Choosing an NDIS Approved Quality Auditor: What to Look For

/ NDIS Compliance / By

Choosing an NDIS Approved Quality Auditor: What to Look For

Selecting the right NDIS approved quality auditor is one of the most consequential decisions a registered provider makes during the audit cycle. The auditor you choose will determine whether your certification or verification audit is conducted efficiently, fairly, and in a way that accurately reflects your organisation’s capabilities. Not all auditors offer the same services, experience, or availability — and choosing poorly can result in delays, scope mismatches, or an audit that fails to account for the specific characteristics of your provider type. This guide covers where to find approved auditors, what to look for, the questions you must ask, and how to vet candidates rigorously before signing an agreement.

What Is an NDIS Approved Quality Auditor?

An NDIS approved quality auditor (AQA) is an independent auditing organisation that has been approved by the NDIS Quality and Safeguards Commission to assess registered NDIS providers against the NDIS Practice Standards. Only Commission-approved AQAs can conduct the formal certification or verification audits required for NDIS provider registration and renewal.

AQAs are not Commission employees — they are independent firms that must meet strict requirements to receive and maintain approval. This distinction matters when choosing an NDIS auditor: you are engaging a professional service provider, and the quality, experience, and approach of that firm varies considerably across the market.

Where to Find the Approved Auditor List

The starting point for any auditor search is the official NDIS Commission’s Find an Auditor tool at ndiscommission.gov.au. This searchable directory lists all currently approved AQAs, the registration groups they are approved to audit, and their contact details.

Do not engage an auditing firm that is not on this list. Using a non-approved auditor — regardless of that firm’s general quality or ISO certification credentials — means your audit result will not be accepted by the Commission. Your registration application or renewal will stall, and you will need to repeat the entire audit process with an approved organisation.

Checking AQA Approval Scope

Each AQA on the Commission’s list is approved to audit specific registration groups and modules. Before contacting any auditor, confirm that they hold approval to audit all of your registered service types. An auditor approved only for lower-risk verification pathways cannot conduct a certification audit for providers delivering high-risk supports such as specialist behaviour support or supported independent living.

This is particularly important if you are adding new registration groups or moving from a verification to a certification audit pathway as part of your renewal. Review the NDIS provider registration checklist to understand how your service mix affects audit requirements.

Get Your Scope of Audit Document First

Before you contact any AQA for a quote, you need your Scope of Audit document. This document is issued by the NDIS Commission and specifies exactly what your audit will cover — the registration groups, the applicable Practice Standards modules, the audit type (verification or certification), and any specific requirements based on your organisation’s profile.

AQAs will not provide a meaningful quote without this document. It is the baseline that allows an auditor to estimate the time, resources, and methodology required for your audit. Attempting to get quotes without the Scope of Audit wastes everyone’s time and typically results in ballpark figures that change significantly once the actual scope is confirmed.

Request your Scope of Audit from the NDIS Commission as early as possible — ideally six months before your registration expires. For detail on the full renewal timeline, see our NDIS Practice Standards guide and the Commission’s renewal process documentation.

Get at Least Three Quotes When Choosing an NDIS Auditor

Audit costs vary substantially across AQAs. The same scope of audit can attract quotes ranging from a few thousand dollars to considerably more, depending on the auditor’s fee structure, the methodology they propose, and whether remote options are available for parts of the audit.

Getting at least three quotes is not just good financial practice — it also helps you understand the range of methodologies and approaches available. An unusually low quote can indicate a superficial methodology that may leave gaps in your audit coverage. An unusually high quote does not automatically mean better quality. Three quotes give you the comparative context to make an informed decision.

When requesting quotes, provide each AQA with the same Scope of Audit document and the same background information about your organisation. This ensures you are comparing like for like.

Key Selection Criteria for Choosing an NDIS Auditor

Once you have received quotes, the approved auditor list narrows your field to eligible firms. Your final selection decision should be based on the following criteria.

Services and Registration Groups Covered

Confirm in writing that the AQA holds Commission approval to audit every registration group on your Scope of Audit document. Do not rely on verbal assurances. Ask the auditor to identify the specific modules they are approved for and cross-reference against your scope. A mismatch discovered after engagement can require a second auditor and significantly delay your registration outcome.

Skills and Experience in Your Service Type

Auditor experience with your specific service type matters significantly. An AQA with extensive experience auditing plan management providers may have limited depth in specialist disability accommodation or behaviour support. Ask specifically how many providers of your type the firm has audited in the past two years.

Providers delivering services to complex cohorts — including participants with dual diagnoses, forensic histories, or high behavioural support needs — should seek auditors with demonstrated experience in those service environments. The audit methodology needs to be calibrated to your participant population.

Availability and Timeline Alignment

Auditor availability is a practical constraint that many providers underestimate. Popular AQAs often have lead times of three to six months or more. If your registration renewal deadline is approaching, availability becomes a critical factor in auditor selection.

