What documents do auditors most commonly ask for under the Rights and Responsibilities standard?

Auditors typically request participant rights statements with acknowledged receipt, current signed consent forms, a complete complaints register, NDIS Worker Orientation Module certificates for all staff, and evidence that complaints and advocacy information is available in accessible formats.

Do casual and agency workers need to complete the NDIS Worker Orientation Module?

Yes. The requirement applies to all workers delivering NDIS supports regardless of employment type. There is no exemption for casual, part-time, or labour-hire staff. Providers must obtain and retain completion certificates for every worker before they commence delivering supports.

How long must providers keep rights and consent records?

The NDIS Commission does not prescribe a single retention period for all records, but providers should retain participant-related records for at least seven years (or longer if state or territory legislation requires it), and for a minimum of seven years after a child participant turns 18.

What counts as an accessible complaints mechanism for participants with communication needs?

An accessible complaints mechanism must be available in a format the participant can use. This may include Easy Read documents, translated materials, verbal explanation recorded in a case note, pictorial guides, or support to use an interpreter or communication aid. A text-only policy document alone is insufficient.

Can a verbal consent from a participant satisfy the consent evidence requirement?

Verbal consent can be valid, but it must be documented immediately with a dated case note recording what was consented to, who was present, and how the participant demonstrated understanding. Undocumented verbal consent is not auditable and is a common non-conformance finding.

What is the difference between a complaint and a reportable incident under the NDIS framework?

A complaint is any expression of dissatisfaction about a provider's supports or services. A reportable incident is a defined event under the NDIS (Incident Management and Reportable Incidents) Rules 2018 — such as unlawful physical contact, unexpected death, or serious injury — that must be notified to the NDIS Commission within specified timeframes. Both require separate registers and processes.

Rights and Responsibilities: Evidence Checklist for Your NDIS Audit

What the Rights and Responsibilities Standard Actually Requires

The NDIS Practice Standards include a dedicated Rights and Responsibilities module that applies to all registered NDIS providers. Under the strengthened framework introduced progressively from 2023 and fully embedded in the 2026 registration renewal cycle, this standard requires providers to demonstrate — not merely state — that participants are treated as rights-holders, not service recipients.

An approved quality auditor reviewing this module will look for systematic evidence across four domains: participant rights information, decision-making support, complaints and feedback mechanisms, and staff competency. The checklist below maps directly to those domains.

The Evidence Checklist: What Auditors Actually Check

1. Participant Rights Information

Participant Welcome Pack or Rights Statement — a document (or accessible alternative) given to each participant at or before service commencement, written in plain English and available in alternate formats (Easy Read, audio, translated) on request.
Signed or acknowledged receipt — evidence the participant (or their authorised representative) received and understood rights information. This can be a signature, a dated case note, or a supported decision-making record.
NDIS Code of Conduct poster or participant-facing reference — visible in shared spaces or included in digital onboarding materials, confirming worker obligations.
Participant handbook version control log — showing the document is reviewed at least annually and updated when the NDIS Practice Standards change.

2. Decision-Making Support and Consent

Consent forms for each support type — individually signed and dated, not a blanket one-off consent at intake. Auditors look for specificity: consent to share information, consent to particular personal supports, consent to photograph or record.
Supported decision-making records — case notes or meeting minutes showing how the provider supported the participant to make decisions about their own supports, including who was present and what alternatives were discussed.
Records of declined or changed consent — demonstrating participants can withdraw consent without adverse consequence, and that the provider adjusted service delivery accordingly.
Capacity assessment records where relevant — if a participant has a guardian or administrator, documentation confirming the scope of that appointment and how the provider communicates directly with the participant wherever possible.

3. Complaints, Feedback, and Advocacy Access

Complaints policy and procedure (current version) — must reference the NDIS Commission as an escalation pathway and include timeframes for acknowledging and resolving complaints.
Complaints register — a log of all complaints received, their category, how they were handled, outcome, and any systemic improvements triggered. This must be available to auditors; omissions are a common non-conformance.
Feedback mechanism evidence — surveys, suggestion forms, or meeting records showing participants have multiple ways to raise concerns, including anonymously.
Advocacy information provided to participants — written evidence that participants have been told about independent advocacy services, including the National Disability Advocacy Program and state-based equivalents.
Evidence complaints information is accessible — Easy Read complaints summary, translated brochure, or recorded explanation for participants with communication needs.

