Can you fail an NDIS certification audit?

Technically, NDIS audits do not use the term 'fail.' Instead, auditors issue non-conformances — either minor or major — against specific NDIS Practice Standard outcomes. If major non-conformances are not resolved within the required timeframe (typically 90 days), the auditor cannot recommend registration and the NDIS Commission may refuse your application. In practical terms, unresolved major non-conformances are equivalent to failing your audit.

How long do you have to fix a major non-conformance?

For a major non-conformance, you typically have 90 days (approximately 3 months) to implement corrective actions and provide evidence of resolution to your Approved Quality Auditor. The auditor must verify that your corrective actions effectively address the root cause before they can recommend certification to the NDIS Commission.

What is the most common reason providers fail NDIS audits?

The most common reasons for NDIS audit failures include incomplete or missing policy documents, lack of evidence that policies are implemented in practice, inadequate incident management records, missing worker screening checks, insufficient staff training records, and poor documentation of participant consent and support planning. Many of these failures stem from not having a complete document management system aligned to the NDIS Practice Standards.

How much does an NDIS re-audit cost?

If your initial audit identifies issues requiring a follow-up assessment, your Approved Quality Auditor will charge additional fees. Follow-up desktop reviews typically cost $500 to $1,500, while a full re-audit (if the initial audit cannot be salvaged) costs $3,000 to $15,000 or more depending on the scope and number of registration groups. These costs are on top of what you already paid for the initial audit.

Can you appeal an NDIS audit non-conformance?

You can dispute specific audit findings with your Approved Quality Auditor during the draft report review period. Auditors must give you the opportunity to respond to findings before finalising their report. If the NDIS Commission subsequently makes an adverse registration decision based on the audit, you can apply to the Administrative Review Tribunal (ART) for a merits review of that decision.

Does failing an NDIS audit go on your record?

Audit reports and non-conformance findings are submitted to the NDIS Quality and Safeguards Commission and form part of your provider record. If you apply for registration again in the future, the Commission may consider your previous audit history. However, demonstrating that you have addressed past non-conformances and improved your systems is generally viewed favourably.

What Happens If You Fail Your NDIS Audit? Non-Conformances, Corrective Actions and Next Steps

What "Failing" an NDIS Audit Actually Means

When NDIS providers talk about "failing" an audit, they are using shorthand for a more nuanced reality. The NDIS Quality and Safeguards Commission does not issue pass or fail grades the way a school exam does. Instead, the audit process — conducted by an Approved Quality Auditor (AQA) accredited by JAS-ANZ — results in findings against each assessed outcome of the NDIS Practice Standards.

Each outcome is assessed as one of three things:

Conformity (Met): Your organisation demonstrates it meets the Practice Standard outcome through documented policies, implemented procedures, and verifiable evidence.
Minor non-conformance: The auditor identifies a gap or weakness that does not pose an immediate risk to participants but needs to be addressed.
Major non-conformance: The auditor identifies a significant gap that represents a systemic failure or poses a direct risk to participant safety, rights, or wellbeing.

So when providers say they "failed" their NDIS audit, what they really mean is that the auditor issued one or more major non-conformances that could not be resolved during the audit window — preventing the auditor from recommending registration to the NDIS Commission.

This distinction matters because it means there is almost always a pathway to fix the problem. An NDIS audit is not a single-shot examination. It is a process with built-in mechanisms for corrective action, follow-up verification, and eventual resolution.

Key Concept

Under the NDIS Act 2013 (Section 73E) and the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018, the NDIS Commission — not the auditor — makes the final registration decision. The auditor provides a report and recommendation. The Commission considers the report alongside other information (such as complaints history and worker screening records) when deciding whether to grant, refuse, or impose conditions on registration.

Minor vs Major Non-Conformances Explained

Understanding the difference between minor and major non-conformances is critical because the consequences, timeframes, and response expectations are very different.

Minor Non-Conformances

A minor non-conformance is an isolated gap that does not represent a systemic failure. It typically means you have a policy or procedure in place, but there is a weakness in implementation, documentation, or consistency. Examples include:

A staff training register that is mostly complete but missing entries for two recent starters
An incident report that was completed but not reviewed by management within the required timeframe
A participant file that contains a support plan but is missing the participant's signed consent form
A policy document that references outdated legislation or has not been reviewed within its scheduled review cycle

Minor non-conformances are typically addressed through a corrective action plan that must be implemented within 12 months of the audit finding. The auditor records the finding, and you are expected to fix the issue and have evidence of resolution available for your next surveillance or renewal audit.

