Key Takeaways
- The NDIS Quality and Safeguards Commission mandates periodic audits to ensure quality, participant choice, and safety.
- Both Verification and Certification audits require detailed record-keeping, policy logs, and clean financial systems.
- Failing to provide evidence of staff screening and incident management during an audit can lead to registration suspension.
For registered NDIS providers, passing an NDIS Quality and Safeguards Commission audit is the ultimate compliance test. The NDIS Commission has stepped up its review cycles for FY 2026 and FY 2027 to eliminate fraudulent behavior and elevate care quality. If you are preparing for your upcoming audit, this comprehensive checklist will help ensure your business processes, HR records, and financial books are fully compliant.
1. Verification vs. Certification Audits
Before beginning, know which audit type applies to your business. The NDIS Commission splits audits into two pathways based on support risk:
- Verification: Applies to providers delivering lower-risk services (e.g., household tasks, home modifications, assistive technology). The audit is desk-based and focuses on checking qualifications, insurance policies, and basic safety procedures.
- Certification: Required for higher-risk services (e.g., daily personal activities, group home supports, early intervention). It involves a thorough review of organizational governance, risk assessments, operational policies, and interviews with both staff and participants.
2. HR and Worker Compliance Checklist
Auditors will randomly check employee records to verify worker credentials. You must show evidence of:
- NDIS Worker Screening Check (NDISWC): Mandatory for all employees in risk-assessed roles. Check state databases to ensure clear clearance status.
- Worker Orientation Module: Certificates confirming all staff have completed the NDIS Commission's "Quality, Safety and You" module.
- Qualifications & Certifications: Current First Aid/CPR, driver's licenses, and professional registration certificates (such as AHPRA for therapists).
3. Policies and Operational Logs
A policy manual is not enough; you must prove your business actively follows it. Keep clear logs for:
- Incident Management System: Documenting all incidents, actions taken, and statutory notifications made to the NDIS Commission within the mandatory 24-hour/5-day windows.
- Complaints Register: Recording feedback from participants, investigating complaints, and showing clear resolution paths.
- Risk Management Register: Evaluating operational risks (e.g., lone support workers, participant falls) and listing mitigation controls.
4. Financial and Invoicing Audit Trail
Financial auditors examine how you manage participant funds. Ensure your bookkeeping meets the following criteria:
- Service Agreements: A valid, signed agreement for every client, explicitly matching the support categories and rates billed.
- Detailed Rostering Records: Timecards or GPS log data showing support workers were physically present during the hours claimed.
- Clear Separations of Funds: If you manage participant money or hold funds in trust, you must keep separate bank accounts with a clean reconciliation trail in Xero.
⚠️ Compliance Alert: Ensure all invoices state your business ABN, the participant's NDIS number, and the correct NDIS support item code. If an auditor finds discrepancies between your rosters, invoices, and PRODA claims, you may be required to refund the funds.
Audit Readiness Checklist
| Focus Area |
Required Evidence |
Status |
| Insurance Policies |
Public Liability ($20M) & Professional Indemnity |
[ ] |
| HR Files |
NDIS Worker Screening clearance & Orientation Module certificates |
[ ] |
| Service Delivery |
Signed Service Agreements & detailed shift progress notes |
[ ] |
| Financial Logs |
Xero invoices matching NDIS support codes exactly |
[ ] |
Get Audit Ready Today
Our CPAs and NDIS bookkeepers audit your financial records, clean up your billing structures, and ensure your business meets NDIS Commission standards.
Book an Audit Prep Session