NDIS Audit Preparation Checklist

NDIS audits are predictable. Auditors assess defined Practice Standards outcomes using a familiar set of documents, registers, and records, which means you can prepare for almost all of it in advance. This checklist covers what they ask for, organised the way audits actually run.

Last updated: 11 June 2026

Before you start: know your audit scope

Your preparation list depends on your pathway and modules. The initial scope of audit document from the NDIS Commission tells you whether you're facing a desktop verification or two-stage certification audit, and which Practice Standards modules apply. Everything below assumes certification scope; verification providers need only the subset marked accordingly.

1. Governance and organisational documents

  • Business registration, ABN, and organisational structure chart
  • Details and roles of all key personnel
  • Insurance certificates of currency, public liability, professional indemnity, workers compensation (also required for verification)
  • Governance framework: delegations, management meeting records, board or owner oversight arrangements
  • Strategic and business continuity / emergency and disaster management plans
  • Conflict of interest policy and register

2. Core policies and procedures

These map to the Core Module of the Practice Standards. The full list runs long, our guide to NDIS policies and procedures breaks it down by standard, but the set auditors check first:

  • Rights and responsibilities of participants, including dignity of risk and freedom from abuse, neglect, and exploitation
  • Privacy, dignity, and confidentiality
  • Independence and informed choice, including supported decision-making
  • Violence, abuse, neglect, exploitation, and discrimination prevention and response
  • Risk management policy with a current organisational risk register
  • Quality management and continuous improvement
  • Incident management system aligned to the NDIS reportable incident rules
  • Complaints and feedback management
  • Human resource management: recruitment, screening, induction, performance, exits
  • Safe environment, work health and safety, and infection control
  • Medication management, mealtime management, and waste management where relevant to your supports

3. Registers and logs

Registers are where auditors test whether your system is real. Procedures without matching registers are a classic minor non-conformity.

  • Incident register (including reportable incidents and five-day notifications)
  • Complaints and feedback register
  • Risk register, reviewed and dated
  • Continuous improvement register with closed-out actions
  • Restrictive practices register, if any are used or could foreseeably occur
  • Worker screening register with clearance numbers and expiry dates
  • Training register mapped to roles
  • Asset/equipment maintenance log where you use equipment in supports

4. Worker records

  • NDIS Worker Screening clearances for everyone in a risk-assessed role (also required for verification)
  • Qualifications and AHPRA or professional body registrations where applicable (also required for verification)
  • NDIS Worker Orientation Module certificates
  • Position descriptions, signed contracts, and code of conduct acknowledgements
  • Induction checklists and role-specific training evidence (first aid, manual handling, medication, restrictive practices awareness as relevant)

5. Participant records

For each participant file sampled, auditors typically want to see:

  • Signed service agreement in accessible language
  • Intake and individual risk assessment
  • Support plan reflecting participant goals and choices
  • Consent records, for services, information sharing, and emergency contact
  • Progress notes that match the supports billed
  • Evidence of plan reviews and participant involvement in them

New providers without participants should have every template ready and be able to walk the auditor through how a participant would move through intake to review.

6. Module-specific evidence

  • Module 1 (high intensity supports): clinical procedures for each high intensity skills descriptor you deliver, RN delegation and oversight arrangements, health care plans, and competency assessments.
  • Module 2 / 2a (behaviour support): functional assessment and plan development processes, restrictive practice authorisation evidence, implementation and monitoring records.
  • Module 3 (early childhood supports): family-centred practice framework, developmental assessment, and transition planning records.
  • Module 4 (specialised support coordination): crisis management procedures, conflict of interest controls, and multi-agency coordination records.
  • Module 5 (SDA): dwelling enrolment, tenancy management, property maintenance, and emergency procedures per dwelling.

7. The week before the audit

  • Re-read your self-assessment, the auditor works from it, so know what you claimed and where the evidence sits.
  • Check every certificate and clearance for currency; expired insurance is the most avoidable finding there is.
  • Brief your staff. In Stage 2 interviews, auditors ask workers how they'd report an incident or handle a complaint, staff who've never seen the procedure undo months of document work.
  • Organise files so any document can be produced in under a minute, named and foldered by Practice Standards area.
  • Have your continuous improvement register show at least a few genuine, closed-out items, it's the single best signal that your quality system is alive.

The shortcut

Most findings trace back to the same root cause: documentation assembled ad hoc, with gaps against specific Practice Standards outcomes. Starting from a complete, standards-mapped document set removes that whole class of problem. Our registration package includes the policies, procedures, forms, and all of the registers listed above, 220+ documents covering the Core Module and Modules 1 to 5, ready to customise. See how it works or check the FAQ.

Frequently Asked Questions

What do NDIS auditors actually look at?
Auditors assess you against the NDIS Practice Standards for your registration groups. Concretely, they review your policies and procedures, registers (incidents, complaints, risks, restrictive practices), participant files, service agreements, worker screening and training records, insurance, and governance records, and in certification audits they interview staff and participants to confirm the documents reflect real practice.
What is a non-conformity in an NDIS audit?
A non-conformity is a gap between what the Practice Standards require and what your organisation can demonstrate. Minor non-conformities (for example, an incomplete register) can usually be fixed with corrective actions during the audit. Major non-conformities (for example, no incident management system) must be resolved before the auditor can recommend registration.
How far in advance should I start preparing for an NDIS audit?
For a first registration, allow at least 4 to 8 weeks to assemble documentation and complete the self-assessment before the audit. For mid-term and renewal audits, preparation should be continuous, auditors specifically look for evidence that your systems operated throughout the period, not just before the audit date.
Do I need participants before my first certification audit?
No. New providers are assessed on readiness: whether systems, documents, registers, and trained staff are in place. Implementation with real participants is then tested at the mid-term audit, around 18 months in.

Related Guides

Need Audit-Ready NDIS Registration Documents?

Our complete package includes 220+ editable policies, procedures, forms, and registers covering the Core Module and Modules 1 to 5. One-time payment of $1,500 AUD.

See What's Included View Pricing