What is the most common non-conformity SIL providers get at an NDIS audit?

Across small SIL providers, the most frequently raised findings cluster around documentation that exists on paper but is not implemented or evidenced in practice — incident records with no manager review or close-out, support plans that are not reviewed on schedule, and continuous improvement registers that are blank. The single most damaging finding is using a restrictive practice that is not authorised and not reported, because that is almost always graded as a major non-conformity. There is no official published league table of findings; this reflects the patterns described in the NDIS Practice Standards and the operational areas auditors are required to sample.

Is a missing NDIS Worker Screening Check a major or minor non-conformity?

A worker in a risk-assessed role delivering supports without a current NDIS Worker Screening Check (clearance) is typically treated as a serious finding and is frequently graded as a major non-conformity, because it goes to participant safety and the auditor cannot verify the worker has been screened. An isolated administrative gap — for example a clearance that is current but the renewal-tracking date was not recorded — may be graded minor. The auditor decides based on the actual risk and whether the worker was delivering supports while unscreened.

How long do I have to fix a non-conformity after my SIL audit?

Timeframes are set in the auditor's report and depend on the grading. Major non-conformities generally must be addressed and evidenced before the Approved Quality Auditor can recommend your registration, often within a short period such as around 90 days. Minor non-conformities usually allow registration to proceed with a corrective action plan, with resolution verified at the next audit — commonly within up to 12 months. Always work to the exact dates in your own audit report rather than a generic timeframe.

Can I fix a non-conformity during the audit itself?

You cannot retroactively create records that should have existed at the time. But you can resolve many potential findings during the audit by producing evidence the auditor has not yet seen — for example, a register, a signed acknowledgement, or a training record that exists but was not in the sampled file. Fabricating or back-dating records is itself a serious integrity issue and auditors look for it. The honest, effective approach is to present genuine evidence promptly and, for anything you cannot evidence, accept the finding and respond with a strong corrective action plan.

Will one minor non-conformity make me fail my SIL audit?

No. Minor non-conformities do not, on their own, stop a registration recommendation — they are managed through a corrective action plan and verified later. What stops registration is an unresolved major non-conformity, or a cluster of minor findings in the same area that together indicate a systemic failure and may be escalated to major. The risk for small SIL providers is not a single minor finding; it is several small gaps in one Practice Standard outcome that an auditor reads as a system that is not actually working.

NDIS Audit Non-Conformities: The Most Common SIL Provider Fails (Major vs Minor) and How to Fix Them

Why SIL Providers Get More Findings Than Most

Supported Independent Living is one of the highest-risk service types the NDIS regulates. You are delivering supports to people in their own home, often 24 hours a day, frequently to participants with high or complex support needs. That risk profile means a SIL audit goes deeper than a desktop check of policies — the NDIS Quality and Safeguards Commission requires a certification audit against the full NDIS Practice Standards, including the Core Module and any applicable supplementary modules.

An Approved Quality Auditor (AQA) does not just read your manual. They sample participant files, incident records, medication charts, rosters, staff files and training logs, and they interview your workers, your management and — where consent is given — participants and families. The gap they are hunting for is the one between what your documents say you do and what your records prove you actually did. SIL providers fail not because they lack policies, but because the day-to-day evidence does not back the policy up.

The good news: the findings are predictable. The same handful of non-conformities come up again and again, and almost every one of them is preventable with a record you can put in place before the auditor arrives. Let us go through them.

An honest note on "most common"

The NDIS Commission does not publish a ranked, audited league table of the exact non-conformities raised against SIL providers. The fails below are drawn from the operational areas the NDIS Practice Standards require auditors to assess and from widely observed practitioner patterns. Treat them as the high-probability list to prepare against — not as official Commission statistics.

Major vs Minor in 30 Seconds

You will see the words "major" and "minor" attached to each fail below, so here is the short version (the full version is in the non-conformance classification guide):

Grade	What it means	Effect on registration
Minor	The system exists and substantially works, but there is an isolated gap or inconsistency.	Registration can be recommended. You submit a corrective action plan; closure is verified later.
Major	A required system is missing or failing, or there is a real risk to a participant's safety, rights or wellbeing.	The auditor generally cannot recommend registration until it is fixed and evidenced.

