How often do SIL providers need to be audited under the NDIS?

SIL providers registered for Supported Independent Living must undergo certification audits on a cycle aligned with their registration period, typically every three years. The NDIS Commission notifies providers when renewal and re-audit are due. Surveillance audits may also occur between certification cycles.

What is the difference between a certification audit and a verification audit?

A certification audit is the most comprehensive type, required for higher-risk registration groups including SIL. It involves on-site visits, staff interviews, and file reviews across all Practice Standards modules. A verification audit is a lighter desktop review used for lower-risk registration groups and does not include on-site assessment.

Can an NDIS provider fail an audit?

Auditors issue conformance or non-conformance findings rather than a pass/fail result. However, unresolved major non-conformances can prevent registration renewal. The NDIS Commission also has powers to impose conditions, suspend, or revoke registration where serious compliance failures are identified.

What documents do auditors most commonly request from SIL providers?

Auditors typically request participant support plans, incident and complaints registers, restrictive practices registers and behaviour support plans, workforce screening records, policy and procedure documents with review dates, meeting minutes showing governance oversight, and a sample of daily support notes or progress records.

Do auditors interview participants during a SIL audit?

Yes. Approved quality auditors routinely speak with participants (and their families or advocates where appropriate) as part of the audit process. Participant feedback on whether they feel safe, respected, and in control of their daily lives forms a key part of the evidence base for assessing compliance with the Practice Standards.

What is the NDIS Commission's role once an audit is complete?

The approved quality auditor submits their audit report to the NDIS Commission. The Commission reviews the findings and makes the registration decision — including whether to grant, renew, or impose conditions on the provider's registration. The Commission can also initiate its own compliance or investigation activities based on audit findings.

NDIS What Auditors Check (2026): A Complete Guide for SIL Providers

What NDIS Auditors Are Actually Looking For in 2026

With Australia's strengthened NDIS registration framework taking effect, approved quality auditors are applying a more rigorous lens to Supported Independent Living providers than in previous audit cycles. Knowing what auditors check — and where providers typically stumble — is the difference between a clean audit outcome and a corrective action plan that consumes months of management time.

This guide covers each domain that an approved quality auditor will examine during a certification or verification audit, the evidence they expect to see, and the most common non-conformances observed in SIL settings.

The Audit Framework: NDIS Practice Standards and the Code of Conduct

All registered NDIS providers must comply with the NDIS Practice Standards, which sit underneath the National Disability Insurance Scheme Act 2013 and the NDIS (Provider Registration and Practice Standards) Rules 2018. The NDIS Commission administers these standards and sets audit requirements based on provider registration groups.

SIL providers — classified under Registration Group 0115 (Supported Independent Living) — must undergo certification audits against the full Core module plus the High Intensity Supports and Implementing Supports modules of the Practice Standards. This is the most comprehensive audit pathway.

Auditors are independent bodies approved by the NDIS Commission. They do not work for the Commission but must follow the Commission's audit scope, and their findings can trigger regulatory action, conditions on registration, or suspension.

The Eight Core Areas Auditors Examine

1. Rights and Responsibilities

Auditors confirm that your organisation actively upholds participant rights as defined in the NDIS Act. They look for:

A current, accessible rights and responsibilities policy that staff can describe accurately
Evidence that participants have been informed of their rights in a format they understand (Easy Read, translated documents, verbal explanation with a record)
Signed consent records that are genuinely informed — not boilerplate forms participants were handed without explanation
Records showing participants were told about the NDIS Commission and how to make a complaint externally

2. Governance and Operational Management

This is an area where many SIL providers receive non-conformances. Auditors examine:

Board or senior management oversight of quality and safety risks
A risk management framework with documented risk registers that are actively reviewed (not created once and shelved)
Financial management controls proportionate to the size of the organisation
Whether the provider has identified and is managing conflicts of interest, especially where a provider controls both housing and support for the same participant
Business continuity and emergency management plans

3. Provision of Supports

For SIL, auditors go well beyond checking whether support plans exist. They assess:

Whether each participant has an individual support plan co-developed with them and reviewed at regular intervals
Evidence of goal-setting that reflects the participant's own goals, not generic organisational goals
That rosters and shift arrangements can actually deliver the support hours and type specified in each participant's NDIS plan
How the provider responds when a participant's needs change
Transition planning for people moving into or out of SIL arrangements

4. Support Planning and Delivery

Auditors will request a sample of participant files and trace the chain from assessment through to daily support records. They check:

