What does an NDIS audit actually look for in your notes?

Auditors don’t read your notes like a supervisor does

Your supervisor reads your notes to understand what happened during a session. An auditor reads them to check whether your documentation meets the NDIS Practice Standards. They’re not judging whether you did a good job as a worker. They’re assessing whether the written record proves that the right things were documented.

This is an important distinction. You could deliver an excellent session and still fail an audit if the note doesn’t contain the right elements. Conversely, a well-structured note about a routine session will pass easily because it hits the compliance points auditors are trained to look for.

The audit isn’t testing your care. It’s testing your documentation.

The seven things auditors check

1. Participant voice and choice

Auditors look for evidence that the participant’s choices, preferences, and decisions were documented during the session. This comes from the Person-Centred Supports standard in the NDIS Practice Standards. It doesn’t need to be dramatic. “Sarah chose to go to the park instead of the library” is enough. What fails is a note where the worker describes everything they did without any mention of what the participant wanted, chose, or expressed.

2. Goal linking

The NDIS funds supports because they’re connected to a participant’s plan goals. Auditors check whether your notes show that connection. If you took someone swimming and their plan has a sensory processing goal, the note should mention that goal. If you helped someone cook dinner and their plan includes a daily living skills goal, that link needs to be documented.

This doesn’t mean every session needs five goals attached. One genuine goal is better than four that are stretched to fit. But if a note has no goal connection at all, an auditor will flag it, because there’s no evidence the support was “reasonable and necessary.”

3. Incident documentation

If something happened during the session (a fall, an injury, a behavioural escalation, a near-miss) auditors check that it was documented with appropriate detail. The NDIS Incident Management Rules require specific information: what happened, when, where, who was involved, what action was taken, and whether it’s a reportable incident.

The most common audit failure here isn’t missing incidents entirely. It’s documenting them too vaguely. “He had a fall but seemed okay” doesn’t meet the standard. The auditor needs to see what happened, what you did about it, and whether appropriate follow-up occurred.

4. Restrictive practice records

If a restrictive practice was used during a session (physical restraint, environmental restraint, seclusion, chemical restraint, or mechanical restraint) auditors expect a full legal record under Section 15(2) of the NDIS Restrictive Practices Rules. This includes the type of practice, who authorised it, start and end times, the behaviour that led to it, less restrictive alternatives that were tried first, and whether it was in accordance with the participant’s behaviour support plan.

This is one of the most technically demanding documentation requirements, and it’s where many workers fail audits. Most workers don’t know what a Section 15(2) record looks like, let alone how to produce one from a stressful session.

5. Privacy compliance

Notes should only contain information that’s relevant to the support being provided. The Australian Privacy Act requires that personal information collection is limited to what’s reasonably necessary. Auditors will flag notes that contain unnecessary personal details (family conflicts, relationship status, financial information, religious beliefs) unless those details directly affect how support is delivered.

6. Accuracy and honesty

The NDIS Code of Conduct requires integrity, honesty, and transparency. Auditors look for notes that accurately reflect what happened, not embellished versions designed to sound more clinical or professional. A note that says “the participant demonstrated proactive engagement with domestic task management” when the worker actually helped someone do their dishes raises questions about whether the documentation is genuine.

Plain, honest language that describes what actually happened will always pass an audit more convincingly than inflated clinical jargon. This is also where AI-generated notes fail hardest: they tend to invent the polished clinical language that an auditor immediately recognises as not coming from the worker. We’ve written about why fabricated notes are a real risk under registration.

7. Session details match claims

Auditors cross-reference your notes with what was claimed for payment. The session type, duration, and date in your note should match the claim. If you claimed two hours of community access but your note describes a one-hour shopping trip, that’s a discrepancy that will be investigated.

What a passing note looks like

A note that passes an audit doesn’t need to be long. It needs to be structured. It needs a clear context section (date, time, duration, location), documentation of how the participant presented and what choices they made, a description of activities linked to plan goals, and an oversight section covering any safety observations or the absence of incidents.

The seven points above are not a wishlist. Auditors check them. A note that covers all seven, even briefly, will pass. A note that misses three or four will not.

What a failing note looks like

“Community access with David today. Went to the shops and then had lunch at a cafe. He was in a good mood. No issues.”

This note would fail on almost every audit criterion. No participant voice or choices documented. No link to plan goals. No structure. No evidence of what the support actually achieved. If an incident had occurred during this session, there’s no framework for documenting it. An auditor would conclude that documentation standards are not being met.

Where AI tools help, and where they hurt

Most workers reading this are already thinking about an AI tool to make their documentation faster. Reasonable instinct. The thing worth understanding before you choose one is how the AI handles the seven audit points above.

Some AI tools will produce a full, polished note from one or two words of input. That note will look like it covers all seven points. It won’t actually contain real evidence of any of them, because the AI invented the participant voice, invented the goal links, invented the observations. An auditor reading that note can’t verify any of it against the actual session. Worse, the worker can’t defend it either, because they didn’t observe what’s in it.

The right way for AI to help is structure and prompting, not authorship. The worker describes the session in their own words. The AI organises the writing into audit-ready structure, recognises incidents and prompts for the right detail, links the activities to participant goals the worker has set up, and flags any of the seven points that are missing so the worker can address them. The worker stays the author. The AI stays the tool.

This is what we’ve built into Clio Care, and the principle we operate on is called the Note Integrity Standard. The worker writes the note. Clio checks it against the seven points above. Anything missing gets flagged with a coloured placeholder you have to fill before signing. Nothing is invented. Nothing is papered over. The finished note is yours, and you can defend it.

How to prepare for an audit you might never see

You might never be personally audited. But every note you write from July 2026 onward exists in a system where it could be. The preparation is simple: write every note as if it will be read by someone who doesn’t know you, doesn’t know the participant, and is checking whether your documentation meets the NDIS Practice Standards.

If your notes already do that, you have nothing to worry about. If they don’t, now is the time to change, while there’s still time to build the habit before the deadline.