If you’re applying to become a registered NDIS provider or renewing an existing registration, one of the first things you’ll discover is that not every provider goes through the same audit. There are two distinct pathways: a verification audit and a certification audit. And here’s the part that trips up most people we work with: you don’t get to pick which one you’d prefer. Your registration groups decide it for you.
Choosing the wrong assumption at this stage doesn’t just cause confusion. It can add thousands of dollars to your costs and push your registration out by months. So before you lodge your application, it’s worth understanding exactly how these two audit types differ, what triggers each one, and how to prepare properly for the pathway you’ll actually be assigned.
This guide breaks it all down.
First, why do NDIS audits exist at all?
Every provider seeking registration must be independently assessed against the NDIS Practice Standards before the NDIS Quality and Safeguards Commission (the NDIS Commission) will approve them. This assessment is carried out by an Approved Quality Auditor (AQA) an independent body, not the Commission itself.
The reason there are two pathways is straightforward: not all supports carry the same level of risk to participants. A provider supplying assistive technology equipment presents a very different risk profile to one delivering 24-hour supported accommodation. The audit framework is deliberately risk-tiered to reflect that reality.
- Lower-risk, less complex supports → assessed through a verification audit
- Higher-risk, more complex supports → assessed through a certification audit
Both pathways exist to give participants, families, and the Commission confidence that services are safe, competent, and delivered to a consistent national standard.
What is a verification audit?
A verification audit is the simpler and faster of the two pathways. It is a desktop (document-based) review; there is no on-site visit, no participant interviews, and no observation of how you deliver your services. The auditor simply reviews your documentation to confirm it demonstrates that you meet the relevant Practice Standards.
Verification applies to providers delivering lower-risk, non-clinical, or largely administrative supports. Many providers in this tier are already subject to professional regulation, for example, allied health practitioners registered through the Australian Health Practitioner Regulation Agency (AHPRA), which means their competence is already being independently monitored.
Typical verification-pathway supports include:

- Therapeutic supports (e.g., allied health such as physiotherapy, occupational therapy, speech pathology, psychology, podiatry)
- Plan management
- Household tasks (e.g., cleaning, gardening)
- Assistive technology and equipment supply
- Transport assistance
What the auditor reviews
For verification, your documentation is assessed against the four outcomes of the Verification Module of the NDIS Practice Standards. In practice, providers are commonly asked to evidence core operational systems, including:
- Human resource management (staff qualifications and credentials for key personnel)
- Complaints management and resolution
- Risk management
Because there’s no on-site component to schedule and the document scope is narrower, verification is considerably quicker. From the point of engagement with your AQA, it typically completes within 4–8 weeks. Providers usually answer a smaller self-assessment, often only around four questions.
In short: a verification audit confirms that your systems, insurance, and staff qualifications align with NDIS requirements, without an on-site inspection.
What is a certification audit?
A certification audit is significantly more rigorous. It’s a two-stage process combining an off-site document review with an on-site assessment, and it’s required for providers delivering higher-risk or more complex supports.
Typical certification-pathway supports include:
- Supported Independent Living (SIL)
- Specialist Disability Accommodation (SDA)
- Specialist (positive) behaviour support
- Personal care and high-intensity daily personal activities
- Community nursing and complex health supports
- Early childhood supports
- Group and centre-based activities
The two stages
Stage 1 — Documentation review (usually off-site): The auditor reviews your policies, procedures, self-assessment responses, and supporting evidence. This is similar to a verification review but broader. At this stage, you’ll be advised of any areas of potential non-conformity to address before Stage 2.
Stage 2 — On-site assessment: The auditor visits your premises, interviews your key personnel and staff, speaks with participants (with consent), samples participant files, and observes service delivery in practice. This is where the focus shifts from what your policies say to what actually happens on the ground.
Certification providers are assessed against the Core Module of the Practice Standards plus any applicable supplementary (specialist) modules relevant to their registration groups. The self-assessment is far more detailed; providers may need to respond to 22 or more questions, each supported by documented evidence.
Reflecting the depth involved, a certification audit typically takes longer to complete, and the overall registration timeline commonly runs to several months once Commission processing is factored in.
The single most important rule: one certification group pulls in the whole application
This is the point we emphasise most with the providers we support, because getting it wrong is expensive.
If your application includes even one registration group that requires certification, your entire audit becomes a certification audit regardless of how many verification-only groups you also hold. There is no mixed or blended pathway.
In other words, a provider who mostly delivers low-risk supports but adds a single higher-risk group will be assessed against the full certification framework. Adding one group that triggers certification can meaningfully increase your audit cost and extend your timeline.
