NDIS Practice Standards Audit Checklist: 30 Must-Have Documents

Your NDIS practice standards audit checklist is the single most important tool you have when preparing for an audit. Without the right documentation, even the most well-run organisation can face non-conformities that delay registration or put your provider status at risk. Auditors from approved quality auditors assess whether your operations align with the NDIS Quality and Safeguards Commission standards — and they rely entirely on documented evidence. This post gives you a complete, ready-to-use checklist of 30 must-have audit documentation checklist items. Use it to drive your NDIS audit preparation, close documentation gaps, and walk into your audit with confidence. Every section maps directly to the core NDIS practice standards modules.

What Is an NDIS Practice Standards Audit Checklist?

An NDIS practice standards audit checklist is a structured list of policies, procedures, registers, and records that registered providers must prepare before an audit. It maps your required documentation against the four core modules and specialist standards of the NDIS Provider Standards, helping you identify gaps and organise evidence before auditors arrive. Think of it as your compliance roadmap.

Governance and Operational Management Documents (Documents 1–6)

Strong governance documentation tells auditors that your organisation has clear accountability structures and systematic processes for managing risk. These six documents form the foundation of your audit documentation checklist. Without them, auditors cannot verify that your organisation is fit to deliver NDIS supports. Refer to the NDIS practice standards guide for a full breakdown of each governance module requirement.

1. Organisational Governance Framework

What it is: A document that defines your leadership structure, board or executive responsibilities, and accountability lines.

Why auditors need it: It demonstrates that your organisation has a clear chain of authority and sound governance arrangements.

What to include:

• Organisational chart with reporting lines
• Board or executive terms of reference
• Delegations of authority schedule
• Meeting minutes showing governance in action

2. Strategic and Business Plan

What it is: A forward-looking document outlining your organisational goals, service priorities, and growth strategy.

Why auditors need it: It shows that your organisation plans purposefully and aligns its resources with its mission.

What to include: Three-to-five-year objectives, key performance indicators, financial sustainability projections, and service expansion plans.

3. Risk Management Policy and Register

What it is: A policy defining how your organisation identifies, assesses, and controls risk, supported by a live register of current risks.

Why auditors need it: Risk management is a direct requirement under the NDIS practice standards. Auditors look for evidence that the register is actively maintained.

What to include: Risk rating matrix, identified risks, risk owners, mitigation controls, and review dates.

4. Quality Management System Documentation

What it is: A set of documents that collectively describe how your organisation maintains service quality and drives continuous improvement.

Why auditors need it: A documented quality management system shows your organisation has a systematic approach, not just good intentions.

What to include: Quality policy, document control procedure, audit schedule, and improvement tracking records.

5. Conflict of Interest Policy

What it is: A policy that defines what constitutes a conflict of interest, how staff must declare conflicts, and how your organisation manages them.

Why auditors need it: Conflicts of interest can compromise participant outcomes. Auditors check that your policy is current and that declarations are on file.

What to include: Definition of conflicts, declaration form template, register of declared interests, and escalation procedure.

6. Financial Management Procedures

What it is: Written procedures covering how your organisation manages budgets, authorises expenditure, conducts financial oversight, and handles NDIS funding.

Why auditors need it: Financial sustainability is a governance requirement. Auditors need evidence that funds are managed responsibly.

What to include: Procurement policy, expense approval thresholds, financial reporting cycle, and NDIS price guide compliance notes.

Participant Rights and Service Delivery Documents (Documents 7–12)

Participant rights are at the heart of the NDIS practice standards. These documents prove that your organisation puts participants first in every interaction. Auditors will cross-reference these documents with participant interviews and service records. A well-maintained NDIS compliance checklist should give these documents top priority.

7. Participant Rights and Responsibilities Statement

What it is: A plain-language document outlining the rights participants hold under the NDIS Act and their responsibilities as service users.

Why auditors need it: Auditors check that participants are actively informed of their rights at the start of service and whenever rights change.

What to include: NDIS participant rights list, how to access advocates, responsibilities of participants, and acknowledgement signature block.

8. Service Agreements Template

What it is: A standardised contract between your organisation and each participant, outlining the supports to be delivered, pricing, and cancellation terms.

Why auditors need it: Every participant must have a signed, current service agreement. Auditors request samples to verify compliance.

What to include: Support types, pricing aligned to the NDIS price guide, review schedule, and dispute resolution clause. See our service agreement template for a ready-to-use example.

9. Participant Consent Forms

What it is: Signed forms capturing participant consent for specific activities — including information sharing, photography, and support delivery.

