If the words “NDIS audit” make your stomach drop, you’re not alone. For most registered providers, audit season means weeks of digging through spreadsheets, chasing staff for missing documents, and hoping nothing slips through the cracks.
It doesn’t have to be that way. Audits reward providers who keep clean, continuous evidence — not the ones who scramble the week before. This checklist walks you through exactly what auditors assess across the four NDIS Practice Standards (S1–S4), and how to stay ready all year round.
First, know which audit you’re facing
- Verification audit — for lower-risk providers delivering a small number of registration groups. Lighter touch and document-based.
- Certification audit — for higher-risk supports (e.g. SIL, behaviour support). Includes a Stage 1 desktop review and a Stage 2 on-site assessment with participant interviews.
Knowing your pathway tells you how deep the evidence needs to go.
The NDIS audit checklist (S1–S4)
S1 — Rights and Responsibilities
- Participant consent records and service agreements are current and signed
- Privacy and dignity-of-risk policies are documented and followed
- Evidence that participants are informed of their rights, in accessible formats
S2 — Provider Governance and Operational Management
- Continuity of supports and risk management plans in place
- Incident management system with reportable-incident timeframes met
- Complaints handling records and evidence of resolution
- Human resource management: worker screening, qualifications, supervision
- Quality management system with internal audit evidence
S3 — Provision of Supports
- Person-centred support plans linked to participant goals
- Evidence of consent to the specific supports delivered
- Records showing supports are reviewed and adjusted over time
S4 — Support Provision Environment
- Safe environment and infection-control practices
- Where relevant: medication management, mealtime management, behaviour support and restrictive-practice reporting
How to actually stay audit-ready
- 1Stop treating audits as an event. The providers who pass calmly have a continuous evidence trail, not a last-minute one.
- 2Centralise your records. Spreadsheets and shared drives are where evidence goes to get lost. One source of truth means one place to prove compliance.
- 3Run internal audits regularly. Don’t wait for the external auditor to find the gaps — self-assess against S1–S4 on a rolling basis.
- 4Close incidents on time. Reportable-incident timeframes are a common failure point — track them automatically, not manually.
- 5Keep worker compliance live. Screening checks and training expire, and a single lapsed clearance can flag a non-conformity.
Turn audit prep from weeks into minutes
This is exactly why we built AuditCore. Instead of manually assembling evidence every renewal, AuditCore’s AI runs a full S1–S4 internal audit scan in under 60 seconds — flagging gaps in incidents, worker compliance, participant records and policies before an external auditor ever would. You stay audit-ready 24/7, not just the week before.
AuditCore runs a full S1–S4 internal audit scan in under 60 seconds, scoring your compliance posture and flagging gaps before your external auditor does.
See Internal Audit AI →Frequently Asked Questions
How often are NDIS audits required?
Registered providers are audited at registration, at a mid-term point (around 18 months), and at renewal (every 3 years) — plus any audit triggered by complaints or incidents.
What happens if you fail an NDIS audit?
Non-conformities must be rectified within set timeframes. Serious or unresolved issues can lead to conditions on your registration, suspension, or revocation.
How long does NDIS audit preparation take?
Manually, providers often spend weeks. With a continuous internal-audit system, prep drops to hours because the evidence is always current.
