A plain-English guide for Certification providers. What the mid-term audit assesses, how it differs from your initial audit, and how to make sure you're ready.
TL;DR
The mid-term audit is a mandatory surveillance check for Certification providers at roughly the 18-month mark of your three-year registration. It's narrower in scope than your initial audit — typically a remote desktop review — but auditors expect your documentation to be current and your registers to show active, real-world use. Verification providers don't need one.
The mid-term audit (sometimes called a surveillance audit) is a mandatory check-in for Certification providers, scheduled approximately 18 months into your three-year registration period. It exists to confirm you're continuing to operate in line with the NDIS Practice Standards — not just at audit time, but throughout your registration.
It's not a full re-registration. You won't be re-assessed against every standard from scratch. But auditors will look at whether your documentation is current, your registers are in active use, and your operations genuinely match your policies.
Only Certification providers. If you hold a Certification registration, a mid-term audit is mandatory — you can't opt out.
Verification providers do not have a mid-term audit. Verification registrations run for three years and move straight to a renewal audit. If you're unsure which type of registration you hold, check your Certificate of Registration from the NDIS Commission.
Preparing for a Verification audit instead? See the Verification pack →
Auditors check that you're actually operating in line with the policies you submitted at your initial audit. If your incident management policy says you investigate incidents within 24 hours, you should be able to show that you do.
Empty registers are the most common mid-term finding. Your incident register, complaint register, risk register, and training register should have real entries — not the blank templates you submitted at initial audit.
Any changes to your services, supports, key personnel, or operating model should be reflected in updated documentation. Auditors look for evidence that your documentation evolves with your business.
Your Quality and Continuous Improvement Plan should show active entries — improvements identified, actioned, and closed out. This is often under-prepared at mid-term.
If your initial audit raised any non-conformities, auditors will check these are fully resolved. Unresolved prior findings are a red flag.
| Initial audit | Mid-term audit | |
|---|---|---|
| Scope | Full assessment against all relevant Practice Standards | Focused on ongoing operation and changes since certification |
| Format | Two-stage: desktop review + on-site visit | Usually desktop only (remote review) |
| Duration | Days to weeks depending on provider size | Typically one to two days of auditor review |
| Cost | $3,000 – $8,000+ | $1,500 – $4,000 typically |
| On-site visit | Required for Certification | Usually not required |
Review your policies and procedures for anything that's changed since your initial audit — new services, new staff, new processes. Update them to reflect how you actually operate now.
Check every register. Incident register, complaint register, risk register, training register — each should have real entries. If they're still blank from your initial audit, that's your biggest risk.
Update your Quality and Continuous Improvement Plan with improvements you've identified and actioned. Even small changes count — what matters is that you're actively reviewing and improving.
If your initial audit raised any findings, confirm they're fully resolved and you have evidence. Auditors will check these first.
Ensure your documentation reflects current staff, roles, and responsibilities. Key personnel declarations should be current.
The NDIS Audit Pack
One pack. Every policy, procedure, form, and register required by the NDIS Practice Standards. Editable Word and Excel templates, delivered instantly to your inbox.
The NDIS Commission and your auditor will contact you to schedule it. It typically falls around the 18-month mark of your registration, but can vary. Don't wait to be prompted — start preparing your registers and updating documentation well before then.
No. Mid-term audits are only required for Certification providers. Verification registrations run for three years without a mid-term check-in.
You'll receive non-conformities to address within a set timeframe, similar to the initial audit process. Serious or repeat non-conformities can put your registration at risk. Preparing properly — especially ensuring registers are in active use — is the best way to avoid this.
Primarily your registers (are they in active use?), your policies (are they current and still aligned to how you operate?), and evidence of continuous improvement. They'll also check any non-conformities from your initial audit are resolved.
You can use the same documents as a base, but they need to be updated to reflect your current operations. Policies that no longer match how you work — or registers that haven't been touched since your initial audit — are the most common causes of mid-term findings.
The auditor's review typically takes one to two days. The preparation time depends on how current your documentation is — providers with well-maintained registers and up-to-date policies usually spend a few hours preparing rather than weeks.
One pack covers every audit type. Editable Word and Excel templates aligned to the NDIS Practice Standards.
Get the Audit Pack