What is the difference between an NDIS verification audit and a certification audit?

A verification audit is a simpler, desktop-only assessment used for lower-risk registration groups (such as plan management or support coordination). It involves reviewing your documents and self-assessment but does not include an on-site visit. A certification audit is a more rigorous two-phase process (desktop review plus on-site assessment) required for higher-risk registration groups such as SIL, behaviour support, and high-intensity daily activities. The NDIS Commission determines which audit type applies based on your registration groups.

How long does an NDIS desktop audit take?

The desktop audit phase typically takes 1 to 3 weeks from the time you submit your documents until the auditor completes their review. The actual review time depends on the volume of documents, the number of registration groups, and the auditor's workload. You may receive requests for additional documents or clarifications during this period, which can extend the timeline.

Can I fail the desktop audit before the on-site visit?

The desktop audit does not produce a pass/fail result independently. However, if the auditor identifies significant gaps during the desktop review — such as missing policies or incomplete procedures — they will raise these with you before proceeding to the on-site phase. In some cases, the auditor may delay the on-site visit until critical documentation gaps are addressed, as there would be little point conducting an on-site assessment if fundamental policies do not exist.

What documents should I send for the desktop audit?

Your auditor will provide a specific document request list, but generally you should prepare: all policies and procedures mapped to your relevant Practice Standard outcomes, your organisational chart, key personnel suitability assessments, worker screening register, training register, incident register, complaints register, continuous improvement register, sample participant files (support plans, consent forms), and your completed self-assessment against the Practice Standards.

Do auditors interview participants during the on-site audit?

Yes, participant interviews are a standard part of the on-site certification audit. Auditors may speak with participants directly, or with their families, carers, or advocates if the participant is unable to communicate or prefers to have a representative present. The auditor will ask about the participant's experience of the supports they receive, whether they feel safe, whether they have choice and control, and whether they know how to raise concerns. Participant consent is obtained before any interview.

NDIS Desktop Audit vs On-Site Audit: What's the Difference and What to Expect

Verification Audit vs Certification Audit

Before diving into the desktop and on-site phases, it is important to understand the two fundamentally different types of NDIS audit — because this determines whether you face a desktop-only process or a two-phase assessment.

The NDIS Commission assigns one of two audit pathways depending on which registration groups you are applying for:

Aspect	Verification Audit	Certification Audit
When required	Lower-risk registration groups (e.g., plan management, support coordination, therapeutic supports)	Higher-risk registration groups (e.g., SIL, behaviour support, high-intensity daily activities, SDA)
Phases	Desktop review only	Desktop review + on-site assessment
Auditor	Approved Quality Auditor (AQA)	Approved Quality Auditor (AQA)
Scope	Core Module outcomes only (typically)	Core Module + relevant supplementary modules
Typical cost	$1,500 — $4,000	$3,000 — $15,000+
Duration	1 — 3 weeks	4 — 12 weeks (both phases combined)
Staff interviews	May occur by phone/video	Conducted on-site, in person
Site visit	No	Yes — all relevant service locations

For a more detailed comparison, see our Verification vs Certification Audit guide.

SIL Providers

If you are registering to deliver Supported Independent Living (SIL), you will always undergo a certification audit — both desktop and on-site phases. SIL is classified as a higher-risk registration group because it involves 24/7 supports in a participant's home. The on-site component is essential for the auditor to assess the living environment and speak directly with participants and staff.

Phase 1: The Desktop Audit

The desktop audit (sometimes called the "Stage 1" or "document review" phase) is the first phase of a certification audit. It occurs before the on-site visit and focuses on reviewing your documented management system — your policies, procedures, registers, and records.

Purpose of the Desktop Audit

The desktop audit answers one core question: does this organisation have the documented systems necessary to meet the NDIS Practice Standards? It is a readiness check — the auditor wants to confirm that the foundation exists before investing time in an on-site assessment.

What the Auditor Reviews

During the desktop phase, the auditor will typically request and review:

All policies and procedures mapped to the relevant Practice Standard outcomes
Your completed self-assessment against the NDIS Practice Standards
Organisational chart and governance framework
Key personnel suitability documentation
Worker screening register
Training register and training records
Incident register and sample incident reports
Complaints register
Continuous improvement register
Risk register
Document control register
Sample participant files (service agreements, consent forms, support plans)
Insurance certificates

How the Desktop Phase Works

Document request: The auditor sends you a list of documents to submit, usually 2-4 weeks before the review
Document submission: You submit all requested documents electronically (email, file sharing platform, or the auditor's portal)
Auditor review: The auditor reviews all documents against the relevant Practice Standard outcomes (1-3 weeks)
Clarification requests: The auditor may request additional documents or clarifications
Desktop report: The auditor provides preliminary findings and confirms readiness for the on-site phase

Common Desktop Phase Outcomes

Ready for on-site: Documentation is substantially complete. The auditor schedules the on-site visit.
Minor gaps identified: Some documents need updating or additional information. The auditor schedules the on-site visit but notes areas for follow-up.
Significant gaps: Major documentation is missing (e.g., no incident management policy, no worker screening register). The auditor may delay the on-site visit until these gaps are addressed.

Phase 2: The On-Site Audit

The on-site audit (sometimes called "Stage 2" or "field assessment") is where the auditor visits your service locations in person to verify that your documented systems are actually being implemented in practice.

