Skip to main content
Audit ReadinessCompliance

The most common NDIS audit findings and how to fix them

May 30, 2025August 20th, 2025
The most common NDIS audit findings and how to fix them

Keeping up with NDIS compliance can feel like a big task, especially when it comes to audits, a key compliance checkpoint. Whether you’re new to the sector or have been delivering services for years, the NDIS auditing process can still catch you off guard. 

Often, they’re not about doing the wrong thing; they’re about small gaps in documentation, unclear processes, or practices that lack proper documentation. These kinds of non-conformities are common, but they’re also manageable once you know what to look for. 

In this blog, we’ll walk through the most common NDIS audit findings, explain what they mean and offer practical ways to fix them. 

What is an NDIS audit?

An NDIS audit is designed to check whether your organisation is meeting the NDIS Practice Standards. It’s a structured way to audit NDIS providers against key requirements. Approved quality auditors review your systems, documentation and day-to-day practices, helping to ensure that the services you provide are safe, effective and aligned with participant needs.

There are two main types of NDIS audits, depending on the size and risk level of your organisation:

  • Verification audits are designed for lower-risk providers and focus on key areas, including qualifications, safety, and record-keeping. 
  • Certification audits are more comprehensive and apply to providers offering more complex or higher-risk supports. These audits encompass both a review of your policies and an on-site assessment of how those policies are implemented in practice.

At the end of an audit, you’ll receive one of several outcomes:

  • Conformity means your organisation meets the standards. 
  • A minor non-conformity might mean a process exists but isn’t followed consistently. 
  • A major non-conformity points to missing processes or higher-risk issues.
  • A notifiable non-conformity involves a serious risk to participants or a legal breach and must be reported to the NDIS Commission.

Most common NDIS audit findings and what they mean

Incomplete or generic documentation

  • What it means: Policies exist, but don’t match actual practice or are too generic.
  • What auditors look for: Clear, tailored policies and procedures that match what happens in your organisation.
  • Why this causes a finding: If documentation is too generic or doesn’t reflect your day-to-day operations, auditors can’t confirm that you’re meeting the Practice Standards in a meaningful way.
  • Example: A provider uses template policies downloaded online without adapting them to their own services or staff structure.

Lack of staff training records

  • What it means: Missing or outdated evidence of training, continuing professional development (CPD) or qualifications.
  • What auditors look for: Up-to-date evidence of staff qualifications, ongoing training and professional development.
  • Why this causes a finding: Missing or outdated records can raise concerns about whether staff are equipped to provide safe, quality care.
  • Example: Training is delivered informally, but there’s no record of who completed it or when.

Weak participant engagement

  • What it means: Participants aren’t involved in planning or reviews.
  • What auditors look for: Evidence that participants are actively involved in planning and reviewing their supports.
  • Why this causes a finding: Participant involvement is a key part of person-centred care. If it’s not documented, auditors may question whether it’s happening.
  • Example: Support plans are created by staff, with little input from the participant or their representative.

Inadequate service agreements

  • What it means: Agreements missing required clauses or not tailored.
  • What auditors look for: Service agreements that include all required elements and reflect the individual’s needs.
  • Why this causes a finding: Missing or vague information can lead to misunderstandings about responsibilities, costs or supports.
  • Example: Agreements don’t include cancellation terms, exit processes or participant rights.

Complaints management gaps

  • What it means: No clear process for tracking, reviewing or learning from complaints.
  • What auditors look for: A clear and accessible complaints process, with evidence that complaints are reviewed and lead to improvements.
  • Why this causes a finding: Without a consistent approach, complaints may not be handled fairly or used as an opportunity to improve services.
  • Example: Complaints are managed verbally with no records kept or follow-up actions documented.

Poor risk and incident reporting

  • What it means: No evidence of review or preventive action.
  • What auditors look for: Systems for identifying, recording, managing and learning from risks and incidents.
  • Why this causes a finding: Without proper review or follow-up, there’s no assurance that steps are being taken to reduce harm or prevent repeat incidents.
  • Example: An incident report is completed but not reviewed by management, and no action is taken.

