NDIS Mid-Term Audit: Complete Preparation & Success Guide

TL; DR:

An NDIS mid-term audit is a mandatory compliance review completed 18 months into a certified provider’s registration period. It checks whether your organisation continues meeting the NDIS Practice Standards in real day-to-day operations.

The audit focuses on governance, incident management, participant records, staff practices, and corrective actions from previous audits. Providers delivering higher-risk supports must complete the audit through an Approved Quality Auditor (AQA).

This guide explains audit timing, scope, evidence requirements, common findings, and how to prepare using an 8-week roadmap. It also covers what happens on audit day and how VCCG supports providers through audit readiness and compliance preparation.

Table of Contents

1. What Is an NDIS Mid-Term Audit?
2. Who Must Complete a Mid-Term Audit?
3. Mid-Term Audit Purpose: What the Commission Is Looking For
4. Audit Timing and Notification
5. Audit Scope and Focus Areas
6. 8-Week Preparation Roadmap
7. Evidence Requirements: What Auditors Review
8. Common Audit Findings (and How to Avoid Them)
9. What Happens on Audit Day?
10. Post-Audit Response: Corrective Actions and Outcomes
11. How VCCG Supports Your Mid-Term Audit
12. Frequently Asked Questions

What Is an NDIS Mid-Term Audit?

An NDIS mid-term audit is a mandatory compliance checkpoint conducted 18 months into your registration period. It verifies that your organisation continues to meet the NDIS Practice Standards in day-to-day operations, not just on paper at the time of initial registration.

The audit is carried out by an Approved Quality Auditor (AQA), independent of the NDIS Quality and Safeguards Commission. It combines document review with on-site assessment, including staff interviews and participant interactions. The process examines whether your actual service delivery matches your documented policies and procedures.

Think of it as a progress check between your initial certification audit and your renewal audit. The Commission uses it to confirm that quality standards are maintained throughout the full registration cycle, not just at the start and end.

Who Must Complete a Mid-Term Audit

Not every NDIS provider is required to complete a mid-term audit. The requirement applies specifically to providers who underwent a certification audit at registration, those delivering higher risk or more complex support categories.

Providers required to complete a mid-term audit:

• Organisations registered for higher-risk supports (personal care, behaviour support, group accommodation, SIL)
• Any provider that completed a certification audit at initial registration

Providers exempt from mid-term audits:

• Verified providers (those delivering lower-risk, lower-complexity supports)
• Providers registered solely for Specialist Disability Accommodation (0131)
• Individuals or partnerships registered only for Early Childhood Intervention (0118)

If you are unsure whether your registration type requires a mid-term audit, log in to the NDIS Commission’s Provider Portal. Your audit due date will be listed in your registration record.

Mid-Term Audit Purpose: What the Commission Is Looking For

The mid-term audit serves four primary objectives for the NDIS Quality and Safeguards Commission.

1. Continuous compliance verification The Commission needs evidence that compliance is a sustained operational reality, not a one-off effort for audit preparation. Systems must be active and functioning throughout your registration period.

2. Improvement implementation assessment If your initial certification audit identified non-conformances or resulted in a corrective action plan, the mid-term audit checks whether those improvements have been implemented and are working in practice.

3. Incident management review Auditors examine your incident reporting records, response quality, and whether incidents have been used to drive service improvements. Gaps in incident documentation are among the most common findings.

4. Service quality evaluation The audit assesses whether participant outcomes reflect what your policies and procedures promise. This is where the gap between documented systems and operational reality becomes visible.

The mid-term audit is more targeted than your initial certification. It focuses on governance and operational management, along with any areas where previous non-conformances were recorded.

Audit Timing and Notification

Your mid-term audit must be commenced within 18 months from the date shown on your Certificate of Registration. This is a firm deadline. Failing to complete the audit by this date places you in breach of your registration conditions.

Typical audit timeline:

Your mid-term audit due date is visible in the NDIS Commission’s Provider Portal under your registration record. Review this date now and work backwards to establish your preparation schedule.

