A Guide for Meeting Timeframes for NDIS Audit Non-Conformities

NDIS providers or organisations looking to become registered NDIS providers must undergo an NDIS audit. The time required to conduct an NDIS audit varies depending on the audit type. For example, a verification audit may only take half a day, while a certification audit could require multiple auditors and several days to complete.

Most organisations require information and support for the non-conformity part of auditing and reporting. Understanding audit non-conformities is important for NDIS providers because they indicate compliance with the National Disability Insurance Scheme.

The auditee is responsible for providing corrective actions to address any identified audit non-conformities. There are specific timeframes that NDIS providers should adhere to when sending their proposed corrective actions to the AQAs (Approved Quality Auditors). Your auditor will typically explain these timeframes during the opening and closing meetings. 

After the completion of an audit, the auditor will follow up the on the auditee’s proposed corrective actions to complete their report and recommend the NDIS provider to the AQA Technical Reviewer.

This post will outline the timeframes that must be met by both NDIS providers and Approved Quality Auditors throughout the auditing process.

Minor Non-conformity

1.  Definition

If the audit allocates a rating of 1, this is deemed a minor non-conformity. A minor non-conformity will require a corrective action plan to reduce the likelihood of any identified risks occurring or impacting participant safety. The corrective action plan must satisfactorily address the non-conformity before certification or verification can be recommended. Often the following situations exist concerning minor non-conformities:

• Evidence for an appropriate process (policy/procedure/guideline etc.), system or structure exists however, the required supporting documentation is lacking, or
• Documentation for a process (policy/procedure/ guideline etc.), system or structure is evident however, the provider needs to demonstrate an implementation review or evaluation.

2.  Timeframe to Send the Corrective Action Plan

Once written notification of a non-conformity has been provided, an NDIS provider must present a corrective action plan within seven (7) calendar days.

3.  Follow-up Audit

Not Applicable.

4.  Remark

Minor non-conformities are required to be closed out within eighteen (18) calendar months of the initial written notification at the mid-term or recertification audit stage.

Major Non-conformity

1.  Definition

If the audit allocates a rating of 0, this is deemed a ‘major non-conformity’. This occurs when an NDIS provider is unable to demonstrate appropriate processes, systems or structures to meet the required outcomes and therefore presents a high risk. Identifying three (3) minor non‑conformities within the same module may also constitute a major non‑conformity. The corrective action plan must satisfactorily address the non-conformity before certification or verification can be recommended.

2.  Timeframe to Send the Corrective Action Plan

Once written notification of a non-conformity has been provided, an NDIS provider must present a corrective action plan within seven (7) calendar days.

3.  Follow-up Audit

Yes, the identification of a major non-conformity requires a follow-up audit.

4.  Remark

In the event a major non-conformity is identified, the approved quality auditor (AQA) will undertake a desktop review of the implemented corrective actions within three (3) calendar months of receiving the corrective action plan and, if necessary, conduct an onsite follow-up.

The above timeframes are provided in the National Disability Insurance Scheme AQA Guidelines. In some instances, your organisation may not be able to adhere to the given timeframe and your proposed corrective action may not be ready within the required seven-day period. In this situation, you should contact your auditor (AQA) to inform them of the delay and provide an update on a new delivery timeframe. It is important to remember that you can change your proposed plan at a later stage with valid justification. It is suggested you notify your AQA if any changes impact your initial proposed action due date.

Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia, with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.