NDIS audit prep 2026: a practical guide for SIL, platform, and registered providers

1 July 2026 marks the biggest change to NDIS provider registration since the scheme commenced. Mandatory registration for Supported Independent Living providers and NDIS platform providers begins, new Practice Standards specifically for SIL are in development, and the assessment process is tightening across the board. Providers preparing for their first registration audit or their next renewal need to start work now.

The announcement came in December 2025 from Senator Jenny McAllister, Minister for the NDIS. It responds to recommendations from the NDIS Review, the Disability Royal Commission, and the NDIS Provider and Worker Registration Taskforce. The Commission has flagged that more guidance on transition arrangements will follow in early 2026, with policy and market readiness work running from February.

This article covers what changes on 1 July 2026, the Practice Standards module structure, the two audit types and how the Commission decides which applies, Worker Screening obligations, what auditors actually look for, the 30-day pre-audit preparation worth doing, and the considerations for providers operating across both NDIS and aged care.

What changes on 1 July 2026

From 1 July 2026, all SIL providers and all NDIS platform providers must be registered with the NDIS Commission. Both provider types can currently operate unregistered, which has produced an uneven safety profile across the sector. The Commission has framed mandatory registration as a baseline quality and safeguards lift.

Registered providers are subject to:

• Compliance with the NDIS Practice Standards
• Independent quality audits
• Suitability assessments of key personnel
• Reporting requirements to the NDIS Commission
• NDIS Worker Screening Check requirements for all workers in risk-assessed roles

Alongside mandatory registration, the NDIS Commission is developing new Practice Standards specifically for SIL. These will focus on quality and safety in shared accommodation and daily supports, with stronger worker training requirements and refined SIL-specific audit processes. The Commission has not yet published the final form of these standards. Watch ndiscommission.gov.au and the Commission's media releases for the publication date.

Transition arrangements have not been fully detailed at the time of writing. Providers planning to register for the first time should begin documentation work in advance of the published transition window, on the assumption that audit slots will be in higher demand than usual as the deadline approaches.

The NDIS Practice Standards structure

The Practice Standards are how the Commission measures quality and safety. The structure has three module categories, applied differently depending on the supports and services the provider delivers.

Core module

The Core module applies to all registered providers delivering higher-risk supports and services. It covers the universal expectations: rights of participants, provider governance, provision of supports, and the support environment. Most registered providers delivering active supports will be measured against the Core module.

Supplementary modules

Supplementary modules apply on top of the Core module, depending on the specific types of supports delivered. They cover more specialised support areas with their own standards: for example, supports requiring specialist expertise, supports for participants with complex needs, and behaviour support.

A provider delivering multiple support types is assessed against the Core module plus each Supplementary module relevant to their service mix. The combination determines the scope of the audit.

Verification module

The Verification module applies to providers delivering only lower-risk supports and services. Many providers in this category are already covered by professional regulation (for example, AHPRA registration for clinical professionals) or other recognised bodies, so the Verification module is lighter than the Core module.

Which module set applies is determined by the provider's registration group, which the Commission sets at the point of registration application. The applicable group determines whether the provider needs a Verification or Certification audit.

Verification versus Certification audits

There are two audit types under the NDIS Practice Standards framework. The Commission tells the provider which type applies based on the registration groups they hold.

An audit produces a finding rating per Practice Standard and per quality indicator. A major non-conformity (rating 0) on any standard requires the provider to remediate within three months. The Commission has the power to revoke or suspend registration where remediation is not delivered within that window. Minor non-conformities and observations do not affect registration but should still be tracked and closed.

Providers preparing for their first audit should expect the assessment to take several days at the site. The auditor's scope includes interviews with workers and participants, observation of supports being delivered, and review of documentation. A provider operating across multiple service types or sites should expect a longer audit window.

NDIS Worker Screening obligations

NDIS Worker Screening Checks are valid for five years from the date of issue. Workers in risk-assessed roles cannot operate without a current check.

The practical obligations on registered providers:

• Verify each worker's NDIS Worker Screening Check before they begin in a risk-assessed role
• Monitor expiry dates and prompt renewals before lapse
• Workers can apply to renew up to 90 days before expiry; renewal is via the worker screening unit in their current state or territory
• If a check expires, the worker must be removed from all risk-assessed roles immediately
• Maintain a register of all worker screening checks, expiry dates, and renewal status

The Commission notifies the employer when a linked worker's check is approaching expiry. Do not rely solely on those notifications. Maintain your own internal monitoring with a renewal trigger at 90 days, 60 days, and 30 days. Workforce planning around expiries is an operational risk most providers underestimate until their first lapse.