Major Non-Conformances

A major non-conformance is a significant or systemic gap that indicates a fundamental failure to meet a Practice Standard outcome. It may represent a risk to participant safety. Examples include:

No incident management policy or procedure exists at all
Worker screening checks have not been conducted for multiple staff members delivering direct supports
There is no evidence of participant consent, support planning, or person-centred approaches across multiple participant files
The organisation cannot demonstrate any form of complaints management, feedback mechanism, or continuous improvement process
Restrictive practices are being used without authorisation, reporting, or behaviour support plans

Major non-conformances trigger a more urgent response. You typically have 90 days to implement corrective actions, and the auditor must verify that the issues have been resolved before they can finalise their report and recommend registration.

Aspect	Minor Non-Conformance	Major Non-Conformance
Nature	Isolated gap or weakness	Systemic failure or significant risk
Participant risk	Low or no immediate risk	Potential or actual risk to safety/rights
Corrective action timeframe	Up to 12 months	Typically 90 days
Verification	Checked at next audit	Must be verified before report finalisation
Impact on registration	Registration can proceed with conditions	Registration cannot proceed until resolved
Report outcome	Auditor can still recommend certification	Auditor cannot recommend until resolved

Corrective Action Timeframes and Requirements

When your Approved Quality Auditor issues a non-conformance, you will be asked to develop a Corrective Action Plan (CAP). This is not a vague promise to do better — it is a structured document that must address specific elements.

What a Corrective Action Plan Must Include

Root cause analysis: Why did the non-conformance occur? Was it a knowledge gap, a resource issue, a process gap, or a failure in oversight?
Corrective actions: What specific steps will you take to fix the immediate problem?
Preventive actions: What will you change systemically to prevent recurrence?
Responsible person: Who is accountable for implementing each action?
Timeframe: When will each action be completed?
Evidence: What evidence will you produce to demonstrate the actions have been completed?

For a detailed walkthrough of writing an effective corrective action plan, see our NDIS Corrective Action Plan guide with template and examples.

The 90-Day Clock for Major Non-Conformances

For major non-conformances, the typical timeframe is 90 days from the date the finding is issued. During this period, you must:

Acknowledge the finding and submit your corrective action plan to the auditor
Implement the corrective actions (create missing documents, retrain staff, establish new processes)
Gather evidence that the actions have been implemented (signed policies, training records, completed forms)
Submit the evidence to the auditor for verification
The auditor reviews the evidence and may conduct a follow-up desktop review or site visit

If you successfully resolve the major non-conformance within 90 days, the auditor can then finalise their report and recommend registration to the NDIS Commission. The non-conformance is recorded as "closed" in the audit report.

Important Note

The 90-day timeframe is a guideline used by most Approved Quality Auditors, consistent with the NDIS Practice Standards Audit Methodology. However, your specific auditor may have slightly different timeframes outlined in their audit agreement. Always confirm the exact deadline with your AQA at the time the finding is issued.

What Happens If You Don't Fix Non-Conformances

If you fail to resolve non-conformances within the required timeframe, the consequences escalate significantly.

For Unresolved Major Non-Conformances

If a major non-conformance remains open after the corrective action period:

The auditor cannot recommend registration. Their final report to the NDIS Commission will note the unresolved major non-conformance.
The NDIS Commission may refuse your registration application. Under Section 73F of the NDIS Act 2013, the Commission can refuse to register a provider if it is not satisfied the provider is suitable or complies with the conditions of registration.
You may need to start the audit process again. This means engaging a new AQA (or the same one), paying for a new audit, and going through the entire process from scratch.
You cannot deliver registered NDIS supports. Without registration, you cannot claim NDIS funding for any registration-group supports that require certification.

