Preparing for Your NDIS Audit: Practical Steps for Small and Medium Providers

Preparing for an NDIS audit can feel overwhelming, especially if it’s your first time or if past experiences have been stressful. But with the right approach, you can turn that anxiety into confidence. This guide offers clear, practical steps to help small and medium NDIS providers get ready for their upcoming audit. Understanding what to expect and how to prepare will make the process smoother and help you demonstrate your commitment to quality and participant safety.

What Is an NDIS Audit and Why It Matters

An NDIS audit is a formal review of your organisation’s compliance with the NDIS Practice Standards. These standards ensure providers deliver safe, high-quality services that support participants’ goals and wellbeing. Audits exist to protect participants and encourage continuous improvement in service delivery.

Many providers worry about “failing” an audit or getting caught out by missing paperwork. These fears often come from misunderstandings about the audit process. The truth is audits are designed to be fair and supportive. Good preparation reduces stress and helps you show your strengths clearly.

Know Your Audit Type and What It Covers

There are two main types of NDIS audits:

• Verification audits: These are shorter and focus on basic compliance with the NDIS Practice Standards relevant to your registration groups. They are often for new or smaller providers.

• Certification audits: These are more detailed and cover all applicable standards. They usually apply to larger or more complex providers.

  
  

Your audit scope depends on the registration groups you hold and the associated Practice Standards. The audit body will send you an audit plan outlining what will be reviewed and sampled. Read this carefully so you know exactly what to expect.

Organise Your Documents and Evidence

Evidence is the backbone of your audit. It shows auditors how your organisation meets the standards in practice. Evidence can include:

• Policies and procedures

• Participant records and support plans

• Staff training and qualifications

• Incident and complaint records

• Meeting minutes and continuous improvement logs

• Risk management plans

  
  

Gather these documents well before the audit. Use clear filing systems, whether digital or physical, so you can quickly find what auditors ask for. Remember, evidence doesn’t have to be perfect but should be accurate and up to date.

Prepare Your Team and Communicate Clearly

Your staff play a key role in the audit. They may be interviewed or asked to explain how they follow procedures. Prepare your team by:

• Explaining the audit purpose and process in simple terms

• Reviewing key policies and their roles in compliance

• Encouraging honesty and openness during auditor questions

• Practising common questions or scenarios

  
  

Clear communication reduces anxiety and helps everyone feel ready. It also shows auditors your organisation values transparency and teamwork.

Conduct a Self-Assessment and Mock Audit

Before the official audit, do a self-assessment against the NDIS Practice Standards. Identify any gaps or areas needing improvement. You can also run a mock audit with a trusted colleague or consultant. This practice helps you:

• Spot missing evidence or unclear processes

• Build confidence in answering auditor questions

• Test your document organisation and retrieval

  
  

Address any issues you find early. This proactive approach improves your chances of a smooth audit.

During the Audit: Stay Calm and Focused

On audit day, keep these tips in mind:

• Be punctual and organised

• Provide requested documents promptly

• Answer questions honestly and clearly

• If you don’t know an answer, say so and offer to follow up

• Take notes on any feedback or requests

  
  

Remember, auditors want to see your commitment to quality, not perfection. They understand challenges and look for genuine efforts to meet standards.

After the Audit: Use Feedback to Improve

Once the audit is complete, you will receive a report detailing findings. Use this as a tool for continuous improvement. If there are non-compliance issues, develop an action plan to address them promptly.

Regularly review your policies and practices to stay audit-ready. This ongoing work benefits your participants and strengthens your organisation.

Practical NDIS Audit Preparation Checklist

• Review your audit plan and understand the scope

• Gather and organise all relevant documents and evidence

• Explain the audit process to your team and prepare them

• Conduct a self-assessment against the NDIS Practice Standards

• Run a mock audit to identify gaps and practice responses

• Prepare a quiet, organised space for the audit

• Stay calm and communicate clearly during the audit

• Review the audit report and implement improvements

What auditors are actually looking for — and what most providers miss

Having conducted over 300 audits across the NDIS, HSQF, and NSQHS standards, I can tell you the single most common reason providers receive non-conformities — and it is not because their systems are bad. It is because their evidence does not tell a coherent story.

