How far in advance should NSW NDIS providers start preparing for a certification audit?

Most experienced providers recommend starting at least five to six months before your registration renewal date. This allows time for a thorough internal gap analysis, policy updates, worker screening remediation, and sufficient lead time to engage an approved quality auditor for both Stage 1 and Stage 2 of the certification process.

What is the difference between a certification audit and a verification audit?

A certification audit is required for providers delivering higher-risk or complex supports — including SIL, specialist behaviour support, and any supports involving restrictive practices. It involves a document review (Stage 1) and an on-site visit with staff interviews (Stage 2). A verification audit is a lighter-touch process for lower-risk providers with a narrower support scope, typically sole traders or small operators.

Do NSW NDIS providers need both NDIS Commission and NSW state authorisation for restrictive practices?

Yes. NSW SIL providers must comply with both the NDIS Commission's reporting and authorisation requirements under the NDIS (Restrictive Practices and Behaviour Support) Rules and the separate NSW authorisation framework under state disability legislation. Both obligations apply simultaneously and must be evidenced in behaviour support records.

What happens if a non-conformance is found during the audit?

Approved quality auditors issue non-conformance notices at two levels: major (systemic or high-risk failures requiring urgent remediation) and minor (isolated or low-risk gaps). Providers are given a defined period to address findings and provide evidence of corrective actions. Unresolved major non-conformances can result in the Commission declining or conditioning your registration.

Which NDIS Practice Standards modules apply to SIL providers in NSW?

SIL providers are assessed against the core NDIS Practice Standards modules — rights and responsibilities, governance and operational management, provision of supports, and support provision environment — plus the specialist support module covering high-intensity daily personal activities, if applicable. Providers delivering behaviour support or using restrictive practices are also assessed against those specific modules.

How often do NDIS worker screening checks need to be renewed in NSW?

NDIS Worker Screening Checks in NSW are valid for five years from the date of issue. Providers are responsible for tracking expiry dates and ensuring workers in risk-assessed roles complete renewal applications before their current check lapses. Operating with an expired check in a risk-assessed role is a reportable compliance breach.

NDIS Audit Preparation in NSW (2026 Guide)

Who Needs an NDIS Audit in NSW?

Any organisation or sole trader registered with the NDIS Commission to deliver regulated supports in New South Wales must undergo a quality audit as part of initial registration and ongoing re-registration. The type of audit — certification or verification — depends on the risk level of the supports you deliver.

Providers delivering higher-risk supports, including Supported Independent Living (SIL), specialist behaviour support, or any support involving restrictive practices, are required to undergo a full certification audit conducted by an approved quality auditor (AQA) against all applicable NDIS Practice Standards modules.

Verification audits apply to lower-risk sole traders and small providers delivering a narrower support scope. Both pathways are governed by the NDIS (Provider Registration and Practice Standards) Rules.

What the Strengthened Framework Means for 2026

The NDIS Commission has progressively introduced a strengthened regulatory model that raises the bar on provider accountability. Key changes relevant to NSW SIL and disability support providers heading into 2026 include:

Expanded Practice Standards: The strengthened Practice Standards include more explicit requirements around participant choice and control, supported decision-making, and personalised service delivery. Auditors assess not just whether a policy exists but whether it demonstrably influences practice.
Mandatory worker screening: All workers in risk-assessed roles must hold a valid NDIS Worker Screening Check. In NSW this is administered by the NSW Office of the Children's Guardian. Providers must maintain an up-to-date register of worker screening outcomes and renewal dates.
Incident management obligations: All reportable incidents — including allegations of abuse, neglect, or unauthorised restrictive practices — must be notified to the NDIS Commission within prescribed timeframes. Auditors scrutinise whether your incident register, investigation process, and follow-through actions are consistent with Commission guidance.
Behaviour support and restrictive practices: Any SIL provider whose participants have behaviour support plans authorising regulated restrictive practices must comply with NSW authorisation requirements as well as NDIS Commission reporting rules. Auditors will cross-reference behaviour support plan records with restrictive practice reports.

Step-by-Step: How to Prepare for Your 2026 NDIS Audit

Confirm Your Audit Type and Timeline

Log into the myNDIS provider portal and check your registration renewal date and support scope. Determine whether you require a certification or verification audit. Certification audits have two stages — Stage 1 (document review) and Stage 2 (site visit and staff interviews) — and the full process can take several months. Build your timeline backwards from the registration expiry date, aiming to engage your AQA at least five to six months out.
Conduct an Internal Gap Analysis

Map your current policies and procedures against each NDIS Practice Standards quality indicator relevant to your registration groups. Common gaps for SIL providers include:
- Absence of a formalised supported decision-making policy
- Outdated or undated incident management procedures
- Behaviour support records not linked to the relevant participant's service agreement
- Incomplete worker screening registers with expired checks
- No documented process for reviewing and updating individual service plans
Update and Validate Core Policies

Every mandatory policy must be current, version-controlled, and accessible to relevant staff. For SIL providers, the minimum essential policy set typically includes: incident and accident management; complaints handling; privacy and information management; behaviour support and restrictive practices; emergency and continuity of support; and governance and risk management. Policies must reference the current legislative framework, including the National Disability Insurance Scheme Act 2013 and relevant Practice Standards Rules.
Audit Your Worker Records

