What is the difference between a minor and major NDIS non-conformance?

A minor non-conformance is an isolated gap or weakness that does not pose an immediate risk to participants — for example, a missing signature on a single training record. A major non-conformance is a systemic failure or significant gap that poses a risk to participant safety, rights, or wellbeing — for example, having no incident management system at all. Minor non-conformances allow registration to proceed with conditions; major non-conformances must be resolved before the auditor can recommend registration.

How many non-conformances can you have and still pass an NDIS audit?

There is no fixed maximum number. You can have multiple minor non-conformances and still receive a recommendation for registration, provided they do not collectively indicate a systemic problem. However, even a single major non-conformance can prevent registration until it is resolved. Multiple minor non-conformances in the same area may be escalated to a major non-conformance if they suggest a pattern of failure.

Can a minor non-conformance be upgraded to a major?

Yes. If a minor non-conformance from a previous audit is not resolved by the next audit, or if the auditor identifies a pattern of similar minor non-conformances across multiple areas, they may escalate the finding to a major non-conformance. This is particularly common at mid-term surveillance audits when previous minor findings have not been addressed.

What is an observation in an NDIS audit?

An observation (sometimes called an 'opportunity for improvement') is a finding that does not rise to the level of a non-conformance but identifies an area where your systems could be strengthened. Observations are recorded in the audit report but do not require formal corrective action. However, addressing observations demonstrates continuous improvement and can prevent future non-conformances.

Can you challenge an NDIS audit non-conformance finding?

Yes. You have the right to respond to any finding in the draft audit report before it is finalised. If you believe a finding is incorrect or based on incomplete evidence, you can provide additional information to the auditor and request the finding be reconsidered. If you disagree with the auditor's assessment after the report is finalised, you can raise concerns with the NDIS Commission or, if it affects a registration decision, seek merits review through the Administrative Review Tribunal.

NDIS Audit Non-Conformances: Types, Consequences and How to Respond

What Is an NDIS Non-Conformance?

In the context of an NDIS audit, a non-conformance (sometimes written as "non-conformity") is a formal finding by an Approved Quality Auditor that your organisation does not meet one or more requirements of the NDIS Practice Standards. It is the auditor's documented evidence that there is a gap between what the Practice Standards require and what your organisation actually demonstrates.

Non-conformances are not opinions or suggestions — they are evidence-based findings that must be supported by specific audit evidence. Under the NDIS Practice Standards Audit Methodology, the auditor must record:

The specific Practice Standard outcome that is not met
The evidence (or lack of evidence) that supports the finding
The classification of the finding (minor or major)
The expected corrective action response

Each non-conformance is recorded in the audit report that the Approved Quality Auditor submits to the NDIS Quality and Safeguards Commission. The Commission uses this report — alongside other information — to make its registration decision under Section 73E of the NDIS Act 2013.

Observations vs Non-Conformances

Not every audit finding is a non-conformance. Auditors may also record observations (sometimes called "opportunities for improvement"). An observation identifies an area where your systems could be strengthened but does not represent a failure to meet a Practice Standard requirement. Observations do not require formal corrective action, but addressing them is good practice and demonstrates continuous improvement.

How Auditors Grade Findings

NDIS Approved Quality Auditors use a structured methodology to assess and classify their findings. The grading process follows the principles established in the NDIS Practice Standards Audit Methodology and aligns with international auditing standards (ISO 17065 and ISO 19011).

The Assessment Process

For each Practice Standard outcome, the auditor collects evidence through multiple methods:

Document review: Examining your policies, procedures, registers, and records
Observation: Watching how supports are delivered in practice (during on-site visits)
Interviews: Speaking with management, staff, participants, and families
Record sampling: Reviewing a sample of participant files, incident reports, training records, and other operational documents

The auditor then evaluates the evidence against each quality indicator within the Practice Standard outcome. The classification depends on the nature, severity, and scope of any gaps identified.

Classification Criteria

Factor	Minor Non-Conformance	Major Non-Conformance
Scope	Isolated instance or limited to a single area	Affects multiple areas, staff, or participants
Severity	Low risk to participants	Significant risk to participant safety, rights, or wellbeing
Systemic nature	Appears to be an anomaly or oversight	Indicates a systemic failure in the management system
Intent of standard	The intent of the Practice Standard is largely met	The intent of the Practice Standard is not met
Pattern	First occurrence	Recurring issue or previously identified and not resolved

The Judgement Element

It is important to understand that classification involves professional judgement by the auditor. Two auditors examining the same evidence might occasionally classify a finding differently. This is why it is critical to engage with your auditor during the draft report phase — if you believe a finding has been misclassified, you have the right to present your case.

