What happens if you fail an NDIS certification audit?

Failing does not automatically end your registration. If the auditor issues a major non-conformity, you will typically have 3 months to address it and provide corrective evidence before the auditor can recommend certification. For minor non-conformities, you usually have up to 12 months to resolve them within your certification period. The NDIS Commission reviews the auditor's final report and makes the registration decision — they may impose conditions, suspend, or refuse registration in serious cases.

Can you appeal an NDIS certification audit outcome?

Yes. If the NDIS Commission makes a registration decision you disagree with — such as refusal or imposing conditions — you can apply to the Administrative Review Tribunal (ART, formerly the AAT) for merits review. You can also raise concerns directly with your Approved Quality Auditor during the audit if you believe a finding is factually incorrect. Auditors must provide you with a draft report and allow you to respond before it is finalised.

How long does an NDIS certification last?

An NDIS registration certificate is valid for 3 years. During that period, you are typically subject to a mid-term (18-month) surveillance audit against the same Practice Standards. At the end of the 3-year period, you must undergo a full recertification audit to renew your registration. The NDIS Commission will notify you of upcoming audit requirements.

What is the difference between Approved Quality Auditors, and does it matter which one you choose?

All Approved Quality Auditors (AQAs) must be accredited by JAS-ANZ (Joint Accreditation System of Australia and New Zealand) and listed on the NDIS Commission's register. However, AQAs differ in price, turnaround time, sector experience, and communication style. For providers of specialist disability accommodation or high-intensity supports, choosing an auditor with specific experience in those support categories can reduce the risk of misapplied findings. Always request a quote from at least two AQAs and check their scope of accreditation matches your registration groups.

Can you prepare your own NDIS audit documents, or do you need a consultant?

You can absolutely prepare your own documents — and many small providers do. The NDIS Commission publishes the Practice Standards and Audit Methodology openly, so the requirements are not secret. What most providers lack is time and pre-formatted templates that match what auditors expect. A document preparation kit (like the NDISCompliant SIL Rescue Kit) gives you audit-ready policies, procedures, and evidence frameworks that you then populate with your own organisation's details. This is a practical middle ground between building everything from scratch and paying a consultant tens of thousands of dollars.

NDIS Certification Audit Guide: What to Expect and How to Prepare

1. What is an NDIS Certification Audit?

An NDIS certification audit is a formal, third-party assessment of a registered NDIS provider's systems, policies, and practices against the NDIS Practice Standards. It is conducted by an Approved Quality Auditor (AQA) — an independent auditing body accredited by JAS-ANZ (the Joint Accreditation System of Australia and New Zealand) — and the outcome is reported to the NDIS Quality and Safeguards Commission, which makes the final registration decision.

The certification audit sits at the more rigorous end of the NDIS audit spectrum. It is not a paper-only exercise. Auditors will visit your site, interview your staff and the people you support, and examine live evidence of how your organisation operates day-to-day — not just what your policies say.

Certification Audit vs Verification Audit: What's the Difference?

The NDIS uses two audit types depending on the risk profile of the supports a provider delivers:

Feature	Verification Audit	Certification Audit
Scope	Documents and attestations only	Documents, site visits, and interviews
Depth	Desktop review against a shorter standard	Full Practice Standards assessment
On-site visit	Not required	Required (1–3 days typically)
Staff interviews	Not required	Required — front-line and management
Participant interviews	Not required	Required where participants can engage
Cost range	$1,500–$4,000	$3,000–$15,000+
Applies to	Lower-risk support categories	Higher-risk/complex support categories

The verification audit covers the Verification Module of the Practice Standards — a shorter set of requirements focused on provider governance and worker screening. The certification audit covers the Core Module and any applicable Supplementary Modules (such as the High Intensity Daily Personal Activities module or the Specialist Disability Accommodation module).

Important Distinction

A provider can hold both registration groups requiring verification AND groups requiring certification. In that case, only a certification audit is required — it is broader and subsumes the verification requirements. Do not pay for a separate verification audit if you already need certification.

2. Which Providers Need a Certification Audit?

The NDIS Commission assigns each registration group to either verification or certification based on the level of risk to participant safety and the complexity of the supports. Certification is required for registration groups that involve higher levels of personal care, behavioural support, or around-the-clock service delivery.

