Do plan management providers need to be registered with the NDIS Commission?

Yes. Plan management is a registration group that requires NDIS Commission registration. Providers must meet the Core Module of the NDIS Practice Standards plus the Plan Management supplementary module and undergo an audit by an approved quality auditor as part of initial registration and each subsequent renewal.

What type of audit do plan management providers undergo?

Plan management providers are subject to a certification audit (for initial registration) and subsequent verification or certification audits at renewal. The audit type depends on the scope and scale of the provider. Audits assess both your documented systems and evidence that those systems are genuinely implemented.

How should plan management providers handle conflicts of interest?

Providers must document any conflict of interest — particularly relationships with related-party support coordinators or direct support providers — disclose these to participants in writing, and demonstrate that participant choice has not been restricted. The NDIS Commission expects signed disclosure records and documented management decisions.

What records must a plan management provider keep?

At minimum: participant service agreements, financial transaction records and invoice copies, plan budget reports, complaints and feedback register, incident register, worker screening records, staff training records, and evidence of governance oversight such as board or management meeting minutes addressing compliance matters.

What are the most common reasons plan management providers receive non-conformances?

The most common audit findings relate to: paying invoices without validating against the NDIS Price Guide or approved plan; undisclosed conflicts of interest; outdated or unsigned service agreements; incomplete complaints registers; and lapsed worker screening checks. All are preventable with systematic preparation.

How far in advance should a plan management provider start audit preparation?

Aim for at least three to four months before your scheduled audit. This allows time for a thorough gap analysis, policy updates, participant file reviews, financial reconciliation, staff preparation, and a mock audit. Starting later risks incomplete evidence at the time of assessment.

NDIS Plan Management Provider: Audit Preparation (2026)

What the 2026 Audit Framework Means for Plan Management Providers

Plan management providers occupy a distinctive position in the NDIS ecosystem. You handle participant funding, pay invoices on behalf of participants, and maintain detailed financial records — all while being registered with the NDIS Quality and Safeguards Commission. The Commission's strengthened Practice Standards framework, which has progressively taken effect from 2021 and continues to be reinforced through 2026, places clear expectations on plan management providers across financial management, transparency, and participant rights.

From 2026, the Commission's increased audit intensity and mandatory registration requirements for a broader range of provider types mean that plan management providers who have previously coasted on minimal documentation are now in the auditor's direct line of sight. Understanding exactly what an approved quality auditor (AQA) will scrutinise — and preparing your evidence in advance — is the single most effective way to avoid costly non-conformances.

The NDIS Practice Standards Modules That Apply

Plan management providers are assessed against the Core Module of the NDIS Practice Standards together with the Plan Management supplementary module. The Core Module covers foundations applicable to all registered providers: rights and responsibilities, governance and operational management, provision of supports, and support provision environment. The Plan Management module then adds provider-specific requirements around financial management and fiduciary obligations.

Key areas within these modules include:

Participant rights and self-determination — participants must be informed of their rights to choose and change providers, and your processes must not create lock-in or conflicts of interest.
Financial administration — invoices must be validated against the NDIS Price Guide and a participant's approved plan before payment is released.
Record keeping — all financial transactions, participant communications, and invoices must be retained in a manner that is accessible and auditable.
Complaints and feedback — a documented, accessible complaints system that complies with the NDIS Commission's complaints handling requirements.
Governance and risk management — a clear organisational structure with accountable leadership, conflict-of-interest policies, and documented risk registers.
Worker screening and training — all workers who have more than incidental contact with participants must hold a valid NDIS Worker Screening Check, and training records must be current.

What an Approved Quality Auditor Actually Checks

Understanding the auditor's perspective is essential. AQAs conduct both desktop document reviews and on-site (or virtual) assessments. They are looking for evidence that your written policies are actually implemented — not just filed away. Common evidence types requested include:

Participant service agreements, updated to reflect the current NDIS Commission requirements
A sample of paid invoices alongside plan budget reports, demonstrating that payments matched approved supports and did not exceed plan allocations
Complaints register showing dates, nature of complaints, resolution steps, and outcomes
Incident register (including any incidents that triggered Commission notifications)
Evidence of participant-facing disclosure documents — particularly conflict-of-interest disclosures if you are connected to a support coordination or support provider entity
Worker screening check records and staff training matrices
Board or leadership meeting minutes evidencing governance oversight of compliance matters
Policy review logs showing policies have been reviewed at the required intervals

Auditors pay particular attention to the gap between policy and practice. A beautifully written conflict-of-interest policy means little if there are no signed disclosure forms in participant files, or if leadership cannot explain how the policy was applied in a real case.