Scheduling your AQA: Contact your Approved Quality Auditor as early as possible, preferably by month 14. Popular auditors book out quickly. Where possible, request the same AQA who conducted your initial certification audit. They already understand your organisation’s structure and context, which supports a more efficient process.

Once the audit date is confirmed, ensure your AQA updates the Commission’s system with this date. This step prevents the Commission from sending overdue audit notices to your organisation.

Audit Scope and Focus Areas

The mid-term audit does not cover every NDIS Practice Standard. It focuses on specific areas defined in your audit scope.

Core focus areas for all mid-term audits:

Governance and Operational Management (Core Module) This is always included. Auditors assess your governance structures, risk management, human resources, financial management, and continuous improvement systems. They look for evidence that leadership actively manages compliance, not just that documentation exists.

Previously non-conformant standards Any standard from your initial certification audit that required a corrective action plan will be reassessed. This is not optional. You must demonstrate that the corrective actions have been fully implemented and are producing the intended outcomes.

Additional standards specified by the Commission In some cases, the Commission will include additional modules in your audit scope, particularly if complaints have been received or concerns have been identified.

New registration groups added during your registration period If you have expanded your services since your initial certification, the standards relevant to those new registration groups will be included.

Provisional audit completions If your initial audit was a provisional certification (conducted without participants present), you are required to complete the Remaining Elements of Certification as part of your mid-term audit. This includes participant interviews and file reviews that could not be completed at the initial stage.

8-Week Preparation Roadmap

Eight weeks gives you enough time to prepare thoroughly without cutting corners. This roadmap works for providers at any stage of readiness.

Weeks 1–2: Documentation Review

Pull every policy and procedure relevant to your audit scope. Check that each document:

• Has been reviewed and updated within the past 12 months
• Reflects how your organisation actually operates
• Has an approval signature and version history
• Is accessible to staff who need it

Identify gaps between your documented systems and current practice. These gaps are your highest priority. Auditors look for policy practice alignment, and discrepancies are the single most common finding.

Also review your registration record in the Commission portal. Confirm your registration groups, audit scope, and due date.

Weeks 3–4: Evidence Gathering

Compile the specific documentation auditors will request. Organise it by Practice Standard module for easy reference during the audit. Evidence should be current, complete, and retrievable, don’t rely on auditors to piece together records from multiple systems.

This phase also includes reviewing your incident register. Confirm that all reportable incidents have been lodged with the Commission within required timeframes, that they have been appropriately investigated, and that improvement actions have been documented.

Week 5: Staff Briefing

Brief all relevant staff on the audit process. This does not mean coaching them on what to say. It means ensuring they understand their responsibilities, are familiar with your policies and procedures, and know how to locate relevant documentation.

Staff interviews are a core part of the audit. Auditors use these conversations to verify that staff understand and apply your organisation’s systems in practice. Staff who are surprised by the audit or unfamiliar with procedures create immediate concerns for auditors.

Also contact participants who may be involved in the audit. All participants are automatically enrolled in the audit process unless they formally opt out. Notify them clearly and explain what their involvement may include.

Week 6: Practice Audit (Mock Audit)

Conduct an internal mock audit. Assign someone, ideally an external consultant or a staff member not involved in managing the audit area to review your evidence and ask the questions an auditor would ask.

Work through each Practice Standard in your audit scope. Identify any remaining gaps and document them. A mock audit conducted six weeks out gives you enough time to address findings before the real assessment.

Week 7: Corrections and Gap Resolution

Address every gap identified during the mock audit. This includes finalising any outstanding corrective actions from your initial certification, updating incomplete records, and ensuring your improvement register reflects current status.

Do not leave corrections to the week before the audit. Auditors can tell when documentation has been produced recently under pressure rather than maintained consistently over time.

Week 8: Final Readiness Check

Compile your final evidence folder, physical or digital organised by audit scope. Confirm logistics with your AQA: audit date, site access, participant consent processes, and staff availability for interviews.

Brief your leadership team on the opening meeting format and their role in presenting your organisation. Review your corrective action register one final time to confirm every item is closed or has a documented status.

Evidence Requirements: What Auditors Review

Auditors request specific evidence to verify compliance with each Practice Standard. Prepare these categories in advance.