As of 2026, registration groups that require certification include (but are not limited to):

0107 — Daily Tasks / Shared Living (Supported Independent Living / SIL and group home supports)
0115 — Daily Activities (assistance with daily life and personal care delivered in a participant's home)
0116 — Innovative Community Participation
0117 — Specialist Disability Accommodation (SDA)
0106 — Support Coordination (when delivered as plan management with complex needs)
0104 — High Intensity Daily Personal Activities
0113 — Specialist Supportive Employment
0136 — Group and Centre Based Activities
0110 — Early Childhood Supports
Any registration group flagged as a Specialist Support in the NDIS Commission's registration group list

If you are uncertain whether your registration groups require certification or verification, check the NDIS Commission's audit requirements page or request clarification from your AQA at the quoting stage.

3. The Two Phases: Desktop Review and On-Site Audit

A certification audit is conducted in two sequential phases. Understanding the purpose and timing of each phase lets you prepare the right evidence at the right time — and avoid the common mistake of sending everything at once and overwhelming your auditor.

Phase 1 — 2 to 4 weeks

Desktop Review (Stage 1 Audit)

You submit your document portfolio to the AQA electronically. The auditor reviews your policies, procedures, governance documents, worker screening records, and evidence frameworks against the Practice Standards. They are assessing whether your documented systems are capable of producing safe, quality outcomes — before they see your service in action. At the end of Stage 1, the auditor will confirm whether any critical gaps need to be addressed before the on-site visit, or whether Stage 2 can proceed as planned.

Gap between phases — typically 2 to 6 weeks

Preparation Window

If Stage 1 reveals gaps in your document portfolio, this is your opportunity to remediate before auditors arrive. Do not wait until Stage 1 findings land to start preparing your physical site and staff. Use this window for staff briefings, mock interviews, and final evidence compilation.

Phase 2 — 1 to 3 days on-site

On-Site Audit (Stage 2 Audit)

The auditor (or a team of auditors for larger organisations) visits your service locations. They conduct structured interviews with management, front-line support workers, and where appropriate, participants and their families. They physically inspect premises, review live care records, observe practice, and cross-check what they see against what your documentation promises. The number of on-site days scales with your organisation's size, number of sites, and complexity of supports.

Typical Audit Timeline: End to End

From engagement of an AQA to receipt of the final audit report, most providers should plan for 10 to 16 weeks. Add another 4–8 weeks for the NDIS Commission to process the report and issue (or decline) registration. Build your timeline well before your registration expiry — do not engage an AQA less than 6 months before your registration lapses.

4. What Auditors Actually Look For (Mapped to the Practice Standards)

The NDIS Practice Standards Core Module contains 8 outcome areas, divided across individual rights and provider governance. Every requirement within these outcome areas is assessed against the indicator evidence during your certification audit. Below is a breakdown of each, with the specific evidence auditors look for.

Outcome Area 1 — Rights and Responsibilities

Standard	Outcome	Key Evidence Auditors Examine
1.1	Individual Values and Beliefs	Cultural support plans, evidence of reasonable adjustments for religious/cultural practices, staff training on diversity
1.2	Privacy and Dignity	Privacy policy, consent forms, records management procedures, evidence of information-handling in practice
1.3	Independence and Informed Choice	Participant service agreements, evidence of choice documentation, complaints records showing options were presented
1.4	Violence, Abuse, Neglect, Exploitation and Discrimination (VANED)	VANED policy, mandatory reporting procedure, staff training completion records, incident register showing VANED categories
1.5	Reportable Incidents	Incident management system, evidence of NDIS Commission reportable incident notifications, trend analysis

Outcome Area 2 — Governance and Operational Management

Standard	Outcome	Key Evidence Auditors Examine
2.1	Governance and Operational Management	Organisational structure chart, board/management meeting minutes, financial governance documents, risk register
2.2	Risk Management	Risk management policy, live risk register with current assessments, evidence of risk review cycle, individual participant risk plans
2.3	Quality Management	Quality management policy, internal audit schedule and completed audits, corrective action records, continuous improvement register
2.4	Information Management	Records management policy, evidence of secure storage (digital and physical), retention and disposal schedule, privacy impact assessments
2.5	Feedback and Complaints Management	Complaints policy, accessible complaints mechanism (Easy English version if serving participants with cognitive disability), complaints register with outcomes
2.6	Continuity of Supports	Business continuity plan, succession plan for key roles, emergency procedures, evidence of how continuity is communicated to participants

Supplementary Modules

If you deliver Specialist Disability Accommodation, Specialist Behaviour Support, Early Childhood Supports, or High Intensity Daily Personal Activities, additional module-specific standards apply. These go beyond the Core Module and require evidence of restrictive practice authorisation, behaviour support plans signed by a registered behaviour support practitioner, and SDA dwelling compliance, depending on the module. Confirm which supplementary modules apply to your registration groups before you begin evidence collection.

