Skip to content
Corella

Compliance

Getting audit-ready without a fortnight of filing

The evidence a review or audit actually asks for, and how to hold it continuously — so a visit becomes a lookup against records you already have, not a fortnight of scrambling.

7 min readUpdated 14 July 2026

The short version

  • An audit is a request for evidence about a date — you either hold that evidence continuously or you reconstruct it under pressure.
  • What gets asked for is predictable: current plans and agreements, current risk assessments, incident records with timelines, policy acknowledgements, in-date staff checks, and proof each support was delivered.
  • The fortnight of filing happens because that evidence lives in five places with no single answer to 'which version is current'.
  • Corella holds the evidence as the work happens — document versions, expiry alerts, read-and-acknowledge, the form-to-PDF-to-attach chain and an audit log — so a review is a lookup, not a scramble.

General operational guidance on organising your evidence — not a compliance certification, and not a substitute for the NDIS Commission's current rules or your auditor's specific requirements. Always check what your registration and the current standards require.

An audit is a question about a date

A reviewer or auditor rarely asks “are you compliant?” in the abstract. They ask something specific and dated: show me this participant’s current support plan; show me the risk assessment for this activity and when it was last reviewed; show me that this incident was recorded and acted on in time; show me that staff have read this policy. Every question is really “show me X, as it stood on this date.”

So audit-readiness isn’t a project you start when the letter arrives. It’s a property of how you keep records the rest of the year. If each piece of evidence is created and filed as the work happens, a review is a series of lookups. If it isn’t, it’s a fortnight of filing — and filing is always worse under a deadline.

The evidence a review actually asks for

You can predict most of what will be asked for, because it maps to obligations you already hold. Broadly, a review wants to see:

  • Current support plans and service agreements for each participant — the current version, not last year’s.
  • Risk assessments that are current and reviewed — for the person, and for the activity or program.
  • Incident and complaint records, with the timeline showing when they were raised and what was done.
  • Evidence that staff have read the policies that apply to them, and that their checks and certificates are in date.
  • Proof that the supports you claimed were actually delivered.

None of that is exotic. What makes it hard is not knowing, on the day, where each piece lives and whether what you’re looking at is the current version.

Why the fortnight of filing happens

The scramble is almost never a shortage of evidence. It’s that the evidence is scattered and undated across systems:

  • Support plans on a shared drive, with three files that all look current and no sure way to tell which one is.
  • Risk assessments in someone’s documents folder, last reviewed you’re-not-sure-when.
  • Proof of support in a rostering app, in a carer’s notebook, or nowhere.
  • Policy sign-offs in an email thread, or on a paper sheet in a drawer.

Pulling that together into a coherent pack, participant by participant, is the fortnight. And because it’s done in hindsight, it’s also where the gaps get discovered too late to fix.

Hold the evidence continuously, not at month-end

The fix is structural: keep each piece of evidence in one place, versioned and dated, from the moment it exists. In Corella the documents librarygives every file a document code and version, so “which policy is current” has exactly one answer — superseded versions stay on record without being mistaken for the live one.

Files carry expiry dates, and a daily sweep flags what’s lapsing — certificates, checks, plan and risk reviews — so it surfaces before it lapses, not after. Policies use read-and-acknowledge, so the record of who has read what is a report you can pull, not an email thread you have to reconstruct. Risk assessments, for clients and for programs alike, are held as current records with their review dates on screen, so “when was this last reviewed” is answered without opening a filing cabinet.

Let the proof file itself

The evidence that’s hardest to assemble after the fact is proof of support — that a given shift happened and did what the plan intended. Corella makes that a by-product of the work: a per-shift form is completed and approved, and on approval it becomes an auto-named PDF attached to the right client record. Nobody files it; it files itself. On the billing side the same approval is what releases the shift to be invoiced, so an unapproved — and therefore unevidenced — shift is held back rather than claimed.

The plans, risk assessments and service agreements themselves generate as branded PDFs from the structured record, so the document you hand a reviewer is the current record rendered — not a separately maintained copy that has quietly drifted out of date.

When the reviewer arrives

Because every record is attributable and timestamped, the audit log answers the “who did what, when” questions directly — who wrote a note, who approved a form, who changed a plan. Access is role-scoped, so you can also show that people saw only what their role allowed.

One thing to be clear about: Corella holds and organises your evidence — it doesn’t decide whether you pass, and it isn’t a certification. Whether your records meet the standard is the auditor’s call against the NDIS Commission’s current rules. What the system removes is the fortnight of filing that used to stand between you and simply being able to show your evidence.

Where this lives in Corella

Common questions

Straight answers.

Does Corella make us compliant, or guarantee we pass an audit?
No — and we won't say it does. Corella holds and organises your evidence continuously so a review is a lookup rather than a scramble. Whether your records meet the standard is the auditor's decision against the NDIS Commission's current rules.
How do we stop certificates, checks and reviews expiring unnoticed?
Documents and staff records carry expiry dates, and a daily sweep flags what's lapsing — certificates, checks, plan and risk reviews — so it surfaces before it lapses rather than turning up at audit.
How do we know which version of a policy or plan is current?
Every document in the library carries a document code and version, so there is one current version and one answer. Superseded versions stay on record without being mistaken for the live one.
Where does proof of support come from?
From the shift itself. A per-shift form is approved, and on approval it becomes an auto-named PDF attached to the client record; the same approval releases the shift for invoicing, so unevidenced shifts are held back.
Can we show who did what, and when?
Yes — the audit log records the history (notes written, forms approved, plans changed), and access is role-scoped, so you can also show that people saw only what their role allowed.

See your organisation in Corella.

A 30-minute walkthrough with the people who built it — your workflows, your terminology, not a canned demo.