What documents does an NDIS auditor ask to see during a certification audit?

Auditors typically request your quality management policy, incident and complaints registers with investigation records, worker screening clearance records, staff training and induction logs, behaviour support plans and restrictive practice authorisations where applicable, your risk register, and evidence of leadership-level QMS review such as meeting minutes.

What is the difference between a minor and a major non-conformance in an NDIS audit?

A minor non-conformance indicates an isolated gap or partial implementation of a standard. A major non-conformance indicates a systemic failure or a gap that poses risk to participants. Critical non-conformances relate to immediate participant safety risks. Major and critical findings must be remediated — they can result in conditions on registration or referral to the NDIS Commission for regulatory action.

How often must a registered NDIS provider undergo a quality audit?

The audit cycle depends on your registration group. Most providers with a certification audit undergo an initial audit then a mid-term audit (usually at the halfway point of a three-year registration period) before recertification. The NDIS Commission sets audit requirements, and your approved quality auditor will confirm the schedule applicable to your organisation.

Do NDIS auditors interview participants as part of the audit?

Yes. Particularly for certification audits covering high-intensity or SIL supports, approved quality auditors conduct interviews with participants (or their representatives) to verify that rights information was provided, that complaints processes are accessible, and that supports reflect participant goals and choices. Interview findings are weighed alongside documentary evidence.

What happens if a provider receives a major non-conformance during an NDIS audit?

The provider is required to submit a corrective action plan addressing the non-conformance within a timeframe set by the auditor. The auditor then verifies that the corrective actions have been implemented before confirming compliance. Unresolved major non-conformances can prevent initial registration or renewal, and may be escalated to the NDIS Commission.

Are SIL providers subject to different audit requirements than other NDIS providers?

SIL providers must undergo certification audits (not the lighter verification process available to some lower-risk registrations) and are assessed against supplementary modules including behaviour support and high-intensity daily personal activities where relevant. The 2026 strengthened framework places additional scrutiny on living arrangements, active support practices, and participant choice and control for SIL providers.

NDIS Quality Management System: What Auditors Look For in 2026

What Is an NDIS Quality Management System?

A quality management system (QMS) is the organised set of policies, procedures, processes, and records that a registered NDIS provider uses to deliver safe, consistent, and compliant supports. Under the NDIS Act 2013 and the NDIS Practice Standards, every registered provider must have a QMS that is fit for the size, scope, and risk profile of the supports they deliver.

For SIL and other high-intensity providers, the stakes are especially high. Auditors from NDIS Commission-approved quality auditors assess not only whether documents exist, but whether the system is embedded — understood by staff, actioned by management, and visibly improving participant outcomes.

The Audit Framework: What Approved Quality Auditors Are Checking

Approved quality auditors assess providers against the NDIS Practice Standards using either a certification audit (for higher-risk registrations including SIL) or a verification audit (for lower-risk supports). The 2026 strengthened framework, introduced by the NDIS Commission following extensive consultation, tightens the evidence threshold for certification audits in particular.

Auditors work through four Core Modules and any applicable Supplementary Modules. Every finding maps to a specific standard, and non-conformances are graded as minor, major, or critical.

The Seven Areas Auditors Examine Most Closely

1. Governance and Operational Management

Auditors start at the top. They look for a clearly documented governance structure: who is responsible for quality, who reviews the QMS, and how senior leadership is held accountable. Common evidence requested includes board or executive meeting minutes where quality performance has been reviewed, a designated quality role description, and a documented annual QMS review cycle. A QMS that exists only in a folder no one reads will almost always attract a non-conformance here.

2. Risk Management

Your organisation must demonstrate a systematic approach to identifying, assessing, and controlling risk. Auditors look for a current risk register that is reviewed at regular intervals, a risk management policy that connects to operational decisions, and evidence that risk assessments inform practice — for example, in individual support plans or during new-participant intake. SIL providers are also expected to document environmental and household-specific risks for each residence.

3. Incident Management and Reportable Incidents

This is one of the highest-scrutiny areas. The NDIS Commission requires registered providers to have a documented incident management system that captures, investigates, and responds to all incidents — including those that must be reported to the Commission under the NDIS (Incident Management and Reportable Incidents) Rules 2018.

Auditors typically request:

The incident management policy and procedure
The incident register for a specified period
Evidence that incidents were reported to the Commission within required timeframes where applicable
Documented investigation outcomes and corrective actions
Evidence that learnings from incidents have been communicated to staff

A common major non-conformance is an incident register showing events with no recorded investigation outcome or follow-up action.

