Verification or Certification? The NDIS Audit Mistake That Costs Big

Winter, EnableUs Community

[calm] Welcome to the show -- and here’s the expensive mistake. A provider ticks one extra registration group, thinks, “nice, we’ll offer that too,” and suddenly their audit bill doesn’t look like $1,500 to $3,000 anymore. [pauses] It looks more like $3,000 to $12,000 or more. Same business, same team, completely different pathway.

Will, EnableUs Community

[matter-of-fact] And the killer is, it’s usually not the audit date that matters first. It’s that fork in the road between verification and certification. That choice shapes the whole thing -- your timeline, the evidence you need, whether auditors just do a desktop review or actually come onsite, and how much operational pain you’re signing up for.

Winter, EnableUs Community

[questioning tone] So when people say, “I’m getting ready for my NDIS audit,” the real question isn’t “when is it?” It’s “which audit are you ACTUALLY heading into?” Because those are not small variations. They’re different worlds.

Will, EnableUs Community

[calm] Exactly. Verification is lighter, faster, cheaper. Certification is more detailed, more invasive, more expensive, and it can stretch the registration process out to three to six months -- and that’s before Commission processing time. So if you choose your registration groups without understanding what they trigger, you can blow up your budget before you’ve even started serving participants.

Winter, EnableUs Community

[skeptical] And this is the trap, right? People shop the registration groups like a menu. “We could do household tasks... maybe transport... maybe add community groups later...” [short pause] But one of those can quietly change the entire compliance burden.

Will, EnableUs Community

[responds quickly] Yes -- and not quietly, really, once the invoice arrives. [chuckles] If even one support group sits in certification, your whole application goes through certification. You don’t get to keep the easy bits in verification and isolate the hard bit somewhere else. There’s no split pathway.

Winter, EnableUs Community

That “no split pathway” line is the one I want people to remember. Because I can absolutely picture an allied health practice thinking, “We’ll do occupational therapy, that sounds straightforward,” and then adding group-based community participation... and not realising the second choice drags the WHOLE application across.

Will, EnableUs Community

[firm] That example is spot on. Occupational therapy might sit comfortably with lower-risk supports, but if you add a certification-triggering support like community participation groups, you’re in certification for everything. One box changes the whole lane you’re driving in.

Winter, EnableUs Community

[reflective] Which is why the earliest smart question isn’t “how do I pass the audit?” It’s “what am I accidentally applying for?” Because once you’ve set the scope badly, the rest of the process is just you discovering how expensive that misunderstanding was.

Will, EnableUs Community

[curious] Alright, plain English. Verification is generally for lower-risk, lower-complexity supports. Think plan management, household tasks -- that’s registration group 0120 -- travel and transport assistance, 0108, assistive products for personal care and safety, 0103, home modification construction and installation, 0160, and for many providers, therapeutic-type services that are already tied to professional regulation.

Winter, EnableUs Community

[questioning tone] And when you say “verification,” what does the provider actually experience? Like, what are they doing in real life?

Will, EnableUs Community

Good question. [matter-of-fact] Verification is basically a Stage 1 document review only. Desktop. No onsite visit. No participant interviews. The auditor reviews documentary evidence -- your insurance, staff qualifications and experience, worker screening clearances, and policies around risk, incidents, and complaints. Providers in verification usually answer around four self-assessment questions, and that audit report gets submitted within 14 days of completion.

Winter, EnableUs Community

[warmly] So “desktop only” is the phrase there. No one turning up at your office asking to see how things work in practice. That’s a very different emotional experience from an onsite audit.

Will, EnableUs Community

Very different. [calm] And a different cost profile too. Verification commonly lands around $1,500 to $3,000, though specialist providers can pay more. It also renews every three years, with no mid-term audit requirement.

Winter, EnableUs Community

That “no mid-term” bit matters. Because every 18-month audit you DON’T have to do is time, money, and stress you don’t have to carry. That’s not a technical distinction -- that’s an operating model distinction.

Will, EnableUs Community

[matter-of-fact] Exactly. Now certification is the heavier pathway. That’s for higher-risk or more complex supports: Assistance with Daily Personal Activities, 0107; Supported Independent Living, 0115; Specialist Disability Accommodation; Specialist Behaviour Support, 0110; High Intensity Daily Personal Activities; early childhood supports; and group or centre-based activities.