When assessing availability, ask for specific proposed dates for Stage 1 and Stage 2 audits (for certification pathway providers), and confirm that those dates can be met within your registration renewal window. Starting this process early — ideally alongside the preparation steps described in our NDIS compliance checklist — gives you the most flexibility in auditor selection.

Locally Based Auditors

For on-site components of certification audits, a locally based auditor offers practical advantages. Travel costs are typically lower, scheduling is more flexible, and a local auditor may have a better understanding of the regional service environment, workforce conditions, and participant demographics relevant to your area.

That said, locality should not be the primary selection criterion. An experienced interstate AQA with strong expertise in your service type may be more appropriate than a local firm without that depth. Consider whether the Stage 2 on-site visit could be split, with local staff covering site inspections and remote video capability for interviews.

References From Similar Providers

Ask each shortlisted AQA for references from providers of a similar size and service type. Speaking with two or three of those references will give you direct insight into the auditor’s communication style, methodology, professionalism, and how they handled non-conformities when identified.

Ask references specifically whether the auditor gave adequate notice and clear instructions before the audit, whether the audit was completed on schedule, and whether the final report was accurate and clearly written. These practical details often reveal more about working with a particular AQA than any formal credential.

Questions to Ask Potential NDIS Approved Quality Auditors

A structured set of questions during the selection process protects you from engagement surprises. The following questions should be asked of every AQA on your shortlist before you make a final decision.

What Are Your Auditor Qualifications?

Individual auditors assigned to your audit — not just the firm — must meet the NDIS Commission’s qualification requirements. Ask the AQA who specifically will conduct your audit, what their qualifications are, and whether they have prior experience with your registration groups. The quality of your audit is directly tied to the individual auditor, not just the organisation’s overall approval status.

How Do You Engage With Participants From Diverse Groups?

The NDIS Practice Standards require providers to be responsive to diversity — including cultural, linguistic, and disability-related diversity among participants. Your auditor needs to understand how to assess compliance in culturally and linguistically diverse (CALD) environments, including how to interview participants who may require interpreters, alternative communication formats, or additional support to participate in the audit process.

Ask how the AQA has previously approached participant interviews with people from Aboriginal and Torres Strait Islander communities, CALD backgrounds, or with complex communication needs. An auditor without a thoughtful methodology in this area may produce an incomplete picture of your compliance with diversity-related standards.

What Is Your Audit Methodology?

Understanding the AQA’s methodology before engagement prevents misaligned expectations. Specifically ask how many participant files they will sample, how many staff they will interview, what evidence they expect you to present during Stage 1, and how they structure the Stage 2 on-site component.

A rigorous audit methodology that examines outcomes, not just documentation, is the standard you should expect. Auditors who rely primarily on policy review without outcomes-based evidence assessment may not produce results that accurately reflect real-world compliance. This matters particularly for providers where participant outcomes are central to the service model — for example, support coordination or plan management. See our support coordination best practices guide for context on outcomes documentation.

What Remote Audit Options Are Available?

The NDIS Commission permits certain audit components to be conducted remotely, particularly for Stage 1 desktop review and some interview processes. For providers with multiple sites across a large geographic area, remote options can significantly reduce audit costs and logistical complexity.

Ask each AQA what components they are willing to conduct remotely, what technology platform they use, and whether they have experience with remote audits for multi-site providers. Some AQAs have invested significantly in remote audit infrastructure; others prefer predominantly on-site methodologies. This question can meaningfully affect your audit cost and scheduling flexibility.

Can You Provide Client References for Similar Providers?

As noted in the selection criteria above, direct references from similar providers are one of the most reliable selection inputs available. An AQA that cannot provide references, or that deflects this question, should be treated with caution. Reputable auditing firms with satisfied clients will readily facilitate reference conversations.

Vetting Auditors After Recent Industry Issues

The NDIS auditing sector has not been immune from quality concerns. In prior years, some audit processes were criticised for being insufficiently rigorous — a pattern that contributed to the registration and compliance issues identified in Commission enforcement activities. Providers should approach auditor vetting with this context in mind, particularly when the Commission’s own enforcement data showed over 1,200 registration application refusals in the October to December 2024 quarter alone.

When vetting an AQA after any industry quality concern periods, apply the following checklist before signing an engagement agreement:

  • Confirm the AQA’s current Commission-approved status directly on the ndiscommission.gov.au website — do not rely solely on the AQA’s own representations
  • Ask whether the AQA has faced any Commission-initiated reviews of their audit quality or approval status in the past three years
  • Request a sample audit report (with provider details redacted) to assess the depth and quality of their written findings
  • Check whether the AQA has experience with providers of your size, complexity, and service mix — not just overall approval status
  • Review references from clients who have undergone mid-term audits with this AQA, not just initial certification
  • Confirm the specific individual auditor assigned to your file and their qualifications, not just the firm’s overall credentials

Thorough vetting at this stage prevents situations where a poorly conducted audit leads to disputed findings, appeals processes, or audit quality complaints to the Commission. For context on NDIS reportable incident obligations that auditors will examine, ensure your processes are well-documented before the audit begins.