Governance and management documentation:

• Board or governance committee meeting minutes (12 months)
• Organisational chart and position descriptions
• Risk register with current risk ratings and controls
• Quality management system documentation
• Internal audit records and outcomes
• Business continuity and emergency management plans

Human resources and training records:

• Current staff training registers with completion dates
• Worker screening clearances (NDIS Worker Screening Check)
• Supervision records and professional development logs
• Mandatory training completion evidence (first aid, manual handling, medication administration where applicable)
• Staff induction records

Incident and complaint management:

• Incident register covering the full registration period
• Reportable incident notifications submitted to the Commission
• Investigation reports and outcome documentation
• Complaint register with response timelines
• Evidence of learning and improvement actions arising from incidents and complaints

Service delivery documentation:

• Participant files (a sample will be reviewed)
• Support plans and goal documentation
• Consent forms and participant agreements
• Progress notes and service delivery records
• Participant feedback results and analysis

Improvement and compliance records:

• Corrective action plans from previous audits and their implementation evidence
• Continuous improvement register
• Policy review schedule and version controlled policy documents
• Insurance certificates of currency

Common Audit Findings (and How to Avoid Them)

Knowing what auditors most commonly find gives you a direct path to preparation. These are the non-conformances that appear most frequently in mid-term audit reports.

1. Policy-practice gaps The most common finding across all audit types. Policies exist but staff either don’t follow them or aren’t aware of them. Close this gap through regular staff training, embedded procedures, and consistent supervision.

2. Incomplete incident reporting Incidents that were not reported to the Commission within required timeframes, or that lacked adequate investigation documentation. Review your full incident register against Commission lodgement records and reconcile any gaps before your audit.

3. Inadequate complaint responses Complaints that were acknowledged but not properly investigated or closed. Check that every complaint in your register has a documented response, outcome, and any applicable improvement action.

4. Insufficient staff supervision Supervision records that are absent, irregular, or lack substantive content. Supervision must be documented, structured, and occur at the frequency specified in your policies.

5. Documentation inconsistencies Participant files that are incomplete, outdated, or inconsistent across different records. Conduct a file audit in weeks 1 to 2 of your preparation. Assign file ownership to specific staff members who are responsible for keeping records current.

6. Unclosed corrective action plans Items from your previous audit that have not been fully implemented. Auditors will specifically check these. Prioritise their closure early in your preparation; by week 4 at the latest.

What Happens on Audit Day?

Understanding the audit day structure removes uncertainty and allows your team to engage confidently with the process.

Opening meeting The audit begins with a meeting between your senior leadership team and the auditor. The auditor explains the process, confirms the scope, and sets expectations for the day. This is also your opportunity to present an overview of your organisation and highlight improvements made since your last audit.

Document review The auditor reviews your evidence folder against the audit scope. This may take several hours. Ensure your nominated contact person is available to locate additional documents quickly if requested.

Staff interviews The auditor will interview selected staff members typically frontline workers, team leaders, and a senior manager. Interviews are conducted individually. Auditors ask questions about day-to-day practices, how staff apply your policies, how incidents and complaints are managed, and how feedback is used.

Site inspection For on-site audits, the auditor will inspect your facilities. This includes checking physical environments for safety, accessibility, and compliance with any relevant standards for the supports you deliver.

Participant interactions Participants who have not opted out may be contacted or interviewed. The auditor reviews a sample of participant files and may speak directly with participants about their experience of your services.

Closing meeting At the end of the audit, the auditor presents preliminary findings to your leadership team. This includes any non-conformances identified, areas of good practice, and the next steps. The formal written report follows within 28 days.

Post-Audit Response: Corrective Actions and Outcomes

The audit report is submitted to the NDIS Commission within 28 days of audit completion. It will rate your organisation against each Practice Standard assessed and detail any non-conformances.

Non-conformance ratings:

• Major non-conformance: A significant failure to meet a standard with serious risk to participants. Requires immediate corrective action.
• Minor non-conformance: A gap that does not immediately risk participant safety but must be addressed. Requires a corrective action plan.
• Observation: An area for improvement noted by the auditor. Not a formal finding, but worth addressing.

