What is the most common non-conformance finding under Provision of Supports in NDIS audits?

Inadequate individualisation of support plans is consistently among the most cited findings. Auditors look for evidence that each participant's support plan is specific to their goals, needs, and preferences — not a generic template. Linking daily progress notes to NDIS plan goals is a close second common gap.

How long after an incident do I need to notify the NDIS Commission?

Reportable incidents must be notified to the NDIS Commission within required timeframes set out in the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules. The timeframe depends on the severity of the incident. Your internal incident management policy should specify these timeframes and assign responsibility for notifications.

Can a worker deliver supports if their NDIS Worker Screening Check has expired?

No. Providers must ensure all workers in risk-assessed roles hold a current, valid NDIS Worker Screening clearance. Allowing a worker with an expired clearance to deliver supports constitutes a breach of the provider's obligations and will be raised as a non-conformance during audit. Proactive renewal tracking is essential.

What constitutes a regulated restrictive practice under the NDIS framework?

The NDIS (Restrictive Practices and Behaviour Support) Rules define five categories of regulated restrictive practices: chemical, mechanical, physical, environmental, and seclusion. Any use of a regulated restrictive practice must be authorised under the relevant state or territory framework, supported by a behaviour support plan, and reported monthly to the NDIS Commission.

Do participants need to receive complaints information in Easy Read format?

Where a participant's communication needs require it, yes. The NDIS Practice Standards require that participants have access to information about how to make a complaint in a format that is accessible to them. For participants with intellectual disability or limited literacy, Easy Read or verbal explanation is required and should be documented at intake.

How often should a SIL provider review its policies to remain compliant?

At a minimum, policies should be reviewed annually and whenever the NDIS Commission updates the Practice Standards or related rules. Reviews should be documented, and workers must be re-trained on any substantive changes. The strengthened 2026 Practice Standards framework means providers should prioritise a full policy review ahead of re-registration.

Provision of Supports: Common Audit Non-Conformities in 2026

Why Provision of Supports is the Highest-Risk Audit Area for SIL Providers

The Provision of Supports module sits at the heart of the NDIS Practice Standards. It covers the day-to-day delivery of funded supports — how workers implement plans, how services are tailored to individual participants, and how outcomes are tracked against NDIS goals. For SIL and other residential disability support providers, this module attracts more non-conformances than almost any other area during audits conducted by NDIS Commission-approved quality auditors.

With the 2026 mandatory registration changes bringing a larger cohort of providers into the registration and re-registration cycle, the stakes have never been higher. A non-conformance finding that is not remediated within the auditor's required timeframe can delay registration, trigger a conditions-based registration, or — in serious cases — lead to referral to the NDIS Commission for compliance action.

This article details the most commonly identified non-conformances under this module and the practical steps providers can take to address each one.

The Top Non-Conformities Found Under Provision of Supports

1. Support Plans That Lack Participant-Specific Detail

Auditors consistently cite support plans that read as generic templates rather than documents individualised to the participant. The NDIS Practice Standards require that supports be delivered in a way that reflects each participant's needs, preferences, and goals as documented in their NDIS plan. Where a provider's support plans contain boilerplate language, auditors will raise a non-conformance.

The fix: Each support plan must explicitly reference the participant's current NDIS plan goals, outline the specific supports being delivered to work toward those goals, and describe the participant's preferred routines, communication style, and any relevant health and safety considerations. Review every active support plan against this checklist and update before your audit.

2. No Clear Evidence Linking Delivered Supports to NDIS Plan Goals

A recurring finding is that while support plans exist, progress notes and daily records do not demonstrate a link between the activities delivered and the participant's funded goals. Auditors look for a thread of evidence — from the NDIS plan, through the support plan, into shift notes and progress records — that shows supports are purposeful rather than routine.

The fix: Train workers to document not just what they did, but why — referencing the relevant goal from the participant's NDIS plan. Even a brief notation such as "assisted participant to prepare a meal independently, progressing toward Capacity Building Goal 2" provides the evidentiary thread auditors require.

3. Gaps in Worker Credential and Screening Records

The NDIS Commission's worker screening requirements are non-negotiable. Providers must hold current NDIS Worker Screening Checks for all workers who engage in risk-assessed roles. Auditors will cross-reference your worker register against your rostering data. Any worker found to have delivered supports without a valid clearance — even briefly — constitutes a non-conformance, and may constitute a reportable incident.

