How to Respond to an NDIS Audit Findings Report
After your ASQA audit, you'll receive a written findings report within 2-4 weeks. If you're compliant with no issues, congratulations—you're done. If you have conditions or non-compliance findings, this guide walks you through prioritization, remediation, and getting back to compliance. From our Enrichment Care audits and work with hundreds of providers, we've learned that the difference between providers who get stuck and providers who quickly remediate is their approach to findings. Some panic and try to fix everything at once. Others get defensive and do nothing. The right approach: stay calm, prioritize high-impact fixes, and execute systematically. This guide shows you how.
Understanding Your Findings Report: What Different Ratings Mean
Your report will categorize findings as: (1) Compliant—no findings. You're done. (2) Compliant with conditions—minor non-compliance (usually 2-5 findings) that must be fixed within 2-4 months. You'll likely get a follow-up audit to verify fixes. (3) Not compliant—major non-compliance (usually 5+ findings) requiring significant remediation. You'll definitely get a follow-up audit, and NDIS Commission may investigate. Within your report, each finding will reference the specific Practice Standards module (1-4) and will state the issue and evidence cited. The auditor will explain what you need to do to resolve it. Read every finding carefully. Some are straightforward ('Your complaints register is missing dates'—easy fix). Others are systemic ('Your service delivery is not goal-focused'—bigger fix).
Prioritization Framework: What to Fix First
Not all findings are equal. Prioritize using this framework: Tier 1 (fix first, within 2 weeks): Findings affecting participant safety or legal compliance. Examples: 'Allegation not reported to NDIS Commission,' 'Worker screening incomplete,' 'Invoicing discrepancies.' These go to your leadership and legal exposure. Fix immediately. Tier 2 (fix within 4 weeks): Findings affecting service quality or operational integrity. Examples: 'Support plans don't link to participant NDIS goals,' 'Complaint process not documented,' 'Staff training records incomplete.' These affect your ability to serve participants and demonstrate compliance. Fix promptly. Tier 3 (fix within 8 weeks): Administrative or organizational findings. Examples: 'Policy handbook needs update,' 'Board meeting minutes not documented,' 'Staff records need archival process.' These are important but less urgent. Fix systematically alongside Tier 1 and 2 remediation. Your findings report may indicate deadlines for specific items—prioritize those first.
Remediation: How to Fix Each Finding Type
For each finding, the auditor will explain what's missing. Here's how to fix common types: Finding: 'Participant files don't show goal-focused service delivery.' Remediation: Revise your support plan template to explicitly link each support activity to participant NDIS goals. Conduct a retrospective review of 5-10 participant files and add explicit goal-linkage if missing. Train your coordination team on the revised process. Provide new support plans to participants with goal-linked documentation. Finding: 'Complaints register is incomplete (missing dates, outcomes).' Remediation: Conduct a review of all complaints from the past 12 months. Backfill missing information (dates, outcomes). Update your complaints policy to specify what information must be documented. Train your team on the new template. Going forward, use the updated register. Finding: 'Worker screening records are missing or expired.' Remediation: Audit all active workers' screening dates. For expired or missing screening, immediately contact workers and arrange Blue Card renewal. Do not schedule workers for supports until screening is current. Update your screening register and set expiry alerts 4 weeks before expiry to prevent future lapses. Finding: 'Invoicing does not consistently match support plans or timesheets.' Remediation: Conduct a full audit of invoices from the past 6 months. Identify discrepancies (overbilling, underbilling, rate errors). Create a corrective action plan if you've overbilled. Revise your invoicing process to add a verification step. Train your billing team. Use ShiftCare or Lumary to automate verification and reduce manual errors.
Remediation Timeline and Documentation
Create a remediation plan document for each finding. Include: (1) Finding description (copied from audit report). (2) Root cause (why did this happen?). (3) Remediation action (what you'll do to fix it). (4) Owner (who's responsible). (5) Deadline (when will it be done). (6) Evidence of completion (what proof will you show the follow-up auditor?). Share the remediation plan with your team and track progress weekly. This level of documentation shows auditors that you took findings seriously and systematically fixed them. During your follow-up audit, you'll produce this remediation plan and evidence of completion—auditors will review it and verify fixes. If you can show comprehensive, thoughtful remediation, auditors will recommend compliance on the second audit.
Follow-Up Audit: What to Expect
Your follow-up audit will focus narrowly on the findings from the first audit. The auditor will review your remediation documentation and ask: 'Show me the changes you've made. Prove that you've fixed this finding.' They'll interview staff to confirm the new process is working. They'll review updated records. This audit is usually shorter (1-2 days vs. 2-3 days for full audit) because the scope is limited. If you've genuinely remediated, you'll easily pass. If you've just done cosmetic fixes without genuine systemic change, auditors will see through it immediately.