What Auditors Check for SIL Providers

A practical guide to the policy, register, participant-file, worker-file, and house-safety evidence SIL providers should prepare.

Published 28 May 2026. Source framework: NDIS Quality and Safeguards Commission guidance, NDIS Practice Standards, and practical provider documentation workflows.

The five evidence layers an auditor samples

When an approved quality auditor assesses a SIL provider, they are not reading your policies for prose quality. They are testing whether five distinct evidence layers line up: your policies (what you say you do), your registers (proof the policy runs over time), your participant files (the support actually delivered to a real person), your worker files (screening, induction, training, supervision), and your house and environment (the physical home, medication, emergency arrangements). A pass is the four document layers agreeing with what the auditor sees and hears on site.

Policies: necessary, never sufficient

A complete policy suite is the floor, not the ceiling. Auditors expect governance, risk, incident management, complaints, participant rights, privacy, service agreements, support planning, medication, emergency and disaster management, worker screening, recruitment, training, supervision, restrictive practices (where used), infection control, safe environment, and continuous improvement. But a beautifully written policy with no matching record behind it reads as aspirational. The fastest non-conformance is a policy that describes a process nobody can show happening.

Registers: where most providers actually fail

The single most-flagged issue is the empty or stale register. An incident register with no entries, a complaints register that has never been used, a risk register last touched twelve months ago — each signals that the system exists on paper only. Auditors sample registers precisely because they are the time-series proof that the policy is lived. Keep them current, dated, and showing action taken, not just incidents logged.

Participant files: the support, evidenced

The auditor pulls a participant file and follows the thread: is there a signed, current service agreement linked to NDIS goals? Are there shift and progress notes that link support to those goals? For SIL specifically, do the notes show the participant's own choices being respected day to day? Under the new SIL Practice Standards, the Supported Decision-Making outcome means the file has to show decisions made by the participant, not for them.

Worker files and the consistency test

Each worker file is checked for current NDIS Worker Screening Check status, induction, training currency, and supervision. The new SIL Workforce Competence and Consistency outcome adds a sharper test: does the support stay the same quality across workers and shifts? That means your worker screening register, training register, and handover practice all have to join up into observable, consistent practice in the home.

The house: SIL's on-site difference

SIL is where the audit physically enters someone's home. The auditor looks at medication storage and records, per-home emergency and evacuation plans, environmental safety, and how overnight incidents are escalated. This is the layer generic NDIS policy libraries miss entirely — and the layer the new SIL module's Safety and Housing and Support Security outcomes scrutinise hardest.

What separates a pass from a flag

Three things, from the auditor's side of the table: the documents are customised (your real entity, ABN, key personnel, houses — not placeholder text); each document cites the Practice Standard outcome it covers so the auditor doesn't have to hunt; and the documents are implemented, with registers and files that prove it. Our audit evidence guide walks the three-leg model (policy + record + observable practice) for each outcome.

A simple weekly evidence rhythm

Don't try to manufacture a year of evidence the week before audit. Pick five records each week — one participant file, one worker file, one risk entry, one training record, one incident or complaint — and check each proves the system works. Log the review in a continuous improvement record even when the answer is "no action required". Over months this builds the defensible trail that management is monitoring the service, which is exactly what the auditor wants to see.