Auditors are trained to follow a thread. They will pick up a participant's support plan and follow it through your incident records, progress notes, risk register, and staff rosters. If those documents don't connect — if the risk identified in the support plan doesn't appear in the risk register, or if a reported incident has no corresponding corrective action — that is a non-conformity, even if every individual document looks fine in isolation.

The most audit-ready providers are those whose systems tell a clear, consistent, end-to-end story of how they deliver safe, high-quality supports. That is what an evidence index is designed to do — and it is the single most impactful thing you can build before your audit.

The difference between a verification audit and a certification audit

The type of audit your organisation faces depends on your registration scope and the risk level of the supports you deliver.

A verification audit is a desktop-based review. The auditor assesses your documentation against the relevant NDIS Practice Standards without conducting site visits or staff interviews. It is typically required for lower-risk registration groups — those that don't involve direct personal supports or specialist services. While verification audits are less intensive, providers still need clean, current, well-organised documentation to pass.

A certification audit is considerably more comprehensive. It involves document review, site visits, staff interviews, and participant interviews. It applies to providers delivering higher-risk supports — including SIL, SDA, behaviour support, high-intensity daily activities, and early childhood supports. Preparation for a certification audit should begin at least 8–12 weeks before the audit date, covering not only documentation but also workforce competency, participant outcomes, and governance systems.

If you are unsure which audit type applies to your registration, DHD Consultancy can help you map your registration groups to the correct audit pathway and prepare accordingly.

Common non-conformities — and how to avoid them

Based on hundreds of audits conducted across Australia, these are the non-conformities that appear most frequently — and the ones that are most preventable with good preparation:

Incomplete or outdated support plans. Participant support plans must reflect current goals, risks, and support needs. Plans that haven't been reviewed in 12 months or that don't reflect a participant's current situation are a consistent finding.

Incident management gaps. Providers often record incidents but fail to close the loop — no root cause analysis, no corrective action, no evidence that the issue was resolved and monitored. Auditors look for the full cycle, not just the initial report.

Worker screening and training records. Missing NDIS Worker Screening clearances, expired first aid certificates, and incomplete training records are among the most common administrative non-conformities. These are entirely preventable with a simple competency matrix and a scheduled compliance calendar.

Complaint handling. Many providers have a complaints policy, but there is no evidence that complaints were responded to within the required timeframes, that participants were informed of the outcome, or that lessons were captured.

Governance documentation. For certification providers in particular, board minutes, risk registers, and quality improvement plans need to demonstrate active governance — not just a set of documents on paper.

NDIS audit preparation timeline — how far in advance should you start?

One of the most common mistakes providers make is leaving NDIS audit preparation too late. The question I hear most often is: how much time do we need? The honest answer depends on your audit type and your starting point — but here is a practical guide based on what I have seen across hundreds of audits.

For a verification audit, providers with reasonable documentation in place should allow at least 4 to 6 weeks for targeted preparation. This means reviewing your existing evidence against each relevant Practice Standards clause, filling gaps, and ensuring your document management is clean and accessible. Do not leave it to two weeks — even a desktop audit can uncover significant gaps if your evidence is disorganised or out of date.

For a certification audit, eight to twelve weeks is the minimum realistic preparation window — and that assumes your core systems are already functioning. If you are starting from scratch, or if a previous audit identified non-conformities that have not been fully resolved, allow four to six months. Certification audits involve site visits, staff interviews, and participant interviews. You cannot prepare for those in a fortnight.

The single most time-consuming part of NDIS audit preparation is not writing policies. It is building your evidence index — the document that maps every Practice Standards clause to the specific records, files, and systems that demonstrate compliance. This typically takes two to three weeks to build properly and is the foundation on which everything else rests. Start here first.

What NDIS auditors actually sample — and how to make sure your records hold up

Understanding what auditors actually look at — and how they select what to sample — is one of the most valuable things a provider can know before their audit. This is knowledge that comes from sitting on the auditor's side of the table, not just preparing for audits from the provider's perspective.

Auditors do not review every file. They sample. For a certification audit, an auditor will typically select a number of participant files — usually between three and six depending on your registration scope and participant numbers — and follow each one through your entire system. They will look at the support plan, then the risk assessment linked to it, then the progress notes, then any incidents associated with that participant, then the corrective actions raised, then whether those actions are closed. If any part of that chain is missing or inconsistent, that is a finding.

