NDIS Major vs Minor Non-Conformity: What to Do Next

Receiving an NDIS audit non-conformity finding can be stressful, especially if you are not sure what it means or what you are expected to do next. Non-conformities are a normal part of the audit process — they do not automatically mean you have failed or that your registration is at risk. What matters most is how quickly and thoroughly you respond. This guide explains the difference between major and minor non-conformities, walks you through the corrective action process step by step, and helps you understand exactly what auditors and the NDIS Commission expect from your response. By the end, you will have a clear plan for addressing any audit finding and protecting your registration.

What Is an NDIS Audit Non-Conformity?

An NDIS audit non-conformity is an official finding raised by an approved quality auditor when your organisation does not meet one or more requirements of the NDIS Practice Standards. Non-conformities can relate to documentation gaps, policy deficiencies, process failures, workforce compliance issues, or systemic breakdowns in your quality management system.

The auditor identifies non-conformities by comparing your evidence against the specific requirements of the standards modules relevant to your registration groups. Each finding is classified by severity — minor, major, or notifiable — which determines your response timeframe and the impact on your registration. Understanding the classification is the first step in planning an effective NDIS audit response. You can familiarise yourself with the broader compliance framework through our NDIS Practice Standards guide.

Types of Non-Conformity

Minor Non-Conformity

A minor non-conformity is a low-severity gap in compliance that does not immediately threaten participant safety or fundamentally breach the NDIS Practice Standards. It typically involves documentation inconsistencies, outdated procedures, incomplete records, or isolated process failures that have not caused harm.

Examples of minor non-conformities include:

• A staff induction checklist that is missing one required element
• A complaints register that has not been reviewed within the required timeframe
• An incident report that is missing a follow-up action or outcome entry
• A support plan that references outdated participant goals
• A policy document that has not been reviewed and signed off in the past twelve months

Minor non-conformities generally allow your registration to proceed, subject to you submitting a corrective action plan and resolving the issues within an agreed timeframe — typically 90 days. However, a pattern of minor non-conformities across multiple areas can indicate systemic weaknesses and may attract closer scrutiny at your next audit.

Major Non-Conformity

A major non-conformity NDIS finding is a significant failure that either poses a direct risk to participant safety or represents a fundamental breakdown in your compliance systems. It is a serious finding that requires prompt and thorough attention. Unlike minor issues, major non-conformities will typically prevent your registration from being confirmed until they are fully resolved.

Examples of major non-conformities include:

• Workers delivering supports without a valid NDIS worker screening clearance
• No documented incident management system or failure to report notifiable incidents
• Absence of participant risk assessments for high-risk supports
• No complaints policy or evidence that participants are informed of their right to complain
• Systematic failure to obtain informed consent from participants before delivering supports
• No evidence of mandatory training completion across the workforce

Responding to a major non-conformity NDIS finding requires more than a quick document update. Auditors and the Commission want to see that you have understood the root cause, implemented a systemic fix, and can demonstrate that the risk to participants has been eliminated. Our incident management guide and worker screening guide are essential resources if your findings relate to these areas.

Notifiable Breach

A notifiable breach sits above a major non-conformity in terms of severity. It involves a serious failure that has resulted — or has the potential to result — in significant harm to a participant. Notifiable breaches must be escalated to the NDIS Quality and Safeguards Commission immediately and may trigger a formal compliance investigation.

Examples of notifiable breaches include physical or sexual abuse of a participant, unlawful physical restraint, and any incident resulting in the death or serious injury of a participant that was connected to inadequate care or oversight. These situations require immediate internal action, regulatory notification, and often involve law enforcement or other external agencies. Our NDIS reportable incidents guide explains the notification obligations in detail.

What Happens After a Non-Conformity Is Found

Timeline Overview

When your audit is complete, the approved quality auditor prepares a formal audit report listing all findings, including any non-conformities. This report is provided to both you and the NDIS Commission. The Commission then uses the audit report to make a decision about your registration.

For minor non-conformities, registration may be confirmed with a condition requiring you to resolve the issues within a specified timeframe — commonly 90 days. For major non-conformities, the Commission will generally not confirm registration until you have submitted evidence that the non-conformity has been resolved. The auditor reviews your corrective action evidence and confirms closure before the Commission proceeds.

Notification Process

You will receive written notification from your auditor or the Commission detailing each non-conformity, its classification, the specific standard it relates to, and the required response timeframe. Read this notification carefully and document your understanding of each finding before you begin drafting your response. Misunderstanding a finding and addressing the wrong issue is a common and costly mistake.

Corrective Action Plan (CAP) Process

The corrective action plan is your formal NDIS audit response document. It demonstrates to auditors and the Commission that you have taken the findings seriously, identified the root cause, and implemented sustainable changes. A superficial response — for example, simply updating a policy without addressing why the gap existed in the first place — is unlikely to satisfy the auditor and may result in the non-conformity remaining open.

