Bluetail
Log inBuild my pack

NDIS audit guide

The NDIS provider audit, explained

The audit is the part of becoming a registered NDIS provider that scares people off, and it is where the consultants make their money. It is genuinely involved, but it is not a secret, and you do not need to pay several thousand dollars to get through it. This is a plain-English guide to what the audit actually is, the two types, how long it takes, what it costs, and the mistakes that catch providers out.

What an NDIS audit is

An independent check against the NDIS Practice Standards

To become a registered NDIS provider, and to stay one, you have to pass an audit. It is carried out by an independent, NDIS-approved quality auditor (a certification body), not by the NDIS Commission itself. The auditor measures your business against the NDIS Practice Standards and the NDIS Code of Conduct, then reports to the Commission, which makes the final registration decision.

In plain terms, the auditor is answering one question: does this provider have the systems, documents and day-to-day records to deliver safe, quality supports? Registration is granted for up to three years, after which you are audited again to renew it.

The two types of audit

Verification or certification

Which pathway you go through is decided by the supports (registration groups) you apply for, not by your choice. Lower-risk supports take the lighter path; higher-risk supports take the fuller one.

Verification

The lighter, desktop-based pathway. An approved auditor reviews your documents and evidence, usually with no site visit. It applies to lower-risk supports such as plan management, therapeutic and allied health supports, assistive technology, home modifications and some daily-living supports.

Certification

The fuller, two-stage pathway for higher-risk supports such as personal care, supported independent living, community participation, early childhood and behaviour support. Stage one is a desktop review; stage two is an on-site visit with interviews and sampling of participants and workers. You are assessed against the Core Module plus any supplementary modules your supports trigger.

How the process works

From application to registration

  1. 1

    Apply and self-assess

    Apply through the NDIS Commission portal (you need a free PRODA login), pick your registration groups, and complete a self-assessment against the relevant Practice Standards. Applying is free.

  2. 2

    Get your initial scope of audit

    The Commission reviews your application and sends you an initial scope of audit, which tells you and the auditor exactly what you will be assessed against.

  3. 3

    Choose and engage an approved auditor

    You select an NDIS-approved quality auditor from the Commission list and pay them directly. This is the main cost of registration.

  4. 4

    Be audited

    For verification, the auditor reviews your documents and evidence. For certification, they also visit on site and interview your workers and participants.

  5. 5

    The Commission decides

    The auditor sends their report to the Commission, which makes the final decision and, if you are successful, issues your certificate of registration for up to three years.

How long it takes

Plan for several months end to end, not weeks. The self-assessment, booking an auditor, the audit, the report and the Commission decision each add time. Verification is usually quicker; certification takes longer because of the two stages and scheduling the on-site visit. The part most within your control is having your documents and evidence ready before you start.

What it costs

Applying is free. A verification audit is commonly around $900 to $1,800. A certification audit costs more, often several thousand dollars and up, scaling with your size, scope and number of sites. On top of the audit you need insurances and worker screening. The document foundation is the part a consultant charges thousands for, and the part you can do for far less yourself.

Common mistakes and barriers

Where providers come unstuck

Treating the documents as the finish line

An auditor checks whether you actually follow your policies, not just that you have written them. Recorded incidents, closed-out complaints, training logs and supervision notes are the evidence they sample for.

Generic, untailored policies

A template that does not match how you really operate stands out immediately. Every document needs to reflect your supports, your participants and the way you work.

No evidence trail

New providers often have the policies but nothing to show them in action yet. The registers and forms are how you build that trail from day one.

Registering for more than you can evidence

Adding high-risk supports pushes you into the certification pathway and can trigger supplementary modules and specialist clinical frameworks you may not be ready for. Start with the scope you can genuinely back up.

Leaving the prerequisites late

Insurances, NDIS Worker Screening Checks, the Worker Orientation Module and a PRODA account all take time, and an auditor will ask to see them. Start them early.

Underestimating cost and time

Booking an auditor late, or being surprised by the certification price, is a common stumble. Knowing the rough figures up front lets you plan instead of panic.

Why this is harder than it should be

The real barrier is the fog, not the work

Here is the thing almost no one says out loud: the requirements are public. The Practice Standards, the rules, the guidelines, the auditor list, all of it is published by the NDIS Commission. The problem is that it is scattered across dozens of pages and written in a way that makes a capable person feel like they need to hire help. So they pay a consultant around three thousand dollars, and a big slice of that is a set of policies and templates, dressed up to look far harder than it really is.

There is a genuine shortage of free, plain-English resources that walk a small provider through doing this themselves. That gap is the whole reason Bluetail exists. We are building the open path: an affordable, pre-filled document foundation, a step-by-step DIY registration guide, and a full compliance system to keep you audit-ready afterwards, with the founder registering a brand-new provider from scratch on camera so you can watch exactly how it is done. The audit itself is the one thing we cannot give away, because that has to be independent. Everything leading up to it, we can.

See the 57-document pack Join the Facebook community

Common questions

NDIS audits, answered

How much does an NDIS audit cost?

The audit is the main unavoidable cost, and you pay an approved quality auditor directly. A verification audit (a desktop review of your documents) is commonly around $900 to $1,800. A certification audit costs more, often several thousand dollars and up, because it adds an on-site visit and interviews and scales with how many supports, sites and participants you have. Applying to the Commission is free. The part most providers get overcharged for is the document foundation, and that is exactly what bluetail makes affordable.

How long does NDIS registration and the audit take?

Plan for several months end to end rather than weeks. The application and self-assessment, finding and booking an auditor, the audit itself, the auditor writing their report, and the Commission making its decision each add time. Verification is usually quicker because it is document-based. Certification takes longer because of the two stages and scheduling the on-site visit. Getting your documents and evidence in order early is the part most within your control.

What is the difference between a verification and a certification audit?

It comes down to the supports you register for. Verification is the lighter, desktop-based pathway for lower-risk supports such as plan management, therapeutic and allied health supports, assistive technology and some daily-living supports. Certification is the fuller pathway for higher-risk supports such as personal care, supported independent living, community participation and behaviour support. Certification is assessed against the Core Module plus any supplementary modules your supports trigger, and includes an on-site visit with interviews.

Can I pass an NDIS audit without paying a consultant?

Yes. The requirements are published openly by the NDIS Commission, so none of it is secret. Plenty of providers register without a consultant. What you need is the document foundation an auditor expects, tailored to how you actually work, plus the day-to-day records that show you follow it. A consultant assembles that for you and charges accordingly. You can do the same work yourself, which is the whole reason bluetail exists.

How often do I need to be re-audited?

NDIS registration is granted for up to three years. You go through another audit before it expires to renew your registration. Certified providers usually also have a mid-term audit partway through the registration period. Staying audit-ready between audits, by keeping your records and registers current, makes each renewal far less stressful than starting from scratch.

This guide is general information, not legal advice, and the NDIS Commission is the source of truth. These documents prepare you for NDIS registration. They don’t register you. Becoming a registered provider also requires insurances, worker screening checks, the NDIS Worker Orientation Module, a PRODA account, a free application to the NDIS Commission, and passing an audit by an approved quality auditor. We give you everything documents can do; the rest is up to you.