The same underlying issue can be minor or major depending on scope and risk. One staff file missing a signed code-of-conduct acknowledgement is minor. Half your roster delivering supports without a worker screening clearance is major. The grading is the auditor's professional judgement, applied to the actual evidence.

The 10 Most Common SIL Non-Conformities — and the Fix for Each

For each fail below you get: the Practice Standard area it sits under, the likely grade, what the auditor actually finds, and — most importantly — the specific evidence that closes it.

1. Restrictive practices used without authorisation, a behaviour support plan, or reporting

Almost always major

Practice Standard area: Behaviour Supports / Regulated Restrictive Practices.

What the auditor finds: A locked medication cabinet that controls a participant's access, a sensor on a bedroom door, routine PRN sedation, or restricted access to food, money or the kitchen — none of which is named, authorised or reported. This is the single most serious recurring SIL fail. The use of a regulated restrictive practice without an authorised behaviour support plan and without reporting to the NDIS Commission is a participant-rights breach, not an administrative slip.

The fix: Identify every restrictive practice in use against the five regulated categories (seclusion, chemical, mechanical, physical, environmental). Each one needs an interim or comprehensive behaviour support plan from a registered NDIS behaviour support practitioner, state or territory authorisation where required, and monthly reporting to the Commission. See our guide on behaviour support plans and SIL for exactly what must be in place. If you are using a practice you did not realise was restrictive, the safest first action is to seek authorisation and a plan — not to quietly stop, which can itself be a clinical risk.

2. Workers delivering supports without a current NDIS Worker Screening Check

Major when supports were delivered unscreened

Practice Standard area: Human Resource Management / Worker Screening.

What the auditor finds: A direct support worker on the roster whose NDIS Worker Screening clearance has lapsed, was never obtained, or cannot be located in the staff file. Auditors verify clearances against the worker screening database, so "I'm sure it's fine" does not survive sampling.

The fix: Maintain a worker screening register listing every worker in a risk-assessed role, their clearance number, the issue date and the expiry date, with a renewal trigger set well before expiry. Keep evidence in each staff file. Nobody starts in a risk-assessed role until the clearance is verified and recorded. If a clearance lapsed and the worker kept working, document it honestly, stand the issue down, and build the renewal control that prevents recurrence — that systemic fix is what the auditor wants to see.

3. Incidents recorded but never reviewed, actioned or closed out

Minor to major depending on severity

Practice Standard area: Incident Management.

What the auditor finds: An incident register with entries, but no evidence of manager review, no actions taken, no close-out, and — critically — a reportable incident that was never notified to the NDIS Commission within the required timeframe (24 hours or 5 business days depending on the type). Unreported reportable incidents push this firmly into major territory.

The fix: Every incident needs a complete lifecycle on the record: what happened, immediate response, who was notified, manager review and sign-off, corrective actions, and date closed. Reportable incidents (death, serious injury, abuse or neglect, unauthorised restrictive practice, unlawful sexual or physical contact) must show the Commission notification and its date. Run a monthly review of the register and minute it. A well-kept incident system is one of the strongest E-E-A-T signals a SIL provider can show an auditor.

4. Medication records that do not match the procedure

Minor to major depending on participant risk

Practice Standard area: Medication Management (Core Module / High Intensity where applicable).

What the auditor finds: Gaps in the medication administration record (MAR chart), no second signature where the procedure requires one, PRN medication given with no recorded reason or outcome, or a medication error that was never logged as an incident. Auditors sample MAR charts directly against the participant's authorised medication list.

The fix: A complete MAR chart for every participant, signed at every administration, with refusals and PRN doses documented including reason and effect. Worker competency for medication support must be evidenced in training records. Medication errors flow into the incident system. Our detailed walkthrough of the medication records auditors sample covers exactly what a clean chart looks like.

5. Support plans missing, generic, or not reviewed on schedule

Minor for a single gap, major if systemic

Practice Standard area: Person-Centred Supports / Support Planning.