The CAP process typically involves:

1. Acknowledging each non-conformity in writing
2. Conducting a root cause analysis for each finding
3. Documenting the specific corrective actions you will take
4. Assigning a responsible person for each action
5. Setting a realistic target completion date
6. Collecting and compiling evidence of completion
7. Submitting the completed CAP and evidence to your auditor

How to Write a Corrective Action Plan

A strong corrective action plan follows a structured format that makes it easy for auditors to review and verify. Every audit findings corrective action response should address the same core elements: what went wrong, why it went wrong, and what you have done to ensure it does not happen again.

Step 1: Restate the Finding

Begin each section of your CAP by quoting the exact finding as stated in the audit report. This ensures there is no ambiguity about what you are addressing. Include the finding reference number, the relevant NDIS Practice Standards clause, and the classification (minor or major).

Step 2: Conduct a Root Cause Analysis

Root cause analysis goes beyond the surface issue. If your complaint register was not reviewed on time, the root cause might be that no one was assigned ownership of the register, or that there was no documented review schedule. Addressing only the symptom — completing the overdue review — will not prevent recurrence. Identifying and addressing the root cause is what separates a compliant CAP from one that will be rejected.

Common root cause categories include:

• Unclear or undocumented responsibility (no named owner for a process)
• Lack of staff awareness or training
• Inadequate monitoring or audit schedule
• System or technology gaps
• Insufficient resources allocated to compliance tasks

Step 3: Describe Your Corrective Actions

For each root cause, describe the specific action you will take to fix it. Actions should be concrete and verifiable. “Improve awareness” is not an action — “deliver a 60-minute mandatory training session to all support workers by [date] and retain signed attendance records” is. Be specific about what will be done, by whom, and by when.

Strong audit findings corrective action responses always include both immediate remediation (fixing the specific issue identified) and systemic improvement (changing the process to prevent recurrence). Both elements must be present for a CAP to be credible.

Step 4: Assign Responsibility

Every corrective action must have a named responsible person and a clear completion date. Avoid assigning actions to roles — assign them to individuals. This creates accountability and makes follow-up easier. If multiple people are involved, name a lead responsible person who is accountable for ensuring the action is completed on time.

Step 5: Collect and Submit Evidence

Evidence is the most important part of your CAP submission. Without it, your corrective actions cannot be verified. Acceptable evidence varies by finding type, but typically includes:

• Updated and dated policy or procedure documents
• Staff training attendance records or completion certificates
• Screenshots of updated systems or registers
• Meeting minutes documenting process changes
• Completed checklists or audit tools
• Worker screening clearance confirmations

Organise your evidence clearly, labelling each document with the finding it relates to. A well-organised submission speeds up the auditor’s review and reduces the likelihood of follow-up queries. Our NDIS compliance checklist can help you structure your evidence collection systematically.

Step 6: Submit and Follow Up

Submit your completed CAP and all supporting evidence to your approved quality auditor within the agreed timeframe. Confirm receipt in writing and request a review timeline from the auditor. If the auditor requests additional information, respond promptly — delays in this stage can push back your registration confirmation. Keep copies of everything you submit, as the Commission may request the same information independently.

Preventing Future Non-Conformities

The most effective NDIS audit response strategy is prevention. Providers who conduct regular internal audits and maintain strong compliance systems rarely encounter major non-conformities. Prevention is also far less costly than remediation — a missed policy review costs minutes; a failed audit costs months and thousands of dollars.

Build a proactive compliance culture by adopting the following practices:

• Schedule a comprehensive internal gap analysis at least six months before each renewal audit.
• Assign a dedicated compliance lead who is responsible for maintaining policies, registers, and audit readiness.
• Implement a rolling training calendar that ensures all workers complete mandatory training on schedule.
• Conduct regular file audits to check that participant records, support plans, and consent forms are current.
• Use a quality management system or NDIS-specific software to centralise documentation and automate compliance reminders.
• Review your incident and complaints data monthly to identify trends that might indicate systemic issues before they become audit findings.

Providers who maintain ongoing compliance rather than preparing only for audits consistently achieve better outcomes and face fewer findings. Our NDIS software for providers guide covers technology tools that can significantly reduce the administrative burden of compliance management. You should also review the NDIS provider standards regularly, as requirements are updated over time.

People Also Ask

How Long Do You Have to Fix an NDIS Non-Conformity?

The timeframe for resolving an NDIS audit non-conformity depends on its classification. Minor non-conformities typically allow a resolution period of up to 90 days after the audit report is issued. Major non-conformities are treated more urgently — the NDIS Commission will generally withhold registration confirmation until the finding is resolved, and providers are expected to act immediately. In practice, most major non-conformity responses are reviewed within four to eight weeks of the initial finding. Notifiable breaches require immediate action and reporting, with no grace period. Your approved quality auditor will communicate the specific deadline for each finding in writing. Missing these deadlines without prior communication to the Commission or auditor can escalate a manageable situation into a compliance enforcement matter. Staying proactive — acknowledging the finding quickly and submitting a draft CAP within two weeks — demonstrates good faith and often results in a smoother resolution process.

