NDIS Mid-Term Audit Checklist: What Providers Must Prepare (Complete Guide)

If you’ve been told your NDIS mid-term audit is coming up, you’re probably asking yourself:

“What exactly are they going to check this time?”
“Do I need to redo everything?”
“What documents will they want to see?”

The good news?
Mid-term audits are predictable — if you understand what they’re designed to assess.

They are not about starting from scratch.
They are about confirming that your systems are:
• still working
• still being used
• still being reviewed

This guide gives you a practical, provider-friendly checklist for preparing for your NDIS mid-term audit — without drowning in paperwork or scrambling the week before.

What Is an NDIS Mid-Term Audit?

A mid-term audit is conducted partway through your certification period (usually around the 18-month mark for registered providers under Certification).

Its purpose is to confirm that:
• you are still compliant with the NDIS Practice Standards
• your policies and procedures are being implemented
• you have evidence of ongoing quality and safety
• you are managing risks appropriately

It is not just a paperwork review.
Auditors want to see how your systems work in real life.

What Mid-Term Audits Focus On

Mid-term audits usually concentrate on:

• incident management
• complaints and feedback
• risk management
• worker screening
• training and supervision
• continuous improvement
• restrictive practices (if applicable)
• service delivery records

In other words, auditors want to know:
“Are you actually doing what your policies say?”

The Three Things Auditors Look For

For every area they assess, auditors are looking for:

1. A policy or procedure

2. A process or tool

3. Real evidence of use

For example:

If you say you manage incidents:
• you need an Incident Policy
• an Incident Form
• an Incident Register
• real incident records

If you say you handle complaints:
• you need a Complaints Policy
• a Complaints Form
• a Complaints Register
• evidence of resolution

Mid-term audits fail when providers have policies… but no proof of use.

NDIS Mid-Term Audit Checklist

Here’s what you should prepare before your audit.

1. Governance & Risk

Auditors may ask for:

• your Risk Management Policy
• your Risk Register
• Business Continuity Plan
• evidence risks are reviewed

They will want to see:
• risks rated
• controls identified
• review dates recorded

2. Incidents & Safety

Prepare:

• Incident Management Policy
• Incident Forms
• Incident Register
• investigation records
• corrective actions

Auditors will ask:
• How are incidents reported?
• Who reviews them?
• What changes were made?

3. Feedback & Complaints

Have ready:

• Feedback & Complaints Policy
• Complaints Register
• complaint investigation records
• participant information

They will look for:
• timeframes
• outcomes
• follow-up actions

4. Human Resources & Screening

Prepare evidence of:

• NDIS Worker Screening
• WWCC (if relevant)
• induction records
• training logs
• supervision notes

Auditors will ask:
• How do you ensure staff are safe?
• How do you train them?
• How do you supervise them?

5. Service Delivery

Be ready to show:

• service agreements
• consent forms
• case notes
• participant risk assessments
• progress records

They will want to see:
• participant involvement
• evidence of choice and control
• records of support delivered

6. Privacy & Records

Have:

• Privacy Policy
• confidentiality agreements
• secure storage evidence
• breach procedures

Auditors may ask:
• How do you store records?
• Who can access them?
• What happens if there is a breach?

7. Continuous Improvement

Prepare:

• Continuous Improvement Plan
• improvement register
• internal audit records
• management meeting notes

They want to see:
• you learn from issues
• you act on feedback
• you update systems

8. Restrictive Practices (If Applicable)

If you provide behaviour support or implement BSPs:

Have ready:

• Restrictive Practices Policy
• authorisation records
• monthly reports
• reduction strategies
• BSPs

Auditors will ask:
• How are practices authorised?
• How are they monitored?
• How are you reducing them?

What Auditors Commonly Ask in Mid-Term Audits

You can expect questions like:

• How do you manage incidents?
• How do participants make complaints?
• How do you train staff?
• How do you manage risk?
• How do you review your systems?
• How do you keep records secure?

The best answers always link back to documents:

“We follow our Incident Management Procedure and record incidents in our Incident Register.”
“We use our Risk Register and review it quarterly.”
“We document training in our Training Register.”

Click here for our full guide on commonly asked questions!

Common Mid-Term Audit Mistakes

The biggest mistakes providers make:

• having policies but no records
• not updating registers
• not reviewing plans
• staff unsure of processes
• no evidence of improvement

Auditors interpret this as systems not being embedded.

How to Stay Ready (Not Just Audit-Ready)

Instead of scrambling:

Quarterly:
• review incident register
• review risk register
• update improvement plan

Biannually:
• review training
• refresh policies
• run internal audits

Annually:
• full documentation review
• participant feedback
• emergency drills

This turns audits into confirmation — not crisis.

How Swell Policy Studio Packs Support Mid-Term Audits

Our packs are designed for audits, not just compliance theory.

Each pack includes:
• NDIS-aligned policies
• ready-to-use registers
• audit-focused templates
• editable Word documents
• versions tailored by provider type

So when auditors ask:
“Can you show me…”
You already have it.

Which Pack Is Right for You?

Core Module Packs
For certified providers delivering disability supports
Available in:
• General
• Behaviour Support
• Support Coordination

Module 2 & 2A Packs
For behaviour support and implementing providers

Module 4 Pack
For Specialist Support Coordination

Explore packs here:
🛒 View all NDIS Policy Packs
📘 Core Module Packs
🧩 Module 2, 2A & 4 Packs

Final Thoughts

A mid-term audit is not about catching you out.
It’s about proving your systems work.

If you can show:
• policies
• processes
• proof
You’ll pass with confidence.

The real risk isn’t being non-compliant.
It’s being unable to show compliance.