What happens if our organisation receives a non-conformance finding under the Provision of Supports module?

The NDIS Commission will issue a corrective action notice requiring your organisation to address the non-conformance within a specified timeframe and provide evidence of remediation. Serious or repeated non-conformances can result in conditions being placed on your registration, suspension, or in the most serious cases, revocation of registration.

How often should SIL support plans be reviewed?

The NDIS Practice Standards require that support plans be reviewed at least when there is a significant change in a participant's needs, goals, or circumstances. Providers should also align plan reviews with the participant's NDIS plan review cycle. Annual review as a minimum is considered good practice, but auditors will look for evidence of responsiveness to change rather than fixed-interval-only reviews.

Does every staff member need a separate competency record for high-intensity supports?

Yes. Each worker who delivers high-intensity daily activities must have individual documented evidence that they have been assessed as competent to perform that specific task. A general induction record or certificate of attendance at training is not sufficient on its own — auditors look for evidence of observed competency assessment against the relevant standard.

Can we use a generic risk assessment template across all SIL participants?

A template can be used as a starting framework, but the completed risk assessment must be genuinely individualised to each participant's specific health conditions, living environment, and daily activities. Auditors will identify non-conformance if all residents' completed risk assessments are essentially identical in their risk descriptions and mitigation strategies.

What counts as a regulated restrictive practice in a SIL setting?

Under the NDIS (Restrictive Practices and Behaviour Support) Rules, regulated restrictive practices include physical restraint, mechanical restraint, chemical restraint, environmental restraint, and seclusion. Environmental restraint in a SIL setting can include locked doors or restricted access to areas of the home. Any regulated restrictive practice requires state or territory authorisation and involvement of a registered NDIS behaviour support practitioner.

What is the timeframe for notifying the NDIS Commission of a reportable incident?

Under the NDIS (Incident Management and Reportable Incidents) Rules, the timeframe for Commission notification depends on the type of incident. Incidents of the most serious nature — including death or serious injury of a participant — require notification as soon as practicable and no later than 24 hours after the provider becomes aware. Other reportable incidents have a five-day notification requirement. Providers should consult the Commission's current guidance for the full classification and timeframe schedule.

Provision of Supports Environment: Common Audit Non-Conformities

For Supported Independent Living (SIL) providers and disability support organisations preparing for registration or renewal under the strengthened NDIS Quality and Safeguards framework, the Provision of Supports module is one of the highest-scrutiny areas an approved quality auditor will examine. Non-conformances here carry serious consequences — from corrective action notices to conditions placed on your registration.

This article breaks down the most common non-conformities identified during audits of the Provision of Supports Environment, and explains what auditors are actually looking for so you can address gaps before they become findings.

What the Provision of Supports Module Covers

The NDIS Practice Standards set out a suite of quality indicators that registered providers must meet. The Provision of Supports module (which sits within the core module applying to all registered providers) requires that supports are delivered in a way that is safe, effective, and tailored to each participant's individual needs, goals, and circumstances. For SIL providers, an additional high-intensity and specialist support overlay applies where participants require complex or daily personal care.

Auditors assess both documentary evidence and observable practice. That means your policies are not enough — auditors will interview participants, their families or representatives, and staff to verify that what is written actually reflects what happens day-to-day.

The Top Non-Conformities Auditors Find

1. Support Plans That Are Generic or Out of Date

The single most frequently cited non-conformance in the Provision of Supports module is a support plan that does not genuinely reflect the individual participant's current needs, goals, preferences, and living arrangements. Auditors look for evidence that plans are:

Developed with the participant (and their nominee or support network where appropriate), not just for them
Written in plain language the participant can understand
Reviewed at least when there is a significant change in circumstances — not just at fixed annual intervals
Consistent with the goals and funded supports outlined in the participant's NDIS plan

A common finding is that all SIL residents' support plans look structurally identical, with only names changed. This signals that individualisation is tokenistic rather than genuine.

2. Risk Assessments That Are Incomplete or Not Participant-Specific

Providers must demonstrate that risks associated with each participant's support environment and daily activities have been identified, assessed, and mitigated. Auditors commonly find:

Blanket risk assessments applied to all house residents rather than tailored to each individual
Risk assessments that have not been updated following an incident, a change in the participant's health, or a move to a new dwelling
No evidence that the participant was involved in identifying or agreeing to risk mitigation strategies
Missing environmental risk assessments for the physical premises (trip hazards, fire safety, medication storage, kitchen access)

3. Inadequate Consent Documentation

The NDIS Code of Conduct requires providers to respect the rights of participants, which includes obtaining and documenting informed consent for supports delivered. Auditors regularly find that:

