8 NDIS Documentation Mistakes That Could Fail Your Next Audit

NDIS audits are not pass/fail events that happen once and are forgotten. Registered providers face regular certification and verification audits, and the documentation requirements are specific. Non-conformances — even minor ones — can trigger corrective action requirements, repeat audits, and in serious cases, registration conditions.

Most audit failures are preventable. Here are eight documentation mistakes that commonly cause problems.

1. Incident reports that are incomplete or filed late

The NDIS Practice Standards require that reportable incidents are documented and notified within specific timeframes. Incomplete incident reports — missing the time, the people present, the actions taken, or the follow-up outcome — are a recurring finding. So are reports filed days after the incident instead of promptly. Auditors look at timestamps.

The fix: standardise your incident report template with required fields, and set an expectation that reports are submitted within 24 hours of the incident occurring.

2. Carer qualifications tracked outside the system

If your worker qualification records live in a spreadsheet that one person maintains, you have a single point of failure. When that person is on leave, when the spreadsheet is out of date, or when an auditor asks for a qualification record you can't quickly produce, the gap becomes visible.

The fix: qualification records — including expiry dates and document scans — should live in your workforce management system, with automatic expiry alerts.

3. Support plans that haven't been reviewed on schedule

NDIS Practice Standards require that participant support plans are reviewed at agreed intervals. Many providers create strong support plans at onboarding and then let them drift. An auditor who finds support plans with review dates that have passed without action will note it.

The fix: build support plan review dates into your scheduler or CRM as a standing task with alerts.

4. Consent records that can't be produced quickly

For any service where participant consent is required — photography, information sharing, specific interventions — the signed consent must be producible on request. If consent records are filed in paper, scanned to a generic folder, or not collected at all, an audit will surface it.

The fix: consent documents should be attached to the participant record and retrievable by name in under a minute.

5. No documented communication trail for complaints

If a participant or family member raises a complaint, the NDIS expects a documented response process: acknowledgement, investigation, resolution, and outcome. A verbal conversation that was never written down is not a record. Auditors ask for the complaint register and the associated communication trail.

The fix: log every complaint in writing, even when it starts as a phone call, and document each step of the resolution.

6. Carer screening clearances not verified at the point of rostering

Holding a valid NDIS Worker Screening Clearance is a condition of delivering NDIS services. Providers that don't have a process to verify clearance status before assigning a carer to a shift — or that let expired clearances go unnoticed — face serious findings.

The fix: verification of screening clearance should happen automatically when a carer is assigned to a shift, not as a separate manual check.

7. Shift records with missing check-in or check-out times

Shift records that show a shift was "completed" without a check-in or check-out timestamp raise questions about whether the shift actually occurred as recorded. Auditors use this to identify systematic gaps in record-keeping.

The fix: make digital check-in and check-out a hard requirement in your carer app, with records that include GPS data where appropriate.

8. Outdated policies that haven't been reviewed

Your policy and procedure documents have review dates. When auditors find policies with review dates two or three years past, it signals that governance processes are not being maintained. Even if the content of the policy is still appropriate, the missed review is a finding.

The fix: schedule annual policy reviews in your calendar as a standing obligation, with clear ownership.

Teiro helps address many of these gaps directly — qualification tracking with expiry alerts, incident reporting from the carer app, and a full communication history for each client. Book a demo to see how it works in practice.