Welcome to the show. I’m Will, here with Winter, and Winter, I keep seeing the same trap in 2026: a provider reads the words desktop review, relaxes, uploads a few generic files, and then gets hit with a non-conformity that was completely avoidable. Desktop review is the phrase, isn’t it? Those two words make it sound like someone just glances at your PDFs over a coffee. But the sting is in non-conformity. If you’ve got one missing screening clearance or the insurance name doesn’t match the legal entity, that “easy” pathway suddenly feels very not easy. Exactly. Verification is the pathway for lower-risk, lower-complexity NDIS supports. An approved quality auditor reviews your documents remotely against the Verification Module. No site visits. No participant interviews. It is genuinely faster and generally less expensive than certification. But faster is not the same as softer. And lower-risk doesn’t mean low-standard. I think that’s the bit providers can get a bit casual about. They hear lower risk and translate it to “surely this is just admin.” It’s not just admin, is it? No, not really. It’s a documentation audit, but it’s still a real audit. Your auditor is reviewing policies, evidence documents, staff records, and your self-assessment responses remotely, then they submit their report and recommendation to the NDIS Commission within 14 days of finishing the review. So if your evidence is thin, that gets exposed pretty quickly. Fourteen days is the number that sticks for me. Because once the review is done, things move. There isn’t this huge stretch where you can quietly tidy things up after the fact and hope nobody notices. That’s right. And there’s another twist people miss. You only stay on verification if all your selected registration groups are lower risk. One higher-risk group and the whole application escalates to certification. No exceptions. Wait -- one group? Just ONE? So if a provider has, say, mostly lower-risk supports but adds one higher-risk registration group, the entire audit pathway changes? Yep. The whole application moves to certification. And there’s a second way people get surprised: even with low-risk registration groups, your self-assessment answers can still trigger the core module. If that happens, you may be pushed into certification anyway. That’s why rushing the self-assessment is such a bad idea. That’s the part I’d underline in red. The self-assessment isn’t a warm-up lap. Providers sometimes treat those questions like a form they just need to get through, but your actual words can shape the audit pathway. Concise is good. Careless is expensive. That should be on a poster somewhere. And because we’re talking 2026 realities, there’s one practical update providers need to hear right now: QIP is withdrawing from NDIS verification and certification audits on 30 April 2026. 30 April 2026 -- that date matters. If someone planned to use QIP, or their current registration was managed through QIP and expires after that date, they can’t just assume it’ll sort itself out. Exactly. QIP is no longer accepting new NDIS clients, and impacted clients have been told to engage a new approved quality auditor. So if QIP was your plan, you need a replacement from the Commission’s current approved list now, not later. And that’s where “faster pathway” gets real, because if you leave the auditor decision too late -- especially with QIP exiting -- you create your own delay. It’s not the verification pathway slowing you down. It’s the planning. That’s well put. Verification is streamlined when your scope is clean, your self-assessment is accurate, and your evidence is ready. It becomes messy when people mistake remote review for a rubber stamp. I think that’s the tension for this whole episode. No site visit, no participant interviews, no huge certification-style process... but still a genuine safeguarding standard. Lower complexity support, yes. Lower expectation? Not even close. So let’s get practical. When an auditor opens your file, what are they actually hunting for? Because “documentation” can mean anything from two PDFs to a digital avalanche. Hopefully not the avalanche. For verification, the core evidence is pretty specific: worker identity, right to work, pre-employment checks, qualifications, experience, and where relevant, professional memberships. Then screening clearances, records showing workers completed the mandatory NDIS orientation module, continuing professional development records, infection prevention and control training, and PPE training for anyone directly supporting participants. PPE training is a good one to grab onto, because it sounds small until it isn’t. A provider might think, “we’re lower risk, surely that won’t be the sticking point.” But if a worker provides direct support and there’s no PPE training record, that’s not a cute little oversight. Exactly. And it’s not just workforce files. Auditors also look at insurance certificates, business registration documents, your self-assessment responses, and supporting policies around incident management, complaints, privacy, and risk. You do not need hundreds of pages. You do need evidence that the business is properly structured and safeguarding people. Let me try to play this back. The winning move is not “more documents.” It’s the right documents, organised, current, and actually connected to how the business operates. Almost -- and the missing bit is “matched.” Insurance has to match the legal entity name. Policies have to match the actual size and services of the business. Generic templates are where people get into trouble, because auditors can tell when a policy describes a business you clearly are not. Nothing says confidence like a two-person provider with a policy written for a national corporation. That’s memorable for all the wrong reasons. Exactly. In terms of registration groups, common ones in verification include Household Tasks, which is 0120, Travel and Transport Assistance, 0108, Assistive Products for Personal Care and Safety, 0103, Home Modification Construction and Installation, 0160, and Innovative Community Participation, 0116. Some providers delivering Plan Management also sit in verification. 0116 is the one I always remember because it sounds broad -- Innovative Community Participation can cover a lot of ground. And Plan Management has extra specifics, right? Not just “tell us your staff exist.” Right. For Plan Management intermediary supports, providers need to give the auditor a list of all workers delivering plan management services, certified copies of each worker’s qualifications and associated professional memberships, and worker screening clearances for each worker. Certified copies for EACH worker -- that’s the phrase I’d flag. Because if you discover that requirement after you engage the auditor, you’ve just bought yourself stress. And that leads into audit flow. Once you’ve submitted your application and received your Initial Scope of Audit from the Commission, you engage an approved auditor, give them that scope, get a quote, and schedule the review. Verification providers usually answer about four self-assessment questions -- much lighter than certification, where it can be 22 or more. Keep those responses tight, around 300 words each, and point clearly to your evidence. Four versus 22 is a huge contrast. But even with four, the temptation is to waffle. I reckon concise responses are underrated. Say what you do, name the document that proves it, move on. That’s the sweet spot. Then the auditor reviews the file and may ask for clarification or extra evidence. If everything is in order, the audit can often be completed within a week or two after documents are provided. If there are gaps, it drags. And the drag has names: major non-conformity and minor non-conformity. Major means three months to fix it, and your registration doesn’t progress until you do. Minor gives you longer and the process can continue. Yep. So the strategic takeaway is pretty simple. The cleanest audits happen before the auditor is even engaged: screenings in place, training complete, insurance current, policies written for the real business, self-assessment evidence-based and specific. Treat verification as a genuine compliance standard and it tends to move cleanly. Treat it like box-ticking... and the boxes tend to tick back. That’s probably the best way to leave it. Verification is streamlined, not casual. And in 2026, with auditor availability shifting and standards staying firm, the providers who do well are the ones who prepare like the desktop review actually matters -- because it does. Thanks for listening.
Audio Coursesby Jellypod