Intake and needs assessment documentation
Individual support plans and their review dates
Progress notes or shift records — are they specific and linked to goals, or generic and copy-pasted?
Evidence that allied health recommendations (OT, behaviour support practitioners) are being actioned in day-to-day support
Medication management records, where relevant, cross-checked against current prescriptions

5. Incident Management

The NDIS Commission's incident management requirements are a common source of audit findings. Auditors verify:

A documented incident management system that meets the NDIS (Incident Management and Reportable Incidents) Rules 2018
That all reportable incidents have been notified to the NDIS Commission within the required timeframes (24 hours for immediate notifications; 5 business days for follow-up reports)
Post-incident analysis: does the provider identify root causes and implement systemic changes, or is each incident treated as isolated?
Staff understanding of what constitutes a reportable incident versus an internal incident
Evidence that participants and families are informed of incidents that affect them

6. Complaints Management

Providers must have an accessible, documented complaints process. Auditors check:

Whether the complaints policy is written in plain language and provided to participants at intake and annually
A complaints register with dates, actions taken, and outcomes recorded
That complaints are resolved within reasonable timeframes and outcomes communicated back to the complainant
That staff are not discouraged from supporting participants to make complaints — including complaints about the provider itself

7. Restrictive Practices

This is one of the highest-risk areas for SIL providers. Under the NDIS framework, any regulated restrictive practice must be authorised under the relevant state or territory legislation AND reported to the NDIS Commission. Auditors will:

Request the provider's restrictive practices register
Check that a behaviour support plan from a registered behaviour support practitioner is in place before any regulated restrictive practice is used
Verify that authorisation has been obtained under the applicable state/territory mechanism
Examine reporting records to the NDIS Commission for every use of a regulated restrictive practice
Look for evidence that reduction plans are actively pursued — restrictive practices are meant to decrease over time, not become permanent

Providers who cannot produce behaviour support plans, who lack state authorisation, or whose reporting is incomplete face serious regulatory consequences, including conditions on registration or referral for investigation.

8. Workforce Capability and Screening

Auditors confirm that everyone delivering NDIS supports has:

A valid NDIS Worker Screening clearance (or an acceptable equivalent transitional check where applicable)
Completed NDIS Worker Orientation Module training
The skills, qualifications, and experience appropriate to the supports they deliver — especially for high-intensity daily activities
Received regular supervision and performance feedback documented in personnel files

Common Non-Conformances in SIL Audits

Issue	What Auditors See	The Fix
Generic support plans	Plans that could belong to any participant; no individual voice	Co-design plans with participants; use their words and stated goals
Overdue incident reporting	Reports lodged weeks after the incident	Build a 24-hour notification workflow into your incident procedure
No restrictive practices register	Practices occurring but not recorded or reported	Implement a live register; appoint a responsible officer
Screening gaps	Expired checks or volunteers without clearances	Maintain a workforce screening expiry calendar with automated alerts
Complaints not tracked	Informal complaints handled verbally with no records	Log every complaint regardless of how it was received
Policies not reviewed	Policies dated two or more years ago with no review record	Schedule annual policy reviews; document who reviewed and approved

How to Prepare: A Step-by-Step Audit Readiness Checklist

Map your registration groups to the relevant Practice Standards modules and confirm which audit type applies.
Conduct a self-assessment against each Practice Standard outcome, rating evidence as strong, partial, or absent.
Sample your own participant files — at least five — as if you were the auditor. Look for gaps in consent, planning, progress notes, and incident records.
Audit your restrictive practices register against actual support records. Every use must be documented and reported.
Pull your workforce screening register and verify every current worker and volunteer has a valid clearance.
Review your complaints and incident registers for completeness and timeliness of responses.
Test staff knowledge: can frontline workers explain what a reportable incident is, what to do within 24 hours, and how a participant makes a complaint?
Check policy review dates and update any that are overdue.

Providers who want a comprehensive starting point will find that ndiscompliant.com.au's 74-document audit-ready SIL compliance kit covers every one of these areas with pre-built policies, registers, and templates aligned to the current Practice Standards — which can significantly cut preparation time.

What Happens After the Audit

If auditors identify non-conformances, the provider receives a corrective action report with timeframes to resolve each issue. Minor non-conformances typically allow a rectification period before the audit outcome is finalised. Major non-conformances — particularly those involving participant safety, unreported incidents, or unlawful restrictive practices — can result in conditions being placed on registration or referral to the NDIS Commission's investigation and compliance team.

A clean audit, by contrast, supports a full registration renewal and demonstrates to participants, families, and the Commission that your organisation takes the Practice Standards seriously.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.