Is plan management a registered-only support under the NDIS?

Yes. Plan management is classified as a registered-only support. Any provider who manages NDIS funds on a participant's behalf — paying invoices and providing budget statements — must hold current registration with the NDIS Quality and Safeguards Commission. Unregistered providers cannot legally deliver plan management services.

What audit type applies to a plan management provider?

Most standalone plan management providers are subject to a verification audit, which is a document-based assessment rather than a full on-site certification audit. However, if a provider also delivers higher-risk registration groups alongside plan management, a certification audit covering all registration groups may apply. Confirm the applicable audit type with the Commission during the application process.

How long does NDIS registration last for a plan management provider?

The Commission sets a defined registration period at the time of approval. Providers must successfully complete a renewal audit before their registration expires to maintain the right to deliver services. The length of the initial registration period can vary, so providers should check their registration certificate and set internal renewal reminders well in advance.

What does the Plan Management module of the NDIS Practice Standards require?

The Plan Management module requires providers to demonstrate sound financial administration, accurate and timely payment of participant invoices, transparent budget reporting, management of conflicts of interest, accessible complaints processes, and secure record keeping. Auditors assess both the existence of documented policies and evidence that those policies are actively implemented.

Do plan management workers need NDIS worker screening checks?

Worker screening requirements depend on the role and the risk classification of the work. Key personnel of registered providers must meet fit and proper person requirements. For workers in roles that involve more than incidental contact with participants, screening checks may be required. Providers should review the Commission's worker screening guidance for their specific registration groups and worker roles.

What are the most common non-conformances found in plan management audits?

Common non-conformances include incident registers with no recorded entries (suggesting staff are not using the system), complaints procedures that workers cannot describe from memory, conflict-of-interest policies that have not been reviewed or updated, service agreements that do not reflect current NDIS price limits, and inadequate evidence of Code of Conduct training for all workers and contractors.

NDIS plan management provider: registration requirements (2026)

Who must register as an NDIS plan management provider?

Plan management is a registered-only support under the NDIS. Any organisation or individual who receives NDIS funds on behalf of a participant — paying their invoices, managing their budget and providing financial statements — must hold registration with the NDIS Quality and Safeguards Commission. There is no pathway for unregistered providers to deliver plan management, regardless of participant preference.

This applies whether the provider is a standalone plan manager, a multi-service disability organisation offering plan management as one of several supports, or a sole trader operating as a registered business entity. The registration obligation sits with the legal entity delivering the service, not with individual staff members.

The 2026 strengthened registration framework

The NDIS Commission introduced a strengthened provider registration framework that progressively raises evidence and compliance expectations across all registration groups. For plan management providers, the key changes centre on:

Risk-differentiated audit cycles — providers assessed as higher-risk face more frequent certification audits, while lower-risk providers may qualify for verification audits with a narrower scope.
Enhanced financial administration evidence — auditors now scrutinise payment processes, fraud detection controls, participant budget reporting and conflict-of-interest management more rigorously than under earlier iterations of the Standards.
Continuous compliance obligations — rather than treating registration as a one-off event, the Commission expects providers to maintain and demonstrate compliance between audit cycles, including through internal review processes.
Fit and proper person requirements — key personnel declarations and police check obligations apply to plan management providers in the same way they apply to providers of higher-intensity supports.

Providers should monitor the NDIS Commission website and the Commission's registration renewal notices for any transitional dates that apply to their specific registration group and audit type.

Step-by-step: how to register as a plan management provider

Create a provider portal account. Navigate to the NDIS Commission Portal (myplace provider portal or the Commission's dedicated registration portal) and create an account for your organisation's legal entity, using your ABN.
Select the correct registration group. Plan management falls under Registration Group 0132 — Plan Management. You must select this group during your application. If you also deliver other supports (for example, support coordination or daily activities), add those registration groups at the same time.
Identify the applicable audit type. The Commission will assess whether your application requires a verification audit (document-based, for lower-risk or sole-trader providers) or a certification audit (on-site or desktop review against the full Practice Standards). Plan management alone typically triggers a verification audit, but this can change if you add higher-risk registration groups.
Engage an approved quality auditor. You must commission your audit through an NDIS Commission-approved audit body before registration can be granted. A list of approved auditors is published on the Commission's website. Engage the auditor early — audit lead times can be several weeks or longer depending on provider volume.
Prepare your evidence portfolio. The auditor will assess your organisation against the NDIS Practice Standards relevant to plan management. Assemble documented policies, procedures and evidence records before your audit date (see the section below on what auditors check).
Submit the application and await a decision. Once the auditor submits their report to the Commission, the Commission reviews it and issues a registration decision. Conditions may be imposed. Initial registrations are typically granted for a defined period, after which renewal audits are required.
Maintain registration between audits. Update the Commission promptly when key personnel change, when your scope of services changes, or when a reportable incident occurs. Failure to notify is itself a compliance breach.