Technology or record-keeping issues

  • What it means: Outdated systems, poor version control or no audit trail.
  • What auditors look for: Reliable systems with clear version control, audit trails and secure storage of participant information.
  • Why this causes a finding: Disorganised or outdated systems make it hard to demonstrate compliance or trace changes over time.
  • Example: Policies are stored in multiple places with no indication of which version is current.

Understanding the severity of NDIS non-conformities

Not all audit findings are treated the same. When an auditor identifies a non-conformity, they assess its severity based on the potential impact on participants and the systems your organisation has in place. 

Understanding the difference between minor, major and notifiable non-conformities can help you respond appropriately and within the required timeframes. Here’s what NDIS providers need to know:

Minor non-conformity

A minor non-conformity means that a relevant process or system exists, but it hasn’t been implemented fully or consistently. These types of findings often indicate gaps in training, record-keeping, or documentation.

For example, you have a complaints policy, but there’s no clear evidence that complaints are being logged or reviewed in practice.

Major non-conformity

A major non-conformity means that a required process is missing altogether or that the issue poses a higher risk to participants. These findings are more serious and need urgent attention.

For example, your organisation doesn’t have a system in place to track incidents or report serious events to the NDIS Commission.

Notifiable non-conformity

This is the most serious category and must be reported to the NDIS Commission. A notifiable non-conformity involves a breach of legislation or a significant risk to participant safety.

For example, there’s evidence of abuse or neglect, or your organisation has failed to act on a known risk.

If a non-conformity is identified during the NDIS auditing process, you’ll be required to submit a corrective action plan within seven days. This plan outlines how you intend to fix the issue and prevent it from recurring. 

The timeframe for addressing the non-conformity depends on its severity and complexity. In most cases, you’ll be given between three and 18 months to demonstrate that the issue has been resolved and that your organisation is back in line with the Practice Standards.

Tips to fix or prevent common NDIS audit findings

While audit findings are common, many can be avoided with the right preparation and systems in place. Below are some practical steps you can take to reduce the risk of non-conformities and strengthen your overall compliance.

Tailor all documentation

Generic, one-size-fits-all policies are a red flag for NDIS auditors. Ensure that all documentation accurately reflects your organisation’s specific services, structure, and day-to-day operations. Tailored policies not only support compliance but also help staff understand their responsibilities more clearly.

Conduct internal audits and mock audits

Regular self-assessments are a practical way to prepare for NDIS audits. Set a schedule to review key areas such as participant records, staff training registers, complaints handling and incident reporting. Use an NDIS audit checklist aligned with the NDIS Practice Standards to guide your review.

Mock audits are beneficial for identifying how well your team understands and follows your policies in practice. Assign roles (such as auditor and staff member) and simulate the audit process from start to finish. This not only highlights areas that need attention but also helps staff feel more confident and prepared when a real audit occurs.

Engage participants in regular reviews

Participant involvement is a core part of the NDIS Practice Standards. Make it a habit to include participants, as well as their families or representatives, in planning and review discussions. Be sure to document their input and any actions taken as a result.

Create a clear staff training register with alerts

A well-maintained training register is essential for demonstrating staff capability. Include qualifications, training dates, renewal requirements and upcoming due dates. Automated alerts can help you stay ahead of expiry dates and ensure your team remains current.

Use software with built-in compliance workflows

Manual systems can make it harder to stay on top of compliance. NDIS software designed for providers can help you manage documentation, track progress and maintain consistency across your organisation. Choose care management software that supports tasks such as complaint management, incident reporting, and participant planning.

Keep audit trails and version control for policies

Auditors need to see how policies have evolved over time and whether staff are adhering to the most current version. Keep a clear version history and ensure that only up-to-date documents are in use. Reasonable version control also makes it easier to track improvements and respond to findings.