What auditors actually look for

Audit findings cluster around the same patterns year on year.

Incident management evidence. Auditors look for a complete record of incidents, the response, the timeline of action taken, and lessons applied. Patterns of incidents that suggest systemic causes are scrutinised more closely than isolated events.

Complaints handling. A complaints register that is complete and current is one of the cleanest signals of a functioning quality system. Gaps in the register, or complaints that are logged without resolution recorded, are findings.

Worker training and competency. Training records that demonstrate currency for every worker in risk-assessed roles, with renewal dates tracked. Generic training certificates without dated competency assessments are weak evidence.

Restrictive practices authorisations. For providers using restrictive practices, complete authorisation chains, behaviour support plans where required, and reporting against the relevant state or territory framework. The interaction between NDIS Practice Standards and state-based restrictive practices regimes can trip up providers operating across multiple jurisdictions.

Governance evidence. Board or management committee minutes that name quality and safety as a standing agenda item. The same governance pattern that the Aged Care Act 2024 expects under Section 180 applies operationally to NDIS providers: documented risk awareness, named owners, dated actions.

The 30-day pre-audit checklist

Most NDIS providers do not need a full re-architecture before their audit. They need a focused 30-day preparation cycle, with named owners and dated tasks. The pattern that works:

Week 4 (days −30 to −22)

• Confirm audit date, scope, and assessor with the Commission-approved Quality Auditor
• Brief executive leadership and the board on the audit
• Pull 12 months of incident, complaints, and worker screening data into a single brief
• Identify the registration groups in scope and the Practice Standards modules being assessed

Week 3 (days −21 to −15)

• Walk each applicable Practice Standard and identify the evidence for each quality indicator
• Refresh any policy documents older than 12 months
• Audit Worker Screening Check expiries; remediate any approaching lapse
• Update behaviour support plans for any participant where they apply

Week 2 (days −14 to −8)

• Run a mock audit on the most exposed Practice Standard
• Brief frontline workers on assessor expectations and participant-facing interviews
• Confirm interpreter and accessibility arrangements for participant interviews
• Print or organise digital access to all evidence files

Week 1 and audit day

• Final walkthrough with the senior team
• Confirm reception arrangements for assessor arrival
• Brief the board chair on potential findings before the audit begins
• Maintain a daily debrief during the on-site audit window

For providers operating across NDIS and aged care

Providers operating in both sectors face overlapping but not identical compliance regimes. The NDIS Practice Standards and the Strengthened Aged Care Quality Standards share themes (governance, rights, clinical care, environment) but the assessment cadence, the audit format, and the regulatory authorities are different.

The practical implications:

• Maintain separate evidence files for each regime, even where the underlying evidence overlaps. Auditors expect to see evidence formatted to their framework.
• Map your evidence types to both frameworks early. A care plan that satisfies an aged care Strengthened Standard outcome may also satisfy a corresponding NDIS Practice Standard, but the linkage needs to be explicit.
• Watch for integrated Commonwealth guidance. The Department has indicated it will issue cross-sector guidance for providers operating across both. Until that lands, treat each regime as independent.
• Section 180 of the Aged Care Act 2024 applies to responsible persons of aged care providers. Equivalent governance expectations apply under the NDIS Practice Standards, even if the personal liability mechanism is not identical.

What is still being clarified

Three areas of the 2026 NDIS changes are still being detailed by the Commission. Until they are published, take the cautious read.

The new SIL Practice Standards. The Commission has flagged new Practice Standards specifically for SIL, with stronger worker training and refined audit processes. The final form has not been published. Watch for the Commission's announcement.

Transition arrangements for SIL and platform providers. The Commission has indicated more guidance will be available in early 2026. Providers planning first-time registration should expect to begin documentation in advance of the published window.

Auditor capacity through the transition. The pool of NDIS Commission-approved Quality Auditors is finite. Higher demand around 1 July 2026 is foreseeable. Book audit slots earlier than usual, particularly for providers seeking certification audits.