For Unresolved Minor Non-Conformances

While minor non-conformances are less critical, ignoring them creates compounding risk:

Multiple unresolved minor non-conformances may be escalated to a major non-conformance at your next audit, as they may indicate a systemic problem
Your mid-term surveillance audit (typically at the 18-month mark) will specifically check whether previous minor non-conformances have been resolved
A pattern of unresolved minor issues may lead the NDIS Commission to impose conditions on your registration or initiate a compliance investigation

The NDIS Commission's Regulatory Powers

Beyond the audit process itself, the NDIS Commission has broader regulatory powers under the NDIS Act 2013 (Part 3, Division 5) that it can exercise if it has concerns about a provider's compliance. These include:

Compliance notices requiring you to take specific actions within a set timeframe
Conditions on registration restricting how you deliver supports
Suspension of registration temporarily preventing you from delivering registered supports
Revocation of registration permanently removing your ability to deliver registered NDIS supports
Banning orders preventing individuals from being involved in the delivery of NDIS supports

These powers are separate from the audit process but can be triggered by persistent non-compliance identified through audits.

Don't Risk Audit Failure

The SIL Rescue Kit includes 65 audit-ready documents — policies, procedures, forms and registers — mapped to every NDIS Practice Standard Core Module outcome. Get audit-ready for $297 instead of $4,400+ in consultant fees.

Get the SIL Rescue Kit — $297

Real Examples of Common NDIS Audit Failures

Based on NDIS Commission published data, auditor guidance, and provider experience, these are the most frequently encountered non-conformances in NDIS certification audits. Understanding these patterns helps you focus your preparation on the areas most likely to cause problems.

1. Incomplete or Missing Policy Documents

This is the single most common reason for audit non-conformances. The NDIS Practice Standards require documented policies and procedures for every Core Module outcome. Auditors check that you have:

Written policies that address all required elements of each Practice Standard outcome
Procedures that translate policies into actionable steps for staff
Document control information (version numbers, review dates, approval signatures)
Evidence that policies have been communicated to staff (training records, acknowledgement forms)

Common gap: Providers have some policies but not a complete set. For example, they have an incident management policy but no complaints and feedback policy, or they have a privacy policy but no information management procedure.

2. No Evidence of Implementation

Having a policy document is necessary but not sufficient. Auditors look for evidence that policies are actually being followed in practice. This means:

Completed incident report forms (not just a blank template)
Records of staff supervision sessions
Minutes from team meetings where policies were discussed
Completed participant feedback forms or survey results
Evidence of continuous improvement actions taken in response to incidents or complaints

Common gap: The provider wrote policies to pass the audit but has not been using them. The auditor interviews staff who cannot describe the policies or have never seen them.

3. Worker Screening Failures

Under the NDIS Practice Standards (Core Module, Outcome 2.6), all workers delivering NDIS supports must have a valid NDIS Worker Screening Check. Common failures include:

Staff delivering supports without a current NDIS Worker Screening clearance
No worker screening register to track expiry dates and renewal requirements
Screening checks from a different state or territory (they are not automatically portable)
Failing to screen volunteers or contractors who have direct participant contact

4. Inadequate Incident Management

Incident management is one of the most scrutinised areas in any NDIS audit. The NDIS Practice Standards require that you have systems to identify, record, report, and learn from incidents. Common failures include:

No incident report forms or an incomplete incident register
Failure to report reportable incidents to the NDIS Commission within 24 hours (as required under the NDIS reportable incidents framework)
No evidence of root cause analysis or corrective actions following incidents
Staff who do not know what constitutes a reportable incident

5. Missing Participant Consent and Support Plans

Person-centred support planning is fundamental to the NDIS Practice Standards. Auditors check participant files for:

Signed consent forms for collecting and sharing personal information
Individualised support plans developed with the participant (or their representative)
Evidence of regular review and updating of support plans
Documentation that participants were informed of their rights, including the right to complain

6. No Continuous Improvement Evidence

Under NDIS Practice Standard Core Module Outcome 2.3, providers must demonstrate a commitment to continuous improvement. This means maintaining:

A continuous improvement register tracking actions and outcomes
Evidence that feedback, complaints, and incidents lead to systemic changes
Internal audit schedules and completed audit reports
Staff training needs analysis and training plans

Re-Audit Costs and Financial Impact

The financial consequences of audit failure extend well beyond the direct cost of re-auditing. Here is a realistic breakdown of the costs involved.