What the auditor finds: A participant with no individualised plan, a plan that is a copy-paste of someone else's, or a plan whose review date passed months ago with no evidence of a review. Auditors look for the participant's actual goals and choices reflected in how supports are delivered — not a template.

The fix: Every participant has a current, individualised support plan tied to their NDIS goals, developed with them, with a scheduled review date and evidence the review happened. Link your progress notes to those goals so the file tells one consistent story. If you are upgrading rough shift notes into goal-linked records, our free Notes Rewriter keeps the facts and aligns the language to the Practice Standards without inventing anything.

Don't gamble your SIL registration on guesswork

The SIL Rescue Kit gives you the policies, procedures, forms and registers that close these exact non-conformities — every document mapped to the NDIS Practice Standard outcome an auditor checks. $297 once, versus $5,000+ in re-audit fees and lost registration time.

Get the SIL Rescue Kit — $297

6. Rosters that don't match funding or don't show how supports are delivered

Usually minor, major if it masks a safety gap

Practice Standard area: Provision of Supports / Person-Centred Supports.

What the auditor finds: A roster that does not reconcile to the participant's funded SIL hours, shared-support arrangements that are not documented, or shift handovers with no record. Auditors increasingly want to see that the actual support delivered matches the agreed Roster of Care and the funding.

The fix: Maintain a Roster of Care for each participant or house that maps funded support hours to actual rostered shifts, including shared support ratios. Keep handover records so continuity of care is evidenced. Our guide to building a SIL Roster of Care that matches funding shows the structure auditors expect.

7. A blank or back-filled continuous improvement register

Typically minor, escalates if recurring

Practice Standard area: Continuous Improvement / Governance and Operational Management.

What the auditor finds: A continuous improvement register that is empty, or that was clearly filled in the week before the audit. Auditors read a blank register as evidence that the organisation is not learning from its own incidents, complaints and feedback.

The fix: Keep the register live. Feed it from real sources — incidents, complaints, feedback, internal audits, near-misses — with dated entries, the action taken, who is responsible and the outcome. A handful of genuine, dated improvements over the year beats twenty entries created in one sitting, which auditors recognise immediately.

8. No working complaints and feedback mechanism participants actually know about

Minor for a gap, major if participants can't raise concerns

Practice Standard area: Feedback and Complaints Management / Rights.

What the auditor finds: A complaints policy in the manual, but no complaints register, no accessible information for participants, and — when interviewed — participants who say they do not know how to make a complaint. The absence of a usable safeguard for vulnerable people is serious.

The fix: An accessible complaints process participants are genuinely aware of (Easy Read where appropriate), a complaints register that records receipt, handling and resolution, and information that points people to the NDIS Commission as an external avenue. During interviews, your participants should be able to say, in their own words, how they would raise a concern.

9. Staff files and training records that don't prove competency

Usually minor unless a whole control is missing

Practice Standard area: Human Resource Management.

What the auditor finds: Missing NDIS Worker Orientation Module completions, no evidence of induction, expired first aid, no record that workers have read and acknowledged key policies, or supervision that is described but never documented. The work may well be happening — but if it is not recorded, the auditor cannot verify it.

The fix: A consistent staff file for every worker: screening clearance, Worker Orientation Module certificate, induction record, role-specific competencies (medication, manual handling, mealtime support where relevant), signed policy acknowledgements, and a supervision log. A simple file checklist applied to every worker eliminates most of these in an afternoon.

10. Document control failures — out-of-date, unversioned or untraceable policies

Minor, but a tell-tale auditors notice early

Practice Standard area: Governance and Operational Management.

What the auditor finds: Policies with no version number or review date, several documents past their scheduled review, two different versions of the same policy in circulation, or a privacy policy that still references superseded requirements. Document control problems rarely fail you on their own, but they signal a management system that is not being maintained — and they make the auditor look harder everywhere else.

The fix: Give every policy a version number, approval date, review date and owner, and run a register that flags reviews before they fall due — including a trigger to update when a regulatory requirement changes. Make sure only the current version is in use across every site and device.

