"Failing" an NDIS audit does not usually mean losing your registration. It means your auditor has identified non-conformances — areas where your organisation does not meet the NDIS Practice Standards — and you must fix them within a set timeframe. AuditCore's Internal Audit AI is designed to find these issues before your external auditor does, so you can fix them on your own terms.
The Non-Conformance Journey — Step by Step
| Step | What Happens | Your Timeframe |
|---|---|---|
| Audit Findings Issued | Your auditor identifies non-conformances and issues a draft report with findings listed | You receive the draft for review |
| Provider Review Period | You review findings, correct factual errors, and prepare your initial response | 10–15 business days |
| Final Report Submitted | Auditor finalises the report and submits to the NDIS Commission | 1–2 weeks after your response |
| Corrective Action Plan Due | You submit a CAP for each non-conformance — specific actions, owners, and target dates | 20 business days from final report |
| Follow-Up Audit Scheduled | An auditor returns to verify your CAP has been completed and the finding is resolved | 3–6 months after your CAP submission |
Types of Audit Findings
| Finding Type | What It Means | Timeframe to Respond |
|---|---|---|
| Major non-conformance | A significant failure to meet a Practice Standard requirement | 20 business days to submit a CAP; may trigger immediate action |
| Minor non-conformance | A partial failure or isolated gap in an otherwise compliant area | 20 business days; resolved at next audit |
| Opportunity for improvement | Not a failure — a suggestion to strengthen practice | No mandatory timeframe; good practice to address |
| Observation | A noted concern that is not yet a non-conformance | Monitor and address before next audit |
What Happens After a Non-Conformance
AuditCore identifies compliance gaps before your auditor does — giving you time to fix them. Our live audit readiness score tells you exactly where you stand at any point in time.
Check Your Audit Readiness →- 1You receive the draft audit report with findings listed
- 2You have 10–15 business days to review and respond
- 3The final report is submitted to the NDIS Commission
- 4You submit your corrective action plan (CAP) within 20 business days
- 5A follow-up audit is scheduled to verify your CAP is complete
- 6The Commission reviews everything and makes a registration decision
When Registration Is at Risk
Serious or repeated non-conformances can result in conditions being placed on your registration, a show cause notice from the Commission, or in extreme cases, suspension or revocation. These outcomes are rare and typically involve multiple unresolved findings, ignored corrective action deadlines, or systemic failures in participant safety. AuditCore's continuous monitoring is specifically designed to prevent this scenario by identifying issues before they become patterns.
What a Failed Audit Really Costs
- Re-audit fees: follow-up audit visits cost $2,000–$5,000 on top of your original audit fee
- CAP management time: preparing, submitting, and tracking corrective actions can consume 40–80 hours of management time
- Commission scrutiny: non-conformances trigger increased Commission oversight and may affect future registration decisions
- Reputational impact: audit findings can affect your relationships with LACs, plan managers, and participants choosing a provider
- Staff morale: the stress of an audit finding affects your team and can contribute to turnover in key compliance roles
- Missed service delivery: management time diverted to corrective actions is time not spent on growing and improving services
The Most Common NDIS Non-Conformances
- Support plans not linked to participant NDIS goals (S3)
- Worker screening checks expired or not on file (S2)
- Policies outdated or missing entirely (S2)
- Incident notification not made within five business days (S2)
- No evidence of governance oversight — meeting minutes, risk reviews (S2)
- Participant rights not documented or evidenced (S1)
- No business continuity plan or untested emergency management plan (S2, S4)
Four Steps to Avoid Failing Your Next Audit
- 1Run an internal audit now — use AuditCore's Internal Audit AI to identify gaps against all four Practice Standards before your external audit notification arrives
- 2Fix the findings before the auditor arrives — treat every internal finding as a real non-conformance and resolve it with documented evidence
- 3Brief your team — auditors interview workers; workers who understand their obligations and can speak confidently about practice make a significant difference
- 4Maintain evidence continuously — compliance is not a pre-audit scramble; organisations that maintain their evidence year-round consistently pass with no or minimal findings
If your audit finds issues, AuditCore's CI Register turns each finding into a tracked corrective action — giving the NDIS Commission documented evidence that you've responded appropriately.
See the CI Register →How AuditCore Prevents Non-Conformances
AuditCore runs a continuous internal audit against every NDIS Practice Standard indicator. When a gap is detected — a support plan missing goal links, an expired worker check, a policy overdue for review — it is flagged immediately, not discovered by an auditor six months later. The result is that providers using AuditCore consistently pass their external audits with no or minimal findings.