Purpose of the On-Site Audit

The on-site audit answers a different question from the desktop phase: are the documented systems actually working in practice? Having a beautifully written policy means nothing if staff do not know about it, cannot describe it, and are not following it.

What Happens During the On-Site Visit

A typical on-site audit for a small SIL provider includes the following activities:

Opening Meeting (30 minutes)

The auditor meets with management to explain the audit process, confirm the scope, agree on the schedule for the day(s), and address any logistics.

Management Interviews (1-2 hours)

The auditor interviews the director, manager, and/or compliance officer about governance, oversight, risk management, quality systems, and organisational culture. They will ask about how the organisation monitors compliance, responds to incidents, and drives continuous improvement.

Staff Interviews (1-3 hours)

The auditor conducts one-on-one interviews with frontline support staff. Staff are asked about their understanding of key policies (incident reporting, complaints, safeguarding, privacy), their daily practices, and how they ensure participant choice and control. For more on what to expect, see our NDIS Audit Interview Questions guide.

Participant Interviews (1-2 hours)

With consent, the auditor speaks with participants (or their families/advocates) about their experience of the supports they receive. This is a critical verification method — participant voices provide direct evidence of whether person-centred approaches are genuinely embedded in service delivery.

Environment Inspection (1-2 hours per property)

For SIL providers, the auditor inspects the residential properties where supports are delivered. They check fire safety equipment, emergency evacuation plans, medication storage, general cleanliness, accessibility, and whether the environment feels like a home rather than an institution.

Record Sampling (1-2 hours)

The auditor samples operational records to verify that documented procedures are being followed. This includes reviewing completed incident reports, shift notes, medication administration records, supervision records, and participant files.

Closing Meeting (30 minutes)

The auditor summarises their preliminary findings, identifies any non-conformances, and explains the next steps in the audit process. This is an opportunity to ask questions and provide any additional context.

Duration and Costs Comparison

Factor	Desktop Phase	On-Site Phase
Duration	1 — 3 weeks (auditor review time)	1 — 3 days (on-site presence)
Your time investment	5 — 20 hours (gathering and submitting documents)	Full availability during visit
Cost (included in overall audit fee)	Approximately 30-40% of total audit fee	Approximately 60-70% of total audit fee
Travel costs	None	May be charged separately if auditor travels interstate or to regional areas
Stress level	Moderate — document preparation	Higher — live assessment with interviews

What Auditors Actually Do During On-Site Visits

Understanding the auditor's methodology during the on-site visit helps you prepare more effectively. Auditors use a technique called triangulation — they verify each Practice Standard outcome by collecting evidence from at least three different sources.

The Triangulation Method

For each outcome, the auditor cross-references:

Documents: What does the policy say should happen?
Observation/Records: What do the records show actually happened?
Interviews: What do staff and participants say happens in practice?

If all three sources align, the outcome is assessed as conforming. If there are inconsistencies — for example, the policy says incidents must be reviewed within 48 hours, but the incident register shows reviews taking 2-3 weeks, and staff say "we get to it when we can" — the auditor has evidence of a non-conformance.

This is precisely why it is not enough to simply have good documents. Your documents, your records, and your staff's understanding must all tell the same story. Writing compliant progress notes is a critical part of this — use our free NDIS Notes Rewriter to ensure your shift notes meet audit standards.

Pass Both Phases First Time

The SIL Rescue Kit gives you every document the auditor will request during the desktop phase — policies, procedures, forms and registers mapped to every Core Module outcome. Customise, implement, and build your evidence base.

Get the SIL Rescue Kit — $297

How to Prepare for the Desktop Phase

The desktop phase is primarily about documentation completeness and quality. Your goal is to present a complete, well-organised set of documents that demonstrates your management system covers every required Practice Standard outcome.

Desktop Phase Preparation Checklist

Complete all policies and procedures before submitting — do not send drafts or partially completed documents
Ensure every document has proper version control (document number, version, date, approved by, review date)
Cross-reference each document to the specific Practice Standard outcome it addresses
Populate all registers with real operational data — empty registers signal that systems are not functioning
Prepare your self-assessment — complete the NDIS Practice Standards self-assessment tool honestly
Organise documents logically (by Practice Standard outcome or by document type) so the auditor can find what they need
Include a document index or cover sheet listing all submitted documents

How to Prepare for the On-Site Phase

The on-site phase is about evidence of implementation. The auditor already knows what your documents say — now they want to see whether those documents are being used in practice.

On-Site Phase Preparation Checklist

Brief all staff on the audit process — explain what the auditor will ask and reassure them it is not a personal test
Ensure all SIL properties are clean, safe, and meet environmental standards (fire safety, first aid, medication storage)
Have printed copies of key documents available on-site (policies, emergency plans, quick reference guides)
Ensure participant files are complete and accessible (with appropriate privacy protections)
Confirm which participants are available and willing to be interviewed
Prepare a private, comfortable space for the auditor to conduct interviews
Have the compliance manager or designated person available to escort the auditor and answer questions throughout the visit
Check that operational records (shift notes, incident reports, supervision records) are up to date

Summary

The NDIS certification audit is a two-phase process, and each phase tests different things. The desktop audit tests whether your systems exist on paper. The on-site audit tests whether they work in practice. Success requires preparation for both — and the best preparation starts months before the auditor's first document request.

For a comprehensive pre-audit checklist covering both phases, see our NDIS Audit Checklist 2026. And for the complete audit timeline from application to registration, read our NDIS Audit Timeline guide.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.