How Auditors Record Their Findings

For each standard and indicator, the auditor will record one of three outcomes:

Conformity — The provider meets the requirement. Evidence is sufficient and consistent with practice observed on site.
Minor Non-Conformity — A requirement is partially met or evidence is incomplete, but the gap does not pose an immediate risk to participants. Typically remediated within the certification period (up to 12 months).
Major Non-Conformity — A fundamental failure to meet a requirement, or a pattern of minor non-conformities that together indicate a systemic problem. A major non-conformity must be closed before the auditor can recommend certification. Providers usually have 3 months to provide corrective evidence.

A single major non-conformity does not automatically mean your registration is refused — but it will delay your certificate while you remediate and re-submit evidence.

5. The Audit Evidence Checklist — What to Have Ready

Auditors do not give you a pass for having policies that have never been applied. Every policy must be supported by evidence that it is operating in practice. Below is the core evidence portfolio you need to assemble before your desktop review begins.

Governance and Corporate Documents

Certificate of registration (ASIC / state body) and current ABN confirmation
Organisational chart showing reporting lines and key management roles
Board or management meeting minutes (minimum last 12 months)
Financial statements or management accounts (demonstrating organisational viability)
Key person insurance and professional indemnity insurance certificates
NDIS Worker Screening clearance records for all workers in risk-assessed roles
Working With Children Checks where applicable by state/territory law

Policy and Procedure Suite

VANED (Violence, Abuse, Neglect, Exploitation, Discrimination) policy and procedure
Reportable Incidents policy — referencing the 7 NDIS Commission reportable incident types
Complaints and feedback management policy (including accessible format)
Privacy and information management policy
Risk management policy and risk assessment procedure
Continuity of supports / business continuity plan
Behaviour support and restrictive practices policy (if applicable)
Medication management policy (if applicable)
WHS / work health and safety policy
Recruitment and workforce management policy
Quality management and continuous improvement policy

Operational Records

Incident register — populated with real incidents for the past 12 months, showing investigation and outcome
Complaints register — showing date received, nature, action taken, outcome, and whether escalated
Corrective action / continuous improvement register
Internal audit records (at least one completed internal audit cycle)
Staff training register — showing induction training, VANED training, and any mandatory refreshers
Risk register — current, with review dates and risk owners

Participant Records (sample will be reviewed)

Signed service agreements for all current participants
Support plans / individual service plans — person-centred, goals-based
Consent forms (for sharing information, photography, advocacy involvement)
Individual risk assessments (manual handling, behaviours of concern, environmental)
Progress notes demonstrating support delivered against plan goals
Evidence of annual review or review when circumstances change

Don't Build Your Document Suite From Scratch

The NDISCompliant SIL Rescue Kit provides 40+ audit-ready policies, procedures, and evidence templates pre-mapped to the NDIS Practice Standards Core Module. Built for small providers preparing for certification — not generic compliance filler.

Get the SIL Rescue Kit — $297

6. Common Audit Failures and How to Avoid Them

Most first-time certification failures are predictable. The same gaps appear repeatedly across providers of all sizes. Here are the six most common causes of non-conformity findings — and what you can do before your audit to close them.

Failure 1: Policies That Have Never Been Applied

A policy document sitting in a folder without any evidence it has been read, trained, or applied in practice will always generate a finding. Auditors will ask workers: "What do you do when a participant makes a complaint?" If the answer does not match your complaints procedure, your policy is a paper exercise. Fix: Run a staff briefing on every key policy within 3 months of your audit. Record attendance. Ask workers to sign a policy acknowledgement register.

Failure 2: Incomplete Incident Records

Incident registers with blank fields — no investigation notes, no outcome recorded, no evidence the participant or their family was notified — are a major red flag. Equally, an incident register with very few entries for an active SIL provider will lead auditors to suspect under-reporting rather than excellent safety. Fix: Audit your incident register 60 days before Stage 1. Ensure every entry has: date, nature, immediate action, investigation notes, outcome, and a follow-up review date.

