By the time you’re asking what kind of NDIS audit you need, the decision has generally already been made for you, by the registration groups you selected when you applied.
Understanding the difference before you apply can save you thousands of dollars and months of preparation time. Registration group confusion is one of the more avoidable (and expensive!) mistakes that comes up in the audit process.
Here’s how the two pathways work.
Key Differences at a Glance
| Verification | Certification | |
|---|---|---|
| Who it’s for | Lower-risk, less complex services | Higher-risk, more complex services |
| Standards assessed | 4 (the Verification Module) | 22+ (Core Module, plus any supplementary modules) |
| Audit format | Desktop only (document review) | Stage 1 desktop + Stage 2 onsite visit |
| Staff/participant interviews | No | Yes |
| Mid-term audit | No | Yes, at 18 months |
| Typical cost | $900–$1,500 | $4,000–$15,000+ (depending on size and modules) |
| Typical timeline | Weeks to finalise audit once documents submitted | 3–6 months, including Stage 1 + 2 and closing out non-conformities |
What is an NDIS Verification Audit?
A verification audit is a desktop-based document review. So there’s no site visit, no staff interviews, and no participant interviews. Your auditor receives your documents, reviews them against four Practice Standards, and submits their report and recommendation to the NDIS Commission.
The four standards assessed are:
- Risk Management: how you identify and manage risks to your business and the people you support
- Incident Management: your process for when things go wrong
- Complaints Management: how participants can raise concerns and how you resolve them
- Human Resource Management: evidence that workers have the right checks, qualifications, and insurance
The verification pathway is designed for services that are lower-risk and where providers are often already subject to professional regulation. For example, through AHPRA or another professional body. The auditor is essentially checking that your business infrastructure and safeguards are sound, not that you’re delivering clinical care safely.
The registration groups that require a verification audit:
- 0101 Accommodation/tenancy assistance
- 0103 Assistive products for personal care and safety
- 0105 Personal mobility equipment
- 0108 Assistance with travel/transport arrangements
- 0109 Vehicle modifications
- 0111 Home modifications
- 0112 Assistive equipment for recreation
- 0113 Vision equipment
- 0114 Community nursing care
- 0116 Innovative community participation
- 0119 Specialised hearing services
- 0120 Household tasks
- 0121 Interpreting and translation
- 0122 Hearing equipment
- 0123 Assistive products for household tasks
- 0124 Communication and information equipment
- 0126 Exercise physiology and personal training
- 0127 Management of funding for supports in participant plans
- 0128 Therapeutic supports
- 0129 Specialised driver training
- 0130 Assistance animals
- 0134 Hearing services
- 0135 Customised prosthetics
If you’re looking for profession-specific advice, we have tailored guides for occupational therapists, psychologists, physiotherapists and speech pathologists.
Once you receive your Initial Scope of Audit from the Commission after submitting your application, it will confirm your pathway. If it says verification, you need to engage an Approved Quality Auditor, provide your documentation, and respond to any gaps they identify.
Verification audits generally cost between $900 and $1,500, though this varies by auditor.
What is an NDIS Certification Audit?
A certification audit is a two-stage process that assesses you against significantly more standards than verification, and goes beyond reviewing your policies on paper.
Stage 1: Desktop review
The auditor reviews your policies, procedures, and supporting documentation against the Core Module of the NDIS Practice Standards (22+ standards covering everything from governance to rights to service delivery) and any additional Supplementary Modules that have been included. They may also request additional evidence during this stage. At the end of Stage 1, you receive a report noting any areas of concern that will be examined more closely in Stage 2.
Stage 2: On-site assessment
The auditor, or team of auditors, visit your service. They will observe your environment, interview your management and staff, and speak with participants about their experience of your service. This is where the audit shifts from what your policies say to what actually happens in your organisation. Stage 2 must be completed within three months of Stage 1.
Supplementary modules
Depending on which registration groups you hold, you may also be audited against one or more supplementary modules in addition to the Core Module. These cover:
- High Intensity Daily Personal Activities (Module 1)
- Specialist Behaviour Support (Module 2 – writing behaviour support plans only)
- Restrictive Practices (Module 2A – implementing restrictive practices as part of BSPs)
- Early Childhood Supports (Module 3)
- Specialist Support Coordination (Module 4)
- Specialist Disability Accommodation (Module 5)
Each supplementary module will add to your audit scope, preparation time, and cost.
The mid-term audit
Certification providers are also required to complete a mid-term audit 18-months after the initial registration decision has been approved. This is a scaled-down assessment that checks in on whether you’ve addressed any non-conformances from your initial audit and maintained your quality systems. It’s not as intensive as your initial certification audit, but it’s a real audit with real consequences if things have slipped.
The registration groups that require a certification audit:
- 0102 Assistance to access and maintain employment or higher education
- 0104 High Intensity Daily Personal Activities
- 0106 Assistance in coordinating or managing life stages, transitions and supports
- 0107 Assistance with daily personal activities
- 0110 Specialist positive behaviour support
- 0115 Assistance with daily life tasks in a group or shared living arrangement
- 0117 Development of daily living and life skills
- 0118 Early intervention supports for early childhood
- 0125 Participation in community, social and civic activities
- 0131 Specialist disability accommodation
- 0132 Specialised support coordination
- 0133 Specialised supported employment
- 0136 Group and centre based activities
Starting costs for certification audits typically range from about $4,000 to $15,000 for small-to-medium providers depending on the modules included, and how many sites and participants you have. Large and very large organisations will generally need to budget for more than this, as audit duration normally increases with size. Again, this depends on the auditor, and cheaper won’t always mean better.
