Stage 1 and Stage 2 Audits – A Practical Guide for NDIS Providers

The NDIS audit process for certification is typically divided into two parts, and if you're a current or aspiring NDIS provider, you've probably come across the terms Stage 1 and Stage 2 audit. But unless you've been through the process before, it can be hard to understand what each stage actually involves; and how to prepare for them.  

This blog breaks down in simple terms these two key phases of the NDIS certification audit process. Whether you're just starting out or preparing for re-certification, understanding the difference between Stage 1 and Stage 2 audits will help you feel more confident and in control.

What is a Stage 1 Audit?

Stage 1 is initial evaluation of your organisation's management system, essentially a readiness check. It’s where auditors take a first look at your business on paper to see if you're set up to meet the NDIS Practice Standards. This part of the process is usually done remotely and focuses on reviewing your documentation, things like your policies and procedures, staff qualifications, worker screening checks, and any templates or forms you plan to use with participants.

If you’ve applied to deliver more complex services, such as high intensity daily personal activities, the auditor will also want to see evidence that your key personnel have the right qualifications; for example, a current AHPRA registration if you're offering nursing supports.

You’ll also have a brief online meeting with the auditor, where they’ll introduce themselves and get a general understanding of your organisation and the services you plan to deliver. This conversation is usually informal and gives you a chance to explain your business in your own words. It’s not about being perfect, it’s about showing that you’ve got the foundational systems in place and are taking your responsibilities seriously.

At the end, you’ll receive a Stage 1 report. If there are any gaps or concerns, the auditor will outline them and give you a chance to address them before moving forward.

What Happens in a Stage 2 Audit?

Stage 2 is the subsequent phase, focusing on the practical application of your systems. It should take place within three months of the completion of Stage 1, but it typically occurs at least one week after the Stage 1 audit. This part of the audit is conducted in person and is all about assessing whether you're not just prepared on paper, but actually understand and are ready to implement your policies and procedures.

You’ll usually meet with the auditor face-to-face, either at your office (if you have one) or at a neutral location like a meeting room or library. Over the course of around four hours, or sometimes even multiple days (depending on your organisation’s size and complexity), the auditor will talk to you and your team to see how well you understand and aim to apply the NDIS Practice Standards in your day-to-day operations. The Auditors will also re-assess documentation, especially any areas highlighted as concerns in Stage 1.

They may ask how you onboard participants, how you manage risks and incidents, how you ensure informed consent is obtained, how you uphold participant rights and etc. If you're already got participants, the auditor will also review your participant files. That means they’ll be looking at completed intake forms, service agreements, consent records, support plans, progress notes, and anything else relevant to the supports you're delivering. These documents must not only be readily accessible, they also need to be up-to-date, complete and compliant. 

If the auditor finds any non-conformities during Stage 2, the outcome depends on how serious they are. Minor non-conformities can be addressed with a Corrective Action Plan, which gives you up to 18 months to make improvements. But if a major non-conformity is identified, or three minor non-conformities in the same module that will escalate into a major non-conformity, you’ll need to undergo a separate close-out audit within 90 days before you can be recommended for certification to the NDIS commission.

It’s worth noting that these stages only apply to certification audits, which are required for providers delivering higher-risk or more complex services. If you’re delivering lower-risk supports, like plan management or therapy, you may only need a verification audit, which is simpler and usually completed as a desktop review.

Final Thoughts

At LMS TRG, we support providers through every step of this journey; from preparing documents and policies to training your team and helping you get audit-ready. If you're feeling unsure about what to expect or what’s required, you’re not alone and we’re here to help.

Want to feel more confident heading into your next audit? Get in touch for a free, no obligation consultation call about how we can support you.