Minor Non-Conformances in Detail

A minor non-conformance indicates that your organisation substantially meets the Practice Standard outcome but has an isolated gap, weakness, or inconsistency. The system exists and generally works, but there is room for improvement.

Common Examples of Minor Non-Conformances

Practice Standard Area	Example Minor Non-Conformance
Incident Management (2.4)	One incident report out of 15 sampled was missing the date of management review
Human Resources (2.6)	Two staff files out of 12 did not have signed code of conduct acknowledgements
Privacy (1.3)	The privacy policy references the Privacy Act 1988 but does not mention the Australian Privacy Principles by name
Continuous Improvement (2.3)	The continuous improvement register has entries but no documented review or sign-off by management
Support Planning (1.1)	One participant file out of eight did not have evidence of the most recent support plan review
Document Control	Three policies have passed their scheduled review date but have not been updated

Consequences of Minor Non-Conformances

Registration can still proceed — the auditor can recommend certification
You must develop a corrective action plan within the agreed timeframe
You typically have up to 12 months to resolve the finding
Resolution will be verified at your next audit (mid-term surveillance or renewal)
Unresolved minor findings may be escalated to major at the next audit

Major Non-Conformances in Detail

A major non-conformance indicates a fundamental failure to meet the intent of a Practice Standard outcome. It represents a significant gap that may put participants at risk or demonstrates that a required system does not exist or is not functioning.

Common Examples of Major Non-Conformances

Practice Standard Area	Example Major Non-Conformance
Incident Management (2.4)	No incident management policy, procedure, or register exists. Staff are unaware of how to report incidents.
Worker Screening (2.6)	Five out of eight direct support staff do not have current NDIS Worker Screening Checks.
Safeguarding (1.5)	No evidence of any complaints or feedback mechanism. Participants report they do not know how to raise concerns.
Person-Centred Supports (1.1)	No individualised support plans exist for any participants. Supports are delivered without documented planning.
Governance (2.1)	Key personnel cannot demonstrate suitability. No governance framework or evidence of organisational oversight.
Restrictive Practices	Restrictive practices are being used without authorisation, behaviour support plans, or reporting to the NDIS Commission.

Consequences of Major Non-Conformances

The auditor cannot recommend registration until the finding is resolved
You must implement corrective actions within 90 days (typically)
The auditor must verify resolution through evidence review (and possibly a follow-up visit)
If not resolved, the NDIS Commission may refuse your registration application
Additional audit fees may apply for follow-up verification
The delay may cause you to miss critical registration deadlines

Prevent Non-Conformances Before They Happen

The SIL Rescue Kit includes 25 policies, 25 forms, 10 registers and 5 guides — all mapped to NDIS Practice Standard outcomes. Get complete documentation for $297 instead of risking $5,000+ in re-audit costs.

Get the SIL Rescue Kit — $297

Root Cause Analysis Requirements

When you receive a non-conformance, your corrective action plan must include a root cause analysis — a structured examination of why the non-conformance occurred. Auditors expect you to look beyond the immediate symptom and identify the underlying systemic cause.

Common Root Cause Categories

Knowledge gap: Staff did not know the requirement existed or did not understand what was expected
Resource gap: Insufficient time, staff, or tools to implement the requirement
Process gap: No documented procedure to guide implementation
Oversight gap: No management review or monitoring to ensure compliance
Communication gap: The requirement was documented but not communicated to relevant staff
Transition gap: A change in staff, systems, or processes disrupted existing compliance

Root Cause Analysis Techniques

Two commonly used techniques for root cause analysis in NDIS compliance contexts are:

The 5 Whys

This technique involves asking "why" repeatedly until you reach the fundamental cause. For example:

Why were three staff missing NDIS Worker Screening Checks? — Because the checks were not obtained before they started work.
Why were checks not obtained before they started? — Because the recruitment process does not include a screening verification step.
Why is there no screening verification step? — Because the recruitment procedure was written before NDIS Worker Screening was mandatory.
Why was the procedure not updated? — Because there is no scheduled review cycle for HR procedures.
Why is there no review cycle? — Because the document control system does not include trigger-based reviews for regulatory changes.

Root cause: The document control and policy review system does not include mechanisms for updating procedures when regulatory requirements change.

Fishbone (Ishikawa) Diagram

This technique categorises potential causes into groups such as People, Process, Policy, Environment, Equipment, and Management. It is particularly useful for complex non-conformances with multiple contributing factors.

For detailed guidance on using these techniques in your corrective action plan, see our NDIS Corrective Action Plan guide.