The Registration Group Decision (Worth Getting Right Before You Apply)
This is the section worth reading before you submit your application.
Your audit pathway is determined entirely by your registration groups. If you add one group that triggers certification, your entire audit becomes a certification, even if every other group you’ve selected would otherwise sit comfortably in the verification pathway.
It’s not uncommon for providers to add groups speculatively (just in case) and find that a single extra group has shifted a $1,200 desktop review into a $6,000 two-stage audit they weren’t prepared for.
A common example: A physio practice registers for 0128 Therapeutic Supports (verification pathway), but adds 0107 Assist Personal Activities to cover a support worker they also employ. That addition shifts the whole audit to certification.
This isn’t wrong if you’re genuinely delivering personal care! But if the group was added speculatively, the audit scope may generate non-conformances against standards you haven’t prepared for, and a much larger documentation burden.
The cleaner approach is to register only for what you’re actually delivering right now. Registration groups can be added later through an out-of-cycle audit when you’re ready to expand.
How to Check Which Pathway You’re On
If you’ve already submitted your application, you don’t need to guess, as the NDIS Commission system automatically generates an Initial Scope of Audit document based on your registration groups. This document:
- Confirms whether you’re on the verification or certification pathway
- Lists the specific standards you’ll be audited against
- Is the document you present to Approved Quality Auditors when getting quotes
You can also check before applying by reviewing the NDIS Commission’s Registration Groups table, which indicates the audit pathway for each group.
If you’re unsure how your intended service mix will interact, particularly if you’re mixing lower-risk and higher-risk groups, it’s worth getting clarification from the Commission or an auditor before you submit. Changing registration groups after the fact is possible but creates additional process (and potentially costs for the admin time on your auditor’s end).
What Documentation Does Each Pathway Require?
Verification pathway
You’ll need a policy manual and supporting documents covering the four Verification Module standards, plus evidence for each worker: including identity documents, qualifications, professional registrations, insurance, NDIS Worker Screening clearance, NDIS Worker Orientation Module certificate, and infection control/PPE training.
The key here is that your policies need to describe how your business actually operates, not how a generic template says a business should operate. Auditors read policies carefully and ask questions when something doesn’t look right. If you’re delivering therapy in a clinic, but your documents refer to ladder safety, there’s a clear mismatch.
Certification pathway
You need everything above, plus a full policy and procedure suite across 22+ Core Module standards, plus operational evidence that your systems are actually being used (completed forms, registers, meeting minutes, supervision records, incident logs, etc). At Stage 2, auditors are specifically looking for any gaps between what your policies say and what’s actually happening in practice.
If you’re including supplementary modules, add the documentation requirements for those on top of what’s listed above.
Frequently Asked Questions
Can I switch pathways later?
You can move from verification to certification if you add registration groups that require it. While everyone would love a shorter audit, the pathway is determined by your groups, not by your preference.
What if I want to add registration groups after I’m registered?
You can apply to add registration groups during your registration period by chatting to your auditor. This triggers an out-of-cycle audit scoped to the new groups (and potentially changes your overall audit pathway if the new groups trigger certification). It’s a real audit process so preparation still matters.
Does verification mean lower quality?
No. It means lower-risk services, which require a proportionately smaller audit scope. A well-run household tasks business with strong incident management, complaints handling, and HR practices is meeting exactly the standard that applies to them.
What happens at renewal, do I go through the same pathway?
Yes. Your three-year registration renewal involves the same pathway as your initial audit, assessed against the same standards, unless you choose this opportunity to add on additional groups/modules. The auditor will expect to see evidence that your quality systems have been actively maintained and improved, not just the same documents from three years ago. Certification providers also complete their mid-term audit at 18 months.
How long does the whole process take?
For verification, from the time you engage an auditor and submit your documents, the audit itself is often completed within a few weeks.
For certification, Stage 2 must occur within 3 months of Stage 1. After Stage 2, if there are no major non-conformities to address, the auditor will generally be able to submit their report to the Commission within a couple of weeks and after you have a chance to review the draft.
Commission processing after the audit report is submitted can take several additional months depending on their current workload.
Building Your Documentation
We have a few free and paid tools available at Paperbark NDIS, and more coming soon, for providers looking to build their documentation and develop documents that actually reflect day-to-day operations.
- Verification Toolkit (paid)
- Certification Toolkit (coming soon)
- Risk Register builder (free)
- Incident Management policy suite builder (free)
- Emergency and Disaster Management Plan builder (free)
Another option is generic template packs which are purchaseable online. If you opt to use this method, make sure you thoroughly review every document before you submit for your audit, replace every bit of placeholder text, and make sure it reflects your business and service types.
We need more great providers doing great work, and getting registered can be a strong signal to the community that you value quality and compliance. Good luck with your audit – it’s a tough, but rewarding journey!
