Why the NDIS Has Two Audit Pathways
When the NDIS Quality and Safeguards Commission introduced the provider registration framework under the National Disability Insurance Scheme Act 2013 and the NDIS (Provider Registration and Practice Standards) Rules 2018, it recognised that not all registered providers deliver the same level of risk to participants. A provider supplying assistive technology equipment poses a fundamentally different risk profile than one providing 24-hour supported accommodation.
The audit framework reflects this risk-tiered approach. Lower-risk supports — typically those that are transactional, equipment-based, or where the provider has limited direct contact with participants — are assessed through a verification audit. Higher-risk supports — particularly those involving personal care, complex health needs, or where participants rely on a provider for their day-to-day safety — require a more rigorous certification audit.
Which audit type applies to your organisation is not a matter of preference. It is determined entirely by the registration groups you select when applying to the NDIS Commission.
What Is a Verification Audit?
A verification audit is a document-only review conducted by an NDIS Approved Quality Auditor (AQA). There is no on-site visit, no participant interviews, and no observation of your service delivery. The auditor assesses whether your organisation's documentation demonstrates that you meet the relevant Practice Standards outcomes.
What the Auditor Reviews
For a verification audit, the AQA will request and review a defined set of documents, typically including:
- Evidence of appropriate qualifications and credentials for key personnel
- Your complaints and feedback management documentation
- Evidence of professional indemnity and public liability insurance
- Worker screening evidence (NDIS Worker Screening Check or equivalent)
- Any mandatory reporting or incident management documentation applicable to your registration groups
- A completed self-assessment against the applicable Practice Standard outcomes
The applicable Practice Standards for verification providers are drawn from the Verification Module of the NDIS Practice Standards. The Verification Module sets outcomes in four areas: Rights and responsibilities (Outcome 1.1), Governance and operational management (Outcome 2.1), Provision of supports (Outcome 3.1), and Support provision environment (Outcome 4.1) — though the specific outcomes assessed depend on the registration groups held.
How Long Does a Verification Audit Take?
From the point of engaging an AQA, a verification audit typically completes within 4–8 weeks. This is considerably faster than a certification audit because there is no on-site component to schedule and the document scope is narrower.
What Is a Certification Audit?
A certification audit is a two-stage assessment that combines a desktop document review with an on-site visit. It is significantly more thorough than a verification audit and is required for providers delivering higher-risk or higher-complexity supports.
Stage 1: Desktop Review
The certification audit begins with a desktop review, functionally similar to a verification audit. Your AQA team reviews your complete policy and procedure library, your self-assessment against all applicable NDIS Practice Standards, your governance documentation, and evidence of staff competency. This stage typically takes 2–4 weeks.
The desktop review covers all applicable modules of the NDIS Practice Standards, including the Core Module and any supplementary modules relevant to your registration groups (such as the High Intensity Support Skills Module or the Behaviour Support Module). The Core Module contains 18 outcomes across four groups: Rights (Outcomes 1.1–1.5), Governance and operational management (Outcomes 2.1–2.6), Provision of supports (Outcomes 3.1–3.4), and Support provision environment (Outcomes 4.1–4.5).
Stage 2: On-Site Audit
After the desktop review, the AQA team visits your service location(s) to conduct the on-site audit. This typically involves:
- Management interviews — questioning senior staff about governance, quality management, and how policies are implemented in practice
- Staff interviews — assessing whether frontline workers understand and apply policies
- Participant interviews (with consent) — speaking with NDIS participants about their experience of your services
- Records review — examining participant files, incident reports, training records, and operational registers
- Site observation — for SIL providers and similar, inspecting the physical environment against Practice Standard Outcome 4.1 (safe environment)
The on-site audit typically lasts 1–3 days depending on your organisation's size and the number of service locations. The AQA team will include at least one lead auditor; larger or more complex organisations may require two or more auditors.
After the Audit
Following the on-site visit, your AQA prepares an audit report that is submitted to the NDIS Commission. The Commission uses this report, along with your application, to make a registration decision. The Commission may accept the report, request additional information, or impose conditions on your registration.
Side-by-Side Comparison
| Feature | Verification Audit | Certification Audit |
|---|---|---|
| Document review | Yes — focused scope | Yes — comprehensive scope (all Practice Standards) |
| On-site visit | No | Yes — mandatory (Stage 2) |
| Staff interviews | No | Yes |
| Participant interviews | No | Yes (with consent) |
| Practice Standards assessed | Verification Module only | Core Module + applicable supplementary modules |
| Typical cost (small provider) | $800–$2,500 | $3,000–$8,000+ |
| Typical timeline | 4–8 weeks | 8–16 weeks |
| Registration period | Up to 5 years | Up to 3 years (with mid-term audit) |
| Policy library required | Minimal — targeted to registration groups | Comprehensive — all Core Module outcomes |
Which Registration Groups Require Which Audit?