There’s also a related nuance worth knowing: holding only low-risk registration groups doesn’t automatically guarantee the verification pathway. If the Core Module applies to your scope based on your self-assessment responses, you may still be directed into certification. Your registration groups and your self-assessment answers together determine your pathway, not your business size, and not your preference.
Verification vs certification at a glance
| Feature | Verification Audit | Certification Audit |
| Applies to | Lower-risk, less complex supports | Higher-risk, more complex supports |
| Assessment type | Desktop/document review only | Two-stage: desktop + on-site |
| On-site visit | No | Yes |
| Participant interviews | No | Yes (with consent) |
| Standards assessed | Verification Module (four outcomes) | Core Module + supplementary modules |
| Self-assessment size | Smaller (often ~4 questions) | Larger (22+ questions) |
| Typical timeframe | ~4–8 weeks from engaging AQA | Several months (multi-stage) |
| Mid-term audit required? | No | Yes (~18 months in) |
| Renewal cycle | Every 3 years | Every 3 years |
Audit costs are set independently by each AQA and vary with provider size, number of sites, participant numbers, and the complexity of your registration groups. Always request a tailored quote based on your Initial Scope of Audit.
How do you find out which pathway applies to you?
You won’t have to guess. When you begin your registration application, you’ll complete a self-assessment against the Practice Standards relevant to your chosen supports. Based on your selected registration groups and your responses, the NDIS Commission issues an Initial Scope of Audit (ISoA), the document that tells you definitively whether you’re on the verification or certification pathway, and which modules apply.
The Commission also publishes a registration groups/classes of support table that maps each support type to its required audit. If you’re unsure how your intended services map across to that table, combined with expert guidance, is the place to start.
Don’t forget: certification comes with a mid-term audit
If you’re on the certification pathway, your obligations don’t end once you’re registered. Certification operates on a three-year cycle, and there’s an additional checkpoint partway through: the mid-term audit.
Under the National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018, a mid-term audit must commence no later than 18 months after your registration period begins. It’s conducted on-site and focuses primarily on the Governance and Operational Management standards of the Core Module, confirming that your systems are still being maintained and improved in practice. Participant interviews typically form part of it.
Verification providers, by contrast, have no mid-term audit; they simply renew their verification every three years.
A timely reminder for SIL providers
If your organisation delivers or plans to deliver Supported Independent Living, this is especially important. SIL registration requires a certification audit, not a verification audit. With audit wait times running to several weeks or more, providers who leave preparation late risk delays that can affect their ability to operate compliantly. If SIL is part of your scope, it’s wise to begin your certification preparation well ahead of any deadline rather than at the last minute.
Registration timelines, deadlines, and rules can change. Always confirm current requirements directly with the NDIS Commission or with a compliance specialist before making decisions.
What happens if the audit finds a problem?
Both audit types result in an audit report submitted to the NDIS Commission, with a rating against each applicable Practice Standard and quality indicator. The Commission then makes the registration decision; it may accept the report, request further information, or impose conditions.
If your audit identifies a major non-conformity, your registration won’t progress until it’s resolved. You’ll generally have three months to rectify a major non-conformity and complete a successful follow-up audit. This is exactly why thorough preparation, rather than hoping issues won’t surface, is the smarter, cheaper approach.
How Angels Compliance and Training Services can help
Understanding your audit pathway is one of the most consequential steps in your entire NDIS journey, and it’s one where small missteps carry real cost. Whether you’re registering for the first time, expanding your registration groups, or approaching renewal, getting the pathway right from the outset saves time, money, and stress.
At Angels Compliance and Training Services, we help providers:
- Interpret your Initial Scope of Audit and confirm whether you’re on the verification or certification pathway
- Select only the registration groups you genuinely need, keeping your audit scope and costs manageable
- Build audit-ready policies, procedures, and evidence mapped to the relevant Practice Standards
- Run a pre-audit readiness check to identify and close compliance gaps before your official assessment
- Prepare your team for on-site certification stages, including staff and participant interviews
- Stay on top of ongoing obligations like the mid-term audit and three-yearly renewal
The audit doesn’t have to be intimidating. With the right preparation, it becomes an opportunity to strengthen your organisation and build lasting trust with participants and their families.
This article is general in nature and provided as a guide only. NDIS registration requirements, audit rules, timeframes, and deadlines are set by the NDIS Quality and Safeguards Commission and may change over time. For advice specific to your organisation, contact Angels Compliance and Training Services or refer to the current guidance published by the NDIS Commission.

