• Frequently Asked Questions

    What other FAQs do you have?
How Do I Become an NDIS Provider?
  1.  Start a new application on the NDIS Application Portal
  2. Send your initial scope of audit to Community Audits Australia (an Approved Quality Auditor)
  3. Undergo an audit
  4. The NDIS Commission assess your application and makes a decision
  5. Receive your application outcome
 When MUST I register to be an NDIS Provider?

Providers must register with the NDIS Commission to:

  • deliver services and supports to NDIS participants who have their plan managed by the NDIA
  • deliver specialist disability accommodation, use restrictive practices, or develop behaviour support plans
  • deliver services or supports to older people with disability who are receiving continuity of supports under the Commonwealth Continuity of Support Programme relating to Specialist Disability Services for Older People.
What registration groups should I select when applying for NDIS?Support items are grouped into registration groups and those registration groups determine which NDIS Practice Standards apply to your organisation.   Different supports have different levels of risk and application relevant to the registration groups you select.  It is important to only select groups that are relevant to your business and clients.  Furthermore, you should ensure that you are aware of what each registration group's requirements are in order to know that you’ll be able to meet the ones you have selected.
What is a Quality Audit? To apply for or renew registration with the NDIS Commission or ACIA, all providers undergo an audit against the relevant Standards. We will assess your organisation against the components of the Standards that are relevant to the services and supports you deliver. Auditors will also undertake their activities in a way that takes your organisation’s size, scope, and service delivery risk into consideration.


Your organisation will undergo either a ‘verification’ (NDIS only) or ‘certification’ (NDIS or ACIS) quality audit. 


As part of the application for registration or renewal, it is the your responsibility to engage an approved quality auditor to assess your organisation’s compliance with the Standards.

How Much Does an Audit Cost? The cost of your audit is dependent on:
  • the type and number of modules you are registering for

  • the number of staff you have

  • the number of participants or clients you have

  • the number of outlets you have

As a company owned by a not-for-profit organisation, we keep our costs as low as we can.

CAA is owned by a Not for Profit and Charity Peak Body - ACIA

 Can CAA help me with my Policies or Preparing for the Audit? As auditors, our role is to assess the quality of your policies and procedures and your service provision, so we are not able to consult during your preparation or audit process.  We will provide feedback on areas needing improvement and our aim is to make the audit process a pleasant and educational experience.
 How quickly can I get the audit done and how long will it take? We can book your audit once you have provided all the relevant or required documents and our extensive team of auditors means we can be flexible and responsive.  Our Customer Relations Officers will be happy to discuss timeframe with you.

Audits vary in length dependent on their type and again, we will be happy to discuss, explore and explain.

What qualifications do I need to become registered as an NDIS Provider?In many cases, you don’t need formal qualifications, however depending on the registration groups you choose, there are very specific requirements for each that you must address in full.
 What happens for a Verification Audit?Usually you will provide all the documents requested according to the NDIS Verification Documentation Requirements booklet and our auditor will review them without you being present.  At the end of the audit, the auditor will either provide a list of items which were missing or did not meet standard, or will advise you that everything was present and correct.  If you have more items or information to provide, we ask you to do so within 5-7 calendar days.
What is a Stage 1 and Stage 2 Audit in Certification, and how do I prepare for these?Typically a stage 1 audit is undertaken by an auditor without you being present.  They go through a document review to check all the policies, documentation and requirements are met to enable the Stage 2 process to be undertaken.  By moving to the Stage 2 which may be remote or in person, it is where you demonstrate application and processes consistent with the documents provided in stage 1 and against the standards and registration groups that you have nominated.  If the auditor feels at stage 1 there are significant gaps, they may recommend delaying stage 2 or resubmission of the stage 1 self assessment and documents as significant work is involved based on the information they have received.
What happens after the Onsite (Stage 2) Audit? At that time the auditor has a short period (usually 5 working days)to write up the report and combine it with the other auditor(s).  This is then submitted to an independent and senior auditor for peer review to validate that the information contained in the report supports the outcome recommended.  Once finalised we will send feedback to you for comment.  Once agreed we submit the findings and report to the Commission and / or scheme owner as well as providing the final report and certificate to you if we have not already done so.  This will not usually occur until the outstanding balance on the account is paid.

CAA will help you through the auditing process and help your clients get the service and supports they need.

How long will the NDIS Commission take to process my application? In assessing your registration application, the NDIS Commission will consider the outcomes of the audit and conduct a suitability assessment of your organisation and key personnel.
  What is a suitability assessment?

The NDIS Commission assesses the suitability of NDIS providers and their key personnel to deliver NDIS supports and services.

This includes whether you or your key personnel have:

  • previously been a registered NDIS provider

  • had a banning order in place

  • any past convictions

  • been insolvent under administration

  • had adverse findings or enforcement action taken by any relevant authorities

  • been the subject of findings or judgement in relation to fraud, misrepresentation, or dishonesty

  • been disqualified from managing corporations

They will contact you if they need more information.  They will then make a decision and contact you to let you know if your application has been successful and the reasons why or why not.

Some applications take longer to process than others. The timeframe depends on various factors, including the size and scale of your organisation, as well as the complexity and range of the supports and services you deliver. Generally, the timeframe for completion of the registration will be no longer than 12 months; for many NDIS providers, it is a much shorter period.

If you have applied for renewal of registration prior to the date of expiry, your registration will automatically be extended until the Commissioner makes a decision on your application for renewal.  Once you have engaged an auditor and you provide them with a reference number and your scope of audit document, the auditor has nine months from the expiry date on your certificate of registration to complete the audit and report back to the Commission.

How long does my NDIS or ACIS Registration last?
Both schemes have a standard 3 year cycle for certification.
For NDIS, if you have had a verification audit, you will need to be audited at 3 years
For NDIS, if you have had a provisional audit, you will need to be audited within 3 months of commencing service provision and possibly again at midterm (18 months)
For NDIS, if you have had a full certification or recertification, you will need to be audited at 18 months or midterm
For ACIS, if you have had a full certification or recertification, you will need to be audited at 12 months or you an apply for special consideration to move to 18 month surveillance

Choosing CAA as your auditor

How is an Auditor selected as suitable to be an auditor, and indeed my auditor?

 All auditors have to undertake a formal auditing qualification, as well as training against the standard being certified.  Then they have to be assessed by the Auditing body (us)  to ensure they have the experience and qualifications for each element within the standard.  They need to maintain many compliance requirements including; insurances, training and audit logs, performance appraisals, peer auditing reviews and checks like working with children and police check.  An audit team will usually consist of a lead auditor and may include a support auditor and or trainee.  Where technical experts are required they may also be a part of the audit team. Sometimes JAS-ANZ or the scheme owners may attend the audit as part of our compliance requirements.  All auditors before accepting your audit must sign a declaration of no conflict of interest or bias, prior to the audit being allocated to them.
After registration or renewal do I only see the auditors for the midterm assessment? Generally yes, but it is important to understand that a Provisional assessment may result in a short noticed review of all remaining audit elements at any time.  The Commission can trigger an unscheduled audit at any time, so it is important that you maintain your systems and processes continually.
How do I prepare for the Surveillance or Midterm Audits?
 You should contact us to schedule the upcoming audit up to 6 months in advance to support your planning processes.  Usually, governance and any outstanding issues from previous audits are covered in these but that is dependent on the standard being assessed.
Can I change audit companies for the midterm or renewal?Yes you can, you just need to authorise us as your new auditing company and we will need to undertake a few checks including accessing your previous audit report.  We may additionally request additional documents at this time to validate the report findings.