What registration group covers plan management providers under the NDIS?

Plan management providers are registered under Registration Group 0100 — Plan Management. This group has its own module within the NDIS Practice Standards, and providers are assessed against those specific outcomes during certification or verification audits.

How long must plan management providers keep participant financial records?

The NDIS Commission's rules and the Privacy Act 1988 both impose retention obligations. Most providers adopt a minimum seven-year retention period for financial records, consistent with broader Australian business and tax law requirements, though your document retention policy should specify timeframes and be reviewed annually.

Do plan management providers need NDIS Worker Screening Checks for all staff?

Workers in risk-assessed roles must hold a current NDIS Worker Screening clearance. For plan management providers, roles involving direct access to participant information or financial accounts are typically risk-assessed. Providers must have a documented screening policy and monitor clearance expiry dates actively.

What is a reportable incident for a plan management provider?

The NDIS (Incident Management and Reportable Incidents) Rules define categories of reportable incidents. While plan management providers have less direct physical contact with participants than SIL providers, incidents involving financial harm, exploitation, or serious neglect relating to a participant whose plan you manage may be reportable. Check the NDIS Commission's guidance and notify within the required timeframe when in doubt.

Can a plan management provider also deliver other NDIS supports to the same participant?

This is permitted in some circumstances but creates a significant conflict-of-interest risk. The NDIS Practice Standards require you to have a documented conflict-of-interest policy and an active register. Where a conflict exists, you must disclose it to the participant, document the disclosure, and implement controls to manage the conflict — or decline to provide both services.

What should a plan management service agreement include?

A compliant service agreement must describe the scope of plan management services, the fees charged (including how the plan management support budget is used), how statements will be issued and how often, the participant's rights including how to make a complaint, and how the agreement can be varied or ended. It should be signed before services commence and reviewed when the participant's plan is renewed.

NDIS plan management provider: documentation checklist (2026)

Why documentation matters more in 2026

The NDIS Quality and Safeguards Commission's strengthened Practice Standards, progressively coming into force throughout 2025–2026, raise the bar for registered providers across all registration groups — including plan management (Registration Group 0100). Approved quality auditors now look beyond the existence of a policy and assess whether your documents are current, implemented, and traceable to real participant outcomes.

For plan management providers specifically, the financial-intermediary role creates an additional documentation layer: every invoice processed, every budget query handled, and every participant financial statement issued must be supported by a clear paper trail. Gaps in this trail are among the most common non-conformances found during certification and verification audits.

The documentation checklist

Work through each category below. For each item, confirm you hold a current, dated version that has been reviewed by an appropriate authority in your organisation and that staff can locate it on demand.

1. Registration and governance documents

Current NDIS provider registration certificate (confirming Registration Group 0100 — Plan Management)
Certificate of incorporation or relevant legal entity documentation
Constitution, trust deed, or equivalent governance instrument
Board or management committee meeting minutes for the most recent 12-month period
Organisational chart showing accountability lines for plan management operations
Key personnel declarations (including NDIS Commission notification of changes)
Public liability and professional indemnity insurance certificates (current)

2. Practice Standards — plan management specific module

The NDIS Practice Standards include a specific module for plan management providers. Your evidence folder must demonstrate conformance with each outcome, including:

Policy describing how participant financial goals are understood and actioned
Documented process for receiving, checking, and paying invoices on behalf of participants
Process for issuing participant statements of expenditure at agreed intervals
Evidence of how participants are supported to understand their NDIS budget
Records showing how plan management services are tailored to individual participant needs and preferences
Conflict-of-interest policy and registers (particularly important where the organisation also delivers other NDIS supports)

3. Financial record-keeping

Financial accuracy is the core deliverable of plan management. Auditors will sample actual participant financial records and cross-reference them against your documented processes.