What auditors assess: the Plan Management Practice Standards module

The NDIS Practice Standards include a Plan Management module that sets out the quality indicators auditors use to determine whether a provider meets the Standard. Key areas include:

Practice Standard area	What the auditor looks for
Financial administration	Documented processes for paying participant invoices accurately and on time; participant budget statements provided at agreed frequency; segregation of participant funds from business operating funds
Record keeping	Secure, accurate records of all transactions; retention periods meet legislative requirements; participant access to their own financial records on request
Conflicts of interest	Written policy identifying how conflicts are disclosed and managed; evidence that participants are not steered toward related-party providers without informed consent
Participant rights and choice	Service agreements that are plain-language, participant-centred and reflect NDIS price limits; participants informed of their right to change plan managers
Complaints and incident management	Accessible complaints process; evidence of complaints being recorded and resolved; incident register with reportable incidents notified to the Commission within required timeframes
Worker screening and Code of Conduct	All workers and key personnel subject to the NDIS Code of Conduct; worker screening checks completed where required; induction records demonstrating Code of Conduct training

Core Standards all plan management providers must meet

Beyond the Plan Management module, registered providers must also comply with the NDIS Practice Standards — Core Module, which applies across all registration groups. The Core Module covers:

Rights and responsibilities of participants
Governance and operational management
The provision of supports
Support planning
Feedback and complaints management
Incident management
Human resources management

Each of these areas requires documented policy, evidence of implementation and, where applicable, records showing how outcomes for participants have been considered and acted upon.

NDIS Code of Conduct obligations

Every plan management provider, including all workers and contractors, must comply with the NDIS Code of Conduct. The Code requires providers and their workers to act with honesty and integrity, respect participant privacy and dignity, take reasonable steps to prevent and respond to abuse and neglect, and promptly raise and act on concerns about the quality or safety of supports.

Plan managers who become aware of a concern about another provider — for example, through suspicious invoicing patterns — have an obligation to consider whether a reportable incident or referral to the Commission is warranted. The Code's obligations do not cease outside of direct support interactions.

Incident management and mandatory reporting

Registered plan management providers must have a functioning incident management system. Certain incidents — defined as reportable incidents under the NDIS (Incident Management and Reportable Incidents) Rules — must be notified to the Commission within prescribed timeframes. While plan managers are less likely to be the immediate provider involved in a physical incident, they are still required to report incidents that occur within their own operations and to have internal systems capable of identifying and escalating concerns.

Common non-conformances in plan management audits include: incident registers that have never been used (suggesting incidents are not being recorded rather than not occurring), and complaints processes that exist on paper but have no evidence of training or staff awareness.

Registration renewal and ongoing obligations

Registration is not permanent. The Commission sets a registration period at the time of initial approval, and providers must undergo a renewal audit before expiry to maintain their registration. Providers who fail to renew — or whose renewal audit identifies non-conformances — may face suspension, conditions on registration or, in serious cases, cancellation.

The strengthened 2026 framework places greater emphasis on providers demonstrating lived compliance: showing that policies are actively implemented, workers are genuinely trained, and governance structures function in practice rather than existing only in documentation.

Practical preparation checklist

ABN registered and active; legal entity confirmed
Service agreement template reviewed against NDIS price limits and participant rights obligations
Financial administration policy documented (payment timelines, budget reporting, fund segregation)
Conflict-of-interest register and disclosure process in place
Complaints register active; complaints procedure communicated to participants
Incident register active; reportable incident process understood by all staff
NDIS Code of Conduct training completed and recorded for all workers
Worker screening checks completed for applicable roles
Key personnel declarations submitted to Commission portal
Approved quality auditor engaged and audit date confirmed

Providers building their compliance documentation from scratch will benefit from a structured, audit-ready template set. The ndiscompliant.com.au 74-document SIL and provider compliance kit covers the Core Module and specialist support modules, giving plan managers a practical starting point for policies, registers and evidence frameworks that align with Commission expectations.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.