Information for quality auditors

Approved quality auditors (AQAs) conduct audits that assess a NDIS provider’s practices against the NDIS Practice standards. As an approved quality auditor, you have accreditation and practice requirements you need to meet.

Accreditation and approval as an approved quality auditor

The organisation Joint Accreditation Scheme for Australia and New Zealand (JASANZ) manages and administers the approved quality auditor scheme on behalf of the NDIS Commission. They:

• complete the accreditation for current and prospective approved quality auditors
• monitor approved quality auditors to make sure they continue to follow the conditions of their accreditation, including conducting scheduled surveillance, unscheduled surveillance and other audits
• oversee approved quality auditor’s compliance with the JASANZ accreditation manual, which requires them to follow the NDIS auditor guidelines and Code of Conduct.

The NDIS Commission makes the decision to allow individuals or bodies to become approved quality auditors. To be approved you will need:

• to be accredited by JASANZ
• you and your relevant staff to complete the NDIS Commission auditor training
• to address any other matter the NDIS Commission considers relevant to conducting audits that follow the NDIS auditor guidelines.

Approvals to become an approved quality auditor can be:

• subject to conditions
• varied by adding, changing or removing conditions
• revoked.

The NDIS Commission is not currently accepting new applications to become an approved quality auditor. After an independent review of the NDIS and work completed by the NDIS Provider and Worker Registration Taskforce, a decision was made to suspend applications.

This decision is expected to be reviewed in 2025, and any new information will be published here and on the JASANZ website.

Employment as a NDIS auditor

You can reach out to one of the independent approved quality auditors listed on our website to discuss their employment pathways.

• Auditors need to complete the NDIS Commission training on the requirements of the NDIS auditor guidelines. The training occurs after an approved quality auditor endorses the auditor they have employed or contracted.
• There are competency requirements for auditors including auditors with technical expertise described in section 30 of the NDIS auditor requirements.

If you have any further questions please contact us.

Auditor obligations and requirements

Auditor competency

Approved quality auditors need to make sure the auditors they employ or contract have the training and competencies listed in the NDIS auditor guidelines, and include:

• completing an auditors or lead auditors course
• completing disability and cultural awareness training, that covers an understanding of:
  • disability from a participant perspective
  • how culturally and linguistically diverse (CALD), Indigenous, and LGBTQIA+ differences may impact a participant’s perspective of disability
  • knowledge of the NDIS Practice Standards and the NDIS auditor guidelines.

Auditors Code of Conduct

All approved quality auditor personnel and auditors need to:

• act professionally and ethically, and report findings in an accurate, consistent and unbiased manner
• follow the requirements of the:
• Privacy Act 1988 (Cth)
• the NDIS Act and instruments including the NDIS auditor guidelines
• Competition and Consumer Act 2010 (Cth)
• Work Health and Safety Act 2011 (Cth) or equivalent Work Health & Safety legislation in the jurisdiction of the NDIS provider
• all other relevant legislation or regulations
• not promote or represent any business interests where they have or might have an interest
• not accept any inducement, commission, gift or any other benefit from any interested party
• not communicate false or misleading information that could compromise the integrity of an audit
• avoid actions that could compromise the reputation of the Commission or approved quality auditor
• cooperate fully with any inquiry into a complaint about their performance or alleged breach of this code
• accept that providers have the freedom to select and change their approved quality auditor and not try to influence them
• avoid making comments about particular auditors or approved quality auditors
• respect participants’ rights during any interaction especially when assessing vulnerable populations.

Auditor also need to:

• continue to develop their auditing skills to improve the competence and reputation of auditors
• not misrepresent their own or any other individual’s qualifications, competence or experience
• not take on auditing work that’s beyond their qualifications, knowledge or expertise
• avoid any activity that could conflict with the best interests of the Commission or the approved quality auditor
• avoid any activity that would stop them from working objectively.

The auditors Code of Conduct is in Annex A of the NDIS auditors guidelines.

Impartiality in audits

The NDIS auditor guidelines explain that approved quality auditors need to make sure audits are conducted impartially. More information is available in section 35 Mechanisms for safeguarding impartiality.

Reporting critical risks

While auditing providers and doing site visits, auditors will sometimes observe or identify critical risks.