4. Complaints Management

Providers must have a complaints management and resolution system that is accessible to participants and their supporters. Auditors check that participants are informed of their right to complain (including to the NDIS Commission directly), that complaints are recorded, responded to within a reasonable timeframe, and that the response process is documented. They will often interview participants or support workers to test whether the system is genuinely accessible in practice — not merely described in a policy.

5. Human Resources and Worker Screening

The NDIS Worker Screening Check is mandatory for roles involving direct contact with participants in risk-assessed roles. Auditors verify that your organisation has a procedure for checking worker screening clearances before engagement, that records are kept, and that clearances are current. Beyond screening, auditors look at:

Induction records confirming workers have read and understood the Code of Conduct
Training registers covering mandatory topics (safeguarding, manual handling, medication administration where applicable)
Supervision and performance review records
Evidence of ongoing professional development

The 2026 strengthened Practice Standards place additional focus on workforce capability — auditors will probe whether workers understand their obligations, not just whether a training attendance sheet exists.

6. Restrictive Practices (SIL and Behaviour Support)

For SIL providers and others delivering behaviour support, restrictive practices are a critical module. Auditors check that any regulated restrictive practice is authorised under the relevant state or territory authority, documented in a behaviour support plan prepared by a registered behaviour support practitioner, and reported to the NDIS Commission as required. Providers must also demonstrate they are actively working toward reducing or eliminating restrictive practices, not simply maintaining them indefinitely.

Non-conformances in this area are taken very seriously and can result in conditions on registration.

7. Continuous Improvement

A QMS is not a static document set. Auditors look for evidence that the organisation genuinely reviews and improves its systems over time. This typically means:

A documented continuous improvement register or log
Actions arising from internal audits, incident reviews, complaints, and participant feedback
Evidence that improvements have been implemented and evaluated
A scheduled internal audit program

Common Non-Conformances Found During NDIS Audits

Area	Common Non-Conformance	Grade
Incident management	Incidents recorded but investigations not documented or completed	Major
Worker screening	Clearances not verified prior to commencement, or records not maintained	Major
Restrictive practices	Restrictive practices in use without current authorisation or behaviour support plan	Critical
Governance	No documented evidence of QMS review at leadership level	Minor / Major
Complaints	Complaints register incomplete; no documented resolution outcome	Minor
Continuous improvement	Improvement register exists but no actions recorded in past 12 months	Minor
Participant rights	No evidence participants were informed of their rights at service commencement	Major

Practical Steps to Prepare Your QMS for Audit

Map your documents to the Practice Standards. Every standard should have at least one policy or procedure that addresses it. Gaps will become non-conformances.
Check your incident register. Every entry must have an investigation note and a documented outcome or corrective action — even for minor incidents.
Audit your worker screening records. Confirm every risk-assessed role has a current clearance on file before the auditor arrives.
Review your restrictive practices documentation. Verify each regulated practice has current state/territory authorisation and is reflected in an active behaviour support plan.
Conduct an internal audit. Walk through each Practice Standard module as an auditor would. Document findings and resulting improvement actions.
Interview your staff. Can they explain what to do if a participant makes a complaint? Do they know what constitutes a reportable incident? Auditors will ask.
Update your continuous improvement register. Ensure actions are dated, assigned to a responsible person, and marked with completion status.

The 2026 Strengthened Framework: What Has Changed

The NDIS Commission's strengthened Quality and Safeguards framework, developed through consultation and progressively implemented from 2026, introduces a sharper focus on outcomes rather than documentation alone. Auditors are increasingly trained to test whether systems translate into real participant experience — through participant interviews, observation where appropriate, and triangulation of records against staff and participant accounts.

For SIL providers specifically, the strengthened standards reinforce requirements around individual living arrangements, participant choice and control, and active support — all of which must be evidenced in both policy and day-to-day practice records.

Getting Audit-Ready

Many SIL and disability support providers find the documentation burden significant — particularly smaller organisations that are preparing for their first certification audit or renewing registration under tightened criteria. If you are building or rebuilding your QMS from scratch, having a structured document library aligned to the Practice Standards modules will significantly reduce preparation time.

ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that maps directly to the NDIS Practice Standards, covering all core and supplementary modules relevant to SIL registration — which some providers find a practical starting point before tailoring documents to their specific context.

Whatever approach you take, the principle is the same: auditors are looking for a system that is real, implemented, and improving — not a folder of policies that staff have never read.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.