How MYP and iinduct helps providers with NDIS audits

NDIS audits can be daunting, but with the right systems in place, staying compliant becomes more manageable. MYP’s all-in-one NDIS software is designed to support providers through every stage of service delivery, including compliance with the NDIS Practice Standards. Meanwhile, iinduct is our learning management system, designed for health & care organisations to deliver organisation-based training via modules, manage employee documentation for compliance, run training reports, and more. 

 

Whether you’re preparing for an audit or working to resolve a non-conformity, MYP and iinduct help ensure your organisation is always audit-ready.

Here’s how MYP and iinduct support NDIS providers with compliance, documentation and continuous improvement:

Pre-loaded NDIS Practice Standards

MYP includes the NDIS Practice Standards built into the platform, so you can easily align your operations with audit requirements. This helps staff understand what is expected and ensures that your internal processes reflect up-to-date industry standards.

Audit-ready documentation tracking

MYP makes it easy to manage and locate essential documentation, including policies and procedures, participant files, and training records. Customisable dashboards and innovative filing systems help you stay organised and provide quick access during audits or internal reviews.

Participant engagement logs and planning templates

Demonstrating participant involvement is a key requirement during NDIS auditing. MYP includes tools to capture meeting notes, planning sessions and participant feedback, making it easier to show how individuals are involved in shaping their support.

Complaints, risk and training modules with alerts

Stay ahead of potential non-conformities with built-in modules for managing complaints, incidents, risks, and staff training. iinduct ensures that your organisation stays compliant by automatically tracking required documentation and certifications, and sending renewal reminders, thereby reducing the admin burden so that nothing slips through the cracks.

Real-time analytics for compliance readiness

MYP’s real-time dashboards provide a clear view of your compliance status at any time. Whether you’re monitoring overdue tasks, expiring documents or unresolved incidents, you’ll always know where you stand and what needs attention.

Partner support for corrective action planning

If you do receive an audit finding, MYP doesn’t leave you to work through it alone. Our team offers guidance on creating and implementing corrective action plans that align with NDIS Commission requirements. We support you in turning feedback into lasting improvement.

By bringing together compliance, documentation, and participant management in one platform, MYP and iinduct provide you with the tools and confidence to navigate NDIS audits and deliver exceptional care without the administrative overwhelm.

Preparing for an audit is much easier when you understand what to expect and have systems in place to support your team. By addressing common gaps and utilising practical tools to stay organised, providers can enhance their compliance outcomes and improve the quality of care they deliver every day.

Book a demo with MYP to see how it can support your care management business, or book a demo with iinduct to learn more about training and compliance.

Related Posts

Woman in wheelchair in meeting ComplianceNDISOperations & ManagementParticipant Experience & EngagementPolicy & Procedure ManagementSoftware Everything you need to know about care plans

Everything you need to know about care plans

MYP
MYPSeptember 20, 2025
Health,Visitor,Talking,To,A,Senior,Woman,During,Home,Visit Aged CareCompliance Making aged care compliance easy with software

Making aged care compliance easy with software

MYP
MYPJune 3, 2024
Elderly woman looking at phone held by nurse wearing mask ComplianceRecord Keeping & Documentation A comprehensive guide to progress notes in disability & aged care

A comprehensive guide to progress notes in disability & aged care

MYP
MYPApril 13, 2024

Leave a Reply

We acknowledge the traditional owners of the land on which we live, the Turrbal and Yuggera people, and pay our respect to elders past, present and emerging.

Contact us

Brisbane Head Office

Level 1, 99 Melbourne Street, South Brisbane QLD 4101

Sydney Office

Suite 204, Level 2, 23 Ryde Road, Pymble NSW 2073

(07) 3393 2833

Office hours

8:30 AM – 5:00 PM (AEST)

MYP Technologies

Our solutions

Support centre

Xero Integration

iinduct

Terms & Conditions

Privacy policy

Login

© 2025 myp.  All rights reserved.