Can You Appeal an NDIS Audit Finding?

Yes, providers have formal avenues to challenge audit findings they believe are incorrect or unfair. Your first step is to raise a dispute directly with your approved quality auditor, providing evidence that the finding is not warranted. Auditors can review and revise findings if new evidence supports a different conclusion. If the Commission then makes a registration decision based on the audit report that you consider incorrect, you can request an internal review of that decision through the Commission’s formal review process. If you remain unsatisfied after the internal review, you may apply to the Administrative Appeals Tribunal (AAT) for an independent external merits review. The AAT can set aside, vary, or affirm the Commission’s decision. Throughout this process, it is strongly advisable to engage a compliance specialist or legal advisor who understands NDIS regulatory law. Importantly, disputing a finding does not pause your obligation to address legitimate compliance gaps — continue working on your corrective actions while the dispute is being resolved.

How Inficurex Helps

Receiving a non-conformity finding is not the end of the road — it is an opportunity to strengthen your compliance systems. Inficurex works with NDIS providers at every stage of the corrective action process, from interpreting audit findings to preparing and submitting a CAP that satisfies your auditor and the Commission.

Our team conducts root cause analysis workshops, develops tailored corrective action plans, coordinates evidence collection, and prepares comprehensive submission packages on your behalf. We understand what auditors look for and how to present your response in a way that closes findings quickly and efficiently.

Beyond corrective actions, Inficurex supports your ongoing compliance through policy development, staff training resources, and internal audit programs designed to prevent non-conformities from arising in the first place. Explore our resources on the NDIS Code of Conduct, service agreement templates, and provider registration checklist to build a stronger compliance foundation. Our reportable incidents guide is particularly valuable if your findings relate to incident management.

Frequently Asked Questions

What is an NDIS audit non-conformity?

An NDIS audit non-conformity is a formal finding raised when your organisation does not meet a specific requirement of the NDIS Practice Standards. Findings are classified as minor, major, or notifiable depending on their severity and the risk they pose to participants.

What is the difference between a major and minor non-conformity in NDIS?

A major non-conformity NDIS finding represents a significant failure that risks participant safety or fundamentally breaches the standards. A minor non-conformity is a less severe gap — typically a documentation or process issue — that does not immediately threaten outcomes but still requires a corrective response.

Will a non-conformity prevent my registration?

A major non-conformity will generally prevent registration from being confirmed until it is fully resolved. A minor non-conformity may allow registration to proceed with conditions. Notifiable breaches are escalated to the Commission and may trigger a formal investigation, depending on their nature.

What is a corrective action plan for NDIS?

A corrective action plan (CAP) is a structured document that outlines how you will address each non-conformity identified in your audit. A strong CAP includes a root cause analysis, specific actions, responsible persons, target dates, and verifiable evidence of completion. The audit findings corrective action plan must be reviewed and accepted by your approved quality auditor.

What evidence do I need to close a non-conformity?

Evidence requirements vary by finding type. Common forms of evidence include updated policy documents, training completion records, screenshots of updated systems, signed checklists, meeting minutes, and worker screening confirmations. All evidence must be dated and clearly linked to the specific finding it addresses.

How do I prevent NDIS audit non-conformities?

Prevention requires a proactive compliance program that includes regular internal audits, a comprehensive policy review schedule, consistent staff training, and robust incident and complaints management. Using NDIS provider software can automate many compliance reminders and documentation tasks, significantly reducing your risk of audit gaps.

What is the role of the NDIS Commission after a non-conformity is found?

The NDIS Commission receives the audit report from your approved quality auditor and uses it to make a registration decision. For major non-conformities, the Commission typically waits for confirmation that the issue is resolved before proceeding. For minor non-conformities, the Commission may grant conditional registration with a compliance timeline. The Commission can also impose conditions, request further information, or — in serious cases — refuse or revoke registration.

Where can I find information about NDIS Practice Standards requirements?

The most authoritative source is the NDIS Commission’s published NDIS Practice Standards documentation. Inficurex also maintains a detailed NDIS Practice Standards guide and an NDIS compliance checklist to help providers understand and meet every requirement.

Final Thoughts

An NDIS audit non-conformity is not a verdict — it is a starting point. Providers who respond quickly, address root causes thoroughly, and submit strong evidence consistently close their findings and move forward with registration. Providers who treat non-conformities as a bureaucratic inconvenience often find themselves in repeated cycles of the same issues.

Invest in your compliance systems now, and your next audit will be far less stressful. If you have received findings and need expert support, Inficurex is ready to help you build a response that satisfies your auditor and protects your registration. Contact us today to discuss your corrective action needs.