Why auditors need it: Consent is a legal and ethical requirement. Auditors look for evidence that consent is sought, recorded, and reviewed regularly.

What to include: Purpose of consent, withdrawal rights, date of consent, and participant or guardian signature.

10. Support Plan Templates

What it is: Structured templates used to document each participant’s goals, support needs, and agreed delivery approach.

Why auditors need it: Support plans must reflect individual goals and be co-developed with participants. Auditors compare plans against service delivery records.

What to include: Participant goals, support strategies, review dates, risk considerations, and worker responsibilities.

11. Participant Feedback and Satisfaction Surveys

What it is: Tools used to capture participant views on service quality, including formal surveys and informal feedback mechanisms.

Why auditors need it: Continuous improvement requires evidence that you listen to participants. Auditors look for feedback records and actions taken in response.

What to include: Survey questions, response records, analysis summaries, and documented actions taken.

12. Cultural Safety and Diversity Policy

What it is: A policy committing your organisation to culturally safe and inclusive service delivery for all participants.

Why auditors need it: The NDIS practice standards require providers to respect and accommodate cultural, linguistic, and religious diversity.

What to include: Commitment statement, supported languages, Aboriginal and Torres Strait Islander inclusion approach, and staff training requirements.

Human Resources and Worker Compliance Documents (Documents 13–18)

Worker compliance documents protect participants and demonstrate that your workforce meets NDIS requirements. These records are among the first things auditors request. Gaps in worker screening or training records are a common cause of non-conformities during NDIS audit preparation. Visit our worker screening guide for detailed requirements by state and territory.

13. Worker Screening Check Records

What it is: Records confirming that all workers have completed and passed mandatory NDIS Worker Screening Checks before commencing work with participants.

Why auditors need it: Worker screening is a non-negotiable requirement. Missing or expired checks are a major non-conformity.

What to include: Worker name, Worker Screening ID number, expiry date, and clearance status.

14. Staff Qualifications and Training Register

What it is: A register documenting each worker’s qualifications, mandatory training completions, and upcoming renewal dates.

Why auditors need it: Workers must be appropriately qualified for the supports they deliver. A current register proves ongoing compliance.

What to include: Worker name, qualifications held, training completed, training dates, and next review or renewal date.

15. Position Descriptions with NDIS Requirements

What it is: Written role descriptions that explicitly reference NDIS compliance obligations relevant to each position.

Why auditors need it: Position descriptions should reflect NDIS obligations. Auditors check that roles are clearly defined and that workers know their responsibilities.

What to include: Role title, key responsibilities, mandatory qualifications, NDIS-specific requirements, and reporting lines.

16. Code of Conduct Acknowledgement Forms

What it is: Signed forms confirming that each worker has read, understood, and agreed to comply with the NDIS Code of Conduct.

Why auditors need it: All NDIS workers must comply with the Code of Conduct. Signed acknowledgements prove workers have been informed.

What to include: Worker name, date of acknowledgement, Code of Conduct version number, and signature.

17. Supervision and Performance Review Records

What it is: Records of regular supervision sessions and formal performance reviews conducted with workers.

Why auditors need it: Supervision demonstrates active management of workforce quality. Auditors look for consistency in how supervision is applied across your team.

What to include: Worker name, supervisor name, date, topics discussed, agreed actions, and next review date.

18. Induction and Orientation Program

What it is: A structured program that all new workers complete before working independently with participants.

Why auditors need it: Induction ensures workers understand organisational policies, NDIS obligations, and participant rights before they begin.

What to include: Induction checklist, topics covered, trainer details, completion sign-off, and date of completion.

Incident Management and Complaints Documents (Documents 19–24)

Incident management and complaints documentation demonstrate that your organisation responds to harm and feedback in a systematic, accountable way. Auditors examine these records closely to assess your organisation’s safety culture. A robust incident management guide will help you build compliant processes from the ground up.

19. Incident Management Policy and Procedure

What it is: A policy defining how your organisation identifies, classifies, reports, investigates, and responds to incidents involving participants.

Why auditors need it: A documented and implemented incident management system is a core NDIS practice standards requirement.

What to include: Incident definitions, classification levels, reporting timeframes, investigation requirements, and escalation procedure.

20. Reportable Incident Notification Records

What it is: Records of all reportable incidents submitted to the NDIS Quality and Safeguards Commission, including submission confirmation.

Why auditors need it: Providers must notify the Commission of reportable incidents within set timeframes. Records prove compliance with mandatory reporting obligations. See our reportable incidents guide for notification timelines.

