Provisional vs Full NDIS Certification: The Audit Trap

Winter, EnableUs Community

[calm] Welcome to the show -- and here's the trap. You can get your NDIS Certificate of Registration, look at it, think "beauty, we're done," and still NOT be fully certified.

Will, EnableUs Community

[matter-of-fact] Yeah, and that catches a lot of new providers. Because a provisional certification audit sounds like a certification audit -- same word, same vibe -- but it's not the full thing. It's more like the process has been paused halfway, and the Commission has attached a condition saying, in effect, "we'll need to come back once you're actually delivering services."

Winter, EnableUs Community

[questioning tone] That word you used -- "paused" -- is the bit that matters, hey. Because plenty of people hear "registered" and translate it as "finished." But if there's a condition on the certificate, the audit is not finished. It's just waiting for real-world evidence.

Will, EnableUs Community

[serious] Exactly. And the tension gets real the moment service delivery starts. If you're a new provider in a certification pathway and you've only done a provisional audit, the next audit clock doesn't start when you feel settled. It starts when you commence certification-level services.

Winter, EnableUs Community

[skeptical] And not just any service, right? That's where people get tripped up. If your registration scope includes both lower-risk verification supports and higher-risk certification supports, the clock isn't triggered by doing, say, transport. It's triggered when you begin a certification support category.

Will, EnableUs Community

[responds quickly] That's an important nuance. A common example is Assistance with Daily Personal Activities -- that's a certification support category. Start delivering that, and generally you've got about 90 days -- roughly three months -- to complete the follow-up condition audit, also called a Remaining Elements of Certification audit, or REC audit.

Winter, EnableUs Community

Ninety days. That's the number I'd want taped to my monitor. [short pause] Because three months sounds generous until you've onboarded your first participant, you're hiring, you're rostering, and then suddenly you've also gotta line up an approved quality auditor.

Will, EnableUs Community

[warmly] Yep. And auditors are often busy, which is why the practical advice is to book at least a month in advance. Providers sometimes wait until they're already underway, then realise the condition audit has a tight window and the calendar's not on their side.

Winter, EnableUs Community

I mean, that's the bit that makes me wince. [sighs] You do all this work to get registered, then the "surprise" isn't that you failed anything -- it's that you misunderstood the pathway. And misunderstanding the pathway costs time.

Will, EnableUs Community

And just to sharpen that: a provisional certification audit is there for new providers who haven't commenced service delivery yet. It lets them get registration before they have participants. Operationally, that makes sense. But the trade-off is you're not fully certified yet, and your certificate will usually carry that condition requiring the remaining elements to be audited later.

Winter, EnableUs Community

So if someone's listening and they're pre-launch, the question isn't just "can I get registered?" It's "what exactly will still be hanging over me once I am?"

Will, EnableUs Community

[curious] Right -- and that leads straight into the real distinction: what the auditor can assess on paper, versus what they can only assess once participants and workers are involved.

Winter, EnableUs Community

Okay, let me try to explain it back. A provisional certification audit is basically a desktop review. Policies, procedures, governance systems, readiness -- all the paperwork that says, "we are set up to deliver safely." But because there are no participants yet, there's no proof of implementation. No participant files, no interviews, none of that.

Will, EnableUs Community

[matter-of-fact] That's it. It's documentation-only, very similar in structure to a verification audit in that sense, except it's assessed against the certification modules, not the verification module. The auditor is looking at whether your systems are in place and adequate. They are not testing those systems against lived service delivery because there's nothing live yet.

Winter, EnableUs Community

And "nothing live yet" is doing a lot of work there. Because a full certification audit is a very different beast.

Will, EnableUs Community

It is. Full certification has two stages. Stage 1 is the documentation review -- policies, procedures, self-assessment, all of that. Then Stage 2 is the onsite assessment. That's where the auditor visits, interviews staff, interviews participants, samples participant files and staff files, and checks whether the policies are actually being understood and implemented in practice.

Winter, EnableUs Community

[sharply] Stage 2 within THREE months of Stage 1, yeah?

Will, EnableUs Community

Yes -- Stage 2 must occur within three months of Stage 1. That's one of those timeline details that's easy to gloss over until you're trying to coordinate people, files, locations, and interview availability.

Winter, EnableUs Community

And the participant interviews are on an opt-out basis, which is a pretty specific detail. It means participant involvement isn't some rare extra -- it's built into the audit unless they opt out.

Will, EnableUs Community

[calm] Correct. And that's why full certification is really about implementation evidence. You're being assessed against the Core Module of the NDIS Practice Standards, plus any relevant supplementary modules for your registration groups. It's the most comprehensive audit pathway in the NDIS system.

Winter, EnableUs Community

So if you already have participants, full certification is the cleaner outcome. That's the phrase I keep coming back to. Cleaner. Because you do Stage 1, then Stage 2, the report goes to the Commission within 28 days of the audit's completion, and you're not carrying that extra condition audit from a provisional start.

Will, EnableUs Community

That's the practical contrast. If you already have participants -- or can realistically wait until you do -- full certification avoids the additional follow-up obligation that comes with provisional approval. But if you're brand new and you need the registration certificate before your first participant is onboard, provisional can be the practical pathway.

Winter, EnableUs Community

[lightly] Practical now, busier later.

Will, EnableUs Community

[chuckles] That's a fair way to put it. Because once you do commence certification-level services, the condition audit is there to verify participant outcomes, safety, and quality in actual operation. Usually one or two approved quality auditors onsite for up to four hours, reviewing client files, staff files, and interviewing staff and participants.

Winter, EnableUs Community

Up to four hours sounds short until you realise how much is packed into those four hours. Files, interviews, implementation... it's basically the part the provisional audit couldn't test.

Will, EnableUs Community

Exactly. It's the remaining elements. And the timing can get even trickier if you start service delivery late in your registration period. If services commence between 12 and 18 months from your registration date, the condition audit may need to be completed as part of the mid-term audit, which has to commence no later than 18 months after initial registration.

Winter, EnableUs Community

[skeptical] That 12-to-18-month window is where I think providers can get caught planning backwards. Because now you're not just booking one audit -- you may be trying to bundle the condition audit with the mid-term audit, and that only works if the auditor and the Commission are on board.

Will, EnableUs Community

Right. Bundling can reduce disruption, but it has to be coordinated early. You don't wanna discover at month 17 that the dates, the evidence, and the auditor availability don't line up.

Winter, EnableUs Community

So the real compliance question isn't only "am I doing provisional or full?" It's more precise than that. It's: when will my FIRST participant in a certification support category sign a service agreement and start receiving that support?

Will, EnableUs Community

[reflective] Because that's the moment the 90-day clock starts, not the day you got registered, not the day you hired your first worker, and not the day you started a lower-risk verification support. So if you're a new provider mapping this out right now... are you actually planning around your registration date, or around the first day a certification-level service really begins?