4. Staff Training and Code of Conduct Compliance

NDIS Worker Orientation Module completion records — "Quality, Safety and You" module certificates or equivalent platform records for every worker providing NDIS supports, including casual and agency staff.
Code of Conduct induction records — signed staff acknowledgement that they have read and understood the NDIS Code of Conduct obligations.
Ongoing training log for rights-based practice — evidence of refresher training covering topics such as privacy, restrictive practices, dignity of risk, and mandatory reporting. Auditors expect this to occur at intervals, not just at induction.
Supervision records referencing rights issues — case notes or supervision logs where rights-related matters (including near-misses) were discussed with workers.

5. Reportable Incidents Linked to Rights

Incident register — including incidents that may constitute a breach of a participant's rights, such as unlawful physical contact, failure to respect a participant's decision, or inappropriate use of restrictive practices.
NDIS Commission incident notification records — evidence that reportable incidents were notified within required timeframes and that post-incident reviews were completed.
Corrective action records — demonstrating that identified systemic issues were addressed and the outcomes reviewed.

Common Non-Conformances Auditors Flag

Issue	Why It Fails	Quick Fix
Generic rights statement not tailored to the participant	Auditors expect evidence the individual participant understood their rights, not that a form was handed over	Add a dated case note confirming the conversation and the participant's response
Complaints register incomplete or only holds formal complaints	The standard expects all feedback — including verbal, informal, and near-miss concerns — to be captured	Brief all staff on what must be logged; audit the register monthly
Consent forms undated or unsigned by the participant	Consent cannot be assumed; auditors require evidence it was obtained and is current	Conduct a consent file audit quarterly; re-obtain any consents older than 12 months or where circumstances changed
Worker Orientation Module certificates missing for casual or short-term staff	There is no exemption for workforce type; every worker delivering NDIS supports must complete the module	Build certificate verification into onboarding before first shift
No accessible complaints information for participants with communication needs	The standard requires complaints processes to be accessible; a single text-only document does not satisfy this	Develop or source an Easy Read complaints summary and document when it was provided to whom

A Practical Pre-Audit Review Process

Assign ownership. Nominate a staff member responsible for compiling Rights and Responsibilities evidence at least eight weeks before your audit date.
Map participants to evidence. For each current participant, confirm there is a rights statement receipt, current consent, and a complaints pathway record on file.
Audit the complaints register. Check it is complete, outcomes are recorded, and any systemic issues have a corresponding corrective action with a completion date.
Verify training records. Cross-reference your staffing list against the Worker Orientation Module completion database and any internal training logs. Chase outstanding records now, not the week before audit.
Review accessibility of materials. Confirm that rights, complaints, and advocacy information is available in at least one alternate format for participants who need it.
Conduct a mock audit conversation. Ask a worker to explain to you what a participant's rights are and how they would support a participant to make a complaint. If they struggle, that is a training gap to address before the auditor does.
Collate and label your evidence folder. Organise documents by standard module, with a cover sheet listing what each item of evidence addresses. Auditors appreciate organised submissions and it reduces on-site time.

A Note on the 2026 Registration Changes

The NDIS Commission's strengthened registration framework, which came into effect progressively and is now central to the 2026 renewal cycle, places greater emphasis on continuous improvement and governance. For the Rights and Responsibilities module, this means auditors are not only checking whether policies exist but whether they are embedded in daily practice — evidenced through case notes, supervision records, and participant feedback trends over time. A policy document in a drawer no longer constitutes compliance.

Providers operating SIL arrangements face particular scrutiny because participants often live in provider-managed environments where rights issues — such as freedom of association, privacy, and decision-making around daily routines — can be harder to evidence at an individual level. SIL providers should ensure house meeting records, individual planning notes, and daily support records all reflect rights-respecting practice, not just service delivery tasks.

Getting Audit-Ready Documentation in Order

Pulling together compliant policies, accessible participant materials, consent frameworks, and staff training records from scratch takes considerable time. If your organisation is working toward a 2026 audit and needs a structured starting point, ndiscompliant.com.au offers a 74-document audit-ready SIL compliance kit that covers the Rights and Responsibilities module alongside all other NDIS Practice Standard requirements — a practical shortcut that many smaller providers have used to avoid common gaps.

Whether you use an off-the-shelf kit or build your own documentation set, the principle is the same: every claim your organisation makes about rights-based practice must be backed by dated, participant-specific, accessible evidence that an approved quality auditor can review on the day.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.