Participant budget ledgers — one per participant, updated in real time or within a defined and documented timeframe
Invoice processing log, including date received, date approved, and date submitted to NDIA for payment
Evidence of invoice verification steps (checking provider registration, NDIS line item, reasonable and necessary alignment)
Participant financial statements — archived for a minimum period consistent with your document retention policy and applicable law
Written agreements (service agreements) with each participant describing the plan management service, fees charged, and participant rights
Record of any overpayment identified and steps taken to recover or report it
Process for handling invoices from unregistered providers (where permitted under participant plan type)

4. Code of Conduct and worker management

Written Code of Conduct acknowledgement signed by every worker and subcontractor
NDIS Worker Screening Check records for all workers in risk-assessed roles (clearance numbers and expiry dates)
Worker screening policy, including how the organisation monitors expiry dates and manages workers pending clearance
Recruitment and induction records demonstrating pre-employment verification steps
Ongoing training register — including NDIS orientation module completion records
Performance management policy
Documented process for responding to allegations of worker misconduct

5. Incident management

Under the NDIS (Incident Management and Reportable Incidents) Rules, registered providers must maintain an internal incident management system and report certain incidents to the NDIS Commission within required timeframes.

Incident management policy, including classification of reportable versus non-reportable incidents
Incident register (dated entries, outcome and corrective action columns)
Evidence of NDIS Commission notifications for reportable incidents (portal submission confirmations)
Post-incident review records for significant events
Staff training records specific to incident identification and reporting

6. Complaints management

Complaints management policy that references the NDIS Commission as an external avenue
Complaints register (dated, outcome recorded, closed-loop evidence)
Easy-read or accessible complaints information provided to participants (evidence of provision)
Annual review record of complaints data and any systemic improvements identified

7. Participant rights and engagement

The 2026 strengthened framework places heightened emphasis on rights-based practice. Auditors will look for evidence that rights are not merely stated but actively supported.

Participant welcome pack including rights statement, complaints process, and privacy notice
Privacy policy compliant with the Privacy Act 1988 and NDIS-specific consent requirements
Consent forms — for information sharing, budget management, and plan-management service delivery
Records showing participants were offered and understood their rights before service commencement
Feedback mechanism evidence (surveys, review meetings, or equivalent)

8. Business continuity and risk management

Risk register covering operational, financial, and participant-safety risks
Business continuity plan addressing how participant financial management continues during disruption
Cybersecurity and data-breach response plan (particularly relevant given participant financial data held)
Document retention and destruction schedule

Audit-readiness: a practical approach

Map every document to an NDIS Practice Standard outcome. Create a simple cross-reference table so you can demonstrate coverage at a glance.
Date-stamp reviews. A policy with a review date of three or more years ago signals to an auditor that governance is not active. Schedule annual reviews as a minimum.
Conduct a file-walk with a new staff member. If they cannot locate your incident register within two minutes, your document management system needs work before the audit does.
Sample your own financial records. Pull five random participant ledgers and verify completeness, timeliness, and alignment with the service agreement before the auditor does.
Close the loop on complaints and incidents. Auditors consistently flag incomplete corrective-action entries. Every record must show what happened, what was done, and what changed.
Verify all worker screening checks are current. Create a recurring calendar alert for expiry dates — an expired clearance for a worker in a risk-assessed role is an immediate non-conformance.

Common non-conformances for plan management providers

Non-conformance	Typical finding	Fix
Outdated service agreements	Template predates current Practice Standards; no review clause	Update template annually; add a clause requiring re-signing on material changes
Missing conflict-of-interest register	Policy exists but no live register maintained	Create a register; populate it at onboarding and update quarterly
Invoice verification not documented	Invoices paid but no checklist or approval record	Implement a two-step verification log for every invoice processed
Participant statements not issued on schedule	Statements delayed beyond agreed timeframe	Automate statements from your plan management software; document the schedule in the service agreement
Incident register incomplete	Date of incident recorded; corrective action column blank	Add mandatory completion fields; build a 30-day follow-up reminder into your workflow

Getting audit-ready before your next assessment

Pulling together documentation from scratch is time-consuming, particularly for smaller plan management providers who wear many hats. A structured compliance kit — covering every document category above with compliant templates already mapped to the Practice Standards — can compress weeks of preparation into days. The 74-document audit-ready SIL compliance kit available at ndiscompliant.com.au includes plan-management-relevant policies, registers, and evidence templates that providers have used to prepare for and pass NDIS Commission audits.

Whether you use a kit or build your documents independently, the principle is the same: evidence must be real, current, and retrievable. Start with the checklist above, assign an owner to each category, set review dates, and treat audit preparation as an ongoing operational discipline rather than a pre-audit sprint.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.