This means that NDIS audit preparation is not about having every file perfect. It is about ensuring that every file tells a complete, consistent story — and that your systems make it easy to retrieve and demonstrate that story quickly when the auditor asks.

For staff interviews, auditors will select frontline workers — often those who had the least involvement in the preparation process — and ask them to describe how they handle specific situations. Common questions include: What do you do if a participant makes a complaint? How do you report an incident? What would you do if you were concerned about a colleague's conduct? Staff who cannot answer these questions confidently — regardless of how good your written policies are — create doubt. Prepare your whole team, not just your quality manager.

The complete NDIS audit preparation checklist — 12 weeks out to audit day

This expanded checklist goes beyond the basics — it reflects what experienced NDIS audit preparation actually looks like when done properly.

12 weeks out: Confirm your audit type (verification or certification) and request your audit plan from your Approved Quality Auditor as soon as it is available. Map your registration groups to the relevant Practice Standards modules. This is your audit universe.

10 weeks out: Begin your evidence index. For every Practice Standards clause in your scope, identify what evidence you have, where it is located, and what is missing. Do not guess — physically check. Gaps identified at this stage are fixable. Gaps discovered by an auditor on the day are findings.

8 weeks out: Review all participant files. Are support plans current? Do they reflect each participant's current goals, risks, and support needs? Are associated risk assessments, incident records, and progress notes consistent with what the support plan describes? Fix inconsistencies now.

6 weeks out: Review workforce compliance. Check each worker's NDIS Worker Screening clearance, first-aid certificate, mandatory training completion, and onboarding documentation. A compliance matrix — a single document mapping every worker to every required credential — is the most efficient way to manage this.

4 weeks out: Conduct a mock audit. Simulate the full audit process — document review, file sampling, and staff interviews. Identify gaps. Build corrective action plans for anything that is not yet audit-ready.

2 weeks out: Run staff briefings. Ensure every frontline worker understands the audit process, knows how to answer common auditor questions, and knows who to direct specific questions to on audit day.

Audit week: Confirm your evidence index is complete and accessible. Designate a single point of contact for the auditor. Ensure the right staff are available on the right days. Have a quiet, organised space prepared for the auditor's use.

After the audit: Review the audit report in full. If there are non-conformities, develop and submit your corrective action plan within the required timeframe. Track actions to closure and document verification of effectiveness.

NDIS audit preparation for specific provider types — SIL, SDA, behaviour support, and high-intensity

NDIS audit preparation is not one-size-fits-all. Providers delivering higher-risk supports face significantly more intensive scrutiny — and need to prepare accordingly.

Supported Independent Living (SIL) providers are assessed against the Core module and the SIL module, with particular focus on how support rosters are structured, how participant risk is managed overnight and across shift changes, and how escalation pathways are documented and tested. Auditors will look closely at whether rostering decisions are driven by participant need rather than operational convenience, and whether staff have the competency to manage the specific risks associated with each participant in the home.

Behaviour support providers and providers implementing behaviour support plans must demonstrate clear governance over the use of regulated restrictive practices — including authorisation records, monitoring documentation, review processes, and reporting to the relevant state authority. This is one of the most complex areas of NDIS audit preparation and one of the highest-risk areas for non-conformity findings.

High-intensity daily activities — including complex bowel care, tracheostomy management, subcutaneous injections, and other clinical supports — require providers to demonstrate adherence to clinical governance frameworks, verify staff competency for each task, and establish clear escalation and emergency management pathways. Auditors in this space are specifically trained and will test the depth of your clinical systems, not just whether the documentation exists.

For providers in any of these categories, NDIS audit preparation needs to begin earlier, go deeper, and be led by someone with genuine expertise in the relevant module requirements. DHD Consultancy has direct experience preparing providers across all of these support types — including SIL, SDA, behaviour support, and high-intensity daily activities — for both certification and renewal audits.

Need expert NDIS audit preparation support?

DHD Consultancy supports NDIS providers across Australia with end-to-end audit preparation — from evidence indexing and gap analysis to mock audits and staff interview coaching. Led by Julian De Maria, a former General Manager of a national NDIS audit body and lead auditor with 300+ audits, DHD Consultancy brings a unique insider perspective to every engagement.

We also provide 100% free NDIS policies and procedures to all registered providers — no strings attached.

Book a free 30-minute discovery consultation at dhdconsultancy.com.au to discuss your upcoming audit and find out how we can help.