Step-by-Step Audit Preparation Process

Map your obligations. Download the current NDIS Practice Standards and Quality Indicators from the NDIS Commission website. Mark every indicator that applies to your Plan Management registration scope. This becomes your internal audit checklist.
Conduct a gap analysis. Assess each quality indicator against your current documented evidence. Rate each as fully evidenced, partially evidenced, or gap. Be honest — auditors will find what you miss.
Prioritise critical gaps. Gaps in financial controls, conflict-of-interest management, and complaints handling tend to attract the most serious findings. Address these first.
Update and version-control your policies. Every policy must show an author, a review date, an approval date, and who approved it. Policies dated before the current Practice Standards iteration are a red flag.
Audit your participant files. Pull a sample of five to ten participant files. Check that each contains a current service agreement, plan details, a communication log, and a record of invoices processed and approved. Missing or incomplete files are among the most common non-conformances.
Reconcile your financial records. Verify that your NDIS portal claims reconcile to invoices paid and that no payments were made for unsupported line items. Prepare a clear, auditable trail.
Verify worker compliance. Pull your worker screening register and cross-check expiry dates. Ensure training records (Code of Conduct, plan management-specific modules, incident reporting) are current and signed.
Run a mock audit. Have someone unfamiliar with your day-to-day operations ask for the same evidence an AQA would request. Gaps become obvious quickly.
Prepare your staff. Auditors may interview frontline staff. Workers should understand your complaints process, know how to escalate an incident, and be able to explain their role in protecting participant rights.
Compile your evidence folder. Organise all documentation into a structured folder — by module and quality indicator — so you can respond promptly to auditor requests without scrambling.

Common Non-Conformances in Plan Management Audits

Providers who have been through NDIS audits report recurring issues that are largely avoidable with adequate preparation:

Non-Conformance	Common Root Cause	Fix
Paying invoices without validating against approved supports	No documented invoice-checking procedure	Implement a written two-step validation checklist tied to the NDIS Price Guide
Undisclosed conflict of interest	Provider has a related-party support provider but no disclosure framework	Document the relationship, implement signed participant disclosure, and review annually
Outdated or unsigned service agreements	Agreements not reviewed since original enrolment	Schedule annual review; obtain fresh signatures when plan reviews occur
Incomplete complaints register	Verbal complaints resolved informally without documentation	Require all complaints — even verbal — to be logged within a defined timeframe
Lapsed worker screening checks	No calendar-based renewal tracking system	Maintain a screening register with automatic 90-day expiry alerts

Conflict of Interest — A Particular 2026 Focus

The NDIS Commission has signalled heightened scrutiny of conflicts of interest in plan management, particularly where a provider also delivers support coordination or direct supports. The strengthened framework requires providers to demonstrate that participants are genuinely free to choose any registered or unregistered provider, and that plan management decisions are never influenced by related-party financial interests.

Your conflict-of-interest policy must be more than aspirational. You need to be able to show the auditor specific instances where a conflict was identified, disclosed, and managed — with a documented outcome that prioritised the participant's interests.

Documentation Template: Invoice Validation Checklist (Example Excerpt)

The following is an illustrative excerpt of the type of process documentation auditors look for. Adapt to your organisation's systems:

Invoice Validation — Plan Management Procedure (excerpt)

Before any invoice is submitted to the NDIS portal for payment, the plan management officer must confirm:

The support item code matches the participant's approved plan and falls within an active support category.

The unit price does not exceed the current NDIS Pricing Arrangements and Price Limits.

The service delivery date falls within the participant's current plan period.

The provider is registered (where the support type requires a registered provider) or the participant has documented consent to use an unregistered provider.

The invoice total, when added to year-to-date claims for that support category, does not exceed the plan allocation.

If any of the above checks fail, the invoice is placed on hold and the participant is notified within [X] business days with an explanation.

Getting Audit-Ready Without Starting from Scratch

Building a compliant documentation suite from scratch is time-consuming. Many smaller plan management providers find that the policy-writing and procedural work alone takes several months — particularly when trying to align every document to the current Quality Indicators. For providers seeking a faster pathway, ndiscompliant.com.au offers a 74-document audit-ready compliance kit developed specifically for NDIS registered providers, which includes the plan management policies, procedures, and registers most frequently requested by AQAs.

Regardless of your starting point, begin your audit preparation at least three to four months before your scheduled assessment. Last-minute preparation rarely produces the depth of evidence auditors require, and a major non-conformance can result in conditions on your registration or, in serious cases, suspension.

After the Audit: Responding to Findings

If your audit identifies non-conformances, the NDIS Commission will set a timeframe for you to submit a corrective action plan. Minor non-conformances typically require written evidence that the issue has been resolved. Major non-conformances may involve a follow-up assessment. Respond promptly, specifically, and with documented evidence of the fix — not just a promise to improve.

Treat audit findings as a compliance health check, not a punishment. Providers who engage constructively with the process and demonstrate genuine commitment to continuous improvement consistently achieve better outcomes with the Commission than those who dispute findings defensively.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.