Winter, EnableUs Community

[interrupts] Wait -- 0115, SIL. That number sticks, because SIL is one of the big 2026 pressure points.

Will, EnableUs Community

Yep, 0115. And certification comes in two stages. Stage 1 is the document review -- policies, procedures, self-assessment, the same broad idea as verification but with a lot more depth. Any non-conformances or concerns get noted there. Then Stage 2 is onsite. Auditors come in, review files, test what’s happening in practice, and look at whether the business actually lives the policies it wrote.

Winter, EnableUs Community

[skeptical] And “files” there means actual staff files and participant files, yeah? Not just a pretty policy folder with a logo on it.

Will, EnableUs Community

[chuckles] Correct. Staff files, participant files, interviews with staff, and often direct participant engagement. That’s one of the biggest practical differences. Certification isn’t just “show me your paperwork.” It’s “prove this works in the real world, and let us hear from the people affected by it.”

Winter, EnableUs Community

The participant piece is huge. You said “opt-out sampling” to me earlier -- meaning participants are generally included unless they opt out. So the audit isn’t built only around what the provider chooses to display.

Will, EnableUs Community

[firm] Exactly right. It reflects actual participant experience, not just controlled documentation. And Stage 2 normally has to happen within three months of Stage 1, so there’s pressure there as well. Cost-wise, certification usually starts around $3,000 and can run to $12,000 or more depending on scope.

Winter, EnableUs Community

[softly] And then the audit cycle keeps going. Both pathways renew every three years -- that part sounds similar -- but certified providers also face a mid-term audit at 18 months. So the difference doesn’t end once you get registered. You carry it.

Will, EnableUs Community

That’s the piece people underestimate. Certification isn’t just a harder front door. It’s a heavier long-term compliance commitment.

Winter, EnableUs Community

[curious] Now here’s the sneaky bit. People think the pathway is decided only by the registration groups they select. But it’s not just that. It’s also their self-assessment answers.

Will, EnableUs Community

[matter-of-fact] Yes. The Commission determines pathway from both your selected registration groups and your responses to the self-assessment. So a provider can look low-risk on paper, but if their answers mean the core module applies to their scope, they can still end up in certification.

Winter, EnableUs Community

[questioning tone] Let me try to explain that back. So even if I pick lower-risk supports -- say transport assistance and household tasks -- I can’t just assume verification. If I answer the self-assessment in a way that expands what the Commission sees in my scope, I might still get pushed into certification. Is that basically it?

Will, EnableUs Community

Almost -- that’s the idea. [calm] The key point is: don’t rush the self-assessment. Read every question carefully and answer accurately. Because those answers are not admin fluff. They can affect your audit pathway independently of the registration groups.

Winter, EnableUs Community

[firm] And here’s the rule I want burned into people’s brains: if ANY selected support requires certification, the ENTIRE application goes through certification. Any. Entire. No splitting.

Will, EnableUs Community

[responds quickly] That is the rule that catches most providers off guard. They think in bundles: “these two are low-risk, this one is a maybe.” The Commission doesn’t look at it that way. One certification-triggering support changes the pathway for the full application.

Winter, EnableUs Community

It’s a bit like booking an economy trip, then adding one business-class leg and discovering the whole fare structure changes. [dryly] Lovely surprise. Terrible budgeting method.

Will, EnableUs Community

[laughs] That’s actually a great analogy. And in 2026, this gets sharper, not easier. From 1 July 2026, mandatory registration expands to more high-risk categories, especially SIL and platform providers. SIL is firmly in certification, so providers planning to comply by that date need to prepare for a full certification audit now, not later.

Winter, EnableUs Community

[serious] That “1 July 2026” date is the one I’d circle. Because when demand spikes for audits and compliance support, the providers who treated pathway selection like an afterthought will be competing for time, auditors, and help.

Will, EnableUs Community

And that’s why the best time to get guidance is before you open the application portal. Not after you’ve picked the wrong groups. Not after you’ve done the self-assessment in a rush. Before. Because this decision isn’t really about paperwork -- it’s about whether your business is ready for the compliance weight it’s choosing to carry.

Winter, EnableUs Community

[reflective] Yeah. The audit pathway is basically a preview of the provider you’re about to become. So maybe the question isn’t just, “What services do we want to offer?” Maybe it’s, “What level of scrutiny are we genuinely built to survive?”