Failure 3: Worker Screening Gaps

A single worker delivering supports without a current NDIS Worker Screening clearance is enough for a major non-conformity. This includes casual workers, volunteers in participant-facing roles, and new starters who began work before their clearance was issued. Fix: Run a clearance audit across your entire workforce — permanent, casual, and agency — at least 8 weeks before your Stage 1 submission. Cross-check expiry dates.

Failure 4: Support Plans That Are Out of Date or Generic

Support plans that do not reflect the participant's current goals, that use identical language across multiple participants, or that have not been reviewed in more than 12 months will draw scrutiny. Auditors will cross-reference progress notes against plan goals to check whether the plan is driving practice. Fix: Conduct a file audit of every active participant. Update plans where goals have been achieved, changed, or not reviewed. Personalise language — no copy-pasted paragraphs.

Failure 5: Complaints Register Showing No Complaints

An empty complaints register is almost never a sign of a complaint-free service. It usually signals that complaints are being handled informally (and not recorded) or that participants do not know how to raise concerns. Auditors will interview participants and ask directly whether they have ever raised a concern — and then check whether it appears in your register. Fix: Review the past 12 months. If informal concerns were raised and resolved verbally, record them retrospectively (with a note that they were handled informally). Distribute Easy English "How to Make a Complaint" brochures and keep a distribution record.

Failure 6: No Evidence of Quality Improvement Activity

Standard 2.3 requires not just a quality management policy but evidence of a functioning quality cycle. If your organisation cannot produce a completed internal audit, a corrective action with documented resolution, or a continuous improvement register with actual entries, you will not demonstrate conformity. Fix: Complete at least one internal audit of your own systems before Stage 1. Record the findings — even if they are minor — and show the corrective actions you took. This demonstrates a functioning quality management system.

7. How to Choose an Approved Quality Auditor

All AQAs must be accredited by JAS-ANZ and appear on the NDIS Commission's published register of Approved Quality Auditors. You can search the register on the NDIS Commission website. As of 2026, there are approximately 20 AQAs operating nationally, ranging from large certification bodies to smaller specialist firms.

While all AQAs are held to the same accreditation standard, they differ meaningfully in ways that matter to small providers:

Scope of Accreditation

Each AQA is accredited to audit specific registration groups. An AQA accredited for SIL and SDA audits will have auditors with practical experience of those support environments. Check that the AQA's scope covers all of your registration groups before engaging them — not all AQAs audit all groups.

Price and What's Included

AQA quotes vary significantly for the same audit. Price differences usually reflect travel costs, auditor day rates, and whether the quote includes report writing, corrective action review, or only the initial audit. Always request an itemised quote and clarify: Is the corrective action review included? What happens if you need a follow-up visit after a major non-conformity?

Experience With Your Provider Type

A sole trader delivering community access supports has very different documentation needs to a 40-person residential provider. Choose an AQA who regularly audits organisations of your size and complexity. Ask directly: "How many organisations similar to ours have you audited in the past 12 months?"

Communication and Pre-Audit Support

Some AQAs offer a pre-audit gap analysis or readiness review (sometimes at additional cost). This can be valuable for first-time registrants. Others provide very little pre-audit guidance. Clarify what communication you will receive between engagement and Stage 1 submission.

Practical Tip

Get at least two quotes. The cheapest AQA is not always the best choice, but quotes for the same scope can legitimately vary by $2,000–$5,000. Always compare on a like-for-like basis — the same number of on-site days and the same scope of registration groups.

8. Certification Audit Costs in Australia (2025/2026)

AQA fees are not regulated by the NDIS Commission — each auditing body sets its own rates. The figures below represent the typical market range as of 2025/2026, based on provider size and complexity. They do not include additional costs such as corrective action reviews, supplementary module audits, or travel expenses for remote providers.

