What is the difference between an NDIS verification and certification audit?

A verification audit is a desktop review of documents for lower-risk, lower-complexity supports. A certification audit is a more in-depth, two-stage assessment (document review plus an on-site Stage 2 with interviews and observation) for higher-risk or higher-complexity supports. Your registration groups determine which applies.

Who conducts an NDIS audit?

An approved quality auditor selected from the NDIS Quality and Safeguards Commission's published list. You engage and pay the auditor directly; the Commission then uses the audit outcome to make its registration decision.

How often do NDIS providers need to be audited?

Audits are not one-off. You must pass an audit for initial registration and again at renewal before your registration expires, and certified providers may face mid-term surveillance. Start renewal well before expiry to avoid a lapse.

What do NDIS auditors assess against?

The NDIS Practice Standards, including the core module and any additional modules relevant to your supports. Auditors check governance, participant rights, incident and complaints management, worker screening, and the actual delivery of supports.

NDIS certification vs verification audits: which one applies to you

Q: How do I know which NDIS audit type applies to me?

It depends on the registration groups (classes of support) you apply for. Each group is mapped by the NDIS Commission to either the verification or certification pathway. If any one of your groups requires certification, your entire audit becomes a certification audit.

An NDIS audit is either a verification (desktop) or certification (on-site) audit. Learn which one applies to your registration groups, timing and what to prepare.

If you are a registered or intending NDIS provider, an "NDIS audit" is the independent quality audit you must pass to get or keep your registration. There are two types: a verification audit (a lighter, desktop-based review) and a certification audit (a more in-depth, on-site assessment). Which one applies depends entirely on the supports and services you deliver — not on your size or revenue.

The audit is conducted by an approved quality auditor against the NDIS Practice Standards, and the result feeds into the registration decision made by the NDIS Quality and Safeguards Commission. This article explains how to tell the two apart, who each applies to, and what to expect.

Quick answer: which NDIS audit applies

The short rule:

Verification audit — for providers delivering only lower-risk, lower-complexity supports and services.
Certification audit — for providers delivering higher-risk or higher-complexity supports, or supports that involve close personal contact, behaviour support, or significant duty of care.
Mixed registration groups — if your application includes even one registration group that requires certification, you complete a certification audit for the whole application.

You do not choose your audit type. It is determined by the registration groups (classes of support) you apply for. The Commission maps each registration group to either the verification or certification pathway.

Verification audits explained

A verification audit is the lighter pathway. It is essentially a desktop review: an approved quality auditor examines documentary evidence you submit, rather than visiting your premises or interviewing participants.

Verification typically applies to supports where the risk to participants is comparatively low — for example, some types of equipment supply, certain therapeutic-adjacent or low-touch services, plan management, and similar lower-complexity activities. (Confirm your specific registration groups against the Commission's current mapping, as classifications are periodically updated.)

In a verification audit, the auditor checks evidence such as:

Relevant qualifications, registrations or memberships for your workers.
Insurances appropriate to your supports.
Complaints and incident management arrangements.
Worker screening (NDIS Worker Screening Check) records.

Because it is desktop-based, a verification audit is usually faster and lower-cost than certification. You still engage and pay an approved quality auditor directly — the Commission does not set or collect audit fees.

Certification audits explained

A certification audit is the more rigorous pathway, used for higher-risk and higher-complexity supports. It is a two-stage, on-site assessment:

Stage 1 — a review of your policies, procedures and management systems (often largely desktop).
Stage 2 — an on-site assessment, including interviews with key personnel and workers, and (with consent) with participants, plus observation of how supports are actually delivered.

Certification applies to supports such as personal care and daily living assistance, supported independent living (SIL), high-intensity daily personal activities, specialist behaviour support, and other supports involving sustained personal contact or elevated duty of care.

Certification audits assess against the full, applicable NDIS Practice Standards, including the core module and any additional modules relevant to your supports (for example, high-intensity daily personal activities or specialist behaviour support). Because it samples real practice — not just documents — certification takes longer, involves more auditor time, and costs more than verification.

How your registration groups decide the audit type

When you apply (or renew), you nominate the registration groups — the classes of support — you intend to deliver. Each registration group is pre-assigned by the Commission to either the verification or certification pathway.

Factor	Verification	Certification
Risk/complexity	Lower	Higher
Method	Desktop document review	Stage 1 + on-site Stage 2
Practice Standards assessed	Limited, supports-specific	Core module + applicable additional modules
Relative cost and time	Lower	Higher

The critical rule for mixed providers: if any one of your registration groups requires certification, your whole audit is a certification audit. A provider delivering both low-touch equipment supply and personal care will be assessed under certification. Plan carefully which registration groups you genuinely need, because adding a single certification-level group changes the entire audit pathway, scope and cost.

Timing, the audit cycle and renewal

Registration is time-limited and runs on a cycle. The audit is not a one-off — it repeats so the Commission can confirm you continue to meet the Practice Standards. For a fuller breakdown of the stages and intervals, see the NDIS audit cycle.

Key timing points:

Initial registration requires a successful audit before the Commission decides your application.
Mid-term check-ins or surveillance activity may apply, particularly for certified providers.
Renewal requires another audit before your current registration expires.

Start the renewal process well ahead of your expiry date. Engaging an approved quality auditor, scheduling Stage 2 (for certification) and remediating any non-conformities all take time. Leaving it late risks a lapse in registration, which can interrupt your ability to deliver supports to NDIS-funded participants.

What an auditor will look at

Whichever pathway applies, auditors test whether your organisation actually meets the outcomes in the NDIS Practice Standards — not just whether you have documents. Expect scrutiny of:

Governance and operational management — roles, risk management, continuous improvement.
Rights of participants — choice and control, privacy and dignity, consent.
Incident management and complaints — including reportable incidents to the Commission.
Worker screening and competency — Worker Screening Checks, qualifications, training records.
Provision of supports — care/support planning, safe environments, and (for relevant modules) restrictive practices and behaviour support.

For certification, the auditor will corroborate documents against real evidence: worker interviews, records, and participant experience.

How to prepare and common pitfalls

Practical preparation:

Confirm your registration groups first. This sets your audit type. Do not assume you are verification-only — check the Commission's current mapping.
Use the Commission's approved auditor list. Only an approved quality auditor can conduct the audit; engage and quote early.
Map your policies to the Practice Standards. Auditors assess against specific outcomes — generic policies that don't address each standard will generate non-conformities.
Evidence real practice, not just paperwork. For certification, ensure records show your procedures are followed day-to-day.

Common pitfalls:

Underestimating scope because one certification-level registration group pulls the whole audit into certification.
Treating the audit as one-off and forgetting the renewal/audit cycle until expiry looms.
Policies that exist but are not implemented, evidenced or known to staff.
Gaps in worker screening or incident/complaints records — frequent sources of non-conformity.

If you are unsure which pathway applies, the safest first step is to list your intended registration groups and check each against the Commission's verification/certification classification before you engage an auditor.