Audit & Compliance

NDIS Certification vs Verification Audit: Which One Applies to You

AT
AuditCore Team· NDIS Compliance
12 July 20267 min read
NDIS Certification vs Verification Audit: Which One Applies to You

Not sure whether you need an NDIS verification or certification audit? Learn how the NDIS decides your pathway, the mixed-pathway rule, and what's changing in 2026.

Choosing the wrong audit pathway is one of the most costly mistakes an NDIS provider can make. Understanding NDIS certification vs verification audit requirements up front tells you exactly what evidence to gather, how long the process will take, and whether an auditor will visit your site. This guide breaks down both pathways, how the NDIS Quality and Safeguards Commission decides which applies to you, and what is changing in 2026.

Quick answer: which NDIS audit do I need?

Your pathway is set by the registration groups you hold and the risk and complexity of the supports you deliver — not by your size or preference. In short:

  • Verification audit — a document-only desktop review for lower-risk, lower-complexity supports such as plan management, support coordination, and many therapeutic or allied-health supports. No site visit, no interviews.
  • Certification audit — a two-stage process including an on-site assessment, for higher-risk, more complex supports such as Supported Independent Living (SIL), high-intensity daily personal activities, specialist behaviour support, and early childhood.

One rule overrides everything: if any registration group you hold requires certification, your whole audit becomes a certification audit.

NDIS audit types at a glance

Here is how the two NDIS audit types compare across the dimensions that matter most when you are planning:

  • Risk and complexity — Verification: lower risk. Certification: higher risk and more complex.
  • Method — Verification: desktop/document review only. Certification: Stage 1 desktop review plus a Stage 2 on-site assessment.
  • Site visit — Verification: no. Certification: yes.
  • Interviews and observation — Verification: none. Certification: staff interviews, participant and family conversations, and direct observation.
  • Practice Standards — Verification: the lighter Verification Module. Certification: the full Core Module, plus any supplementary modules.
  • Example supports — Verification: plan management, support coordination, therapeutic supports. Certification: SIL, high-intensity personal activities, specialist behaviour support, early childhood.
  • Typical duration (approximate) — Verification: around 4–8 weeks with a narrower scope. Certification: longer, across two stages, plus a mid-term audit.

What is an NDIS verification audit?

An NDIS verification audit is a desktop review conducted entirely through documents. There is no site visit, no staff interviews, and no direct observation of supports being delivered. Instead, an approved quality auditor reviews the paperwork that demonstrates you can operate safely and competently.

Verification typically focuses on evidence such as:

  • Relevant worker qualifications and, where applicable, professional registrations
  • Insurance certificates, for example public liability and professional indemnity
  • Incident management, complaints handling, and risk management policies

Because the scope is narrower, verification is generally faster and less resource-intensive than certification. It applies to registration groups the NDIS considers lower risk, such as plan management, support coordination, and many therapeutic or allied-health supports. If everything you deliver sits in the verification category, you are assessed against the lighter Verification Module rather than the full Core Module.

What is an NDIS certification audit?

An NDIS certification audit is a two-stage assessment reserved for higher-risk and more complex supports. It goes well beyond documents.

  • Stage 1 — desktop review: the auditor examines your policies, procedures, and evidence to confirm your management system is designed to meet the relevant NDIS Practice Standards.
  • Stage 2 — on-site assessment: the auditor visits your organisation, interviews staff, speaks with participants and their families, and directly observes how supports are delivered in practice.

Certification tests whether your documented systems actually work day to day. It applies to supports such as SIL and assistance with daily life, high-intensity daily personal activities, specialist behaviour support, and early childhood. Providers on this pathway must meet the full Core Module, plus any supplementary modules that apply to their supports. For a deeper walkthrough of the evidence auditors expect, our NDIS audit checklist maps requirements to each standard.

How the NDIS decides your pathway (and the mixed-pathway rule)

So which NDIS audit do you need? The answer is driven by two things: the registration groups you hold and the risk and complexity attached to those supports. The NDIS Commission classifies each registration group, and that classification determines whether verification or certification applies.

The critical detail many providers miss is the mixed-pathway rule. If you hold a mix of registration groups and even one of them requires certification, your entire audit becomes a certification audit. You cannot split the process — completing verification for the simple parts and certification for the rest is not an option. This is why a provider that mostly delivers support coordination but adds a single higher-risk group can find themselves on the full certification pathway.

Because pathway assignment hinges on your exact registration groups, always confirm your scope before you budget or book an auditor. Getting this wrong is a common driver of unexpected cost and delay — our breakdown of how much an NDIS audit costs will help you plan realistically.

