What an NDIS auditor actually looks for

Most providers don't fail an NDIS audit because their service is poor. They fail or scramble through it because the evidence is scattered, out of date, or missing entirely when the auditor asks for it. The standards haven't changed overnight; the problem is almost always that proof of compliance lives in someone's inbox, a shared drive, and three different spreadsheets.

Understanding what an approved quality auditor is actually assessing turns the audit from a guessing game into something you can prepare for deliberately. Here's what they're looking at, and where providers most often come unstuck.

They assess evidence, not intentions

A registered provider is audited against the NDIS Practice Standards, and the auditor's job is to collect evidence that those standards are being met in practice not just written into a policy. That evidence is expected to be proportionate to the size and scale of your organisation, and auditors deliberately draw on multiple sources to corroborate your claims: information directly from participants, input from family or advocates with participant consent, documented support plans, and records of the supports actually delivered.

In other words, a policy on the shelf isn't evidence. The auditor wants to see the policy and the records that show it's being followed.

Key points

Auditors check evidence against the NDIS Practice Standards and expect it proportionate to your size and scale
They corroborate claims across multiple sources: participants, advocates, support plans, and delivery records
Each outcome is scored on a conformity scale, and a single major non-conformity can preclude certification
Certain critical risks must be reported to the Commission immediately even mid-audit
Audit reports are submitted to the Commission within strict timeframes after the audit completes

Every outcome gets a rating and one rating matters most

Auditors don't give a single pass/fail. They assess each outcome within the applicable Practice Standards and assign a rating, and they can only recommend certification where a provider demonstrates that all criteria are being met at the level of "Conformity," as defined in the Approved Quality Auditors Scheme. Minor non-conformities can sometimes be worked through if you've already got an acceptable corrective action plan in place before the recommendation is made.

But there's a hard line. A rating of "0 – Major Non-Conformity" precludes certification outright. That's the single most important thing to understand about audit scoring: it isn't an average. One major gap in the wrong place doesn't lower your score it stops your certification. A rating of "0 – Major Non-Conformity" shall preclude a certification.

National Disability Insurance Scheme (Approved Quality Auditors Scheme) Guidelines 2018

Some things get reported the moment they're found

Auditors aren't only assessing they're also a safeguarding mechanism. If a critical risk relating to criminal acts or child protection is identified, the auditor must notify the Commission and any relevant authorities (such as police) immediately. For other critical risks, the auditor must notify the Commission within 24 hours.

This is worth sitting with: the audit is not a closed-door exercise where problems stay between you and the auditor. Serious risks leave the room straight away.

The clock keeps running after the audit ends

Once the audit is complete, the auditor's report goes through independent review and is then submitted to the Commission within set timeframes no more than 28 calendar days for a certification audit, and no more than 14 calendar days for a verification audit. The Commission, not the auditor, then makes the registration decision.

For you, that means the audit doesn't really "end" when the auditor leaves. The evidence you produced is what gets written up and sent on, so gaps you papered over on the day don't quietly disappear.

How to actually be ready

The pattern in all of this is simple: the audit rewards providers whose evidence is current, connected, and producible on request. That's hard to fake in the final week and easy to maintain if your compliance lives in one place that stays up to date.

Practically, being ready means knowing before the auditor does which standards you can evidence, which documents have gone stale, which worker clearances are about to lapse, and which outcomes are at risk of a non-conformity. That's exactly the picture Practiso keeps live for you, so "are we audit-ready?" becomes a number you can check, not a question you dread.

See where your compliance stands →