When does the NDIS mid-term audit happen?

The mid-term surveillance audit typically occurs around the 18-month mark of your 3-year NDIS registration period. Your Approved Quality Auditor will contact you to schedule the audit. The exact timing may vary slightly, but it is generally conducted between 15 and 21 months after your initial certification.

Is the NDIS mid-term audit the same as the initial certification audit?

No. The mid-term audit is a surveillance audit, which is narrower in scope than the full certification audit. It typically focuses on a sample of Practice Standard outcomes rather than assessing every outcome. The auditor will concentrate on areas where non-conformances were found in the initial audit, any changes to your services or structure, evidence of continuous improvement, and ongoing compliance with high-risk areas like incident management and worker screening.

How much does an NDIS mid-term audit cost?

Mid-term surveillance audits generally cost less than the initial certification audit because the scope is narrower. Expect to pay between $1,500 and $5,000 depending on your registration groups, the number of service locations, and your Approved Quality Auditor's pricing. Some auditors include the mid-term audit in the initial certification fee as a package deal.

Can you fail a mid-term audit?

Yes. If the mid-term surveillance audit identifies major non-conformances — particularly if previous non-conformances have not been resolved or new systemic issues have emerged — the auditor will report this to the NDIS Commission. The Commission may impose conditions on your registration, require a follow-up audit, or in serious cases, suspend or revoke your registration.

Do I need to use the same auditor for my mid-term audit?

Not necessarily, though it is common and often practical to use the same Approved Quality Auditor who conducted your initial certification audit. They already know your organisation, which can make the process more efficient. However, you are entitled to engage a different AQA if you prefer. Ensure any new auditor is accredited by JAS-ANZ and listed on the NDIS Commission's register.

NDIS Mid-Term Audit: What to Expect and How to Prepare

What Is the NDIS Mid-Term Audit?

The NDIS mid-term audit — formally called a surveillance audit — is a scheduled quality check that occurs partway through your 3-year NDIS registration period. It is a requirement of the certification process, mandated under the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018.

The purpose of the surveillance audit is to verify that you are maintaining compliance with the NDIS Practice Standards — not just at the point of initial certification, but on an ongoing basis. Think of it as a health check for your compliance systems.

Unlike the initial certification audit, which assesses every relevant Practice Standard outcome, the mid-term audit is a sample-based assessment. The auditor selects a subset of outcomes to assess, with particular focus on areas of higher risk and any issues identified during the initial audit.

Legal Basis

The NDIS Commission's certification scheme is accredited by JAS-ANZ (Joint Accreditation System of Australia and New Zealand). Under JAS-ANZ accreditation requirements, certification bodies (Approved Quality Auditors) must conduct surveillance activities during the certification cycle to maintain confidence in the certified organisation's ongoing compliance. This is standard practice across all ISO-style certification schemes.

When Does the Mid-Term Audit Happen?

The mid-term surveillance audit typically occurs around the 18-month mark of your 3-year registration period. However, the exact timing can vary:

Scenario	Typical Timing	Notes
Standard surveillance	15 — 21 months after initial certification	Most common timing for routine surveillance
Earlier surveillance	12 — 15 months	May occur if initial audit identified concerns or if conditions were placed on registration
NDIS Commission-directed	Any time	The Commission can request an unscheduled audit at any point if it has concerns (e.g., following complaints or reportable incidents)

Your Approved Quality Auditor will typically contact you 4 to 8 weeks before the planned surveillance audit to schedule dates and provide you with information about the scope and what documentation to prepare.

Planning Ahead

If you registered as an NDIS provider in mid-2026 (to meet the 1 July 2026 SIL deadline), your mid-term audit will likely occur in late 2027 or early 2028. This means you should be building your evidence base from the moment you receive your registration — not waiting until the auditor calls.

How the Mid-Term Audit Differs from the Initial Certification Audit

The mid-term surveillance audit is fundamentally different from the initial certification audit in several important ways.