Prepare a complete register of all current workers and contractors, their roles, whether those roles are risk-assessed, and the status of their NDIS Worker Screening Check. Confirm that no worker in a risk-assessed role is operating with a pending, expired, or cleared-with-conditions screening outcome that has not been properly managed. Your AQA will ask to sight this register and may cross-check records with Commission data.
Review Participant Records and Consent Frameworks

Each participant's file should include a current service agreement, an up-to-date support plan, documented consent processes, and evidence that the participant (and where appropriate, their nominated representative) has been involved in planning decisions. Auditors look for evidence that supports are genuinely participant-directed, not just administratively ticked off.
Prepare Staff for Interviews

Stage 2 certification audits include interviews with frontline workers, team leaders, and management. Staff should be able to articulate how they handle incidents, how they support participants to make decisions, what they would do if they witnessed abuse or neglect, and where they would find key policies. Run internal mock interviews and address knowledge gaps before the audit date.
Engage an Approved Quality Auditor Early

The NDIS Commission publishes a list of approved quality auditors on its website. Select an AQA with demonstrated experience in SIL and complex support environments. Share your gap analysis and allow adequate time for the AQA to provide pre-audit guidance. The earlier you engage, the more time you have to remediate findings before the formal assessment.

What Auditors Actually Check: Common Non-Conformances

Based on publicly available NDIS Commission guidance and the Practice Standards framework, approved quality auditors most frequently identify non-conformances in the following areas:

Area	Common Non-Conformance	Fix
Incident Management	Incidents not notified to the Commission within required timeframes	Implement a triage decision tree and assign a designated incident officer
Restrictive Practices	Regulated practices used without NSW authorisation or without NDIS Commission reporting	Audit all behaviour support plans; confirm dual compliance pathway
Worker Screening	Expired or missing checks for risk-assessed roles	Set calendar reminders 90 days before each check renewal date
Complaints	No evidence complaints were acknowledged, investigated, or resolved	Introduce a complaints register with mandatory outcome fields
Governance	Policies undated, unsigned, or not reviewed within the stated review cycle	Implement a document control register with version history
Participant Outcomes	Support plans not updated to reflect changing participant goals	Schedule mandatory six-monthly plan review meetings and document outcomes

A Realistic Policy Snippet: Incident Notification Procedure

Below is an example of the type of procedure language an approved quality auditor expects to see in a SIL provider's incident management policy. This is a template excerpt only — it must be adapted to your organisation's actual structure and systems.

Incident Notification — Internal and NDIS Commission Reporting

Upon becoming aware of a reportable incident as defined under the NDIS (Reportable Incidents) Rules, the attending support worker must notify their direct supervisor immediately and no later than the end of the shift in which the incident occurred. The supervisor must complete an internal incident report within 24 hours.

The Incident Officer must review the report and determine whether the incident meets the threshold for notification to the NDIS Commission. Where notification is required, the initial report must be submitted via the NDIS Commission portal within the timeframe specified under the applicable Rules. A follow-up report including investigation findings and corrective actions must be submitted within the timeframe required by the Commission.

All incident records are maintained in [System Name] and are accessible to authorised staff. The Incident Register is reviewed by the Quality Manager monthly and tabled at the Board/Management Committee quarterly.

NSW-Specific Considerations

NSW providers face a dual compliance obligation: NDIS Commission requirements and NSW state legislation. For restrictive practices, the NSW Disability Inclusion Act and associated guidelines govern authorisation for regulated restrictions used in supported accommodation settings. Providers must hold current NSW authorisations — not just NDIS Commission approval — before any regulated restrictive practice is implemented.

The NSW NDIS Commission office also conducts its own compliance monitoring activities separate from the formal audit cycle. Responding promptly to Commission enquiries and maintaining accurate registration details reduces the risk of compliance investigations that could affect your registration status.

Building an Audit-Ready Culture Year-Round

Providers who struggle most at audit time are those who treat compliance as a once-every-three-years event. Sustainable audit readiness means embedding quality indicators into daily operations: regular internal audits, quarterly policy reviews, ongoing staff training, and a live incident register that is actively managed rather than retrospectively completed.

If your organisation is building out your SIL compliance documentation from scratch or updating a legacy policy set, the 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au provides a structured starting point aligned to the current NDIS Practice Standards — covering everything from governance policies to behaviour support templates and worker screening checklists.

Regardless of the tools you use, the principle is the same: auditors are looking for evidence of a genuine quality system, not a folder of documents assembled the week before the site visit.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.

Who Needs an NDIS Audit in NSW?

What the Strengthened Framework Means for 2026

Step-by-Step: How to Prepare for Your 2026 NDIS Audit

Confirm Your Audit Type and Timeline

Conduct an Internal Gap Analysis

Update and Validate Core Policies

Audit Your Worker Records

Review Participant Records and Consent Frameworks

Prepare Staff for Interviews

Engage an Approved Quality Auditor Early

What Auditors Actually Check: Common Non-Conformances

A Realistic Policy Snippet: Incident Notification Procedure

NSW-Specific Considerations

Building an Audit-Ready Culture Year-Round

Frequently asked questions

Also read

Get the free SIL Readiness Pack