NDIS Audit Preparation: 10 Steps to Pass First Time

/ NDIS Compliance / By

NDIS Audit Preparation: 10 Steps to Pass First Time

Thorough NDIS audit preparation is the single most important factor in passing your audit on the first attempt. Whether you are facing a verification audit, a certification audit, or a mid-term review, the same principle applies: auditors assess the evidence of what you actually do, not just what your policies say. In this guide, you will find a detailed 10-step preparation process, the most common mistakes providers make, and how to build an outcomes-focused evidence portfolio that satisfies modern audit requirements.

What Is NDIS Audit Preparation?

NDIS audit preparation is the structured process of reviewing, updating, and organising your organisation’s policies, procedures, documentation, and practices to demonstrate compliance with the NDIS Practice Standards before your Approved Quality Auditor (AQA) conducts their assessment. Effective preparation reduces the risk of non-conformities and helps your staff engage confidently with auditors.

Why NDIS Audit Preparation Matters More Than Ever

The NDIS Commission has significantly raised the bar for what constitutes satisfactory compliance evidence. Auditors now focus on outcomes-based evidence, meaning they want to see proof that your practices are actually improving participant outcomes — not just that you have a policy document on file.

Additionally, the consequences of failing an audit are serious. Major non-conformities can delay your registration or renewal by months, require costly close-out audits, and expose your organisation to regulatory action. Using a structured NDIS audit checklist approach reduces the risk of surprises and helps you address gaps before the auditor arrives. For context on what the audit process involves, see our NDIS Practice Standards guide.

The 10-Step NDIS Audit Preparation Process

The following steps cover the full scope of preparation required to confidently approach any NDIS audit. Work through each step methodically, assign responsibility to specific team members, and document your progress.

Step 1: Review Your Policies Against the NDIS Practice Standards

Begin your NDIS audit preparation by mapping every policy and procedure your organisation has against the specific Practice Standards modules that apply to your registration groups. Do not assume last year’s policies still meet current standards — the NDIS Commission updates guidance regularly, and practice standards themselves may have been revised.

For each standard, ask:

  • Do our policies reflect the current requirements?
  • Are procedures clearly described and easy for staff to follow?
  • Are document version numbers and review dates current?
  • Does our practice reflect what the policy says?

Pay particular attention to the Core Module, which applies to all providers, and then the supplementary modules relevant to your specific services. Moreover, if you have made any changes to services since your last audit, update the relevant policies before the audit date.

Step 2: Conduct a Mock Audit and Self-Assessment

A mock audit is the most effective preparation tool available to providers. Conduct a structured self-assessment using the same criteria your AQA will use. The NDIS Commission provides self-assessment tools through its portal, and many AQAs publish pre-audit readiness checklists.

During the mock audit:

  • Assign a team member to play the role of auditor and another to respond as staff would during the real audit
  • Review a sample of participant files against the file standards
  • Walk through your incident management process end-to-end
  • Test whether staff can explain their roles and your practices from memory

Document the findings of your mock audit. Any gaps identified become priority action items. Furthermore, completing a mock audit gives your leadership team a realistic sense of readiness and reduces anxiety among staff about the real audit.

Step 3: Update Staff Training Records

Auditors will specifically review training records during a passing NDIS audit. Every worker must have current, documented evidence of mandatory training, including:

  • First aid and CPR — check expiry dates, as these typically need renewal every 1-3 years
  • Infection prevention and control training
  • NDIS Code of Conduct training
  • Mandatory reporting training
  • Any role-specific training required for your registration groups

Compile a training register that lists every worker, the training they have completed, the date completed, and the expiry date where applicable. This register should be easily accessible during the audit. Additionally, ensure that training records exist for new starters who joined since your last audit — a gap here is one of the most common non-conformities found during NDIS audits.

