NDIS Practice Standards Audit Checklist for Australian Providers

Preparing for an NDIS audit can feel overwhelming, particularly when your organisation delivers multiple support types across different registration groups. The NDIS Practice Standards form the backbone of quality auditing in Australia, and understanding exactly what auditors look for gives you a significant advantage when it comes to compliance readiness.

This checklist is designed for operations managers and compliance leads at registered NDIS providers. Work through each section methodically — ideally three to six months before your scheduled audit — so you have time to address gaps without scrambling.

Core Module: Rights and Responsibilities

Every registered NDIS provider must meet the Core Module regardless of which supports they deliver. Auditors will assess whether your organisation genuinely upholds participant rights rather than simply having a policy on paper.

• A current participant handbook written in plain English (and accessible formats where required)
• Documented processes for obtaining and recording informed consent for each support type
• A complaints and feedback policy that is actively promoted to participants and their families
• Evidence that participants receive the NDIS Code of Conduct information at intake
• Records showing staff have completed NDIS Worker Orientation Module training
• Policies covering privacy, confidentiality, and information sharing consistent with the Privacy Act 1988
• A current and accessible service agreement template reviewed in the past 12 months

Governance and Operational Management

Auditors scrutinise whether your leadership and governance structures support safe, high-quality service delivery. This section catches many providers off guard because the evidence required is documentary and systematic.

• Board or management committee meeting minutes demonstrating active oversight of quality and safety
• An organisational risk register that is reviewed and updated at least annually
• Documented business continuity and emergency management plans
• Financial management policies including fraud prevention controls
• Current insurance certificates: public liability (minimum $20M), professional indemnity, workers compensation
• A conflicts of interest policy with a register of declared interests
• Documented roles, responsibilities, and supervision arrangements for all staff

Workforce Management and Screening

Workforce compliance is one of the most heavily weighted areas of any NDIS audit. A single lapsed worker screening check or an undocumented staff induction can create a non-conformance finding.

• A live register of all staff and volunteers showing NDIS Worker Screening Check clearance numbers and expiry dates
• Evidence of pre-employment reference checks and identity verification
• Documented induction records including the NDIS Code of Conduct and mandatory reporting obligations
• Training register showing completion dates for mandatory modules
• Performance review records conducted within the required timeframes
• Documented processes for managing allegations of abuse, neglect, or exploitation against workers

Incident Management and Reportable Incidents

The NDIS Commission requires registered providers to have a documented incident management system and to report certain incidents within strict timeframes. Auditors will sample your incident register and trace individual incidents through your process.

• An incident management policy distinguishing between internal incidents and NDIS reportable incidents
• Evidence that all staff know how to identify and report incidents
• Incident register with dates, actions taken, and closure notes
• Records of reportable incidents submitted to the NDIS Commission via the provider portal
• Root cause analysis documentation for serious incidents
• Evidence of learnings communicated back to the workforce

Supplementary Modules

Depending on your registration groups, you may also be audited against supplementary modules covering Specialist Supports in Supported Independent Living, Behaviour Support, High Intensity Daily Personal Activities, and Early Childhood Supports.

Using Technology to Maintain Audit Readiness Year-Round

The most effective compliance programmes treat audit readiness as a continuous process, not a once-every-three-years sprint. Platforms like CareIQ centralise your incident logs, worker screening records, staff training registers, and clinical documentation in a single system — meaning you can pull audit evidence in minutes rather than days.

Ready to streamline your NDIS operations? Start your free CareIQ trial — built for Australian care providers.