By Jarrod, Editor
·
ProviderScout
·
Published 10 July 2026 · Last reviewed 10 July 2026 · 9 min read

Before you can register, you're assessed against the relevant NDIS Practice Standards through an independent quality audit conducted by an approved quality auditor. There are two types — verification and certification — and the Commission tells you which you need in your Initial Scope of Audit. The general rule is simple: lower-risk supports get a verification audit; higher-risk or more complex supports get a certification audit.

Verification audit — for lower-risk supports

A verification audit applies to providers delivering only lower-risk, lower-complexity supports and services. Many providers on this path already meet professional regulation — for example, allied health practitioners certified through AHPRA — so their competence is already monitored.

Mechanically it's lighter: you engage an approved quality auditor to complete a desktop review of documentary evidence against the required-documents guide. There's no two-stage onsite component. The auditor's report is submitted to the Commission up to 14 days after the audit is complete.

Certification audit — for higher-risk supports (including SIL)

A certification audit applies to providers delivering one or more higher-risk or more complex supports. Supported independent living sits here — it's a higher-risk support, which is precisely why it was brought into mandatory registration. Certification is a two-stage process:

  • Stage 1 — Desktop audit. The auditor requests information and evidence, usually off-site.
  • Stage 2 — Onsite audit. The auditor examines how you implement your policies in practice: reviewing records, visiting your sites, interviewing staff and participants, and observing supports being delivered. Stage 2 should happen within the 3 months after Stage 1.

Participants are enrolled in the audit on an "opt-out" basis, so you must notify them and let them decline. The certification report is submitted to the Commission up to 28 days after completion. Certification-audited providers also complete a mid-term audit around 18 months into their registration (preparation from the 12-month mark), focused on governance and operational management.

What the auditor is actually looking for

Both audit types test the same thing: whether your systems work in real life. Auditors move quickly from "what your policy says" to "show me an example" — incident reports traced from start to finish, staff files with current worker-screening clearances and training records, private participant interviews ("Do you feel safe? Do you know how to make a complaint?"), and observation of how supports are delivered. The message from the Commission's own audit walkthrough is consistent: an audit isn't about perfect paperwork, it's about demonstrating that participants are safe, respected and well supported every day.

How you're scored — the rating system

The audit report rates you against each Practice Standard and quality indicator on a four-point scale:

  • 3 — conforms with elements of best practice
  • 2 — conforms with the NDIS Practice Standards
  • 1 — minor non-conformity
  • 0 — major non-conformity

A major non-conformity (0) gives you 3 months to fix the issue, and your registration won't progress until it's addressed and the audit is successfully completed. A minor non-conformity (1) gives you longer and lets you continue the registration process in the meantime. A non-conformity isn't a "fail" — it means something needs correcting within a set timeframe.

How to choose (and check) your auditor

You engage the auditor and you pay — so choose deliberately. Approved quality auditors are accredited by JASANZ (the Joint Accreditation System of Australia and New Zealand), subject to Australian Consumer Law, and bound by the NDIS auditor guidelines and a code of conduct. Practical tips from the Commission's own guidance:

  • Get more than one quote and compare — the Commission doesn't set audit prices.
  • Ask questions to confirm the auditor suits your organisation and your registration groups.
  • Staying with the same auditor across your audit cycle can give more consistent audits and clearer feedback.

The audit cost is the main expense of registering — see how much NDIS registration costs for what drives it.

How to verify this information

The audit process is set out in full by the Commission — use it as the authority:

ProviderScout is an independent directory, not affiliated with the NDIA or NDIS Commission.

Frequently asked questions

Do SIL providers need a certification or verification audit?

Certification. A certification audit applies to higher-risk or more complex supports, and supported independent living is a higher-risk support — which is why it was brought into mandatory registration. Your Initial Scope of Audit from the Commission confirms the audit type for your specific registration groups.

What's the difference between a verification and a certification audit?

A verification audit is a lighter desktop review of documentary evidence, for lower-risk supports, with the report due up to 14 days after completion. A certification audit, for higher-risk supports, has two stages — a desktop (Stage 1) audit and an onsite (Stage 2) audit within the following 3 months, including site visits and staff and participant interviews — with the report due up to 28 days after completion.

What is a mid-term audit?

Providers who completed a certification audit generally undergo a mid-term audit around 18 months into their registration period (with preparation from about 12 months). It focuses on provider governance and operational management, plus any standards previously flagged for corrective action. It doesn't apply to SDA-only providers or certain early-childhood and transitioned providers.

What happens if the auditor finds a non-conformity?

It's not a fail. A major non-conformity (rated 0) gives you 3 months to fix the issue, and registration won't progress until it's resolved and the audit completed. A minor non-conformity (rated 1) gives you longer and lets you continue the process in the meantime.

Who regulates NDIS auditors?

Approved quality auditors are accredited by JASANZ (the Joint Accreditation System of Australia and New Zealand), are subject to Australian Consumer Law, and are governed by the NDIS (Approved Quality Auditors Scheme) Guidelines 2018 and an auditors' code of conduct. If you have concerns about an audit, raise them with the auditor first, then the audit firm, then JASANZ.

Related