Cost Item	Estimated Range	Notes
Initial certification audit	$3,000 — $15,000+	Already paid; this cost is sunk
Follow-up desktop review	$500 — $1,500	If corrective actions can be verified remotely
Follow-up on-site visit	$1,500 — $4,000	If auditor needs to verify on-site evidence
Full re-audit	$3,000 — $15,000+	If the original audit cannot be salvaged
Consultant remediation fees	$2,000 — $8,000+	If you engage a consultant to fix the gaps
Lost revenue during delay	Varies widely	Cannot claim NDIS funding without registration
Staff time for remediation	40 — 200+ hours	Creating documents, retraining, gathering evidence

For a small SIL provider with 10 participants, even a two-month delay in registration could mean tens of thousands of dollars in lost funding — on top of the direct audit costs. The total cost of "failing" and having to remediate can easily exceed $20,000 to $30,000 when you factor in all direct and indirect costs.

By comparison, investing in proper document preparation before your audit — whether through a consultant ($4,400+) or a self-serve document kit like the SIL Rescue Kit ($297) — is a fraction of the cost of failure.

How to Prevent Audit Failure

The best strategy for NDIS audit success is thorough preparation. Most non-conformances are entirely preventable with the right systems in place before your auditor arrives.

Start with Complete Documentation

Every NDIS Practice Standard outcome requires documented policies, procedures, or both. Before your audit, ensure you have:

A complete set of policies covering all Core Module outcomes (Governance, Risk, Incident, Complaints, HR, Privacy, Safeguarding, Quality, and more)
Corresponding procedures for each policy that staff can follow step-by-step
Document control information on every document (version number, approval date, review date, responsible officer)
Forms and templates for day-to-day operations (incident reports, consent forms, supervision records, shift notes)
Registers for tracking ongoing compliance (incidents, complaints, training, worker screening, continuous improvement)

Build Evidence Before the Audit

Documents alone are not enough. You need evidence of implementation — proof that your policies are being used in practice. Aim to have at least three months of operational evidence before your audit:

Completed incident reports and evidence of follow-up actions
Staff training records showing who was trained, on what, and when
Supervision session records with documented discussions and actions
Participant files with signed consent forms, support plans, and progress notes
Completed internal audits or self-assessments
Continuous improvement register entries showing actions taken from feedback

Need compliant progress notes? Our free NDIS Notes Rewriter helps support workers write audit-ready shift notes in seconds.

Prepare Your Staff

Auditors will interview your staff — often one-on-one — to verify that policies are understood and implemented. Common staff interview questions include:

"What would you do if a participant disclosed abuse?"
"How do you report an incident?"
"Where can you find the organisation's policies?"
"How do you ensure participant choice and control in your daily work?"
"What is a reportable incident and who do you report it to?"

For a comprehensive list of questions and how to answer them, read our NDIS Audit Interview Questions guide.

Conduct a Pre-Audit Self-Assessment

Before your official audit, conduct your own internal assessment against the NDIS Practice Standards Core Module. Walk through each outcome and ask:

Do we have a documented policy for this outcome?
Do we have a procedure that staff can follow?
Can we produce evidence that the policy is being implemented?
Can staff describe what they do in practice for this outcome?

Any outcome where you answer "no" to any of these questions is a potential non-conformance waiting to happen.

65 Audit-Ready Documents. $297. Zero Consultant Fees.

The SIL Rescue Kit gives you every policy, procedure, form and register you need to pass your NDIS certification audit — mapped to every Core Module outcome. Download today and start building your evidence base.

Download the SIL Rescue Kit

Summary: What to Do If Your NDIS Audit Goes Wrong

If your NDIS audit does not go as planned, remember these key points:

Don't panic. Non-conformances are common, and the system is designed to give you a chance to fix them.
Understand the finding. Ask your auditor to explain exactly which Practice Standard outcome was not met and what evidence is needed.
Act quickly. For major non-conformances, you typically have 90 days. Start your corrective action plan immediately.
Address root causes, not just symptoms. Your corrective action plan must demonstrate systemic change, not just a quick patch.
Document everything. Keep detailed records of every corrective action you take and the evidence you produce.
Communicate with your auditor. Keep them informed of your progress. Ask for feedback on whether your evidence is sufficient before the deadline.
Learn from the experience. Use the non-conformance as an opportunity to genuinely improve your service delivery and compliance systems.

The NDIS audit process is rigorous, but it is not designed to catch providers out. It exists to ensure that participants receive safe, quality supports. Providers who prepare thoroughly, maintain complete documentation, and genuinely implement their policies pass their audits the first time — consistently.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.