Before you become a registered provider, you need to be assessed against the relevant NDIS Practice Standards. This is done through an independent quality audit conducted by an approved quality auditor.
What to expect in a quality audit
Depending on the supports and services you intend to provide, your quality audit may include:
- site visits where the audit team physically visit your head office and the sites where supports and services are provided
- inspection of sites, facilities equipment and services
- participant interviews
- worker interviews
- reviewing the documents and information about your business
- asking you to supply more information about your practices.
Audit costs
There is no cost to register with the NDIS Commission, but providers will need to pay for an approved quality auditor to complete an audit. The cost of an audit is dependent on the size and scale of your organisation and number of NDIS participants you support. You are encouraged to get quotes from multiple approved quality auditors and compare them.
The NDIS Commission doesn’t set prices for audit services.
Types of audits
The Initial scope of audit provided by the NDIS Commission tells you the type of audit you need, but the general rules are:
- a verification audit is for low risk, low complexity supports and services
- a certification audit is for higher risk supports and services
- a mid-term audit is for providers who initially completed a certification audit, and is completed 18 months into your registration period
- a condition audit can be required by the NDIS Commission during your registration period
- an out of cycle audit may be needed when you want to change the supports and services you provide during your registration period.
The registration group or support classes table has details of which audit is required for the supports and services you will provide.
Verification audit
When you need a verification audit
A verification audit applies to NDIS providers who only deliver lower risk or lower complexity supports and services.
Many providers that need a verification audit have already met requirements of professional regulation. For example, they are certified through the Australian Health Practitioner Regulation Agency (AHPRA) or other professional bodies.
Professional regulation means a practitioner already meets set standards and their competency to practice is being monitored, for example through continuing professional development.
See registration groups or classes of support to understand which groups need a verification audit.
How it works
You need to engage an approved quality auditor to complete a desktop review of the required documentary evidence. See a list of required documents for each profession on page 11 of 'Verification module required documentation'.
Providers delivering, or seeking to deliver, Plan Management intermediary supports must provide this information to your auditor:
- a list of all the workers who deliver plan management services
- certified copies of each worker's qualifications and associated professional memberships, as required in the Verification module required documentation document
- worker screening clearances for each worker, because they are involved in the direct delivery of specified supports or services to a person with disability.
Certification audit
When you need a certification audit
A certification audit applies to NDIS providers who deliver one or more higher risk or more complex NDIS supports and services.
See registration groups or classes of support to understand which groups need a certification audit.
How it works
Find out which modules you need to complete as part of your certification audit: Registration Requirements by Supports and Services.
There are two stages in a certification audit:
Stage 1: Desktop audit
The auditor will ask for information and evidence. This usually takes place off-site.
Stage 2: Onsite audit
The auditor will look at how you’re implementing your policies and procedures. This might include:
- viewing records
- visiting your sites and interviewing staff and participants (you’ll need to let participants know they are automatically enrolled in the audit unless they ‘opt out’)
- visiting your sites and doing observations.
The Stage 2 onsite audit should take place in the 3 months after the Stage 1 audit is complete.
Other audit types
Mid-term audit
Registered providers who have completed a certification audit and are registered to provide higher risk and more complex supports are required to do a mid-term audit. The process must start no later than 18 months after the date they were registered.
The audit includes an assessment of:
- the NDIS Practice Standards relating to provider governance and operational management
- any other standard that was previously assessed as requiring a corrective action plan, and
- any extra NDIS Practice Standards the NDIS Commission requires.
Mid-term audits do not apply to:
- an individual or partnership that only required a certification audit to provide early intervention supports for early childhood
- a provider that is only registered to provide specialist disability accommodation, or
- a transitioned provider.
Condition audit
The NDIS Commission can require any registered provider to get audited. We can also specify the timing of an audit. See Conditions of registration.
A condition audit may be imposed during your registration period if:
- you initially completed a provisional certification audit, or
- not all certification classes of support were witnessed at your audit, or
- you have minor non-conformities outstanding, or
- the Commissioner considers it necessary.
Out of cycle audit
Registered providers can also organise an audit at any time to support an application to change their registration. For example, to add registration groups or expand service delivery.
Audit outcome
The outcome of the audit is an audit report. The audit report has a rating for how well you comply with each NDIS Practice Standard and quality indicator. The ratings are submitted to the NDIS Commission.
The rankings are:
- 3 – conforms with elements of best practice
- 2 – conforms with NDIS Practice Standards
- 1 – minor non-conformity
- 0 – major non-conformity
If you get a major non-conformity (0) rating in any of the areas, you have 3 months to fix the issue. Your registration won’t progress until you have addressed the major non-conformity and successfully completed the quality audit.
If you get a minor non-conformity (1) rating in any of the areas, you have a longer time to fix the issue and you can continue with the registration process.
More information is available in Annex B of the National Disability Insurance Scheme (Approved Quality Auditors Scheme) Guidelines 2018.
Audit report timeframe
The audit report is submitted to the NDIS Commission:
- up to 14 days after the completion of a verification audit
- up to 28 days after the completion of a certification audit
- up to 28 days after the completion of a mid-term audit.
How the NDIS Commission assures the quality of auditors
Approved quality auditors are subject to the Australian Consumer Law. They are accredited by the Joint Accreditation Scheme for Australia and New Zealand (JASANZ), an internationally recognised accreditation agency that accredits auditing firms. JASANZ regulates the behaviour of auditors using the NDIS auditor guidelines and a Code of Conduct for auditors.
The NDIS Commission meets with JASANZ and approved auditor bodies regularly to discuss audit expectations, experiences, and feedback from providers.
Complaints about approved quality auditors
- If you are unhappy with your auditor or the way your audit was conducted, discuss your concerns directly with your auditor in the first instance.
- If you are still concerned, you can reach out to the approved quality auditor that employed or contracted the auditor. They are required to have a complaints management system to deal with your complaint. This includes talking to you about your concerns and listening to your feedback.
- If you can’t resolve the complaint with the approved quality auditor, including with their management team, you can contact the Joint Accreditation System of Australia and New Zealand (JASANZ).
JASANZ will want to see that you have attempted to resolve your complaint directly with the approved quality auditors.
Participants and audits
When you are being audited you must notify participants and provide them with opportunities to engage with auditors and talk about the quality of their supports and services. These factsheets can be given to participants to explain the audit process:
- What is an NDIS audit?
- What does an audit mean for me - For residential aged care participants
- How do you take part in an NDIS audit?
- What will NDIS auditors ask you?
Opting out of audits
The method of sampling used in audits is ‘opt out’ which means:
- You need to let all participants know they are automatically included in the audit process. This could involve the audit team contacting and interviewing them or having their files, records or plans reviewed.
- If a participant doesn’t want to participate, you need to:
- respect that decision
- document the decision
- communicate the decision to the approved quality auditor.
More details are in the NDIS auditors guidelines in Annex B.