The NDIS Commission publishes the definitive list of which registration groups require certification versus verification. The following table reflects the current groupings:
Registration Groups Requiring Certification Audit
| Registration Group | Audit Type | Notes |
|---|---|---|
| Assistance with Daily Life (0107) | Certification | Includes personal care, domestic assistance |
| Assistance in a Shared Living Arrangement — SIL (0115) | Certification | Mandatory registration by 1 July 2026 |
| Specialist Disability Accommodation — SDA (0116) | Certification | Also requires SDA registration with NDIA |
| Daily Activities — High Intensity (0104) | Certification | Requires High Intensity Support Skills Module |
| Specialised Supported Employment (0102) | Certification | |
| Community Participation — High Intensity (0125) | Certification | Requires High Intensity Support Skills Module |
| Group and Centre Based Activities (0136) | Certification | |
| Specialised Behaviour Support (0110) | Certification | Requires Behaviour Support Module; PBS practitioner qualifications |
| Early Childhood Supports (0118) | Certification | |
| Specialised Support Coordination (0132) | Certification | |
| Therapeutic Supports (0128) | Certification | Includes OT, physiotherapy, speech pathology |
Registration Groups Requiring Verification Audit
| Registration Group | Audit Type | Notes |
|---|---|---|
| Assistive Technology (0103) | Verification | Equipment supply; limited direct contact |
| Home Modifications (0120) | Verification | |
| Support Coordination (0106) | Verification | Note: Specialised Support Coordination requires certification |
| Innovative Community Participation (0113) | Verification | |
| Development of Daily Living Skills (0117) | Verification | Depending on intensity of delivery |
| Vehicle Modifications (0130) | Verification | |
| Accommodation/Tenancy Assistance (0131) | Verification |
If your application includes any registration group that requires certification, your entire audit must be a certification audit — even if you also hold verification-only groups. There is no mixed audit pathway.
Cost Differences
Audit costs vary by AQA, provider size, number of service locations, and the complexity of the registration groups involved. The figures below represent typical market ranges based on current AQA pricing in Australia:
Verification Audit Costs
- Sole trader / micro-provider (1–2 staff): $800–$1,500
- Small provider (3–10 staff): $1,200–$2,500
- Medium provider (11–25 staff): $2,000–$3,500
Certification Audit Costs
- Small provider (1–10 staff, single site): $3,000–$6,000
- Medium provider (11–25 staff): $5,000–$10,000
- Large provider (26–50 staff, multiple sites): $8,000–$15,000+
These figures cover the auditor's fee only. They do not include your document preparation costs, consultant fees, or staff time. If non-conformities are found, a focused re-audit will incur additional costs of $1,500–$4,000.
Timeline Differences
Understanding timelines is critical if you are working toward the 1 July 2026 SIL registration deadline. Factor in these realistic lead times when planning your audit:
Verification Audit Timeline
- AQA engagement to document submission: 1–2 weeks
- Document review and report: 2–4 weeks
- Non-conformity resolution (if required): 4–8 weeks
- Total typical duration: 4–10 weeks
Certification Audit Timeline
- AQA engagement and scheduling: 2–4 weeks
- Desktop review (Stage 1): 2–4 weeks
- On-site audit (Stage 2): 1–3 days
- Audit report preparation and submission: 2–3 weeks
- NDIS Commission decision: 4–8 weeks
- Non-conformity resolution (if required): 4–12 weeks additional
- Total typical duration: 10–20 weeks from AQA engagement
Get Your Documents Audit-Ready
The SIL Rescue Kit contains 65 audit-ready policy documents mapped to every Core Module Practice Standard outcome — the complete document foundation a certification auditor expects to see.
Get the SIL Rescue Kit — $297Can You Switch Between Audit Types?
Yes — but only by changing your registration groups. If you initially registered under verification-only groups and subsequently wish to add a certification-required group (such as SIL), you must apply to vary your registration and undergo a certification audit for the new scope. Your existing verification registration does not convert automatically.
Conversely, if you hold certification registration and choose to surrender certain certification-required groups at renewal (retaining only verification groups), your renewal audit may be a verification audit. However, this decision would mean you can no longer deliver those higher-risk supports and claim against the NDIS.
Providers sometimes consider this approach as a cost-reduction strategy — for example, if they have historically delivered SIL informally and want to formalise only lower-risk supports. This is a significant operational decision that should be made in full awareness of the impact on your service delivery and participant relationships.
Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.