How far in advance should a SIL provider start preparing for an NDIS audit?

Most experienced SIL providers begin structured preparation at least 12 weeks before their scheduled audit. This allows time to identify documentation gaps, complete outstanding root-cause analyses, renew expiring Worker Screening clearances, and brief staff on the process — without rushing corrective actions in the final days.

What is the difference between a verification audit and a certification audit for NDIS providers?

A verification audit is a desktop-only review of documents and is used for lower-risk registration groups. A certification audit — required for SIL and other higher-risk supports — includes a desktop review plus an on-site visit where auditors interview workers and participants to assess whether documented practice matches actual practice.

What happens if an NDIS provider receives a major non-conformance during their audit?

A major non-conformance means a significant failure to meet the NDIS Practice Standards. The provider must submit a corrective action plan to the NDIS Quality and Safeguards Commission within the timeframe set by the auditor. The Commission reviews the plan before granting registration. A critical non-conformance can result in conditions on or suspension of registration.

Do restrictive practices need to be authorised before they can be used in a SIL home?

Yes. Under the NDIS (Restrictive Practices and Behaviour Support) Rules, regulated restrictive practices must be authorised under the relevant state or territory authorisation framework before implementation. A Behaviour Support Plan from a registered Specialist Behaviour Support provider is also required. Implementing a restrictive practice without prior authorisation is a serious non-conformance.

What evidence do auditors look for in participant support plans?

Auditors look for support plans that are current (typically reviewed at least annually or following a significant change), individualised rather than templated, and demonstrably co-produced with the participant or their representative. They also check that the plan reflects the actual supports being delivered and references the participant's goals.

Are NDIS Worker Screening clearances mandatory for all support workers in SIL?

NDIS Worker Screening clearances are mandatory for workers in risk-assessed roles, which includes all workers who deliver direct supports to NDIS participants in SIL settings. Providers must verify that clearances are current before a worker commences in a risk-assessed role and monitor expiry dates as part of ongoing workforce management.

NDIS Audit Preparation Checklist: A Worked Example

Why a worked example matters

Most NDIS audit guides list what you need to have. This article goes further: it walks through a realistic SIL provider scenario so you can see exactly how evidence maps to Practice Standards modules, where gaps typically appear, and what an approved quality auditor (AQA) is actually looking for when they open your files.

The 2026 strengthened NDIS Practice Standards — which apply to all registered providers under the amended registration framework — raise the evidentiary bar. Auditors are now expected to assess outcomes and systemic practice, not merely the presence of a policy document. That shift changes how you prepare.

How NDIS audits work: a quick orientation

Registered NDIS providers are audited against the NDIS Practice Standards by an AQA approved by the NDIS Quality and Safeguards Commission. The audit type — certification or verification — depends on the supports you are registered to deliver:

Verification audit — desktop-only review of policies, procedures, and key documents. Applies to lower-risk registration groups.
Certification audit — desktop review plus on-site visit, including interviews with workers and participants. Required for SIL and other higher-risk supports.

For SIL providers, certification audits apply. The auditor assesses conformance with the Core Module (applicable to all providers), the Supplementary Module 2: Specialist Support Environment, and — where relevant — the High Intensity Support Skills Descriptors. Non-conformances are graded: minor, major, or critical. A critical non-conformance requires immediate action and can result in conditions on, or suspension of, registration.

The pre-audit preparation checklist

Work through this checklist at least 12 weeks before your scheduled audit. Each item maps to the Practice Standards module it primarily satisfies.

1. Governance and operational management

Written policies and procedures are dated, version-controlled, and reviewed within the period specified by your own review schedule (typically annually for high-risk areas).
Your organisation's governing body has documented oversight of NDIS compliance — board meeting minutes or equivalent showing Practice Standards discussed.
Risk register is current and covers participant safety, workforce, and operational risks.
Contracts with subcontractors and sole traders include NDIS Code of Conduct obligations and evidence of their NDIS Worker Screening clearance.

2. Workforce

NDIS Worker Screening clearances on file for all workers in risk-assessed roles — check expiry dates.
Induction records showing workers received Code of Conduct training before unsupervised contact with participants.
Mandatory reporting obligations training records (including the reportable conduct scheme where your state/territory has activated it).
Supervision records demonstrating ongoing competency monitoring, particularly for high-intensity supports.
Evidence that workers delivering high-intensity supports meet the relevant skills descriptors (e.g., enteral feeding, tracheostomy care).