Critical risks are any uncontrolled risk which may impact participant safety. They include incidents that have or could have caused harm to a person with disability that happen while an NDIS provider is providing supports and services to a person with disability and.
See in section 9 of the National Disability Insurance Scheme (Incident Management and Reportable Incident) Rules 2018.

Approved quality auditors are required to notify the NDIS Commission of critical risks that they identify during an audit using the Critical risk notification form.

Participant voice in audits

NDIS participants are central to the audit process and may participate in audits directly or indirectly, to inform audit outcomes. Participants must be supported to have a meaningful opportunity to contribute to the audit process particularly around the quality of supports and services they are receiving from their NDIS provider.

The NDIS auditor guidelines are intended to be read along with the United Nations Convention on the Rights of Persons with Disabilities.
The NDIS Commission has gathered information from the members of our Consultative Committee about the participant voice in the audit scheme.

Approved quality auditors will:

• be respectful of participants and their families
• minimise disruption to supports and services
• respect participants’ rights during any interaction, especially when assessing vulnerable populations.
• seek participants view on whether the provider is meeting their expectations and assisting them to achieve their goals.

The method of sampling used in audits is ‘opt out’, where participants are automatically included in the audit. When participants opt out, providers report this to you so it can be included in your audit report.

Completing audits for NDIS provider registrations

These are the steps you will follow when you complete an audit for and NDIS provider registration:

1. NDIS providers contact you to request a quote after looking at the Find an auditor list.
2. You provide a free ‘no obligation’ quote to the provider.
3. The provider decides if they will accept your quote. If yes, they will give you a unique reference number.
4. Log in to the Quality auditor’s portal and enter that reference number to find the application.
5. Accept the application by following the steps in Associate with registration application.
6. Review the Initial scope of audit document and confirm the details with provider. Get written permission from the provider to make changes in the portal.
7. The provider should have details like key personnel, addresses and outlets completed in the portal, but if details need to be updated you can do this using the instructions in Update registration application.
8. Get agreement from the provider on the details in the final scope of audit.
9. Complete the audit following the guidance in the NDIS auditor guidelines. The audit may include these audit tasks.
   The number of auditors you need to have working on an audit depends on the audit type:

• Certification audits, including condition audits, need at least 2 auditors.
• Verification audits, mid-term audits and provisional audits need at least 1 auditor

10. At the end of the audit you will give each NDIS Practice Standard and quality indicator a rating:

• 3 – conforms with elements of best practice
• 2 – conforms with NDIS Practice Standards
• 1 – minor non-conformity
• 0 – major non-conformity.

11. Enter each of these ratings using the instructions in Rate and finalise practice standard outcomes.
12. Write the audit report using the Principles for audit reports.
13. Get a technical reviewer to review the audit report. This review needs to make sure:

• the audit process was technically adequate and properly documented
• the report is factual, accurate, proofread, and meets the standards for reporting audits
• the report describes where there was a disagreement between the auditor and provider.

14. Enter your recommendation using the instructions in Audit recommendations.
15. Add the audit report and any associated documents to the portal using the instructions in Attach audit documents. If needed you can also Remove a document from an application. The audit report needs to be submitted to the NDIS Commission via the portal within:

• 14 days after the completion of a verification audit
• 28 days after the completion of a certification audit
• 28 days after the completion of a mid-term audit.

16. The NDIS Commission can find the audit report to be inadequate or incomplete. We may ask the approved quality auditor to submit additional evidence to support the audit report which need to be submitted within two business days of the request, unless another agreement has been made with the Commission.

Audit tasks

Your audit may include:

• site visits where you physically visit the provider's head office and sites where supports and services are delivered
• inspecting sites, facilities, equipment and services
• site sampling, which is how auditors work out which sites to visit during the audit
• collecting evidence like:
  • information from participants
  • information from family, friends, carers, nominees or independent advocates
  • information from workers
  • participant support plans
  • proof of supports and services delivered as part of that plan
  • all supports and services delivered by the NDIS provider to the participant
• asking providers to provide information about their practices.

You will:

• interview and survey participants and family, friends, carers, nominees or independent advocates
• use interviews to gather new evidence and evidence to corroborate other information
• conduct interviews face-to-face where possible, while always being guided by participant or interviewee preferences
• interview people individually and not only in groups
• interview workers who directly provide supports and services, not only board members, leaders and managers.