NDIS Audit Process & Audit Findings

ndis ndis registration Jun 24, 2020

Many NDIS providers going for an external audit wonder what will happen if the auditors find something wrong in the audit. What will be the consequences? Will they stop the audit? Will they refuse to recommend the organisation for approval or certification? Will they continue the audit?

Here are some hints about how audit findings work, when the auditors may stop audit, what nonconformities mean, and what you need to do about them.

What do the auditors do?

What happens in an audit is that the auditor takes a set of criteria, such as the NDIS Quality Indicator guidelines requirements, along with your policies and procedures, and gathers evidence to verify if the criteria are being met. Auditors are looking for verifiable evidence such as records, documents, policies, processes, service agreement and etc.

During the audit, the auditors will check the evidence to make sure that they meet all of the audited criteria to gather evidence and compare it to the criteria and determine if the criteria were met.

When the auditors stop audit?

The auditor must complete their assessment base on the criteria specified in the audit plan. Auditors have the right to stop the audit if there is no support from the business their auditing to accommodate their needs, for example, the audit guide, or the key staff not attending during the audit or refuse to share the required evidence with the auditor.

Also, the auditor can stop any audit and leave the site if they found the site is unsafe to stay. Auditors, like any other worker, have to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so. In this case, the auditor must leave the site immediately.

Apart From two above reasons, auditors continue their audit as per the provided audit plan and their report must include feedback on all criteria supposed to be audited.

Audit findings and their consequences

Providers coming into the scheme may not be equipped for the level of documentation required to meet the standards. If this is discovered at the time of the audit, businesses will receive non-conformities that can be useful for improvement purposes.

Generally, as the auditors progress through the audit, questions are asked about the evidence that links to the standards and stated requirements. If the evidence isn’t there or doesn’t meet the full intent of the element or mandatory requirement, then a non-conformity would be raised.

Pertaining to audit findings, the provider must address the non-conformities. there are two categorise of non-conformities; Major non-conformity and Minor nonconformity.

In the case of receiving minor non-conformities:

Certification maybe recommended where minor non-conformities have been identified, however, the NDIS Provider must demonstrate to the AQA evidence of an acceptable corrective plan, prior to the recommendation being made.

The corrective action plan must include the following:

  • Correction (how will you fix the non-conformance?)
  • Root cause analysis (why did the non-conformance occur?)
  • Corrective action (how will you fix the root cause of the non-conformance to prevent it from reoccurring?)
  • Timeframes and responsible people who will action the plan 

Minor non-conformities are required to be closed out within twelve (12) months of the assessment. Failure to close minor non-conformities within twelve (12) months of the date of issue will result in a major non-conformity being raised. 


In the case of receiving major non-conformities:

Major Non-Conformity’ prevents a certification.

Things you should do to back to the certification track:

Major Non-conformances are raised where the provider is unable to demonstrate quality and safety system process meet the outcomes and indicators of the applicable NDIS Practice Standards and/or the gaps present a high risk. Three (3) Minor Non-Conformances within the same module may also constitute a Major Non-Conformance.

All major non-conformances must be closed out before a recommendation is made to the NDIS Commission for initial certification, continued certification or renewal. Where the major non-conformance does not place a participant at risk of significant harm, the NDIS provider is required to:

Submit a corrective action plan to the audit team leader within five (5) days of the assessment. The plan must meet include the information and be accepted by the audit team leader.

Undergo a “follow-up audit” of the implemented corrective action plan within three (3) months to close out or downgrade the non-conformance(s).

Follow up audits (only for the major non-conformity)

By definition, a Follow-up Audit is an audit designed to evaluate the effectiveness of corrective action. The Follow-up Audit is the evaluation of the adequacy, effectiveness, and timeliness of actions taken by management or responsible organisation on reported observations and recommendations, including those made by auditors.

The AQA may conduct the follow-up audit remotely or onsite. This is determined based on the complexity and nature of the non-conformance. Any costs associated with a follow-up audit, are the responsibility of the organisation undergoing the audit. These can be negotiated and are not included in the initial quote.

What should you do as a provider?

As a provider, you should not have the fear to get audit non-conformities. Auditors must complete their assessment as per specified criteria and their reports indicate your organisation compliance against the assessed criteria. The auditor reports are highlighting compliance and non-conformities. You must prepare your organisation to avoid any non-conformity. you may consider the internal audit as one of the most effective ways to ensure your preparedness but non-conformities are normally unavoidable due to many known and unknown reasons.

Knowing the fact the audit non-conformities are part of an auditing process. Get yourself familiar with the audit non-conformity categorise and follow the process as instructed above. verify such steps prior to any audit with your AQA.


Who We Are

LMS TRG is an Exemplar Global Recognised Training Provider for courses in Management Systems Auditing. We come together from various specialist backgrounds to produce unique online learning experiences. Our team is composed of auditors, management systems consultants and providers, with over fifteen years of experience in delivering high-level quality training. We were founded with the policy of being pioneers in fully online and smart training solutions. To learn more click here.

Join The Community

Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.


50% Complete

You are almost there! 

Kindly complete the form below and confirm your email address. We will keep you updated with news, articles and promotions.