Provider Size	Typical AQA Fee Range	On-Site Days (Approx.)	Notes
Sole trader / 1–2 workers	$3,000 – $5,000	1 day	Applies where only 1–2 registration groups require certification; single location
Small provider (3–10 staff)	$5,000 – $9,000	1–2 days	Multiple registration groups; 1–3 sites; SIL providers at upper end
Medium provider (11–50 staff)	$8,000 – $15,000	2–3 days	Multiple sites; complex support mix; SDA and high intensity supports add cost
Larger provider (50+ staff)	$15,000+	3+ days, potentially multiple auditors	Scope-dependent; organisations with 5+ sites may face significantly higher costs

Additional Costs to Budget For

Travel and accommodation: If your service is not in a capital city, expect travel costs to be passed on. Some AQAs charge travel at cost; others include it in a higher flat rate. Clarify in your quote.
Corrective action review: If a major non-conformity is issued, reviewing your corrective action submission may be billed separately — typically $500–$2,000.
Mid-term surveillance audit: Budget for this at the 18-month mark. Surveillance audits are typically 40–60% of the initial certification cost.
Document preparation: If you are building your policy suite from scratch, factor in either consultant costs ($5,000–$20,000+) or a document kit like the NDISCompliant SIL Rescue Kit ($297) that gives you the foundation to build on.
NDIS Commission application fee: The Commission charges a registration application fee. For new providers, this is currently $530 (indexed annually). This is separate from AQA fees.

Budget Reality

The total cost of your first certification cycle is not just the AQA fee. When you add document preparation, staff time allocated to audit preparation, any pre-audit gap analysis, and the mid-term surveillance audit 18 months later, the realistic all-in cost for a small SIL provider over 3 years is often $15,000–$30,000. Plan for it.

9. After the Audit: Findings, Remediation, and Certificate

Once the on-site audit is complete, the process moves through a defined sequence before you receive (or are refused) your registration certificate.

Step 1: Draft Report

Within approximately 2–4 weeks of the on-site audit, your AQA will provide a draft audit report. This will list all findings — conformities and non-conformities — with reference to the specific Practice Standard indicator and the evidence basis for each finding. You have the right to review this draft and raise factual disputes before the report is finalised. This is not the time to argue about the auditor's interpretation of the standard — but if a finding is based on a factual error (for example, a clearance record the auditor did not see), raise it in writing immediately.

Step 2: Corrective Actions (if required)

For any non-conformity findings, you must prepare a Corrective Action Plan (CAP) and submit it to your AQA. The CAP must include:

The root cause of the non-conformity (not just a description of what was wrong)
The specific corrective action taken or planned
The evidence you are providing to demonstrate closure
The date by which the action will be completed

For major non-conformities, the auditor must verify your corrective action evidence before recommending certification. This may require a follow-up document review or, in some cases, a return site visit. For minor non-conformities, the auditor typically accepts your CAP and includes an outstanding condition in their recommendation to the Commission — you then have up to 12 months to close those findings.

Step 3: Final Audit Report Submitted to the Commission

Once non-conformities are resolved (or conditions noted for minor ones), your AQA submits the final audit report and a certification recommendation to the NDIS Quality and Safeguards Commission. The AQA does not grant your registration — they make a recommendation. The Commission is the decision-maker.

Step 4: Commission Decision

The NDIS Commission typically reviews the audit report and issues a registration decision within 4–8 weeks of receiving the final report. Possible outcomes are:

Registration approved: Your registration certificate is issued, valid for 3 years. You will receive your registration number and a list of approved registration groups.
Registration approved with conditions: You are registered, but the Commission imposes conditions — such as a requirement to address outstanding minor non-conformities within a specified period or submit to an earlier surveillance audit.
Registration refused: The Commission determines you do not meet the requirements for registration. You will receive written reasons and information about your review rights.

Step 5: Ongoing Obligations After Certification

Receiving your certificate is not the end of your compliance obligations — it is the beginning of a 3-year monitoring cycle. Key ongoing obligations include:

Maintaining all systems and records evidenced during the audit (not just until the auditor leaves)
Notifying the NDIS Commission of reportable incidents within required timeframes (24 hours for priority incidents, 5 days for others)
Notifying the Commission of key personnel changes within 90 days
Preparing for your mid-term surveillance audit at approximately 18 months
Engaging an AQA for recertification at least 6 months before your 3-year certificate expires

Audit-Ready Documents, Built for Small NDIS Providers

The NDISCompliant SIL Rescue Kit includes 40+ policies, procedures, and evidence templates pre-mapped to the NDIS Practice Standards Core Module. Save weeks of preparation time and go into your desktop review with a complete, professionally structured document portfolio.