Step 4: Check Participant Files and Consent Forms

Participant file quality is one of the primary focus areas for auditors. Every participant file must be complete, up-to-date, and accessible. Before your audit, review a representative sample of files and check that each contains:

  • A completed support plan aligned with the participant’s NDIS goals
  • A current, signed service agreement — see our NDIS service agreement template for guidance on what these must include
  • Valid consent forms for all relevant activities, including sharing information with other providers
  • Up-to-date emergency and evacuation plans
  • Current progress notes demonstrating active support — see our NDIS progress notes guide for best practices
  • Any relevant health plans, behaviour support plans, or communication plans

If files are stored electronically, ensure the system is organised, searchable, and that access permissions reflect your privacy policy. Auditors will ask to see specific files during the Stage 2 audit — ensure you can retrieve them quickly.

Step 5: Review Your Incident Management System and Reporting

Incident management is a high-priority area during any NDIS audit. Auditors will assess whether your organisation has a functioning incident management system and whether it is being used correctly. Specifically, they will look for evidence that:

  • All incidents are recorded promptly and completely
  • Reportable incidents are being reported to the NDIS Commission within required timeframes
  • Root cause analysis is conducted for significant incidents
  • Corrective actions are implemented and followed up
  • Incident data is reviewed at the governance level and used to improve practices

Before your audit, review your incident register for any incomplete reports or overdue follow-up actions. Close out open actions and ensure the register is clean and current. For a comprehensive overview of your reporting obligations, see our NDIS reportable incidents guide and NDIS incident management guide.

Step 6: Test Your Risk Management Practices

Your risk management framework must demonstrate that risks are actively identified, assessed, and managed across your organisation. During the audit, auditors will look for evidence that risk management is a living practice — not a document that was written once and never reviewed.

Review your risk register before the audit and ensure it reflects current risks relevant to your service delivery environment. Check that:

  • Risk ratings are current and reflect any changes in your operating environment
  • Risk owners are identified and understand their responsibilities
  • Mitigation actions have been implemented and documented
  • Governance meetings have discussed risk management formally

Additionally, confirm that individual participant risk assessments are current and reflected in support plans. Auditors will specifically look for evidence that you manage risks at the participant level, not just at the organisational level.

Step 7: Verify Worker Screening Checks Are Current

Every worker delivering NDIS supports must have a valid NDIS Worker Screening Check clearance. Before your audit, run a comprehensive check of your entire workforce to identify any clearances that have expired, are pending renewal, or were never obtained for workers in risk-assessed roles.

Do not wait for your AQA to identify screening gaps. Create a worker screening register that lists every worker, their clearance number, the issuing state or territory, and the expiry date. This register should be reviewed as part of your monthly compliance activities.

For comprehensive guidance on the worker screening system and how to manage it, see our NDIS worker screening guide. Auditors treat screening gaps seriously — having even one worker without a current clearance is a non-conformity that could delay your audit outcome.

Step 8: Review Service Agreements and Support Plans

Service agreements are a cornerstone of the NDIS practice framework. Each participant must have a current, signed service agreement that accurately reflects the supports being delivered and the agreed terms of service. Before your audit:

  • Check that every active participant has a signed service agreement on file
  • Ensure agreements reflect current pricing under the NDIS Price Guide — see our NDIS price guide for current rates
  • Confirm that agreements are dated, signed by both parties, and include all required content
  • Review whether support plans are aligned with current NDIS goals from participants’ current plans

Unsigned or outdated service agreements are among the most common findings in NDIS audits. Furthermore, auditors increasingly check whether the supports described in agreements match what progress notes and invoices show is actually being delivered. Consistency across these documents is essential.

Step 9: Prepare Staff for Auditor Interviews

Certification audits include interviews with staff — and often with participants. How your workers perform in these interviews can significantly influence the audit outcome. Preparing staff is therefore a critical component of audit preparation steps.