NDIS Practice Standards: Core Module vs Verification Module

The NDIS Practice Standards Core Module underpins the certification pathway. Certification providers must demonstrate compliance across all four Core Module areas:

  • Rights and Responsibilities — participant rights, privacy, dignity, and choice
  • Governance and Operational Management — leadership, risk, quality systems, and human resources
  • Provision of Supports — assessment, planning, and delivery of supports
  • Support Provision Environment — safe environments, equipment, and infection control

On top of the Core Module, supplementary modules apply when you deliver certain supports — for example High Intensity Daily Personal Activities, Specialist Behaviour Support, Early Childhood, and Specialist Support Coordination. Each supplementary module is triggered by the relevant registration groups and adds targeted requirements.

Verification providers, by contrast, are assessed against the lighter Verification Module, which is why the evidence burden is comparatively smaller. Regardless of pathway, consistent, well-organised evidence is what separates a smooth audit from a stressful one — our NDIS audit evidence guide explains how to structure it.

Timeline and effort: how the two pathways compare

Verification is usually the quicker route. With a narrower scope and no site visit, many providers complete verification in roughly 4–8 weeks. Treat this as approximate — actual timing depends on your auditor, your readiness, and your scope.

Certification takes longer by design. You complete Stage 1, then coordinate the on-site Stage 2 assessment, which requires scheduling staff, participants, and observation. Certification also carries an ongoing obligation the verification pathway does not: an NDIS mid-term audit at roughly the 18-month point of the three-year registration cycle. This surveillance audit checks that you have maintained compliance since certification.

The practical takeaway is that certification is not a single event but a continuous readiness commitment. If your on-site assessment is approaching, our guide on how to prepare for an NDIS audit in 30 days can help you focus your final push.

2026 mandatory registration for SIL and platform providers

A significant change is coming. From 1 July 2026, providers delivering Supported Independent Living (SIL) and NDIS digital platform providers must be registered. Unregistered providers may continue operating only if they apply to register by 1 October 2026.

This matters for pathway planning because SIL is a higher-risk support, which places it firmly on the certification pathway. If you deliver SIL and are not yet registered, the NDIS SIL audit 2026 deadline means you should begin building audit readiness now rather than waiting. The NDIS mandatory registration 2026 changes give a short window, but certification takes time — especially the on-site stage. Providers new to SIL registration should review our NDIS SIL provider compliance guide to understand the obligations involved. Significant penalties apply for operating outside registration requirements per the NDIS Commission, so plan your timeline conservatively.

Common mistakes providers make

  • Assuming verification when a held group requires certification. Providers look at their main service and forget the mixed-pathway rule — one certification-level group tips the whole audit into certification.
  • Thin or inconsistent evidence. Policies that exist on paper but are not reflected in day-to-day records fail quickly under scrutiny, particularly during on-site interviews and observation.
  • Treating audit prep as a one-off. Compliance is continuous; scrambling before an audit (or the mid-term audit) leaves gaps. Knowing what happens if you fail an NDIS audit is a strong motivator to keep evidence current year-round.

AuditCore scans your evidence against Practice Standards S1–S4 in about 60 seconds and flags every gap in plain language — so whether you are on the verification, certification, or mid-term audit pathway, your documentation is already in order.

Stay audit-ready with AuditCore

Frequently asked questions

What is the main difference between an NDIS verification and certification audit?

A verification audit is a document-only desktop review with no site visit or interviews, used for lower-risk supports. A certification audit adds an on-site Stage 2 assessment with staff interviews, participant conversations, and direct observation, used for higher-risk, more complex supports.

Which NDIS audit do I need if I hold multiple registration groups?

Apply the mixed-pathway rule: if any single registration group you hold requires certification, your entire audit is a certification audit — even if most of your other groups would only require verification.

Does a verification audit include a site visit?

No. Verification is conducted entirely as a desktop review of your documents, such as qualifications, insurance, and your incident, complaints, and risk policies. On-site visits only occur in the certification pathway.

What is the NDIS mid-term audit?

The mid-term audit is a surveillance audit that applies to certification providers at roughly the 18-month point of the three-year registration cycle. It confirms you have maintained compliance with the NDIS Practice Standards since your initial certification.

Do SIL providers need certification in 2026?

Yes. SIL is a higher-risk support on the certification pathway. From 1 July 2026, SIL and NDIS digital platform providers must be registered, with unregistered providers able to keep operating only if they apply to register by 1 October 2026.

Getting audit-ready — and staying that way

Whether you fall under the NDIS certification vs verification audit pathway, the providers who pass smoothly are the ones treating compliance as an ongoing discipline rather than a last-minute project. Confirm your registration groups, map them to the correct pathway, and keep your evidence complete and consistent between audit cycles.

AuditCore helps NDIS providers maintain continuous audit readiness with structured, always-current evidence management — so when your verification, certification, or mid-term audit comes around, your documentation is already in order.

Ready to simplify NDIS compliance?

AuditCore automates incident management, internal audits, and compliance tracking for Australian NDIS providers.

Book a Free Demo