What to include: Incident date, nature of incident, notification date, NDIS Commission reference number, and follow-up actions.

21. Incident Register and Tracking System

What it is: A live register logging all incidents — including non-reportable incidents — with status tracking through to closure.

Why auditors need it: A complete register shows auditors that all incidents are captured, not just those that are reportable. It also supports trend analysis.

What to include: Incident ID, date, participant code, incident type, severity rating, investigation status, and closure date.

22. Complaints Management Policy

What it is: A policy that explains how your organisation receives, acknowledges, investigates, and resolves complaints from participants, families, and workers.

Why auditors need it: Complaints management is a standalone practice standards requirement. Auditors check that your policy meets minimum standards and is accessible to participants.

What to include: How to make a complaint, acknowledgement timeframes, investigation process, escalation options, and external complaint bodies.

23. Complaints Register and Resolution Records

What it is: A register logging all complaints received, along with records of how each complaint was investigated and resolved.

Why auditors need it: Auditors cross-reference the complaints register with your complaints policy to confirm that your process is followed in practice.

What to include: Complaint ID, date received, nature of complaint, outcome, and date of resolution.

24. Root Cause Analysis Templates

What it is: Structured templates used to investigate the underlying causes of serious incidents and systemic complaints.

Why auditors need it: Root cause analysis demonstrates that your organisation learns from incidents rather than simply recording them.

What to include: Incident summary, causal factors identified, contributing systemic factors, recommended corrective actions, and responsible officer.

Continuity and Information Management Documents (Documents 25–30)

The final six documents on your NDIS practice standards audit checklist relate to business continuity and responsible information management. These documents protect your organisation and participants during disruptions, and ensure that records are managed with integrity. Auditors increasingly scrutinise information governance as digital record-keeping becomes standard practice.

25. Business Continuity Plan

What it is: A plan outlining how your organisation will continue delivering critical supports during a significant disruption — such as a systems outage, key staff absence, or natural disaster.

Why auditors need it: Participants depend on consistent support. Auditors check that you have a tested plan to maintain essential services under adverse conditions.

What to include: Critical service list, continuity strategies, contact trees, activation triggers, and recovery timeframes.

26. Information Management and Privacy Policy

What it is: A policy governing how your organisation collects, stores, shares, and protects personal and sensitive information about participants and workers.

Why auditors need it: Privacy compliance is mandatory under Australian law and the NDIS practice standards. Auditors look for a current, comprehensive policy.

What to include: Types of information collected, storage methods, access controls, breach notification procedure, and participant rights to access their information.

27. Records Management Procedure

What it is: A procedure defining how records are created, stored, retrieved, archived, and destroyed in line with legal and NDIS requirements.

Why auditors need it: Good records management ensures that audit evidence is available, current, and reliably maintained.

What to include: Record categories, retention periods, storage locations, version control requirements, and destruction procedures.

28. Emergency and Disaster Management Plan

What it is: A plan detailing your organisation’s response to emergencies and disasters that may affect participants, workers, or facilities.

Why auditors need it: Providers must protect participants during emergencies. Auditors check that plans are tailored to your participant cohort and service locations.

What to include: Emergency scenarios covered, evacuation procedures, participant vulnerability assessments, worker responsibilities, and external agency contacts.

29. Feedback and Continuous Improvement Register

What it is: A register that captures all forms of feedback — compliments, suggestions, complaints, and audit findings — and tracks improvement actions arising from each.

Why auditors need it: Continuous improvement is a core requirement of the NDIS practice standards. A live register proves your commitment to getting better over time.

What to include: Feedback source, date, nature of feedback, improvement action identified, responsible officer, and completion date.

30. Internal Audit Reports and Action Plans

What it is: Reports from your own internal audit activities, together with documented action plans addressing any findings.

Why auditors need it: Internal audits demonstrate proactive self-assessment. Auditors view them as strong evidence of a mature quality management culture.

What to include: Audit scope, audit date, findings, non-conformity classification, corrective actions, responsible officer, and completion status.

How to Organise Your NDIS Audit Preparation Documents

Organising your audit documentation checklist well before your audit date makes the entire process far less stressful. Auditors appreciate providers who present evidence in a clear, logical structure. Follow these steps to prepare effectively.