The Pattern Behind Almost Every Finding

Read back over those ten fails and a single theme runs through them. In nearly every case the policy existed. What was missing was the evidence of implementation — the dated record showing the policy was actually followed, by real people, for real participants, over real time.

This is the heart of how SIL audits work. The NDIS Practice Standards are outcome-based: the auditor is not grading your manual, they are grading whether the outcome is being achieved for participants. A perfect incident policy with an empty register scores worse than a plain policy backed by twelve months of properly reviewed incident records. Auditors call the second one "evidence of implementation," and it is the thing small providers most often lack.

The shift that prevents most findings

Stop thinking of compliance as "do we have the policy?" and start thinking "if an auditor opened any participant's file at random today, would the records prove we did what the policy says?" That single mental shift, applied across incidents, medication, support plans and screening, prevents the large majority of non-conformities.

The second pattern is clustering. A single minor finding is rarely a problem. What turns a passable audit into a difficult one is several minor gaps inside the same Practice Standard outcome — three thin incident records, plus an unreviewed register, plus a staff member unsure how to report. Individually minor; together, an auditor reads them as a system that does not actually function, and may escalate the cluster to a major. Fixing the small things matters precisely because they add up.

A Self-Audit You Can Run This Week

You do not need a consultant to find most of your own gaps. Pull a sample exactly the way an auditor would — pick two or three participant files at random and one or two staff files — and check them against this list:

Every regulated restrictive practice in use is named, has an authorised behaviour support plan, and is being reported monthly
Every worker in a risk-assessed role has a verified, current NDIS Worker Screening clearance recorded in their file
Each sampled incident shows the full lifecycle: response, notification, manager review, actions, close-out date
Every reportable incident shows the NDIS Commission notification and the date it was lodged
The MAR chart for each participant is complete and signed, with PRN reasons and refusals documented
Each participant has a current, individualised, goal-linked support plan reviewed on schedule
The Roster of Care reconciles to funded SIL hours and shared-support arrangements are documented
The continuous improvement and complaints registers contain genuine, dated, actioned entries
Every staff file has the screening clearance, orientation module, induction, competencies and signed policy acknowledgements
Every policy has a version number, review date and owner, and none are overdue for review

If you would rather work from a structured, scored version of this rather than a flat checklist, our free SIL Readiness Scorecard walks you through the same areas and tells you where your biggest audit risk sits before an auditor finds it for you. It takes a few minutes and costs nothing.

What to Do When You Actually Get a Finding

Even well-run SIL providers receive findings — an audit with zero non-conformities is rare and is not the bar you should set. What matters is how you respond. The short version:

Understand the exact finding. Which Practice Standard outcome, what evidence (or absence) it rests on, and whether it is graded minor or major. Ask the auditor to clarify anything unclear — that is professionalism, not weakness.
Find the real cause, not the symptom. Use a simple "5 Whys" walk-through to reach the systemic reason. A missing screening check is a symptom; "our recruitment process has no screening-verification step" is the cause.
Write a corrective action plan with both halves. The immediate fix (correct this specific case) and the preventive fix (the system change that stops it recurring), each with an owner, a date and the evidence you will produce.
Gather contemporaneous evidence. Create records as you take the action — never back-date. Auditors look for fabrication, and integrity issues are far more damaging than the original gap.
Submit for verification on time. Work to the dates in your report. Major findings must usually be closed before registration is recommended; minor findings are verified at the next audit.

The full step-by-step — including root cause techniques, evidence types and your right to challenge a classification during the draft report — is in our guide to responding to non-conformances.

And if the honest conclusion of your self-audit is that several of these systems are not in place at all, the fastest way to close the gap is to start from documents that are already mapped to the standards rather than writing them from scratch under deadline pressure. That is exactly what the SIL Rescue Kit is built for — the policies, procedures, forms and registers behind every fail on this list, in one audit-mapped pack.

Important: This article provides general guidance about NDIS SIL compliance requirements. It is not legal or professional advice. Grading, timeframes and reporting obligations are set in your own audit report and current Commission policy, and may change as the NDIS Commission updates the Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission (ndiscommission.gov.au) and ndis.gov.au, or a registered NDIS consultant, before making compliance decisions.