How to Respond to Non-Conformance Findings

When your auditor issues a non-conformance, your response must be structured, evidence-based, and timely. Here is a step-by-step process.

Step 1: Understand the Finding

Before you respond, make sure you fully understand what the auditor is saying. Review the finding carefully and identify:

Which specific Practice Standard outcome is not met
What evidence the auditor relied on (or what evidence was missing)
Whether the finding is classified as minor or major
The expected corrective action timeframe

If anything is unclear, ask the auditor for clarification. This is not a sign of weakness — it demonstrates professionalism and a genuine commitment to addressing the issue.

Step 2: Conduct Root Cause Analysis

Use the 5 Whys technique or another structured method to identify why the non-conformance occurred. Document your analysis — the auditor will want to see it as part of your corrective action plan.

Step 3: Develop Your Corrective Action Plan

Your corrective action plan should include:

A clear statement of the non-conformance finding
Your root cause analysis
Immediate corrective actions (fixing the specific problem)
Preventive actions (systemic changes to prevent recurrence)
Responsible person for each action
Target completion dates for each action
The evidence you will produce to demonstrate completion

Step 4: Implement and Gather Evidence

Execute your corrective action plan and collect evidence as you go. Evidence should be contemporaneous — created at the time the action was taken, not fabricated retroactively. Types of evidence include:

Updated or newly created policy and procedure documents (with version control)
Staff training records (attendance lists, training materials, competency assessments)
Completed forms, registers, or records
Minutes of meetings where changes were discussed
Photographs (e.g., of updated noticeboards, safety equipment)
Staff acknowledgement forms confirming they have read updated policies

Step 5: Submit Evidence for Verification

Submit your evidence package to the auditor within the required timeframe. Organise it clearly — label each piece of evidence against the specific corrective action it relates to. The auditor will review the evidence and determine whether the non-conformance has been adequately addressed.

Step 6: Verify Closure

Once the auditor is satisfied, the non-conformance will be recorded as "closed" in the audit report. For minor non-conformances, this may happen at the next scheduled audit. For major non-conformances, the auditor must verify closure before they can finalise their report and recommend registration.

Appealing or Challenging Non-Conformances

If you believe a non-conformance finding is incorrect, unfair, or based on incomplete information, you have several options.

During the Audit

The best time to address a disputed finding is during the audit itself. If the auditor raises a concern, you can immediately provide additional evidence or context. Many potential non-conformances are resolved at this stage when providers present evidence the auditor had not yet seen.

During Draft Report Review

Approved Quality Auditors must provide you with a draft audit report before it is finalised. You have the right to review the draft and respond to any findings. This is your formal opportunity to:

Correct factual errors in the auditor's findings
Provide additional evidence that was not available during the audit
Challenge the classification (e.g., argue that a major should be a minor)
Present context that affects the interpretation of the finding

The auditor must consider your response before finalising the report. They are not obligated to change their finding, but they must document your response.

After the Report Is Finalised

If you disagree with the final audit report:

Contact the AQA's management: Most Approved Quality Auditors have an internal complaints and appeals process. You can escalate your concerns within the auditing organisation.
Contact JAS-ANZ: As the accreditation body for AQAs, JAS-ANZ can investigate complaints about auditor conduct or methodology.
Contact the NDIS Commission: If the audit report leads to an adverse registration decision, you can raise concerns directly with the Commission.
Administrative Review Tribunal: If the NDIS Commission makes a reviewable decision (such as refusing registration or imposing conditions), you can apply to the Administrative Review Tribunal (ART) for a merits review.

Practical Advice

In most cases, the most productive approach is to work with the auditor during the corrective action period rather than dispute findings through formal channels. Even if you believe a finding is borderline, demonstrating that you have taken positive action to improve will strengthen your position with both the auditor and the NDIS Commission.

Summary

NDIS audit non-conformances are not the end of the road — they are a structured mechanism for identifying and resolving compliance gaps. Understanding how they work empowers you to respond effectively and protect your registration.

The key takeaways are:

Minor non-conformances are manageable and do not prevent registration, but must be resolved before they escalate
Major non-conformances are serious and must be resolved within 90 days before the auditor can recommend registration
Root cause analysis is essential — auditors want to see systemic fixes, not quick patches
Prevention is far cheaper than remediation — complete documentation and evidence of implementation prevent most non-conformances
You have rights — you can challenge findings during the draft report phase and through formal channels

The most effective strategy is to invest in thorough preparation before your audit so that non-conformances do not arise in the first place. Our free NDIS Notes Rewriter helps you produce audit-ready documentation, and the SIL Rescue Kit provides the complete policy and procedure framework you need.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.