1. Assign a documentation owner. Appoint one person — typically your compliance or quality manager — to coordinate the entire audit documentation process. Clear ownership prevents gaps.
2. Map documents to practice standards modules. Create a master spreadsheet linking each of your 30 documents to the relevant NDIS practice standard. This makes it easy to respond quickly when auditors request specific evidence.
3. Use a consistent folder structure. Organise digital files into folders that mirror the audit modules: Governance, Participant Rights, Human Resources, Incident Management, and Information Management. Label files clearly with document name and version date.
4. Apply version control. Every document should carry a version number, effective date, and next review date in the header or footer. Never submit a document without a version reference — auditors will note the absence.
5. Conduct an internal gap audit at least 12 weeks before your external audit. Compare your current documentation against this NDIS practice standards audit checklist. Log every gap in your continuous improvement register and assign a resolution deadline.
6. Brief your leadership team. Ensure board members, managers, and frontline team leaders know their roles during the audit. Auditors often interview staff separately, so consistent messaging matters.

Using practice standards documents management software can automate version control, send renewal reminders, and centralise storage in one compliant platform. Consider reviewing the provider registration checklist as a complementary resource when setting up your documentation system from scratch.

What Documents Do NDIS Auditors Request First?

Auditors typically request governance and human resources documents first. Specifically, they will ask for your organisational governance framework, worker screening check records, and incident management policy in the opening phase of an audit. These three document categories establish whether your organisation has the foundational structures required under the NDIS practice standards.

After reviewing these, auditors move to participant-related records — service agreements, support plans, and consent forms. They then cross-reference those records with your incident register and complaints register to look for consistency between your documented processes and actual practice. Therefore, your NDIS audit preparation should always start with governance and workforce compliance documents before moving to operational records.

How Far in Advance Should You Prepare for an NDIS Audit?

Start your NDIS audit preparation at least three to six months before your scheduled audit date. This is the minimum timeframe needed to conduct an internal gap analysis, address missing practice standards documents, and conduct staff briefings without rushing.

For new providers or organisations undergoing a certification audit for the first time, six to twelve months of preparation time is strongly recommended. Building a complete documentation suite from the ground up takes time. Policies must be written, approved, communicated to staff, and implemented before they carry any evidential weight with an auditor. Additionally, documents like the continuous improvement register and supervision records need time to accumulate real evidence — a register started the week before an audit will not satisfy auditors looking for an ongoing pattern of practice.

How Inficurex Helps With Audit Preparation

Inficurex is purpose-built NDIS software designed to take the stress out of audit preparation. The platform centralises all 30 documents on your NDIS practice standards audit checklist in one secure location, with built-in version control and automated review reminders. You can map every document directly to the relevant practice standards module, so you always know your compliance status at a glance.

Inficurex also automates incident reporting, complaints tracking, and continuous improvement registers — which means your records are audit-ready at any time, not just when an audit is scheduled. Worker screening expiry alerts and training register management ensure your human resources compliance stays current without manual follow-up. If you want to streamline your NDIS audit preparation and reduce the risk of non-conformities, explore Inficurex NDIS software for providers and see how it can transform your compliance process.

Frequently Asked Questions

How many documents do you need for an NDIS audit?

The exact number varies by audit type and provider scope. However, most registered NDIS providers need at least 30 core documents covering governance, participant rights, HR compliance, incident management, and information management. Certification audits require more documentation than verification audits.

What is the difference between verification and certification audit documents?

Verification audits apply to lower-risk supports and use a desktop document review. Certification audits apply to higher-risk supports and involve an on-site assessment plus participant and worker interviews. Certification audits therefore require a broader set of practice standards documents and more evidence of implementation.

How often should audit documents be updated?

Most policies and procedures should be reviewed at least annually. High-risk documents such as incident management procedures and risk registers should be reviewed more frequently — at least every six months or following a significant incident or legislative change.

Can I use template documents for my NDIS audit?

Yes, template documents are a good starting point. However, auditors expect documents to reflect your organisation’s actual practices. You must customise templates to match your specific services, context, and operating procedures before submission.

What happens if I am missing documents during an audit?

Missing documents can result in non-conformities during your audit. Minor non-conformities may be addressed through a corrective action plan. Major non-conformities can affect your audit outcome and may delay registration or lead to conditions being placed on your provider status.

Who is responsible for maintaining audit documentation?

Responsibility typically sits with the compliance manager or quality manager. However, each team leader or department head should own the practice standards documents relevant to their function. Governance-level documents are the responsibility of the board or executive leadership.

How long should I keep NDIS audit records?

The NDIS Commission requires providers to retain records for a minimum of seven years. Incident records and participant-related documents may need to be kept longer, especially where participants are children or where incidents involved serious harm.

What format should audit documents be in?

Documents can be in any clear, accessible format — PDF, Word, or digital records within a compliance management system. The key requirement is that all practice standards documents are current, version-controlled, and can be easily retrieved by auditors on request.