3. Participant rights and person-centred practice

Participant Service Agreements are signed, current, and reflect the actual supports being delivered.
Each participant has a current support plan authored with their meaningful input — not a template paragraph.
Complaints policy is accessible to participants in plain language (and Easy Read / alternate formats where needed).
Written evidence that each participant has been told about their right to access an independent advocate.

4. Incident management

All reportable incidents submitted to the NDIS Commission within the required timeframes (immediate report for certain categories; five-day follow-up report).
Internal incident register is complete — including near-misses and non-reportable incidents.
Evidence of root-cause analysis and corrective action for recurring incidents.
Workers can describe your incident reporting pathway without prompting — auditors ask during interviews.

5. Complaints management

A written complaints policy that meets Practice Standards requirements, including how complaints are acknowledged, investigated, and resolved.
Complaints register recording all complaints received, regardless of whether they were escalated to the Commission.
Evidence complaints led to service improvements — this is a common audit finding gap.

6. Restrictive practices (SIL-specific)

A current Behaviour Support Plan (BSP) from a registered Specialist Behaviour Support provider for every participant with a regulated restrictive practice in place.
Evidence that all restrictive practices are authorised under the relevant state/territory authorisation framework before implementation.
Monthly restrictive practice data reported to the NDIS Commission via the Commission portal.
Workers implementing regulated restrictive practices have documented competency in positive behaviour support.
Each BSP has a review date and evidence it has been reviewed on schedule.

Worked example: mapping evidence to the audit

The following is a realistic example of how a mid-sized SIL provider might organise their evidence folder for the Incident Management Practice Standard.

Standard requirement	Evidence document	Location in evidence pack	Status
Written incident management policy	Incident Management Policy v4.2 (reviewed March 2026)	Tab 4 — Policies	Conformant
Incident register	Incident Register Jan–Jun 2026 (spreadsheet, 47 entries)	Tab 5 — Registers	Conformant
Reportable incidents notified within required timeframe	Commission portal receipts for 3 reportable incidents (Incidents #12, #23, #41)	Tab 6 — Commission submissions	Conformant
Root-cause analysis and corrective action	RCA reports for incidents #12 and #41; corrective action log showing actions closed	Tab 7 — RCA & corrective actions	Minor gap: incident #23 RCA not yet completed
Worker training on incident reporting	Training register showing all workers completed incident reporting module in induction	Tab 3 — Workforce	Conformant

The minor gap on incident #23 would typically be noted by an auditor and an improvement action agreed. It would not ordinarily constitute a major non-conformance if isolated. However, if the pattern recurred across multiple incidents, it could be upgraded. The key lesson: proactively complete your RCAs before the audit and document them in your evidence pack.

The three most common non-conformances in SIL certification audits

Restrictive practice not authorised before implementation. Providers sometimes document a practice in a BSP but implement it before state/territory authorisation is obtained. This is a major or critical non-conformance.
Complaints not linked to service improvement. Having a register is not enough. Auditors look for evidence that complaint themes were analysed and led to change.
Outdated support plans. Plans dated more than 12 months ago without a documented review — even if the participant's circumstances have not changed — are a routine finding.

Practical steps for the final four weeks

Assemble your evidence pack in numbered tabs mirroring the Practice Standards modules your audit covers.
Run a gap analysis against each standard: for each requirement, identify the evidence document, its location, and any outstanding items.
Brief your team on the audit process — workers must be able to explain their role in incident reporting, complaints handling, and participant rights without reading from a policy.
Check all NDIS Worker Screening clearances for expiry within the next three months and initiate renewals.
Verify your Commission portal data: restrictive practice reports, incident reports, and your registration details are accurate and current.
Review your last internal audit or self-assessment findings and confirm corrective actions are closed.

If you are building your compliance documentation from scratch or have identified significant gaps, the 74-document audit-ready SIL compliance kit from ndiscompliant.com.au provides templates pre-mapped to the 2026 strengthened Practice Standards across all core and supplementary modules — a time-efficient starting point for providers who want structured, compliant documentation.

After the audit: handling non-conformances

If your audit results in non-conformances, the AQA will issue a formal report. You must submit a corrective action plan within the timeframe specified — typically 20 business days for minor and major non-conformances. The NDIS Commission reviews the corrective action plan before granting or renewing registration. Engaging with the process transparently and promptly is consistently associated with better outcomes than disputing findings.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.