Run preparation sessions with your team that cover:

  • The purpose of the audit and what auditors are looking for
  • How to answer questions honestly and confidently without oversharing or guessing
  • Key aspects of the NDIS Code of Conduct and what it means in their daily work
  • How to describe their role, the supports they deliver, and how they manage incidents or concerns
  • Where to find policies and procedures if asked to reference them

Importantly, coach staff that auditors are not there to catch them out but to verify that your organisation’s practices are real and effective. A calm, confident worker who gives clear, practical answers to interview questions makes a very positive impression. For staff obligations under the Code, refer to our NDIS Code of Conduct complete guide for providers.

Step 10: Organise Your Evidence Portfolio

The final — and in many ways most important — step is to assemble a comprehensive, well-organised evidence portfolio that you can present to auditors efficiently. Modern auditors want to see outcomes-based evidence, not just documentation. Your portfolio should therefore demonstrate impact, not just process.

Organise your evidence portfolio to include:

  • Policies and procedures (current versions with review dates)
  • Training records and competency assessments
  • A sample of participant files (complete and consent-signed)
  • Incident and complaints registers
  • Worker screening register
  • Risk register with current entries
  • Quality improvement plans and completed corrective actions
  • Governance meeting minutes referencing quality and safety discussions
  • Outcome measurement data — surveys, participant feedback, goal achievement records

Label every section clearly and ensure the portfolio can be navigated quickly under audit conditions. A disorganised evidence portfolio signals poor governance to auditors, even if the underlying practices are sound.

Common Pitfalls in NDIS Audit Preparation

Even well-intentioned providers make predictable mistakes that lead to non-conformities. Being aware of these pitfalls helps you avoid them.

Incomplete or Unsigned Documentation

The most frequent finding in NDIS audits is incomplete documentation. Common examples include:

  • Service agreements that are on file but not signed by the participant or their representative
  • Support plans that reference outdated NDIS goals
  • Incident reports that are started but not completed or closed out
  • Progress notes that are missing for periods of service delivery

These gaps are avoidable with a structured pre-audit file review. Assign a team member to check every participant file against a standard checklist at least four weeks before the audit date.

Relying on Policies Alone

Having comprehensive, well-written policies is necessary but not sufficient. Auditors regularly find that providers have excellent policy documents but cannot demonstrate that those policies are implemented in practice. The gap between policy and practice is where most major non-conformities originate.

Therefore, for every policy you have, ask: “What is the evidence that staff actually follow this?” If you cannot point to training records, supervision notes, incident logs, or file reviews that demonstrate practice alignment, the policy may not be enough.

Leaving Preparation Too Late

Providers who begin audit preparation only a few weeks before the audit date rarely have enough time to close all identified gaps. Starting preparation at least three months before your audit date gives you time to conduct a mock audit, update documentation, schedule additional training, and finalise your evidence portfolio without rushing.

Create a compliance calendar that maps out preparation milestones and assign clear ownership for each activity. Use tools like Inficurex’s NDIS software for providers to manage deadlines and document completion across your team.

Outcomes-Based Evidence: What Modern Auditors Look For

The NDIS Commission has shifted its audit focus toward outcomes-based assessment. This means auditors are increasingly interested in evidence that your supports are actually making a difference in participants’ lives — not just that you comply with process requirements.

Outcomes-based evidence includes:

  • Participant feedback surveys showing satisfaction with supports and worker conduct
  • Goal achievement data demonstrating progress toward NDIS plan goals
  • Participant choice and control records showing how you actively support decision-making
  • Complaints data with evidence of resolution and improvement
  • Reduced incident rates or improved incident response times over time

Build these evidence types into your regular quality activities — not just your audit preparation. Monthly quality reviews that generate outcome data will give you a strong, authentic evidence portfolio at audit time without requiring a last-minute scramble.

Building a Compliance Calendar for Ongoing Audit Readiness

The best approach to NDIS audit preparation is to treat it as a continuous activity, not a once-every-three-years event. An internal compliance calendar should schedule:

  • Monthly: Review training completion rates, check incident reporting timeliness, review any complaints received
  • Quarterly: Deep dive into 1-2 Practice Standards modules, sample participant file reviews, risk register review
  • Annually: Full self-assessment against all applicable standards, update evidence portfolio, key personnel suitability review, review all policies

Providers who follow a structured compliance calendar arrive at their audit date in a state of ongoing readiness. For a comprehensive overview of compliance obligations to include in your calendar, refer to our NDIS compliance checklist.