Understanding the Audit Agreement

Before signing an engagement agreement with an AQA, review the following terms carefully:

Scope Alignment

The agreement should reference your specific Scope of Audit document issued by the Commission. Any discrepancy between the scope in the agreement and the scope issued by the Commission should be resolved before signing. An audit conducted against an incorrect scope will not satisfy the Commission’s requirements.

Deliverables and Timeline

The agreement should specify the expected timeframe for each audit stage, when you will receive the draft report, the turnaround time for responding to draft findings, and when the final report will be submitted to the Commission. Clear timelines protect both parties and allow you to plan your operational response to any findings.

Non-Conformity Process

Understand how the AQA handles non-conformities before you commit. Ask whether you will receive draft findings before the report is finalised, whether you have an opportunity to provide additional evidence after Stage 2, and what the process is for raising a factual dispute about a finding. A fair and transparent non-conformity process is a marker of a professionally run AQA.

For more on managing non-conformities after the audit, see our guide on NDIS incident management and ensure your corrective action processes are documented and functional before the audit begins.

How Inficurex Helps Providers Prepare for the NDIS Audit Process

Engaging the right NDIS approved quality auditor is only part of the equation — your organisation also needs to be genuinely audit-ready when the auditor arrives. Inficurex’s NDIS provider software helps registered providers maintain the documentation, incident records, progress notes, and staff compliance data that auditors examine most closely.

With Inficurex, your participant files, training records, and compliance documentation are centralised and accessible. This means your team spends less time gathering evidence and more time demonstrating the quality of your actual service delivery. When your systems are organised, audit preparation is a process of verification rather than a scramble to fill gaps.

Discover how Inficurex supports registered NDIS providers at inficurex.com/ndis-software-for-providers.

Frequently Asked Questions

Can I use any auditing firm for my NDIS audit?

No. Only auditing organisations approved by the NDIS Quality and Safeguards Commission can conduct the formal certification or verification audit required for NDIS provider registration. Using a non-approved firm — regardless of other credentials — means your audit result will not be accepted by the Commission. Always verify an auditor’s approval status at ndiscommission.gov.au before engaging them.

How much does an NDIS approved quality auditor cost?

Audit costs vary depending on your organisation’s size, service complexity, number of locations, and the audit type (verification or certification). Verification audits for smaller providers can start at a few thousand dollars. Certification audits for larger multi-site providers can cost significantly more. Getting at least three quotes from different AQAs with your Scope of Audit document is the best way to understand the realistic cost range for your specific situation.

When should I contact an NDIS approved quality auditor?

Contact potential auditors at least four to six months before your audit needs to be completed. Popular AQAs frequently have significant lead times, and waiting until the last moment severely limits your options. Start by requesting your Scope of Audit document from the Commission as early as possible, then begin your auditor selection process with that document in hand.

What is the Scope of Audit document?

The Scope of Audit is a document issued by the NDIS Commission that specifies exactly what your audit must cover — including the registration groups to be assessed, the applicable Practice Standards modules, and the audit type. AQAs require this document to provide an accurate quote. You cannot meaningfully compare auditor quotes without it, as the scope determines the time and resources each auditor will need to allocate.

Can an NDIS auditor refuse to audit a provider?

Yes. AQAs are independent firms and can decline to provide services in certain circumstances, including where there is a perceived conflict of interest, where the provider’s scope falls outside the AQA’s approved modules, or where the auditor determines the engagement is not commercially viable. This is another reason why getting multiple quotes from different AQAs is important — it provides fallback options if your preferred choice is unavailable or declines.

What is the difference between a verification and certification audit?

A verification audit is a desktop review suited to lower-risk service providers such as plan managers and some therapy providers. It typically takes around half a day. A certification audit involves two stages: Stage 1 desktop review followed by Stage 2 on-site assessment, including participant and staff interviews and physical premises inspection. Certification audits are required for providers delivering higher-risk supports. Your Scope of Audit document will specify which type applies to your registration. For more detail, see our guide on the NDIS Practice Standards and audit pathways.

Can I change my NDIS approved quality auditor during the process?

Changing auditors mid-process is possible but disruptive and potentially costly. If you have completed Stage 1 with one AQA, a new auditor may require a partial or full Stage 1 repeat before conducting Stage 2. It is far preferable to conduct thorough due diligence before engagement than to change auditors partway through. If serious concerns about an AQA’s conduct arise during the audit, you can also contact the NDIS Commission directly to raise a quality concern about the auditing process.

Do NDIS auditors check the NDIS Worker Screening register?

During a formal audit, auditors will verify that your organisation has appropriate systems to ensure all workers in risk-assessed roles hold valid NDIS Worker Screening clearances. They typically review a sample of staff records rather than checking every clearance individually. Your internal systems need to demonstrate that you actively monitor and maintain current clearances across your workforce. For a full overview of screening obligations, see our NDIS Worker Screening guide.


Scroll to Top