An NDIS mid-term audit is a mandatory surveillance audit that certification-pathway providers must complete within 18 months of their registration date, as shown on their certificate of registration. It is a formal check-in carried out by an approved NDIS quality auditor to confirm your organisation still meets the NDIS Practice Standards and continues to deliver safe, quality supports. Completing it on time is a condition of keeping your registration — miss the due date and you risk losing your ability to deliver NDIS supports.
If your mid-term audit is on the horizon, the short version is this: it is smaller than your initial certification audit but works the same way. An external auditor samples your evidence against the Practice Standards, interviews staff, and may seek participant feedback, then reports the result to the NDIS Quality and Safeguards Commission. This guide explains exactly what to expect, who it applies to, what auditors look at, and a week-by-week way to prepare so there are no surprises.
What is an NDIS mid-term audit?
The mid-term audit is a surveillance audit that sits roughly halfway through your three-year registration cycle. Its purpose is to verify that the systems you demonstrated at your certification audit are not just written down but actually working in practice — that you have implemented them and are maintaining ongoing compliance with the NDIS Practice Standards and the associated Quality Indicators.
It is conducted by the same kind of approved quality auditor that runs your certification and renewal audits. Importantly, the mid-term audit does not replace your three-year renewal audit; it is an interim checkpoint between the two. Think of certification as the full exam at the start and end of the cycle, and the mid-term as a progress review in the middle to catch drift before it becomes a problem.
Who needs a mid-term audit?
Only providers on the certification pathway need a mid-term audit. Your pathway is set by the supports you are registered to deliver:
- Certification pathway — providers delivering higher-risk or more complex supports (for example Supported Independent Living, high-intensity daily personal activities, or behaviour support). These providers are assessed against the full Core Module plus any relevant supplementary modules, and they must complete a mid-term audit.
- Verification pathway — providers delivering lower-risk supports. Verification providers are not required to complete a mid-term audit; they undergo a lighter assessment at initial registration and renewal only.
If you are unsure which pathway applies to you, check your certificate of registration and your registration groups. If you are still weighing the two, our guide to NDIS certification vs verification audits breaks down exactly which one applies to your supports.
When does the mid-term audit happen?
You must undertake the mid-term audit within 18 months from the date of registration shown on your certificate of registration. The due date is tied to your certificate, not to a calendar quarter, so the timing is specific to your organisation. Two practical points matter here:
- 1Book early. Approved quality auditors have limited availability, and you need enough lead time to schedule the audit and close any gaps beforehand. Start arranging it several months out, not weeks.
- 2The deadline is firm. Completing the mid-term audit by its due date is a condition of maintaining your registration. Missing it can put your registration at risk, so treat the date as non-negotiable and diarise it the moment you register.
What does the mid-term audit assess?
The mid-term audit checks continued conformity with the NDIS Practice Standards. Rather than re-examining everything from scratch, the auditor samples across the four divisions of the Core Module and any supplementary modules that apply to your supports. Those four divisions are:
- S1 — Rights and Responsibilities: person-centred supports, privacy and dignity, independence and informed choice, and freedom from violence, abuse, neglect and exploitation.
- S2 — Governance and Operational Management: your governance arrangements, risk management, quality management, human resource management and continuity of supports.
- S3 — Provision of Supports: how supports are accessed, assessed, planned and delivered, and how they are reviewed with participants.
- S4 — Support Provision Environment: the safety and suitability of the environment, including where relevant mealtime management, safe delivery of medication, and management of waste.
A crucial clarification: S1–S4 are the four divisions of the NDIS Practice Standards Core Module — they are not incident-severity ratings. Auditors assess your organisation against the Quality Indicators sitting under each division, looking for evidence that your policies are current, understood by staff, and applied consistently in day-to-day practice.
