How far back do NDIS auditors check records?

For initial registration audits, auditors typically focus on your current systems and recent records — usually the past 12 months. For renewal audits, they may look back across the full registration period. Key records such as incident reports, worker screening checks, and training records should be retained for a minimum of seven years, or longer if required by state legislation.

Do I need to provide participant records to my auditor?

Yes, but with privacy protections in place. Auditors may request access to de-identified participant records (such as support plans or incident reports with identifying details removed) to verify that your systems are being applied in practice. For on-site interviews with participants, explicit, informed consent must be obtained in advance. Your auditor should not access personally identifiable participant information without appropriate consent or necessity.

What is a 'document trail' and why does it matter?

A document trail is the chain of records that demonstrates a process was followed — not just that a policy exists. For example, for incident management, the document trail includes: the incident report form (completed at the time), the incident register entry, any investigation records, the outcome documentation, and any notification to the NDIS Commission. Auditors follow this trail to verify that your stated processes are actually implemented.

Can I prepare documents specifically for the audit that didn't exist before?

Policies, procedures, and templates developed before the audit is completed are acceptable — you need to have them in place before the audit begins. However, operational records (incident reports, training records, meeting minutes, supervision notes) must be genuine records created as part of your normal operations, not retrospectively fabricated. Creating false records for audit purposes is fraudulent conduct with serious legal consequences.

NDIS Audit Evidence: What to Prepare for Every Practice Standard

Types of Evidence Auditors Accept

NDIS auditors assess evidence across four broad categories. Understanding each type helps you prepare a balanced and credible evidence base.

1. Documented Policies and Procedures

Written policies and procedures are the foundation of your evidence base. They demonstrate that your organisation has thought through each compliance requirement and has a defined approach. However, policies alone are never sufficient — auditors want to see that policies are implemented, not just written.

For a policy to be audit-worthy, it must be: current (reviewed within the past 12–24 months or as specified in your document control schedule); version-controlled (with a version number and review date clearly shown); and accessible to staff (either in a shared system or issued as part of induction).

2. Operational Records

Operational records are the evidence that your policies are being applied. These include incident reports, supervision notes, training records, meeting minutes, maintenance logs, medication administration records, and risk assessments. Auditors cannot verify implementation through policies alone — they need to see the records that show the policy in action.

3. Interviews

During the on-site audit, auditors conduct interviews with management, frontline staff, and (with consent) NDIS participants. Interviews test whether the people delivering your services understand and apply your policies — which cannot be verified through documents alone. Staff who can clearly describe your incident management process, their reporting obligations, and participant rights are powerful evidence of a genuinely embedded compliance culture.

4. Observation

For SIL providers and others with physical service environments, auditors may observe the premises and service delivery during the on-site visit. They assess whether the physical environment meets Practice Standard Outcome 4.1 (safe environment), whether safety equipment is present and accessible, and whether the environment reflects the principles of the Practice Standards in its physical design and organisation.

What a Document Trail Means in Practice

A document trail is the chain of records that demonstrates a complete process from beginning to end. Auditors don't just check that a policy exists — they follow the trail to see whether the policy is being applied consistently.

Here is an example of what a complete document trail looks like for incident management under Practice Standard Outcome 2.4:

Incident Management Policy (v3.0) — describes the organisation's obligations, definitions of incident types, reporting timelines, and escalation procedures
Incident Report Form (completed at the time) — captures the who, what, when, where, and immediate actions taken
Incident Register entry — records the incident for monitoring, pattern analysis, and regulatory reporting
Investigation record — documents the root cause investigation and findings (for serious incidents)
NDIS Commission notification — evidence of reportable incident notification within the required timeframe (for incidents meeting the reportable incident threshold under s. 73Z of the National Disability Insurance Scheme Act 2013)
Outcome and corrective action — evidence of what was changed as a result, and entry in the Continuous Improvement Register

If any link in this chain is missing, an auditor will note a gap. A policy with no incident reports is not evidence that incidents are being managed — it may indicate that incidents are being under-reported. A completed incident report with no register entry suggests the reporting system is not being used as designed.

