The NDIS Commission will determine the auditing type to be used based on the information you provided in your application. This will either be a “certification” or “verification” quality audit based on the registration groups you are registered or are registering for and your organisation type.
Which auditing type do I need to complete?
Following your application, you will receive an “initial scope of audit” document from the NDIS Commission. This is a summary of your registration requirements and will tell you whether you need to complete a “certification” or “verification” type audit.
If you’re an individual sole trader or partnership delivering lower-risk or less complex supports and services, you’re not expected to present the same evidence as an NDIS organisation with a large workforce delivering more complex NDIS supports and services. This is because, according to the Commission,
“registration requirements under the NDIS Commission and the NDIS Practice Standards are designed to be proportionate.”
NDIS Providers with a smaller scope of service will generally complete a verification type audit.
What’s the difference between a “certification” and “verification” type audit?
A “certification” type audit is a more detailed audit requiring site visits, performance assessments through interviews with carers, participants and their families, as well as document and file reviews.
Verification audits are a “lighter touch” desk-top audit. At the Stage 2 Audit, your auditor will review your documentary evidence off-site rather than on-site. The auditing activities they undertake will be appropriate to the size of your business and the supports you deliver.
What are the requirements under a “verification” type audit?
NDIS providers identified for verification will need to meet requirements that include
evidence of a complaints management and an incident management system proportionate to the size of their organisation.
You will be assessed against the four outcomes in the verification module of the NDIS Practice Standards. These cover human resource management, incident management, complaints management and risk management.
What are the requirements under a “certification” type audit?
NDIS organisations that are body corporates and providers delivering more complex supports are required to obtain third-party quality assurance certification.
Your core capabilities are assessed against the NDIS Practice Standards and include governance and operational management, risk management, provision of supports and the support provision environment.
Apart from this core module, you will need to satisfy the requirements of the supplementary module relevant to the type of support you deliver.
Details of which modules you must complete for certification are outlined in the Registration requirements by Supports and Services document available on the NDIS Commissioner’s website.