What auditors typically look at
- Current, version-controlled policies and procedures with in-date review dates
- Evidence of implementation — records, not just documents, showing your systems are used
- Incident and complaints records, including whether reportable incidents were notified to the Commission within the required timeframes
- Worker records — screening clearances, inductions, training and supervision
- Participant records — service agreements, support plans, consent, and evidence of review
- Continuous improvement — how you act on feedback, incidents and internal reviews
Internal readiness vs the external audit
It is worth being precise about what you control and what you do not. Your internal audit and self-assessment — the work you do to check your own evidence against the Practice Standards — is entirely within your control and is where preparation pays off. The mid-term audit itself is the formal external assessment by an approved NDIS quality auditor, and only that auditor can determine the result. No amount of software or self-assessment replaces the external audit; what good preparation does is make sure the external auditor finds a well-run, evidenced organisation rather than gaps.
AuditCore runs an internal audit against the NDIS Practice Standards, flags every gap, missing document and overdue review in plain language, and keeps your evidence mapped to S1–S4 — so your mid-term audit is a formality, not a scramble.
Scan your evidence against S1–S4 before the auditor does →How to prepare: a week-by-week checklist
The providers who sail through mid-term audits are the ones who never let their evidence go stale. If yours has drifted since certification, here is a practical four-week run-up once your audit is booked.
Weeks 6–4 before: self-assessment
- Run a full internal audit against each Practice Standard division (S1–S4) and any supplementary modules for your supports.
- List every gap: missing evidence, expired policies, overdue reviews, and training that has lapsed.
- Confirm your registration groups still match the supports you actually deliver.
Weeks 4–2 before: close the gaps
- Update and re-date any policies past their review date, and record who approved them.
- Reconcile incident and complaints registers; confirm reportable incidents were notified within the 24-hour and 5-business-day timeframes.
- Check every worker's screening clearance, induction and mandatory training is current and filed.
Weeks 2–0 before: final readiness
- Brief your team on what to expect and how to speak to the evidence they own.
- Assemble participant records — service agreements, support plans, consent and reviews — so nothing is hunted for on the day.
- Do a final walk-through of your environment against S4, including mealtime and medication management where they apply.
What happens if you find non-conformances?
If the auditor identifies non-conformances, they are recorded as minor or major, and you will be asked to address them through a corrective action plan within a set timeframe. Minor non-conformances typically require you to show a plan and evidence of rectification; major non-conformances are more serious and can escalate to the Commission if not resolved. The goal of your own preparation is to find and fix these issues before the auditor does — an internal review that surfaces a gap two weeks out is a quiet fix; the same gap found on audit day is a formal finding. For a deeper look at handling findings, see our guide on what happens if you fail an NDIS audit.
Frequently asked questions
How long does an NDIS mid-term audit take?
It is generally shorter than your initial certification audit because it is a surveillance check rather than a full assessment. The exact duration depends on your size, the number of registration groups and supports you deliver, and how many participants and staff the auditor samples. Your approved quality auditor will confirm the scope and time required when you book.
Is the mid-term audit the same as certification?
No. Certification is the full audit you complete at initial registration and again at three-year renewal. The mid-term audit is a lighter, interim surveillance audit at around 18 months that confirms you are maintaining compliance between those two points. It samples your evidence rather than re-examining everything.
What happens if I miss my mid-term audit deadline?
Completing the mid-term audit by its due date is a condition of maintaining your NDIS registration. Missing the deadline can put your registration at risk, up to and including loss of registration. If you realise you cannot meet the date, contact your approved quality auditor and the NDIS Commission as early as possible rather than letting the deadline pass.
Does verification-pathway registration require a mid-term audit?
No. Only certification-pathway providers — those delivering higher-risk or complex supports — are required to complete a mid-term audit. Verification-pathway providers undergo assessment at initial registration and renewal only.
The bottom line
The NDIS mid-term audit is not a hurdle to fear — it is a checkpoint that rewards providers who keep their evidence current all year rather than cramming before each cycle. Know your due date (within 18 months of registration), book your approved quality auditor early, run an honest internal audit against S1–S4, and close every gap before the auditor arrives.
AuditCore is built for exactly this rhythm: continuous internal audits mapped to the NDIS Practice Standards, plain-language gap analysis, and evidence kept audit-ready between cycles — so your mid-term audit is a confirmation of good practice, not a fire drill.