Consent forms are signed at intake but never revisited
Consent is documented for broad categories of support rather than specific activities (particularly relevant for personal care)
There is no process for recording changes in consent or withdrawal of consent
Participants with communication support needs have no accessible format for consent (e.g. Easy Read, verbal agreement recorded with a witness)

4. Failure to Demonstrate Participant Choice and Control

One of the central principles of the NDIS Act is that participants have choice and control over their supports. In a SIL setting, auditors look for observable evidence — not just policy statements — that participants are able to exercise genuine choice about:

Daily routines (wake times, meal choices, social activities)
Who delivers their supports and at what times
Visitors and relationships
How their home environment is arranged

A non-conformance in this area often arises when house routines are entirely staff-driven, or when participants indicate during interviews that they feel they have little say in how their day runs. Policy alone will not satisfy an auditor — the participant's lived experience is the evidence.

5. Gaps in Staff Competency Evidence

For the Provision of Supports module, providers must demonstrate that staff delivering supports are appropriately skilled and trained for the tasks they perform. Frequent gaps include:

No record of competency verification for high-intensity daily activities (enteral feeding, complex bowel care, subcutaneous injections, epilepsy management)
Induction records that show orientation was completed but do not document skill assessment
No evidence of ongoing supervision, observation, or annual competency review
Staff rosters that show workers delivering supports they have not been assessed as competent to provide

6. Incident Management Processes Not Embedded in Practice

While incident management has its own registration module, it intersects directly with Provision of Supports. Auditors commonly find that providers have an incident policy but:

Staff cannot describe the reporting pathway from memory
Incidents are recorded in a register but there is no evidence of root-cause analysis or system improvement
Reportable incidents (as defined under the NDIS (Incident Management and Reportable Incidents) Rules) have not been notified to the NDIS Commission within required timeframes
Participants and their families are not informed about their right to report concerns directly to the Commission

7. Restrictive Practices Used Without Authorisation

For SIL providers supporting participants with complex needs, the use of regulated restrictive practices without lawful authorisation is one of the most serious non-conformances an auditor can identify. Common findings include:

Environmental restrictions (locked external doors, restricted access to kitchen) in place without a behaviour support plan or state/territory authorisation
Chemical restraint (PRN medication used to manage behaviour) not documented or authorised as a regulated restrictive practice
No evidence that a registered behaviour support practitioner is involved in the development and review of any behaviour support plan

What Auditors Actually Check: A Summary Table

Non-Conformance Area	Evidence Auditors Look For
Support plans	Signed, dated, participant-specific, recently reviewed
Risk assessments	Individual, updated post-incident, participant-involved
Consent	Specific, accessible format, withdrawal process documented
Choice and control	Participant interviews, observable daily practice
Staff competency	Training records, competency assessments, supervision logs
Incident management	Registers, Commission notifications, improvement evidence
Restrictive practices	Authorisation records, behaviour support plan, practitioner involvement

How to Strengthen Your Position Before an Audit

Conduct an internal mock audit using the NDIS Commission's self-assessment tool and practice standards indicators. Do not treat this as a checkbox exercise — assign a staff member to role-play as an auditor and interview both workers and participants.
Review every participant's support plan against their current NDIS plan. If goals have changed or supports have been amended, the support plan must reflect that.
Audit your risk assessment file for each resident. Ensure each one is dated within the last twelve months or since the last significant change, and that the participant's signature or verbal agreement is documented.
Map staff competencies to the supports they deliver. For each high-intensity activity in your service, there should be a corresponding competency record for each staff member who performs it.
Debrief staff on incident reporting — particularly around what constitutes a reportable incident and the required Commission notification timeframe.
Review all restrictive practices currently in use. If any are regulated under the NDIS (Restrictive Practices and Behaviour Support) Rules, confirm that state/territory authorisation is current and that a registered practitioner is engaged.

Providers preparing for a mid-2026 audit will also need to ensure they are across the strengthened NDIS Practice Standards that took effect as part of the broader registration reform — including reinforced requirements around individualised supports and participant safeguarding. The NDIS Commission's website publishes updated guidance for each module as it is finalised.

If you are building or reviewing your compliance documentation from scratch, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that covers support plans, risk assessment templates, consent frameworks, incident registers, and behaviour support documentation — specifically structured around the Practice Standards modules.

Key Takeaway

Non-conformances in the Provision of Supports Environment module almost always come down to one of three root causes: documentation that exists but is not individualised, processes that exist on paper but are not embedded in daily practice, or gaps between what staff know and what they can demonstrate. Addressing those three areas systematically — before your auditor arrives — is the most effective risk reduction strategy available to SIL providers.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.