How Inficurex Helps with NDIS Audit Preparation

Preparing for an NDIS audit involves coordinating documentation, staff records, participant files, incident reports, and training across your entire organisation. Inficurex’s NDIS software for providers brings all of these elements into a single, audit-ready platform.

With Inficurex, you can manage worker screening expiry dates, maintain complete participant records, log incidents and track their resolution, generate evidence reports, and coordinate staff training schedules — all in one place. This means that when your audit date arrives, your evidence portfolio is already organised and current. Additionally, Inficurex supports ongoing compliance calendar management, helping you maintain audit readiness year-round rather than scrambling in the weeks before your AQA arrives.

Discover how Inficurex helps providers pass their NDIS audit at inficurex.com/ndis-software-for-providers/.

Frequently Asked Questions About NDIS Audit Preparation

How early should I start NDIS audit preparation?

Begin preparation at least three months before your audit date. This allows time for a mock audit, policy updates, staff training, file reviews, and assembling your evidence portfolio. Providers who start only a few weeks out rarely have enough time to close all gaps and often arrive at audit with avoidable non-conformities. For renewal audits, tie preparation to your six-month-early renewal start.

What is the most common reason providers fail their NDIS audit?

The most common cause of non-conformities is the gap between policy and practice — having well-written policies but no evidence that staff follow them. Incomplete participant files and unsigned service agreements are the most frequently cited documentation issues. Auditors look for evidence of real practice, not just the existence of policy documents.

What is outcomes-based evidence in an NDIS audit?

Outcomes-based evidence demonstrates that your supports are actively improving participant lives, not just that you comply with process requirements. Examples include participant feedback surveys, goal achievement records, complaints data with evidence of resolution, and reduced incident rates over time. Auditors increasingly weight this type of evidence alongside traditional compliance documentation.

Do frontline workers need to prepare for the NDIS audit?

Yes. Certification audits include staff interviews, and how workers respond significantly influences the audit outcome. Prepare staff by explaining the audit purpose, coaching them on how to answer questions clearly and honestly, and reviewing key aspects of the Code of Conduct and their daily obligations. Well-prepared frontline workers are one of the strongest signals of a genuinely compliant organisation.

What is an NDIS audit checklist and do I need one?

An NDIS audit checklist is a structured list of documentation and practice requirements that you review before the audit to identify gaps. Yes, every provider should use one. The NDIS Commission provides self-assessment tools aligned to the Practice Standards. You can also develop an internal checklist based on the 10 preparation steps outlined in this guide to ensure nothing is missed before your AQA arrives.

How should I organise my evidence portfolio for the audit?

Organise your evidence portfolio by Practice Standards module, with clearly labelled sections for policies, participant file samples, training records, incident registers, worker screening records, and governance documentation. Include outcome evidence such as participant feedback data and quality improvement plans. Ensure the portfolio can be navigated quickly — a disorganised portfolio creates a poor impression even if the content is strong.

What happens if the auditor finds non-conformities?

If non-conformities are found, you must submit a Corrective Action Plan (CAP) within 7 calendar days of written notification. Minor non-conformities can be closed within 18 months. Major non-conformities must be addressed within 3 months and verified by the auditor before they submit their recommendation to the Commission. Having a structured approach to CAP development and implementation minimises the impact of non-conformities on your registration timeline.

How does a mid-term audit differ from the full certification audit?

The mid-term audit occurs at 18 months into your certification registration period. It focuses specifically on governance and management standards and reviews progress on any corrective actions from your initial certification audit. It is less comprehensive than the full Stage 1 and Stage 2 certification audit but still requires evidence preparation. Providers on the verification pathway do not have a mid-term audit requirement. See NDIS Commission guidance for the latest mid-term audit requirements.


Scroll to Top