Aspect	Initial Certification Audit	Mid-Term Surveillance Audit
Scope	All relevant Practice Standard outcomes assessed	Sample of outcomes assessed (typically 40-60%)
Focus	Whether your systems exist and are documented	Whether your systems are being maintained and improved
Duration	1 — 3 days (depending on scope)	Usually 0.5 — 1.5 days
Cost	$3,000 — $15,000+	$1,500 — $5,000
Desktop component	Comprehensive document review	Focused document review of changed or flagged areas
On-site component	Full site inspection, staff interviews, participant interviews	Targeted site visit, focused interviews
Evidence expected	Policies, procedures, initial implementation evidence	Ongoing operational records, improvement evidence, trend data

For a detailed comparison of all NDIS audit types, see our guide on NDIS Desktop Audit vs On-Site Audit.

What Auditors Focus on During the Mid-Term Audit

While the initial certification audit asks "do you have the right systems?", the mid-term audit asks "are you using them?" The auditor's focus areas typically include:

1. Resolution of Previous Non-Conformances

If your initial certification audit identified any non-conformances — minor or major — the mid-term auditor will verify that corrective actions have been implemented and sustained. This is often the single highest priority for the surveillance auditor.

They will want to see:

Evidence that the root cause was addressed (not just the symptom)
Documentation of corrective actions taken
Evidence that the fix has been sustained over time (not a one-off effort just before the audit)
Updated policies or procedures if the non-conformance related to documentation gaps

2. Changes Since Initial Certification

The auditor will examine any significant changes to your organisation since the initial audit. This includes:

New service locations or closure of existing locations
Changes in key personnel (directors, managers, compliance officers)
New registration groups added to your scope
Significant growth or reduction in participant numbers or staff
Changes to your service model (e.g., shifting from group to individual supports)
Organisational restructures or changes to governance arrangements

3. Continuous Improvement Evidence

The NDIS Practice Standards (Core Module, Outcome 2.3) require providers to demonstrate a commitment to continuous improvement. At the mid-term audit, this becomes a critical focus area because you now have 18 months of operations to draw evidence from.

The auditor expects to see:

A populated continuous improvement register with entries spanning the registration period
Evidence that incidents, complaints, and feedback have led to systemic changes
Internal audit reports (at least one completed internal audit cycle)
Updated policies reflecting lessons learned or regulatory changes
Staff training records showing ongoing professional development
Participant satisfaction data (surveys, feedback forms, interviews)

4. High-Risk Compliance Areas

Regardless of what was covered in the initial audit, the mid-term auditor will typically sample from high-risk areas including:

Incident management: Are incidents being recorded, reported, and reviewed? Is the reportable incidents framework being followed?
Worker screening: Are all staff current with their NDIS Worker Screening Checks? What about new starters since the initial audit?
Restrictive practices: If applicable, are restrictive practices being authorised, reported, and reviewed in accordance with state/territory requirements?
Complaints management: Are complaints being received, recorded, investigated, and resolved?

5. Participant Experience

The auditor may interview participants (or their representatives) to verify that supports are being delivered in a person-centred manner. They may ask about:

Whether participants feel they have choice and control over their supports
Whether they know how to make a complaint
Whether their support plans are reviewed regularly
Whether they feel safe and respected

Keep Your Documentation Current

The SIL Rescue Kit includes 10 registers — incident, complaints, training, worker screening, continuous improvement and more — designed to be maintained throughout your registration period. Start filling them from day one.

Get the SIL Rescue Kit — $297

Preparation Timeline: 6 Months Before Your Mid-Term Audit

While ongoing compliance should be a daily practice, a structured preparation timeline helps you identify and address gaps before the auditor arrives.

6 Months Before

Confirm your expected mid-term audit date with your AQA
Review your initial audit report and note all non-conformances and observations
Conduct a self-assessment against the Practice Standard outcomes your initial audit covered
Check that all policies and procedures are within their scheduled review dates

3 Months Before

Complete an internal audit cycle covering key risk areas
Verify all worker screening checks are current (check expiry dates)
Review and update your continuous improvement register
Ensure all incident reports are complete and include root cause analysis and follow-up actions
Update your organisational chart if there have been personnel changes

1 Month Before

Organise your evidence folders (electronic or physical) so documents can be located quickly during the audit
Brief staff on the upcoming audit — remind them of key policies and procedures
Review participant files for completeness (consent forms, support plans, progress notes)
Prepare a summary document for the auditor showing changes since the initial audit and continuous improvement activities

1 Week Before

Confirm logistics with the auditor (dates, times, locations, who will be available for interviews)
Ensure management and key staff are available on audit day(s)
Do a final spot-check of high-risk areas: incident register, worker screening register, complaints register

Document Review and Evidence Checklist

Use this checklist to verify your documentation is ready for the mid-term surveillance audit. Each item should have evidence spanning the period since your initial certification.

