When providers ask how long an NDIS audit takes, they usually mean one of two things: how long is the auditor on site, or how long is the entire process from notification to certification. The answer to both matters for planning your compliance calendar. AuditCore keeps your preparation continuous so that when the notification arrives, you are already ready.
The Six Key Stages of an NDIS Audit
| Stage | Typical Duration | What You Must Do |
|---|---|---|
| 1 — Notification | 4–8 weeks before audit | Confirm audit scope, assign an internal preparation lead, run your internal audit immediately |
| 2 — Document Submission | 1–2 weeks before desk review | Submit policies, governance records, and evidence portfolio to the auditor for desk review |
| 3 — On-Site Audit | 1–3 days | Host the auditor: facility walkthrough, staff interviews, participant file review, and live system checks |
| 4 — Analysis and Review | 2–4 weeks after on-site | Auditor analyses findings; respond promptly to any clarification requests during this period |
| 5 — Draft Report | 10–15 business days to respond | Review draft findings, correct factual errors, and submit your written response before the deadline |
| 6 — Final Report and Commission Decision | 4–12 weeks | Commission reviews the final report and issues your registration certificate, conditions, or requests further action |
The Full NDIS Audit Timeline
| Stage | Typical Duration | What Happens |
|---|---|---|
| Audit notification | 4–8 weeks before audit | Your approved quality auditor (AQA) sends a letter with the audit date and scope |
| Desk review | 1–3 weeks | Auditor reviews your documents remotely — policies, procedures, governance records |
| Site audit | 1–3 days | Auditor visits your premises, interviews staff, reviews participant files |
| Draft audit report | 2–4 weeks after site audit | Auditor sends you a draft report for comment |
| Provider response | 10–15 business days | You review and respond to findings |
| Final report | 1–2 weeks after response | Auditor finalises the report and submits to NDIS Commission |
| Commission decision | 4–12 weeks | Commission reviews and issues registration certificate or conditions |
| Total process | 3–6 months | From notification to certificate |
Certification vs. Surveillance Audits
AuditCore's Internal Audit AI prepares your evidence portfolio before your auditor arrives — reducing the evidence-gathering phase from weeks to hours.
See Internal Audit AI →Your first NDIS registration requires a certification audit — the full process above. After that, you face surveillance audits annually (for higher-risk providers) or every 18 months. Surveillance audits are shorter and focus on specific areas identified in your previous audit or based on complaints and incidents reported to the Commission. AuditCore tracks your audit cycle and alerts you when your next audit window approaches.
What Slows Audits Down
- Missing or outdated documents — auditors issue findings rather than wait for you to find them
- Incomplete participant files — auditors sample files and every gap is a potential finding
- Slow responses to auditor requests during the desk review phase
- Unresolved corrective actions from your previous audit
- Staff unavailable for interviews during the site visit
How AuditCore Reduces Preparation Time
Because AuditCore maintains your compliance continuously — not just in the weeks before an audit — the preparation phase shrinks dramatically. Instead of spending three to four weeks gathering evidence, reviewing policies, and checking worker records, AuditCore providers typically spend three to five days confirming that everything is already in order. The Internal Audit AI generates a full compliance report that mirrors what your auditor will check.