How to Organise Your Evidence Folder

An organised evidence folder makes the desktop review faster, smoother, and less likely to result in a "we couldn't locate the evidence" non-conformity. Structure your folder to mirror the Practice Standards outcomes, so the auditor can navigate directly to evidence for any outcome they're assessing.

Recommended folder structure:

01 - Governance: Governance Framework, organisational chart, board/committee minutes, financial management documents
02 - Policies (by outcome group): All policies with version history visible
03 - HR and Staff Records: Worker Screening Register, Training Register, position descriptions, induction records, supervision records
04 - Risk Management: Risk Register, Emergency and Disaster Management Plan, safety inspection records
05 - Incident and Complaints: Incident Register, Complaints Register, Continuous Improvement Register, sample incident reports (de-identified)
06 - Participant Records (de-identified samples): Support plan template and completed example, service agreement template, consent forms
07 - Quality Management: Internal Audit Program, internal audit reports, quality improvement records
08 - Environment (SIL providers): Safety inspection checklists, fire safety plan, medication administration records, equipment registers
09 - Self-Assessment: Copy of your submitted self-assessment
10 - Certificates and Credentials: Insurance certificates, NDIS Worker Screening Checks (current), staff training certificates

Group 1: Rights and Responsibilities — Evidence Requirements

Outcome	Key Evidence Documents	Operational Records
1.1 Person-centred supports	Person-Centred Support Policy, Participant Rights Statement	Participant support plans showing participant-authored goals; shift notes referencing individual goals
1.2 Individual values and beliefs	Cultural Safety Policy, Diversity and Inclusion training materials	Support plans noting cultural/religious requirements; interpreter use records
1.3 Privacy and dignity	Privacy and Confidentiality Policy, Privacy Notice (plain English), Data Breach Response Plan	Consent to Collect Information (signed); Consent to Share Information (signed); secure record storage evidence
1.4 Independence and informed choice	Independence and Informed Choice Policy, Advocacy Information Sheet, Dignity of Risk Assessment template	Completed Dignity of Risk Assessments; records of participant decision-making; supported decision-making notes
1.5 Complaints and feedback	Complaints and Feedback Policy, Safeguarding (VANED) Policy, Complaints and Feedback Form	Complaints Register; complaint investigation records; resolution outcomes; continuous improvement actions logged

Group 2: Governance and Operational Management — Evidence Requirements

Outcome	Key Evidence Documents	Operational Records
2.1 Governance and operational management	Governance Framework, Organisational Chart, Financial Management Policy, Key Personnel Suitability Assessment	Board/Committee meeting minutes; financial statements; evidence of financial controls and authorisation
2.2 Risk management	Risk Management Policy, Emergency and Disaster Management Plan	Current Risk Register with residual risk ratings; emergency drill records; business continuity plan
2.3 Quality management	Quality Management and Continuous Improvement Policy, Internal Audit Program	Continuous Improvement Register; internal audit reports; QI meeting minutes; trend analysis from incident data
2.4 Information management	Information Management Policy, Incident Management Policy	Document Control Register; incident reports and register; records storage evidence (physical and/or digital)
2.5 Financial management	Financial Management Policy, Participant Money and Property Policy	Financial statements or management accounts; Participant Money Register (if applicable); evidence of authorisation controls
2.6 Human resources	Human Resources Policy, Worker Screening Policy, Supervision Policy, Recruitment and Selection Policy, Work Health and Safety Policy	Worker Screening Register (NDIS Worker Screening Checks — current); Training Register; completed induction checklists; supervision records; performance review records; position descriptions

Group 3: Provision of Supports — Evidence Requirements

Outcome	Key Evidence Documents	Operational Records
3.1 Access to supports	Access to Supports Policy, Service Agreement template	Signed service agreements; waiting list or intake documentation; participant referral records
3.2 Support planning	Support Delivery Policy, Support Plan template	Completed (de-identified) participant support plans; evidence of participant involvement in planning; NDIS plan goal alignment
3.3 Transitions	Transition Policy	Transition plans (if any transitions have occurred); documentation of coordination with other providers during transitions
3.4 Support provision	Support Delivery Policy, Shift Handover Procedure	Shift notes/progress notes (de-identified); handover records; documentation of unplanned changes to supports

Group 4: Support Provision Environment — Evidence Requirements

For SIL providers, Group 4 evidence is among the most scrutinised. Auditors conducting on-site visits will physically inspect the premises and verify that documentation matches the actual environment.

