Teiro
Guide

NDIS compliance checklist for registered providers

18 Feb 20268 min read

What NDIS auditors actually look for, what counts as adequate evidence, and the documentation gaps that catch providers by surprise.

What this checklist covers

NDIS audits are not random inspections. They follow a structured framework — the NDIS Practice Standards — and auditors arrive knowing exactly what they are looking for. Most compliance failures happen not because providers are doing the wrong thing, but because they cannot produce the evidence to show they are doing the right thing.

This checklist covers the eight areas most likely to surface findings in a certification audit, with practical notes on what "adequate evidence" looks like for each.

1. Governance and operational management

Auditors will look for a documented organisational structure, evidence that your policies and procedures are current (reviewed in the last 12 months), and records showing staff have read and understood them.

What you need:

  • Organisational chart with named roles and responsibilities
  • Policy and procedure register with last-reviewed dates
  • Staff sign-off records for key policies (code of conduct, complaints handling, incident reporting)
  • Meeting minutes from governance meetings (board or leadership team)

Common gap: Policy documents exist but have not been updated since registration. NDIS standards evolve. A policy written in 2020 referencing superseded frameworks will draw a finding.

2. Risk management

You need a risk register, a process for identifying and escalating new risks, and evidence that risks are actually monitored rather than just listed.

What you need:

  • Current risk register (reviewed at least annually)
  • Documented escalation process for new risks
  • Evidence of risk discussions in governance meetings
  • Incident data feeding back into the risk register

Common gap: The risk register exists as a document but is not connected to actual incidents or near-misses. Auditors look for a living process, not a static file.

3. Quality management

You need a documented quality framework and evidence of continuous improvement — meaning you can demonstrate that you collected feedback, identified issues, and made changes as a result.

What you need:

  • Client and carer satisfaction survey process (and results)
  • Complaints register with resolution outcomes
  • Evidence of changes made in response to feedback or complaints
  • Internal audit schedule and completed audit records

Common gap: Surveys are sent but results are not actioned or documented. The audit trail stops at "survey sent."

4. Incident management

Every reportable incident must be documented, reported to the NDIS Commission within the required timeframe, and followed up with a root cause analysis or corrective action plan.

What you need:

  • Incident register with all incidents, dates, severity classifications, and outcomes
  • Evidence of notifications to the NDIS Commission where required
  • Root cause analysis for serious incidents
  • Follow-up actions and their completion status
  • Evidence that staff know how to report incidents (training records)

Common gap: Minor incidents and near-misses are not captured. Auditors look for a realistic volume of incidents — a provider with 50 staff and zero minor incidents in 12 months will draw scrutiny.

5. Human resources and workforce

This is where many providers get caught. Qualifications, police checks, and NDIS Worker Screening checks must be current for all workers delivering supports.

What you need:

  • NDIS Worker Screening clearance for every worker (not expired)
  • Working With Children Check where required (state-dependent)
  • First aid and CPR certificates (current — typically renewed every 3 years / 1 year)
  • Mandatory training completions (manual handling, infection control, restrictive practices where applicable)
  • Role-specific qualifications verified and on file

Common gap: Qualifications are collected at onboarding and never tracked for expiry. A worker whose first aid lapsed six months ago is a compliance breach that should have been caught well before audit.

6. Participant rights

Auditors will want to see that your clients understand their rights, that you have a documented process for receiving and handling complaints, and that there is evidence clients have been informed.

What you need:

  • Signed client agreements referencing rights and responsibilities
  • Easy Read or translated materials where required for accessibility
  • Documented complaints process and evidence it has been communicated to clients
  • Evidence of capacity-building support where applicable

Common gap: Client agreements are generic and do not reference the participant's specific support goals or rights under the NDIS Act.

7. Support planning and delivery

Care plans must be current, reflect the participant's current goals, and show evidence of review. There should be a clear link between the NDIS plan, the service agreement, and the actual supports delivered.

What you need:

  • Current support plan for every active participant
  • Evidence of annual (or more frequent) review
  • Records of participant and/or guardian involvement in planning
  • Service delivery records aligned to the support plan

Common gap: Support plans are created at intake and never formally reviewed, even when the participant's circumstances have changed significantly.

8. Worker training and development

All workers must complete mandatory training and there must be records to prove it. Induction is not a one-off event — ongoing professional development is expected.

What you need:

  • Induction record for every worker with completion dates
  • Training register covering mandatory modules
  • Evidence of ongoing professional development (CPD records, training attendance)
  • Supervision records for workers in their first six months

Common gap: Induction is documented but ongoing training records are missing. Auditors distinguish between "we trained them at the start" and "we maintain an ongoing learning environment."

Before your audit: the three things to do first

Run a document audit. Pull every active worker's file and check expiry dates on qualifications, police checks, and screening clearances. Do this 90 days out so you have time to fix gaps.

Talk to your workers. Auditors often interview staff. Workers should be able to explain the incident reporting process, the complaints process, and where to find policies. If they cannot, that is a training gap to address now.

Check your incident register. Review the last 12 months. Are there incidents that were not classified correctly? Are all required notifications accounted for? Clean and accurate records are a significant advantage going into audit.

*Teiro tracks carer qualifications, expiry dates, and compliance documentation automatically. If you want to see how it works in practice, [book a demo](/demo).*

Back to Resources

Related resources

Guide

A practical guide to care compliance documentation

Template

Incident report template for disability and aged care providers

Template

Carer onboarding checklist

See Teiro in action

Scheduling, compliance, and carer communication — one platform.

Book a demo