NDIS auditors review your policies, participant records, incident management, worker screening, and evidence that you’re meeting the NDIS Practice Standards. Most providers fail because documentation is incomplete or processes aren’t actually being followed in practice.
Your first NDIS audit determines whether you get registered, so preparation matters. Auditors don’t just check that you have the right policies. They check whether your team actually uses them, whether your records are complete, and whether participants are genuinely involved in their support planning.
Here’s what NDIS auditors look for, what documentation you need, and how to fix the gaps that trip up new providers.
What NDIS Auditors Actually Check
Auditors assess five main areas: governance and operational management, provision of supports, participant outcomes, safeguarding, and worker screening. They want evidence that your processes work in practice, not just on paper.
- Governance and operational management covers your policies, risk management, complaints handling, and how you monitor service quality. Auditors check whether policies exist, whether staff can access them, and whether there’s evidence they’re being followed.
- Provision of supports focuses on how you deliver services. Auditors review service agreements, support plans, shift notes, and rostering records to confirm services match what participants are funded for.
- Participant outcomes examines whether participants are involved in planning their supports and whether you track progress toward their goals. Auditors interview participants and review care plans to verify involvement is genuine.
- Safeguarding includes incident management, complaints handling, and how you identify and respond to risks. Auditors review incident reports, check that reportable incidents were submitted to the NDIS Commission, and look for evidence of follow-up actions.
- Worker screening confirms every worker has a valid NDIS Worker Screening Check, appropriate training, and documented orientation. Auditors spot-check worker files and verify screening records match your current workforce.
What Documents You Need for an NDIS Audit
Auditors request specific documentation across multiple categories. Missing or incomplete records cause audit delays or failures.
Policies and procedures you’ll need:
- Risk management framework
- Incident management policy and procedures
- Complaints management policy
- Safeguarding policy including restrictive practices
- Worker screening and recruitment procedures
- Orientation and training procedures
Participant records:
- Service agreements signed by participants
- Current support plans with measurable goals
- Progress notes showing regular service delivery
- Consent forms for information sharing and service delivery
- Records of participant involvement in planning and reviews
Worker records:
- NDIS Worker Screening Checks for every worker
- Evidence of orientation completion
- Training records (first aid, manual handling, safeguarding, disability awareness)
- Supervision logs and performance reviews
- Police checks or Working with Children Checks where required
Incident and safeguarding records:
- Incident reports with dates, details, and actions taken
- Evidence that reportable incidents were submitted to the NDIS Commission within required timeframes
- Follow-up documentation showing how incidents were addressed
- Complaints register and resolution records
Service delivery evidence:
- Shift notes documenting what supports were delivered
- Rostering records showing who delivered supports and when
- Billing records that align with actual service delivery
- Evidence that services match funded supports in service agreements
How to Organize Your Documentation Before the Audit
Create a digital audit folder with clear categories: policies, participant records, worker records, incidents, and service delivery. Name files consistently so auditors can find what they need without asking for clarification.
Check that records are complete and timestamped. Auditors flag gaps when progress notes are missing dates, incident reports lack follow-up actions, or worker screening checks have expired. Remove outdated policy versions so auditors don’t review superseded documents.
Make digital records searchable. If an auditor asks for evidence of participant involvement in support planning, you should be able to pull relevant records in minutes, not hours.
Common NDIS Audit Findings (And How to Fix Them)
New providers make predictable mistakes. Here are the five most common audit findings and how to close the gaps before your audit.
- Policies that aren’t actually followed. Having a supervision policy means nothing if you can’t show supervision actually happens. Fix this by maintaining signed supervision logs, completing training records, and documenting how policies are implemented in practice.
- Incomplete worker screening. Auditors fail providers when workers don’t have valid NDIS Worker Screening Checks or when checks have expired without renewal. Track screening expiry dates and set reminders at least 60 days before renewal is due. Don’t let anyone deliver supports without current screening clearance.
- Missing or vague support plans. Generic support plans that say “increase independence” without measurable goals don’t meet Practice Standards. Every participant needs a current support plan with specific, achievable goals and evidence of their involvement in developing it. Review plans at least annually and document participant input.
- Incident reports without follow-up. Recording an incident isn’t enough. Auditors want to see what you did afterward. Document corrective actions, whether you reported the incident to the NDIS Commission, and how you prevented recurrence. Close the loop on every incident.
- No evidence of participant involvement. Auditors interview participants and ask whether they were consulted about their supports. If participants say they weren’t involved in planning, your documentation won’t save you. Show genuine involvement through signed service agreements, documented planning meetings, and progress notes that reference participant preferences.
How Long Does an NDIS Audit Take?
NDIS audits happen in three phases: desktop review, on-site visit, and final report.
The desktop review takes one to two weeks. You submit policies, procedures, and sample records to the auditor, who reviews them remotely and identifies any gaps or questions before the on-site visit.
The on-site visit lasts one to three days depending on your size and the complexity of your services. Auditors interview staff, participants, and families. They review participant records, incident reports, and worker files. They observe how your team actually works and check whether physical evidence matches your documentation.
The final audit report arrives four to six weeks after the on-site visit. It details findings, confirms whether you meet the Practice Standards, and outlines any corrective actions required.
What Happens If You Fail an NDIS Audit?
Audit outcomes fall into three categories: full compliance, conditional registration, and non-compliance.
- Full compliance means you met all Practice Standards. Registration is granted with no further action required.
- Conditional registration means you met most standards but have specific gaps to address. Registration is granted, but you must fix identified issues within a set timeframe and provide evidence of corrective actions. A follow-up audit may be required.
- Non-compliance means you didn’t meet critical Practice Standards. Registration is denied or suspended. You must address all findings, implement corrective actions, and re-apply for audit. This delays your ability to deliver NDIS-funded supports and can damage your reputation with participants and referral sources.
Most conditional findings are fixable if you act quickly. Auditors provide clear guidance on what needs to change. Treat conditional registration as a roadmap, not a failure.
Prepare for Your NDIS Audit Without the Stress
NDIS audits test whether your documentation and processes actually work in practice. The providers who pass are the ones who track worker screening expiry dates, maintain complete participant records, and document incidents properly from day one.
ShiftCare’s NDIS care management software helps providers track compliance, manage worker screening, and maintain audit-ready records in one platform. Mobile documentation ensures shift notes are captured in real time. Automated reminders flag expiring worker screening checks before they lapse. Centralized participant records give auditors exactly what they need without manual searching.
Start your free trial today and see how ShiftCare helps NDIS providers stay audit-ready.
