers (incident, complaints, risk, worker screening, training, continuous improvement), a selection of participant files, a selection of worker files, and the SIL homes themselves. The number sampled is set by the auditor using a proportionality formula. They also interview management, workers and participants, and observe practice on site.
How long does the certification audit process take?
It runs in two stages: a Stage 1 desktop audit of your documents, then a Stage 2 onsite audit within the following three months. Add booking, self-assessment, corrective actions and the Commission's decision, and the full sequence can take several months — which is why in-scope SIL providers should start now to be ready by 1 July 2026.
What happens if I get a non-conformity?
It's rated minor or major. A major non-conformity (0) must be fixed — usually within three months — and registration won't progress until it's closed. A minor non-conformity (1) gives a longer window and lets you continue the process. You typically provide a corrective action plan within seven calendar days of the auditor's request.
How long is certification valid, and what comes next?
Generally three years. Around 18 months in you have a mid-term audit (focused on governance and operational management, with onsite sampling), and before expiry you complete a renewal audit. Keeping your registers live and current the whole time is what makes each subsequent audit painless.
Important: This article provides general guidance about NDIS audit preparation and is not legal or professional advice. Audit requirements, sampling, conformity ratings and transition pathways are detailed and subject to change, and the exact process can vary with your circumstances and your approved quality auditor. Always confirm your obligations with the NDIS Quality and Safeguards Commission and your auditor before acting.