Welcome to the show. Winter, the moment that gets people is not the interview room, not the document upload, not even the auditor's last question -- it's that quiet little gap after they leave, when you think, beauty, done... and you're actually walking into the NEXT countdown. That gap is sneaky. Because "the auditor has left the building" sounds final. But the number that matters there is 14 days or 28 days, right? Fourteen for a verification audit, and up to 28 for certification before the report even lands with the Commission. Exactly. And that timing matters because the outcome of the audit is the formal audit report. That's the thing your approved quality auditor submits to the NDIS Commission, with a rating against each quality indicator and each relevant NDIS Practice Standard. So if you're sitting there thinking, I've survived the audit day, that's only part of it. The paperwork phase after the visit is still live. And I wanna push on that, because I think this is where providers can get a bit too relaxed. They hear "report submitted in 14 days" and think it's admin. But those 14 days can be the difference between a clean report and one carrying a non-conformity, can't they? Yep. Because if the auditor spotted a gap during the audit, you may get a chance to fix minor issues before the report is finalised. Not always -- especially not for major issues -- but for smaller documentation gaps or incomplete evidence, there can be a short window to send updated material through. So this is not the time to sit politely and wait. If they mentioned a concern, even casually, ask straight away: what can we fix NOW? What evidence do you need? Because "short window" is doing a lot of work there. That's the practical move. Be proactive. Don't wait to be invited. If there was a policy missing a detail, or training evidence that wasn't complete, or a document version issue, get it in quickly. The goal is simple: close off anything minor before it hardens into a formal finding. And this is where the language can trip people up. "Minor non-conformity" sounds... minor. Like, a box unticked. But that's not always what it means, is it? No, not always. The ratings run from major non-conformity to minor non-conformity, then conformity, and up to best practice. Conformity means you've met the requirement. Best practice is stronger again -- you're not just compliant, you're clearly demonstrating innovative, responsive service delivery backed by continuous improvement. Best practice is the gold star, basically. But on the non-conformity side, the distinction is really important. A minor non-conformity usually means the system EXISTS but isn't fully implemented. A major one means a serious gap. Different stakes entirely. That's it. And the tension point for a lot of providers is exactly there: is this just a paperwork clean-up, or is this exposing a deeper systems problem? If your incident process exists but staff can't show they actually use it, that's different from just uploading the wrong version of a policy. In other words, the file name might be small. The broken system behind it... not small. That's a very good way to put it. And it's why I don't love the phrase "the hard part is over." Sometimes the hard part is only becoming visible after the audit, when the findings are being locked in. I reckon that's the surprise in this whole process. The audit day feels like the exam, but the aftermath is more like waiting for the marker's comments -- and discovering whether the issue was one typo or the fact you misunderstood the whole question. Once that report hits the NDIS Commission, the next stage isn't automatic approval. The Commission reviews the auditor's recommendation, then does its own suitability assessment of the provider and key personnel based on the original application. And they may ask for more information before deciding anything. That's the bit people miss. The auditor does not grant registration. The Commission makes the final decision. Audit findings matter, obviously, but so does the suitability assessment of the business and its key people. It's a formal assessment under their internal procedures and legislative requirements. And there isn't a fixed legislated timeframe for that final decision once the report is in, which can make providers very twitchy. I think recent Commission reporting showed some lower-risk verification applications being processed in as little as 22 days in some periods, but certification is usually longer and depends on complexity and how complete your materials are. Yeah, 22 days is the number people latch onto -- but only for some lower-risk verification matters. It's not a universal promise. If you've got a more complex certification application, more registration groups, or questions around suitability, it'll take longer. Now, let's talk about the finding nobody wants: major non-conformity. Because this is where the consequences stop being theoretical. If you get a major non-conformity in any area, you have three months to fix it. And your registration does NOT progress until that issue is addressed and the quality audit is successfully completed. So it's not just a note on the file. It can stall the whole application. Three months is the headline. But the nastier number is five calendar days, yeah? If you're notified of a major non-conformity and you miss the five-day deadline to submit your Corrective Action Plan, that's where expensive delays and complications can start piling up. Correct. Five calendar days. Not business days. If that notice arrives, treat it as the immediate priority. Pull in whoever you need -- internal team, consultant, compliance support -- and get the corrective action plan in fast, then fix the issue properly. Because this is where the "she'll be right" instinct can really hurt you. A provider can think, we've got three months, plenty of time. But if the Corrective Action Plan itself misses that five-day mark, you've tripped before the recovery even starts. And the Commission's broader posture is getting firmer. The source material points to 35,519 compliance actions finalised against registered and unregistered NDIS providers and individuals in 2023-24. That's not a regulator in a relaxed mood. Thirty-five thousand five hundred and nineteen. That's the kind of number that changes the vibe. And then you've got the 22 December 2025 revocation notice to Auspicare Pty Ltd, effective 19 January 2026, after an audit identified a number of major non-conformities. That's not abstract anymore. Exactly. Revocation means a provider can no longer operate as a registered NDIS provider and can't deliver services to NDIA-managed participants. So when we say major non-conformities must be taken seriously, we mean SERIOUSLY. Let's do the fork in the road. If the Commission approves the application, you get your Certificate of Registration by email, and your organisation appears on the Find a Registered Provider database. But even that isn't a finish line. No -- it's the start of your ongoing compliance phase. Read the certificate carefully. It'll specify your approved registration groups, your registration period, and any conditions attached. Those conditions are legally binding. For certification providers, one common condition is a condition audit within 90 days of your first service agreement with a participant. Ninety days from the first service agreement -- that's a very memorable little trapdoor if you weren't expecting it. And then beyond conditions, you've got the day-to-day obligations: worker screening clearances, current policies, incident reporting within required timeframes, complaints handled properly, the mid-term audit at 18 months on certification, and renewal at the three-year mark. Which is why approval is not the end of compliance. It's the point where compliance becomes continuous. Staff training has to stay current. Documentation has to stay current. Policies have to stay aligned with evolving standards. In a tougher enforcement environment, that's not optional admin -- it's operational survival. And if the application is refused, it's also not the end of the road. The Commission will tell you if it's approved or refused, and if they're planning to refuse, you'll be invited to provide information before a final decision is made. Then, if the refusal stands and you disagree, you can ask for an internal review within three months of the decision. That's done by someone at the Commission who wasn't involved in the original decision. They have 90 days to decide whether to confirm, vary, or set aside the original decision and make a new one. And if you still don't agree after that internal review, the next clock is 28 days to apply to the Administrative Review Tribunal. Three months for internal review. Twenty-eight days for Tribunal review. Those dates matter. They really do. And if someone feels the audit itself was unfair, that's a separate lane: raise it with the auditor, escalate to the auditor's organisation, and if needed contact JASANZ, the accrediting body. So the real reframe is this: after the audit, you're not waiting for a trophy. You're entering a decision process with deadlines, rights, conditions, and consequences. The provider who treats that period casually is usually the one most shocked by what comes next. Yeah. The exhale is fine. Just don't confuse the exhale with the finish. Thanks for listening.
Audio Coursesby Jellypod