The fix: Maintain a live worker register that records each worker's clearance number, issuing state, and expiry date. Set calendar reminders for renewals at least 90 days before expiry. Ensure your HR or rostering system prevents a worker without a current clearance from being assigned to risk-assessed roles.

4. Incident Documentation That Is Incomplete or Untimely

Failure to meet the NDIS Commission's incident management requirements is among the most frequently cited non-conformances. The issues are typically:

Incidents not reported to the Commission within the required timeframes for reportable incidents
Internal incident reports that lack adequate detail about what occurred, immediate actions taken, and follow-up steps
No evidence that incidents were reviewed for systemic causes or that learnings were shared with the team
Participants and/or their nominees not being notified of incidents involving them

The fix: Implement a structured incident form that captures all required fields. Assign a designated incident coordinator who is responsible for Commission notifications within required timeframes. Conduct a monthly review of all incidents to identify patterns, and document that review. Ensure participants and their nominees receive timely notification in plain language.

5. Restrictive Practices Used Without Proper Authorisation

This is among the most serious categories of non-conformance. Any use of a regulated restrictive practice — whether chemical, mechanical, environmental, physical, or seclusion — must be authorised under the relevant state or territory behaviour support framework and reported to the NDIS Commission. Auditors will look for evidence of behavioural support plans developed by a registered behaviour support practitioner, authorisation records, and accurate monthly reporting.

The fix: Conduct an immediate audit of all participants for whom any restrictive practice may be in use, even informally. Engage a registered behaviour support practitioner for any participant who requires a regulated restrictive practice. Ensure all workers understand what constitutes a restrictive practice and that unauthorised use must be reported as an incident.

6. Complaints Handling That Is Not Accessible or Visible to Participants

The NDIS Practice Standards require that participants know how to make a complaint, that complaints are handled promptly, and that participants are not disadvantaged for raising concerns. Audit findings in this area commonly include:

Complaints policy not provided to participants at intake or not available in accessible formats
No evidence that complaints were acknowledged and responded to within the timeframes set by the provider's own policy
Complaints register that is incomplete or shows complaints closed without resolution evidence

The fix: Provide each participant with a plain-English (and Easy Read, where relevant) summary of how to make a complaint, including external pathways to the NDIS Commission. Maintain a complete complaints register and ensure each entry shows date received, response date, resolution, and any systemic improvements made.

7. Quality and Safety Framework Policies That Are Outdated or Unimplemented

Having a policy is not sufficient. Auditors assess whether policies are current (reflecting the strengthened Practice Standards), whether workers have been trained against them, and whether there is evidence of implementation. A policy dated several years ago with no record of staff training is a predictable non-conformance.

The fix: Establish an annual policy review cycle. Record the date of each review and the name of the person responsible. Maintain training records that show workers have read and understood each relevant policy. Where a policy has been revised, document that workers have been re-trained on the changes.

A Practical Pre-Audit Checklist for Provision of Supports

Review all participant support plans against current NDIS plans — update any that are outdated or generic.
Audit three months of progress notes for a sample of participants to confirm goal-linking is evident in documentation.
Cross-reference your worker register against rosters to confirm all workers in risk-assessed roles hold a current NDIS Worker Screening clearance.
Review your incident register for completeness, timeliness of Commission notifications, and evidence of participant notification.
Confirm all regulated restrictive practices are authorised and that monthly reporting to the Commission is current and accurate.
Verify that complaints materials are provided to participants at intake and are available in accessible formats.
Check policy version dates and ensure training records are on file for all workers.

What Auditors Are Actually Looking For

Approved quality auditors working under the NDIS Commission's framework apply a specific evidence hierarchy. Documentary evidence (policies, completed forms, signed records) carries more weight than verbal assurances. Where a provider claims a process is in place, the auditor will request evidence that the process was applied to real participants in recent practice.

The most effective preparation is to walk through your own records as if you were the auditor: for three or four participants, can you trace an unbroken chain from their NDIS plan goals, through your support plan, into daily notes, through to any incidents or complaints, and back out to what changed as a result? If that chain has gaps, your documentation has gaps.

Getting Audit-Ready: Practical Support

For SIL providers building or refreshing their compliance documentation, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that covers each of the areas outlined above, formatted for immediate use and aligned to the current Practice Standards.

Addressing these non-conformances before your audit — rather than scrambling to remediate after a finding — is the single most effective strategy for achieving registration without conditions or delays.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.