Corrective action plan requirements: If non-conformances are identified, you must provide a corrective action plan to your AQA within seven calendar days of their request. This plan outlines the specific actions you will take, who is responsible, and the timeline for completion.

Your AQA submits the corrective action plan and associated evidence to the Commission. The Commission reviews the findings and determines the impact on your registration status.

Impact on registration:

• Providers who demonstrate compliance or address non-conformances satisfactorily continue their registration without interruption.
• Serious or unresolved non-conformances may result in conditions being placed on your registration, suspension, or in significant cases, revocation.

Failing to complete your mid-term audit altogether results in a breach of registration conditions. The Commission has the authority to suspend or cancel your registration in response.

How VCCG Supports Your Mid-Term Audit

VCCG works with NDIS providers from initial audit preparation through to post-audit corrective action. Our team understands the NDIS Practice Standards in operational terms, not just on paper and we’ve helped providers across Australia achieve successful mid-term audit outcomes.

Pre-Audit Assessment We conduct a structured review of your current compliance status against your specific audit scope. You receive a clear gap analysis with prioritised actions, no guesswork about where to focus your preparation effort.

Evidence Preparation Assistance We help you compile, organise, and review your evidence folder. This includes reviewing participant files, incident registers, complaint records, and governance documentation against what auditors specifically look for.

Mock Audit Our consultants conduct a realistic mock audit using the same assessment approach as your AQA. Staff experience the interview process in a low-stakes environment, and you receive a written report identifying any remaining gaps.

Staff Briefing and Training We facilitate structured staff briefings that prepare your team for audit interviews without coaching them on scripted responses. Staff who understand their responsibilities and can speak confidently about day-to-day practice perform well in audits.

Post-Audit Corrective Action Development If your audit identifies non-conformances, we work with your leadership team to develop compliant corrective action plans and compile the evidence needed to satisfy the Commission’s requirements within required timeframes.

Prepare for Your NDIS Mid-Term Audit with Confidence

Your mid-term audit is not just a compliance requirement; it is a direct reflection of how effectively your organisation operates every day. The difference between a smooth audit and a stressful one usually comes down to preparation, evidence quality, and how well your systems work in practice.

VCCG helps NDIS providers identify compliance gaps early, organise audit evidence, prepare staff for interviews, and manage corrective actions before they become serious issues. Whether your audit is months away or already scheduled, our team can help you approach it with clarity and confidence.

Book a Mid-Term Audit Readiness Consultation with VCCG today and make sure your organisation is fully prepared before your auditor arrives.

Frequently Asked Questions

What is an NDIS mid-term audit?

An NDIS mid-term audit is a mandatory compliance review conducted 18 months into a certified provider’s registration period. It assesses whether your organisation continues to meet the NDIS Practice Standards in daily operations, with a focus on governance, operational management, and any areas identified in your previous audit.

When does the mid-term audit happen?

Your mid-term audit must be commenced within 18 months of your registration certificate date. Your exact due date is listed in the NDIS Commission’s Provider Portal under your registration record.

What are the mid-term audit requirements?

The audit reviews the Governance and Operational Management standards in the Core Module, any standards with previous non-conformances, and any additional modules specified by the Commission. Providers must engage an Approved Quality Auditor, complete the audit by the due date, and submit a corrective action plan for any non-conformances identified.

How much does an NDIS mid-term audit cost?

Audit costs vary depending on the size of your organisation, the number of sites inspected, the scope of audit modules, and your chosen AQA. Request quotes from two or three AQAs to compare pricing. Contact VCCG to discuss audit preparation costs alongside your AQA selection.

Can I request a different auditor for my mid-term audit?

Yes. You have the right to select any Approved Quality Auditor. However, using the same AQA from your initial certification is generally advantageous as they already understand your organisation’s context. If you want to change auditors, notify your new AQA as early as possible to ensure availability.

Do participants have to be involved in the mid-term audit?

All participants are automatically enrolled in the audit process unless they formally opt out. Notify participants clearly before the audit and explain what their involvement may include. The auditor may review their files and, with consent, speak with them directly about their service experience.