Governance and Management

Current organisational chart reflecting actual structure
Board/management meeting minutes demonstrating oversight of compliance
Updated risk register with new risks identified since initial audit
Current strategic or operational plan (if applicable)

Human Resources

Worker screening register — all staff current, no expired checks
Training register showing ongoing staff training and professional development
Supervision records for all direct support staff
Completed performance reviews (if due during the period)
Induction records for all new staff hired since initial audit

Incident and Risk Management

Incident register with all incidents recorded, classified, and followed up
Evidence of reportable incidents notified to the NDIS Commission within 24 hours
Root cause analysis and corrective actions for significant incidents
Updated risk assessments reflecting current risks

Quality and Continuous Improvement

Continuous improvement register with entries from across the registration period
At least one completed internal audit report
Complaints register showing complaints received, investigated, and resolved
Participant feedback data (surveys, formal feedback, informal feedback records)
Evidence that feedback and complaints have led to changes in practice

Participant Records

Support plans reviewed and updated within the required timeframe
Progress notes demonstrating ongoing goal-linked support delivery
Current consent forms for all participants
Evidence of participant involvement in support planning decisions

Need help writing compliant progress notes? Our free NDIS Notes Rewriter converts rough shift notes into audit-ready documentation in seconds.

Common Mid-Term Audit Findings and How to Avoid Them

Based on auditor feedback and provider experience, these are the most frequently encountered issues at mid-term surveillance audits.

1. Previous Non-Conformances Not Fully Resolved

The problem: The provider addressed the immediate issue after the initial audit but did not implement systemic changes to prevent recurrence. The auditor finds the same type of problem recurring.

How to avoid it: When addressing non-conformances from your initial audit, focus on root cause analysis and systemic fixes rather than quick patches. Document what you changed and monitor whether the change is effective over time. For detailed guidance, see our Corrective Action Plan guide.

2. Continuous Improvement Register Is Empty or Sparse

The problem: The provider created a continuous improvement register for the initial audit but has not added any entries since. The register is essentially blank for the past 18 months.

How to avoid it: Schedule a monthly or quarterly review where you add entries to the continuous improvement register. Sources for entries include incident trends, complaint themes, staff feedback, participant feedback, internal audit findings, and regulatory changes.

3. New Staff Not Properly Inducted or Screened

The problem: Staff hired after the initial audit do not have complete induction records, have not signed code of conduct acknowledgements, or have gaps in their NDIS Worker Screening Check documentation.

How to avoid it: Use a standardised induction checklist for every new starter. Verify worker screening before the first day of supported work. Maintain a central register that flags upcoming screening expiry dates.

4. Policies Not Updated After Changes

The problem: The organisation's circumstances have changed (new location, new services, new management) but policies still reflect the old structure. Document control registers show no policy reviews since the initial audit.

How to avoid it: Set policy review dates that fall within your registration period. When significant changes occur, trigger an immediate policy review. Update the document control register every time a policy is reviewed or revised.

5. Incident Reports Lacking Follow-Up

The problem: Incidents are being recorded, but there is no evidence of investigation, root cause analysis, or corrective actions. The incident register is a log of events with no evidence of learning.

How to avoid it: For every incident, require a follow-up section that documents what was investigated, what was found, and what was changed. Even for minor incidents, a brief note explaining the follow-up demonstrates a culture of continuous improvement.

Summary

The NDIS mid-term surveillance audit is not something to fear — it is a predictable, manageable quality check that verifies your ongoing compliance. The key to success is treating compliance as an everyday operational practice rather than an audit-day performance.

Providers who maintain their registers, update their policies, and build genuine evidence of continuous improvement throughout their registration period consistently perform well at mid-term audits. Those who neglect their compliance systems between audits risk non-conformances, conditions on registration, and — ultimately — a more difficult renewal audit at the end of the 3-year cycle.

Start building your evidence base from day one, and the mid-term audit becomes a straightforward confirmation of the good work you are already doing.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.