Outcome	Key Evidence Documents	Operational Records
4.1 Safe environment	Safe Environment Policy, Fire Safety and Evacuation Plan	SIL House Safety Inspection Checklist (completed, dated); fire safety maintenance records; evacuation drill records; hazard identification logs
4.2 Participant money and valuables	Participant Money and Property Policy	Participant Money Register; receipts for participant purchases; evidence of participant consent for fund management
4.3 Medication management	Medication Management Policy	Medication Administration Records (MARs) — current and historical; medication reconciliation records; staff medication competency records
4.4 Mealtime management	Mealtime Management guidelines (if applicable to participants)	SALT-prescribed mealtime management plans (where required); staff training records for mealtime support
4.5 Infection control	Infection Control Policy	PPE availability evidence; hand hygiene audit records; infection control training records; COVID-19 or communicable disease response documentation

Staff Competency Evidence

Staff competency is one of the most frequently identified non-conformity areas in NDIS certification audits. Auditors expect to see evidence not just that staff exist, but that they are qualified, screened, inducted, trained, and supervised to deliver the supports they provide.

For each staff member delivering NDIS supports, you should be able to demonstrate:

Current NDIS Worker Screening Check (or equivalent state clearance for transitional arrangements)
Completed induction against your organisation's 26-item induction checklist (or equivalent)
Relevant qualifications for their role (Certificate III or IV in Individual Support, or equivalent for personal care workers)
Completion of mandatory training: manual handling, first aid (current), safeguarding, Code of Conduct, medication management (if applicable)
Regular supervision — documented on your Supervision Record Template, signed by both supervisor and worker
Annual performance review on file

Your Training Register should be a live document, maintained by the HR function, that gives an auditor an at-a-glance view of every staff member's training status and any upcoming renewals.

Participant-Facing Evidence

Auditors will request de-identified samples of participant-facing documentation to verify that your systems are applied in individual support delivery. For initial registration audits where you may not yet have participants, your templates and procedures are the primary evidence. For renewal audits, completed records are expected.

Key participant-facing documents to prepare:

Support Plan template — demonstrates the structure and outcomes focus of your planning approach
SIL Service Agreement template — must include all elements required by NDIS Commission guidance, including rights, obligations, price, and cancellation terms
Consent forms — Consent to Collect Information and Consent to Share Information, both plain-English and participant-signed
Participant Rights Statement — evidence that participants are informed of their rights upon commencing services
Advocacy Information Sheet — participants must know they can access independent advocacy at any time

Tips for On-Site Audit Day

The on-site audit is the most intensive part of the certification process. How you manage the day significantly affects the outcome.

Before Audit Day

Brief all staff who may be interviewed. They don't need to memorise policies, but they should know: how to report an incident, what participant rights are, where to find policies, and the name of the complaints officer.
Organise your evidence folder so you can locate any document in under 60 seconds.
Notify participants (with appropriate consent) that auditors may wish to speak with them, and confirm whether they wish to participate.
Prepare a quiet, private space for interviews where both parties can speak confidently.
Confirm the audit schedule: arrival time, who is being interviewed, the site inspection order.

During the Audit

Answer questions honestly. If you don't know the answer, say so and offer to find the information.
Don't volunteer information that wasn't requested — keep answers focused on what was asked.
If an auditor raises a potential non-conformity, engage constructively. Ask them to explain the gap they've identified and offer relevant evidence immediately if you have it.
Take notes. You are entitled to maintain a record of what the auditor asks and what you provide.

After the Audit

Request a verbal debrief at the end of the on-site visit. Most auditors will provide a preliminary summary of their findings before leaving.
Review the draft audit report carefully when received. Check every non-conformity finding for accuracy and raise any disputes in writing within the timeframe specified by your AQA.

Build Your Evidence Foundation Before the Audit

The SIL Rescue Kit includes 65 audit-ready documents — every policy, form, and register mapped to Core Module Practice Standard outcomes. It also includes an Audit Evidence Checklist mapped to every Practice Standard indicator.

Get the SIL Rescue Kit — $297

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.