Audit readiness

NDIS Audit Readiness Guide

NDIS audit readiness means maintaining traceable evidence, incident records, and compliance reports that meet audit requirements before the NDIS Commission requests them. Providers with organised documentation can demonstrate compliance without delays or gaps in evidence. Audit readiness forms a core component of your NDIS compliance system, requiring integration across NDIS incident management and NDIS evidence and reporting processes.

Audit requirements

What NDIS auditors look for during certification and compliance audits

NDIS Commission auditors expect evidence to be current, role-owned, time-stamped, and traceable. Auditors verify that governance, workforce, safeguards, and service quality documentation demonstrates continuous compliance rather than point-in-time preparation.

Governance & risk

  • Documented policies, delegated authority, and regular review cycles
  • Clear risk register with controls, owners, and review dates
  • Board or leadership oversight records for quality and safety

Worker suitability

  • Active worker screening and right-to-work checks
  • Role-based training, refreshers, and supervision notes
  • Coverage for high-intensity supports and clinical governance

Participant safeguards

  • Consent records, service agreements, and goal alignment
  • Complaint handling timeliness and closure evidence
  • Incident response, investigation, and corrective actions

Service quality

  • Progress notes linked to goals and outcomes
  • Schedule adherence and missed-visit handling
  • Feedback captured and used for service improvements

Audit failures

Common NDIS audit failures and how to prevent them

These patterns trigger non-conformances during certification and surveillance audits.

Unverifiable training and checks

Impact: Auditors cannot confirm staff are cleared and competent

Fix: Maintain dated evidence for screening, onboarding, refreshers, and supervision per role

Incomplete incident follow-up

Impact: Actions, notifications, or learnings are missing

Fix: Record actions, approvals, participant updates, and closure dates against each incident

Policies without proof of use

Impact: Procedures exist on paper but not in practice

Fix: Attach logs showing staff acknowledgments, drills, audits, and corrective actions

Weak evidence of participant choice

Impact: Auditors question consent, goal alignment, and involvement

Fix: Store consent trails, goal reviews, and communication records per participant

Reporting gaps

Impact: Data in systems does not reconcile with claims or service delivery

Fix: Run cross-checks between rosters, notes, billing, and notifications before audits

Required documentation

Evidence packs, incident records, and compliance reports for NDIS audits

Prepare these documentation packs before the NDIS Commission audit window opens.

Evidence to show

  • Latest policies, version history, staff acknowledgments, and review logs
  • Risk register with controls and sign-offs
  • Audit trails for changes to participant plans and service agreements

Incidents

  • End-to-end record: notification, investigation, actions, approvals, and participant updates
  • Timelines that match NDIS Commission reportable timeframes
  • Lessons learned and linked preventive actions

Reports

  • Training currency by role, location, and expiry
  • Worker screening status and gaps
  • Service delivery vs. claims vs. rosters variance
  • Complaints cycle times and closure rates

Audit preparation tools

Maintaining audit readiness with EMPWR Connect

Evidence collection, incident tracking, and compliance reporting without manual documentation.

Problem

Audit pack collection is manual and slow

Solution: One-click exports for policies, training, incidents, and service logs by site or program

Proof: Teams ship audit packs in under 30 minutes with pre-filtered evidence bundles

Problem

Incident follow-up loses accountability

Solution: Workflow with owners, due dates, and completion checks plus notifications to participants

Proof: Every incident shows a dated trail: actions, approvals, participant communications, and closures

Problem

Training and screening expire silently

Solution: Expiry tracking with alerts by role and location; evidence stored against each worker

Proof: Dashboards flag gaps before audits; exports include verification files and timestamps

Problem

Service evidence is fragmented across tools

Solution: Progress notes, rosters, claims, and communications linked to the same participant record

Proof: Auditors can trace a single visit from roster → note → claim → participant update without gaps